Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
Index
Numerics
4K VLANs (support for 4,096 VLANs) 25-2
802.1AE Tagging 63-2
802.1Q
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 25-7
trunks 20-4
restrictions 20-2
tunneling
configuration guidelines 28-1
configuring tunnel ports 28-6
overview 28-4
802.1Q Ethertype
specifying custom 20-15
802.1X 76-1
802.1x accounting 76-43
802.3ad
See LACP
802.3af 19-2
802.3at 19-2
802.3x Flow Control 10-9
A
AAA 70-3
fail policy 76-8, 77-5
AAA (authentication, authorization, and accounting). See also port-based authentication. 76-6, 77-2
aaa accounting dot1x command 76-44
aaa accounting system command 76-44
abbreviating commands 2-5
access, restricting MIB 79-10
access control entries and lists 62-1
access-enable host timeout (not supported) 62-4
access port, configuring 20-14
access rights 79-9
access setup, example 79-11
accounting
with 802.1x 76-43
with IEEE 802.1x 76-16
ACEs and ACLs 62-1
ACLs
downloadable 77-2
downloadable (dACLs) 76-24
Filter-ID 76-25
per-user 76-24
port
defined 66-2
redirect URL 76-25
static sharing 76-25
acronyms, list of A-1
activating lawful intercept 79-8
admin function (mediation device) 79-7, 79-8
administration, definition 79-6
advertisements, VTP 24-4
aggregate label 36-2, 36-5
aggregate policing
see QoS policing
aging time
accelerated
for MSTP 30-45
maximum
for MSTP 30-45, 30-46
aging-time
IP MLS 48-12
alarms
major 14-4
minor 14-4
Allow DHCP Option 82 on Untrusted Port
configuring 71-10
understanding 71-5
any transport over MPLS (AToM) 38-3
Ethernet over MPLS 38-3
ARP ACL 58-69, 62-12
ARP spoofing 73-3
AToM 38-3
audience 1-xliii
Authentication, Authorization, and Accounting (AAA) 70-3
authentication control-direction command 76-53
authentication event command 76-45
authentication failed VLAN
See restricted VLAN
authentication open comand 76-15
authentication password, VTP 24-5
authentication periodic command 76-38, 76-50
authentication port-control command 76-45
authentication timer reauthenticate command 76-38
authorized ports with 802.1X 76-12
auto enablement 76-30
automatic QoS
configuration guidelines and restrictions 59-2
macros 59-4
overview 59-2
AutoQoS 59-1
auto-sync command 9-4
B
BackboneFast
See STP BackboneFast
backup interfaces
See Flex Links
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking state, STP 30-8
BPDU
RSTP format 30-16
BPDU guard
See STP BPDU guard
BPDUs
Bridge Assurance 31-5
Shared Spanning Tree Protocol (SSTP) 31-20
Bridge Assurance
description31-4to 31-6
inconsistent state 31-5
supported protocols and link types 31-5
bridge groups 34-1
bridge ID
See STP bridge ID
bridge priority, STP 30-34
bridge protocol data units
see BPDUs
bridging 34-1
broadcast storms
see traffic-storm control
C
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
Call Home
description 50-3
message format options 50-4
messages
format options 50-4
call home 50-1
alert groups 50-31
contact information 50-21
destination profiles 50-22
displaying information 50-45
pattern matching 50-36
periodic notification 50-33
rate limit messages 50-38
severity threshold 50-33
smart call home feature 50-5
SMTP server 50-2
testing communications 50-38
call home alert groups
configuring 50-31
description 50-31
subscribing 50-31
call home customer information
entering information 50-21
call home destination profiles
attributes 50-23
description 50-23
displaying 50-48
call home notifications
full-txt format for syslog 50-17
XML format for syslog 50-17
CDP
host presence detection 76-14, 78-4
to configure Cisco phones 18-3
CEF
configuring
RP 32-5
supervisor engine 32-4
examples 32-3
Layer 3 switching 32-2
packet rewrite 32-2
certificate authority (CA) 50-2
CGMP
disabling automatic detection 40-13
channel-group group
command 22-9, 22-13, 22-14, 22-15, 22-16
command example 22-9, 22-14
Cisco Discovery Protocol
See CDP
Cisco Emergency Responder 18-4
Cisco EnergyWise 12-1
Cisco Express Forwarding 36-3
CISCO-IP-TAP-MIB
citapStreamVRF 79-2
overview 79-8
restricting access to 79-10, 79-11
CISCO-TAP2-MIB
accessing 79-9
overview 79-8
restricting access to 79-10, 79-11
CISP 76-30
CIST regional root
See MSTP
CIST root
See MSTP
class command 58-73
class-map command 58-65
class map configuration 58-70
clear authentication sessions command 76-40
clear counters command 10-12
clear dot1x command 76-40
clear interface command 10-13
clear mls ip multicast statistics command
clears IP MMLS statistics 39-27
CLI
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
Client Information Signalling Protocol
See CISP
collection function 79-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 79-5
lawful intercept 79-4
community ports 26-7
community VLANs 26-6, 26-7
configuration example
EoMPLS port mode 38-4, 38-7
EoMPLS VLAN mode 38-4
configuring 58-72
lawful intercept 79-10, 79-11, 79-12
SNMP 79-10
console configuration mode 2-5
content IAP 79-6
control plane policing
See CoPP
CoPP
applying QoS service policy to control plane 70-3
configuring
ACLs to match traffic 70-3
enabling MLS QoS 70-3
packet classification criteria 70-3
service-policy map 70-3
control plane configuration mode
entering 70-3
displaying
dynamic information 70-4
number of conforming bytes and packets 70-4
rate information 70-4
entering control plane configuration mode 70-3
monitoring statistics 70-4
overview 70-3
packet classification guidelines 70-4
traffic classification
defining 70-6
guidelines 70-7
overview 70-6
sample ACLs 70-7
sample classes 70-6
CoS
override priority 18-6, 19-5
counters
clearing interface 10-12, 10-13
critical authentication 76-8
critical authentication, IEEE 802.1x 76-47
CSCsr62404 10-9
CSCtc21076 62-14
CSCtd34068 58-2
CSCte40004 58-2
CSCtx75254 5-2
cTap2MediationDebug notification 79-12
cTap2MediationNewIndex object 79-8
cTap2MediationTable 79-8
cTap2MediationTimedOut notification 79-12
cTap2MIBActive notification 79-12
cTap2StreamDebug notification 79-12
cTap2StreamTable 79-8
customer contact information
entering for call home 50-21
D
dACL
See ACLs, downloadable 76-24
dCEF 32-4
debug commands
IP MMLS 39-27
DEC spanning-tree protocol 34-1
default configuration
802.1X 76-31, 77-7
dynamic ARP inspection 73-6
Flex Links 21-4
IP MMLS 39-9
MSTP 30-26
MVR 42-5
UDLD 11-4
voice VLAN 18-4
VTP 24-9
default VLAN 20-10
deficit weighted round robin 58-107
denial of service protection 69-1
destination-ip flow mask 48-8
destination-source-ip flow mask 48-8
device IDs
call home format 50-13, 50-14
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 71-7
overview 71-5
packet format, suboption
circuit ID 71-7
remote ID 71-7
remote ID suboption 71-7
DHCP option 82 allow on untrusted port 71-10
DHCP snooping
802.1X data insertion 76-15
binding database
See DHCP snooping binding database
configuration guidelines 71-8
configuring 71-9
default configuration 71-8
displaying binding tables 71-18
enabling 71-9, 71-10, 71-11, 71-12, 71-13, 71-14
enabling the database agent 71-14
message exchange process 71-6
monitoring 72-5, 72-6
option 82 data insertion 71-5
overview 71-3
Snooping database agent 71-7
DHCP snooping binding database
described 71-5
entries 71-5
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 71-18
enabling (example) 71-15
overview 71-7
reading from a TFTP file (example) 71-17
DHCP snooping increased bindings limit 71-14
differentiated services codepoint
See QoS DSCP
DiffServ
configuring short pipe mode 60-32
configuring uniform mode 60-36
short pipe mode 60-29
uniform mode 60-31
DiffServ tunneling modes 60-4
Disabling PIM Snooping Designated Router Flooding 41-6
distributed Cisco Express Forwarding
See dCEF
distributed egress SPAN 53-10, 53-15
DNS, See Domain Name System
DNS, see Domain Name System
documentation, related 1-xliii
Domain Name System 79-2
DoS protection 69-1
default configurations 69-17
egress ACL bridget packet rate limiters 69-13
FIB glean rate limiters 69-14
FIB receive rate limiters 69-14
ICMP redirect rate limiters 69-15
IGMP unreachable rate limiters 69-14
ingress ACL bridget packet rate limiters 69-13
IP errors rate limiters 69-16
IPv4 multicast rate limiters 69-16
IPv6 multicast rate limiters 69-16
Layer 2 PDU rate limiters 69-15
Layer 2 protocol tunneling rate limiters 69-16
Layer 3 security features rate limiters 69-14
monitoring packet drop statistics
using monitor session commands 69-22
using VACL capture 69-24
MTU failure rate limiters 69-15
multicast IGMP snooping rate limiters 69-15
QoS ACLs 69-2
security ACLs 69-2
TTL failure rate limiter 69-13
uRPF check 69-6
uRPF failure rate limiters 69-13
VACL log rate limiters 69-15
dot1x initialize interface command 76-39
dot1x max-reauth-req command 76-43
dot1x max-req command 76-42
dot1x pae authenticator command 76-34
dot1x re-authenticate interface command 76-39
dot1x timeout quiet-period command 76-41
DSCP
See QoS DSCP
DSCP-based queue mapping 58-98
duplex command 10-5, 10-6
duplex mode
autonegotiation status 10-6
configuring interface 10-4
DWRR 58-107
dynamic ARP inspection
ARP cache poisoning 73-3
ARP requests, described 73-3
ARP spoofing attack 73-3
configuration guidelines 73-2
configuring
log buffer 73-13, 73-15
logging system messages 73-14
rate limit for incoming ARP packets 73-5, 73-10
default configuration 73-6
denial-of-service attacks, preventing 73-10
described 73-3
DHCP snooping binding database 73-4
displaying
ARP ACLs 73-15
configuration and operating state 73-15
trust state and rate limit 73-15
error-disabled state for exceeding rate limit 73-5
function of 73-4
interface trust states 73-4
log buffer
configuring 73-13, 73-15
logging of dropped packets, described 73-6
logging system messages
configuring 73-14
man-in-the middle attack, described 73-4
network security issues and interface trust states 73-4
priority of ARP ACLs and DHCP snooping entries 73-6
rate limiting of ARP packets
configuring 73-10
described 73-5
error-disabled state 73-5
validation checks, performing 73-11
Dynamic Host Configuration Protocol snooping 71-1
E
EAC 63-2
EAPOL. See also port-based authentication. 76-6
eFSU, See Enhanced Fast Software Upgrade (eFSU)
Egress ACL support for remarked DSCP 58-19
egress ACL support for remarked DSCP 58-61
egress replication performance improvement 39-14
egress SPAN 53-10
electronic traffic, monitoring 79-7
e-mail addresses
assigning for call home 50-21
e-mail notifications
Call Home 50-3
enable mode 2-5
enable sticky secure MAC address 78-8
enabling
IP MMLS
on router interfaces 39-12
lawful intercept 79-8
SNMP notifications 79-12
Endpoint Admission Control (EAC) 63-2
EnergyWise 12-1
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-13
accepting the new software version 5-11
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-5
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-4
memory reservation on module, prohibiting 5-4
OIR not supported 5-2
operation 5-3
outage times 5-4
performing 5-5
steps 5-5
usage guidelines and limitations 5-2
verifying redundancy mode 5-7
environmental monitoring
LED indications 14-4
SNMP traps 14-4
supervisor engine and switching modules 14-4
Syslog messages 14-4
using CLI commands 14-1
EOBC
for MAC address table synchronization 20-3
EoMPLS 38-3
configuring 38-4
configuring VLAN mode 38-3
guidelines and restrictions 38-2
port mode 38-3
VLAN mode 38-3
ERSPAN 53-1
EtherChannel
channel-group group
command 22-9, 22-13, 22-14, 22-15, 22-16
command example 22-9, 22-14
configuration guidelines 4-28, 22-2
configuring
Layer 2 22-9
configuring (tasks) 4-28, 22-7
interface port-channel
command example 22-8
interface port-channel (command) 22-8
lacp system-priority
command example 22-11
Layer 2
configuring 22-9, 22-15
load balancing
configuring 22-11
understanding 22-7
Min-Links 22-13, 22-14
modes 22-4
PAgP
understanding 22-5
port-channel interfaces 22-7
port-channel load-balance
command 22-11
command example 22-12
STP 22-7
understanding 4-4, 22-3
EtherChannel Guard
See STP EtherChannel Guard
Ethernet
setting port duplex 10-10
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 38-6
EoMPLS VLAN mode 38-4
EXP mutation 60-4
extended range VLANs 25-2
See VLANs
extended system ID
MSTP 30-39
Extensible Authentication Protocol over LAN. See EAPOL.
F
fall-back bridging 34-1
fast link notification
on VSL failure 4-15
fiber-optic, detecting unidirectional links 11-1
FIB TCAM 36-3
figure
lawful intercept overview 79-5
filters, NDE
destination host filter, specifying 49-18
destination TCP/UDP port, specifying 49-17
protocol 49-18
source host and destination TCP/UDP port 49-17
Flex Links 21-1
configuration guidelines 21-2
configuring 21-4
default configuration 21-4
description 21-2
monitoring 21-6
flex links
interface preemption 21-3
flow control 10-9
flow masks
IP MLS
destination-ip 48-8
destination-source-ip 48-8
ip-full 48-8
minimum 48-11
overview 49-3
flows
IP MMLS
completely and partially switched 39-4
forward-delay time
MSTP 30-45
forward-delay time, STP 30-35
frame distribution
See EtherChannel load balancing
G
get requests 79-7, 79-8, 79-11
global configuration mode 2-5
guest VLAN and 802.1x 76-19
H
hardware Layer 3 switching
guidelines 32-2
hello time
MSTP 30-44
hello time, STP 30-35
High Capacity Power Supply Support 13-4
history
CLI 2-4
host mode
see port-based authentication
host ports
kinds of 26-7
host presence CDP message 18-4, 76-14
host presence TLV message 78-4
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 22-2
I
IAP
content IAP 79-6
definition 79-6
content IAP 79-6
identification IAP 79-6
types of
ICMP unreachable messages 62-2
ID IAP 79-6
IDs
serial IDs 50-14
IEEE 802.1Q Ethertype
specifying custom 20-15
IEEE 802.1Q Tagging on a Per-Port Basis 28-7
IEEE 802.1w
See RSTP
IEEE 802.1x
accounting 76-16, 76-43
authentication failed VLAN 76-20
critical ports 76-21
DHCP snooping 76-15
guest VLAN 76-19
MAC authentication bypass 76-26
network admission control Layer 2 validation 76-27
port security interoperability 76-23
RADIUS-supplied session timeout 76-38
voice VLAN 76-22
wake-on-LAN support 76-28
IEEE 802.3ad
See LACP
IEEE 802.3af 19-2
IEEE 802.3at 19-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 34-1
IGMP 40-1
configuration guidelines 47-9
enabling 40-9
join messages 40-3
leave processing
enabling 40-12
queries 40-4
query interval
configuring 40-11
snooping
fast leave 40-6
joining multicast group 40-3, 43-4
leaving multicast group 40-5, 43-4
understanding 40-3, 43-3
snooping querier
enabling 40-9
understanding 40-3, 43-3
IGMPv3 39-10
IGMP v3lite 39-10
ignore port trust 58-15, 58-22, 58-58, 58-74
inaccessible authentication bypass 76-21
ingress SPAN 53-10
intercept access point
See IAP
intercept-related information (IRI) 79-6, 79-7
intercepts, multiple 79-6
interface
configuration mode 2-5
Layer 2 modes 20-4
number 10-2
interface port-channel
command example 22-8
interface port-channel (command) 22-8
interfaces
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-12
monitoring 10-12
range of 10-2
restarting 10-13
shutting down
task 10-13
interfaces command 10-2
interfaces range command 52-3
interfaces range macro command 10-2
internal VLANs 25-3
Internet Group Management Protocol 40-1, 43-1
IP accounting, IP MMLS and 39-2
IP CEF
topology (figure) 32-4
ip flow-export destination command 49-14
ip flow-export source command 48-14, 49-14, 49-15, 55-3, 55-4, 55-5
ip-full flow mask 48-8
ip http server 1-7
ip local policy route-map command 33-5
IP MLS
aging-time 48-12
flow masks
destination-ip 48-8
destination-source-ip 48-8
ip-full 48-8
minimum 48-11
overview 49-3
IP MMLS
cache, overview 39-3
configuration guideline 39-1
debug commands 39-27
default configuration 39-9
enabling
on router interfaces 39-12
flows
completely and partially switched 39-4
Layer 3 MLS cache 39-3
overview 39-3
packet rewrite 39-4
router
enabling globally 39-10
enabling on interfaces 39-12
multicast routing table, displaying 39-21
PIM, enabling 39-11
switch
statistics, clearing 39-27
unsupported features 39-2
IP multicast
IGMP snooping and 40-8
MLDv2 snooping and 47-9
overview 40-2, 43-2, 44-2
IP multicast MLS
See IP MMLS
ip multicast-routing command
enabling IP multicast 39-11
IP phone
configuring 18-5
ip pim command
enabling IP PIM 39-11
ip policy route-map command 33-5
IP Source Guard 72-1
configuring 72-3
configuring on private VLANs 72-5
displaying 72-5, 72-6
overview 72-2
IP unnumbered 34-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-8
IPv4 Multicast VPN 45-1
IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 46-1
IPv6 QoS 58-4
ISL trunks 20-4
isolated port 26-7
isolated VLANs 26-6, 26-7
J
join messages, IGMP 40-3
jumbo frames 10-6
K
keyboard shortcuts 2-3
L
label edge router 36-2
label switched path 38-1
label switch router 36-2, 36-4
LACP
system ID 22-6
Law Enforcement Agency (LEA) 79-4
lawful intercept
admin function 79-7, 79-8
collection function 79-6
configuring 79-10, 79-11, 79-12
enabling 79-8
IRI 79-6
mediation device 79-5
overview 79-4, 79-5
prerequisites 79-1
processing 79-7
security considerations 79-9
SNMP notifications 79-12
lawful intercept processing 79-7
Layer 2
configuring interfaces 20-5
access port 20-14
trunk 20-8
defaults 20-5
interface modes 20-4
show interfaces 10-8, 10-9, 20-6, 20-13
switching
understanding 20-2
trunks
understanding 20-4
VLAN
interface assignment 25-6
Layer 2 Interfaces
configuring 20-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 29-3
overview 29-2
Layer 2 remarking 58-21
Layer 2 Traceroute 56-1
Layer 2 traceroute
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
Layer 3
IP MMLS and MLS cache 39-3
Layer 3 switched packet rewrite
CEF 32-2
Layer 3 switching
CEF 32-2
Layer 4 port operations (ACLs) 62-2
leave processing, IGMP
enabling 40-12
leave processing, MLDv2
enabling 47-12
LERs 60-2, 60-6, 60-7
Link Failure
detecting unidirectional 30-25
link negotiation 10-5
link redundancy
See Flex Links
LLDP-MED
configuring
TLVs 19-8
load deferral
MEC traffic recovery 4-6
Local Egress Replication 39-14
logical operation unit
See LOU
loop guard
See STP loop guard
LOU
description 62-3
determining maximum number of 62-3
LSRs 60-2, 60-6
M
mab command 76-45, 76-50
MAC address-based blocking 65-1
MAC address table notification 20-7
MAC authentication bypass. See also port-based authentication. 76-26
MAC move (port security) 78-3
macros 3-1
See Smartports macros
MACSec 63-2
magic packet 76-28
main-cpu command 9-4
mapping 802.1Q VLANs to ISL VLANs 25-7
markdown
see QoS markdown
match ip address command 33-4
match length command 33-4
maximum aging time
MSTP 30-45
maximum aging time, STP 30-36
maximum hop count, MSTP 30-46
MEC
configuration 4-45
described 4-15
failure 4-16
port load share deferral 4-17
mediation device
admin function 79-7, 79-8
definition 79-5
description 79-5
MIBs
CISCO-IP-TAP-MIB 79-2, 79-8, 79-10
CISCO-TAP2-MIB 79-8, 79-9, 79-10
SNMP-COMMUNITY-MIB 79-9
SNMP-USM-MIB 79-4, 79-9
SNMP-VACM-MIB 79-4, 79-9
microflow policing rule
see QoS policing
Mini Protocol Analyzer 57-1
Min-Links 22-13
MLD
report 47-5
MLD snooping
query interval
configuring 47-10
MLDv1 47-2
MLDv2 47-1
enabling 47-11
leave processing
enabling 47-12
queries 47-6
snooping
fast leave 47-8
joining multicast group 47-5
leaving multicast group 47-7
understanding 47-3
snooping querier
enabling 47-10
understanding 47-3
MLDv2 Snooping 47-1
MLS
configuring threshold 39-15
RP
threshold 39-15
mls aging command
configuring IP MLS 48-12
mls flow command
configuring IP MLS 48-11, 48-15, 49-13
mls ip multicast command
enabling IP MMLS39-12to 39-24
mls nde flow command
configuring a host and port filter 49-17
configuring a host flow filter 49-18
configuring a port filter 49-17
configuring a protocol flow filter 49-18
mls nde sender command 49-12
monitoring
Flex Links 21-6
MVR 42-8
private VLANs 26-16
monitoring electronic traffic 79-7
MPLS 36-1, 36-2
aggregate label 36-2
any transport over MPLS 38-3
basic configuration 36-9
core 36-4
DiffServ Tunneling Modes 60-29
egress 36-4
experimental field 60-3
hardware features 36-5
ingress 36-4
IP to MPLS path 36-4
labels 36-2
MPLS to IP path 36-4
MPLS to MPLS path 36-4
nonaggregate lable 36-2
QoS default configuration 60-13
restrictions 36-1
VPN 60-11
VPN guidelines and restrictions 37-2
MPLS QoS
Classification 60-2
Class of Service 60-2
commands 60-15
configuring a class map 60-18
configuring a policy map 60-21
configuring egress EXP mutation 60-27
configuring EXP Value Maps 60-28
Differentiated Services Code Point 60-2
displaying a policy map 60-26
E-LSP 60-2
enabling QoS globally 60-17
EXP bits 60-2
features 60-2
IP Precedence 60-2
QoS Tags 60-2
queueing-only mode 60-17
MPLS QoS configuration
class map to classify MPLS packets 60-18
MPLS supported commands 36-2
MPLS VPN
limitations and restrictions 37-2
MQC
supported
policy maps 58-9
MST
interoperation with Rapid PVST+ 31-20
root bridge 31-20
MSTP
boundary ports
configuration guidelines 30-2
described 30-22
CIST, described 30-19
CIST regional root 30-20
CIST root 30-21
configuration guidelines 30-2
configuring
forward-delay time 30-45
hello time 30-44
link type for rapid convergence 30-46
maximum aging time 30-45
maximum hop count 30-46
MST region 30-38
neighbor type 30-46
path cost 30-42
port priority 30-41
root switch 30-39
secondary root switch 30-40
switch priority 30-43
CST
defined 30-19
operations between regions 30-20
default configuration 30-26
displaying status 30-47
enabling the mode 30-38
extended system ID
effects on root switch 30-39
effects on secondary root switch 30-40
unexpected behavior 30-39
IEEE 802.1s
implementation 30-23
port role naming change 30-23
terminology 30-21
interoperability with IEEE 802.1D
described 30-24
restarting migration process 30-47
IST
defined 30-19
master 30-20
operations within a region 30-20
mapping VLANs to MST instance 30-38
MST region
CIST 30-19
configuring 30-38
described 30-19
hop-count mechanism 30-22
IST 30-19
supported spanning-tree instances 30-19
overview 30-18
root switch
configuring 30-39
effects of extended system ID 30-39
unexpected behavior 30-39
status, displaying 30-47
MTU size (default) 25-3
multiauthentication (multiauth). See also port-based authentication. 76-15
multicast
IGMP snooping and 40-8
MLDv2 snooping and 47-9
NetFlow statistics 49-1
non-RPF 39-6
overview 40-2, 43-2, 44-2
PIM snooping 41-4
multicast, displaying routing table 39-21
Multicast enhancement - egress replication performance improvement 39-14
Multicast Enhancement - Replication Mode Detection 39-12
multicast flood blocking 75-1
multicast groups
joining 40-3, 43-4
leaving 40-5, 47-7
multicast groups, IPv6
joining 47-5
Multicast Listener Discovery version 2 47-1
Multicast Replication Mode Detection enhancement 39-12
multicast RPF 39-3
multicast storms
see traffic-storm control
multicast television application 42-3
multicast VLAN 42-2
Multicast VLAN Registration 42-1
multichassis EtherChannel
see MEC 4-15
Multidomain Authentication (MDA). See also port-based authentication. 76-14
Multilayer MAC ACL QoS Filtering 58-66, 62-9
multilayer switch feature card
see RP
multiple path RPF check 69-8
Multiple Spanning Tree
See MST
MUX-UNI Support 36-7
MUX-UNI support 36-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 76-22
MVR
and IGMPv3 42-2
configuring interfaces 42-6
default configuration 42-5
example application 42-3
in the switch stack 42-5
monitoring 42-8
multicast television application 42-3
restrictions 42-1
setting global parameters 42-6
N
NAC
agentless audit support 76-27
critical authentication 76-21, 76-47
IEEE 802.1x authentication using a RADIUS server 76-50
IEEE 802.1x validation using RADIUS server 76-50
inaccessible authentication bypass 76-47
Layer 2 IEEE 802.1x validation 76-50
Layer 2 IEEE802.1x validation 76-27
native VLAN 20-11
NDAC 63-2
NDE
configuration, displaying 49-18
displaying configuration 49-18
enabling 49-11
filters
destination host, specifying 49-18
destination TCP/UDP port, specifying 49-17
protocol, specifying 49-18
source host and destination TCP/UDP port, specifying 49-17
multicast 49-1
specifying
destination host filters 49-18
destination TCP/UDP port filters 49-17
protocol filters 49-18
NDE version 8 49-3
NEAT
configuring 76-54
overview 76-30
NetFlow
table, displaying entries 32-5
Netflow Multiple Export Destinations 49-15
NetFlow search engine 39-7
NetFlow version 9 49-3
Network Device Admission Control (NDAC) 63-2
Network Edge Access Topology
See NEAT
network ports
Bridge Assurance 31-5
description 31-2
nonaggregate label 36-2, 36-5
non-RPF multicast 39-6
normal-range VLANs
See VLANs
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1
O
OIR 10-11
online diagnostics
CompactFlash disk verification A-41
configuring 15-2
datapath verification A-14
diagnostic sanity check 15-24
egress datapath test A-4
error counter test A-4
interrupt counter test A-4
memory tests 15-24
overview 15-2
running tests 15-6
test descriptions A-1
understanding 15-2
online diagnostic tests A-1
online insertion and removal
See OIR
out-f-band MAC address table synchronization
configuring 20-6
in a VSS 4-2
out of profile
see QoS out of profile
P
packet burst 69-13
packet capture 57-2
packet recirculation 58-19
packet rewrite
CEF 32-2
IP MMLS and 39-4
packets
multicast 66-6
PAgP
understanding 22-5
path cost
MSTP 30-42
PBACLs 62-6
PBF 67-4
PBR 1-8
PBR (policy-based routing)
configuration (example) 33-7
enabling 33-4
peer inconsistent state
in PVST simulation 31-20
per-port VTP enable and disable 24-16
PFC
recirculation 36-5
PFC3 39-7
PIM, IP MMLS and 39-11
PIM snooping
designated router flooding 41-6
enabling globally 41-5
enabling in a VLAN 41-5
overview 41-4
PoE 19-2
Cisco prestandard 19-3
IEEE 802.3af 19-2
IEEE 802.3at 19-2
PoE management 19-3
power policing 19-4
power use measurement 19-4
police command 58-76
policy 58-65
policy-based ACLs (PBACLs) 62-6
policy-based forwarding (PBF) 68-2
policy-based routing
See PBR
policy-based routing (PBR)
configuring 33-1
policy map 58-72
attaching to an interface 58-79, 69-6
policy-map command 58-65, 58-73
port ACLs
defined 66-2
port ACLs (PACLs) 66-1
Port Aggregation Protocol
see PAgP
port-based authentication
AAA authorization 76-33
accounting 76-16
configuring 76-43
authentication server
defined 76-7, 77-3
RADIUS server 76-7
client, defined 76-7, 77-3
configuration guidelines 76-2, 77-1
configuring
guest VLAN 76-45
inaccessible authentication bypass 76-47
initializing authentication of a client 76-39
manual reauthentication of a client 76-39
RADIUS server 76-35, 77-10
RADIUS server parameters on the switch 76-34, 77-9
restricted VLAN 76-46
switch-to-authentication-server retransmission time 76-42
switch-to-client EAP-request frame retransmission time 76-41
switch-to-client frame-retransmission number 76-42, 76-43
switch-to-client retransmission time 76-41
user distribution 76-44
VLAN group assignment 76-44
default configuration 76-31, 77-7
described 76-6
device roles 76-7, 77-3
DHCP snooping 76-15
DHCP snooping and insertion 71-6
displaying statistics 76-57, 77-15
EAPOL-start frame 76-10
EAP-request/identity frame 76-10
EAP-response/identity frame 76-10
enabling
802.1X authentication 76-33, 76-34, 77-9
periodic reauthentication 76-38
encapsulation 76-7
guest VLAN
configuration guidelines 76-19, 76-20
described 76-19
host mode 76-13
inaccessible authentication bypass
configuring 76-47
described 76-21
guidelines 76-4
initiation and message exchange 76-10
MAC authentication bypass 76-26
magic packet 76-28
method lists 76-33
modes 76-13
multiauth mode, described 76-15
multidomain authentication mode, described 76-14
multiple-hosts mode, described 76-13
ports
authorization state and dot1x port-control command 76-12
authorized and unauthorized 76-12
critical 76-21
voice VLAN 76-22
port security
and voice VLAN 76-23
described 76-23
interactions 76-23
multiple-hosts mode 76-13
pre-authentication open access 76-15, 76-36
resetting to default values 76-57
supplicant, defined 76-7
switch
as proxy 76-7, 77-3
RADIUS client 76-7
switch supplicant
configuring 76-54
overview 76-30
user distribution
configuring 76-44
described 76-18
guidelines 76-4
VLAN assignment
AAA authorization 76-33
characteristics 76-17
configuration tasks 76-18
described 76-17
VLAN group
guidelines 76-4
voice VLAN
described 76-22
PVID 76-22
VVID 76-22
wake-on-LAN, described 76-28
port-based QoS features
see QoS
port-channel
see EtherChannel
port-channel load-balance
command 22-11
command example 22-11, 22-12
port-channel load-defer command 4-45
port-channel port load-defer command 4-45
port cost, STP 30-32
port debounce timer
disabling 10-10
displaying 10-10
enabling 10-10
PortFast
edge ports 31-2
network ports 31-2
See STP PortFast
PortFast Edge BPDU filtering
See STP PortFast Edge BPDU filtering
PortFast port types
description31-2, 31-2to ??
edge 31-2
network 31-2
port mode 38-3
port negotiation 10-5
port priority
MSTP 30-41
port priority, STP 30-31
ports
setting the debounce timer 10-10
port security
aging 78-9, 78-10
configuring 78-4
described 78-3
displaying 78-10
enable sticky secure MAC address 78-8
sticky MAC address 78-3
violations 78-3
Port Security is supported on trunks 78-2, 78-5, 78-7, 78-9
port security MAC move 78-3
port security on PVLAN ports 78-2
Port Security with Sticky Secure MAC Addresses 78-3
power management
enabling/disabling redundancy 13-2
overview 13-1
powering modules up or down 13-3
power policing 19-8
power negotiation
through LLDP 19-8
Power over Ethernet 19-2
power over ethernet 19-2
pre-authentication open access. See port-based authentication.
preemption, default configuration 21-4
preemption delay, default configuration 21-4
prerequisites for lawful intercept 79-1
primary links 21-2
primary VLANs 26-6
priority
overriding CoS 18-6, 19-5
private hosts 27-1
private hosts feature
configuration guidelines 27-1
configuring (detailed steps) 27-9
configuring (summary) 27-8
multicast operation 27-4
overview 27-4
port ACLs (PACLs) 27-7
port types 27-5, 27-6
protocol-independent MAC ACLs 27-4
restricting traffic flow with PACLs 27-5
spoofing protection 27-3
private VLANs 26-1
across multiple switches 26-9
and SVIs 26-10
benefits of 26-5
community VLANs 26-6, 26-7
configuration guidelines 26-2, 26-4, 26-10
configuring 26-10
host ports 26-14
pomiscuous ports 26-15
routing secondary VLAN ingress traffic 26-13
secondary VLANs with primary VLANs 26-12
VLANs as private 26-11
end station access to 26-8
IP addressing 26-8
isolated VLANs 26-6, 26-7
monitoring 26-16
ports
community 26-7
configuration guidelines 26-4
isolated 26-7
promiscuous 26-7
primary VLANs 26-6
secondary VLANs 26-6
subdomains 26-5
traffic in 26-10
privileged EXEC mode 2-5
promiscuous ports 26-7
protocol tunneling
See Layer 2 protocol tunneling 29-2
PVRST
See Rapid-PVST 30-3
PVST
description 30-3
PVST simulation
description 31-20
peer inconsistent state 31-20
root bridge 31-20
Q
QoS
auto-QoS
enabling for VoIP 59-4
IPv6 58-4
See also automatic QoS 59-1
QoS classification (definition) 58-120
QoS congestion avoidance
definition 58-121
QoS CoS
and ToS final L3 Switching Engine values 58-18
and ToS final values from L3 Switching Engine 58-18
definition 58-120
port value, configuring 58-91
QoS default configuration 58-111, 61-2
QoS DSCP
definition 58-121
internal values 58-16
maps, configuring 58-86
QoS dual transmit queue
thresholds
configuring 58-92, 58-96
QoS Ethernet egress port
scheduling 58-111
scheduling, congestion avoidance, and marking 58-18
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 58-12
QoS final L3 Switching Engine CoS and ToS values 58-18
QoS internal DSCP values 58-16
QoS L3 Switching Engine
classification, marking, and policing 58-15
feature summary 58-22
QoS labels (definition) 58-121
QoS mapping
CoS values to DSCP values 58-83, 58-86
DSCP markdown values 58-34, 58-87, 60-14
DSCP mutation 58-82, 60-27
DSCP values to CoS values 58-89
IP precedence values to DSCP values 58-87
QoS markdown 58-25
QoS marking
definition 58-121
trusted ports 58-21
untrusted ports 58-20
QoS multilayer switch feature card 58-23
QoS out of profile 58-25
QoS policing
definition 58-121
microflow, enabling for nonrouted traffic 58-60
QoS policing rule
aggregate 58-23
creating 58-64
microflow 58-23
QoS port
trust state 58-89, 58-91
QoS port-based or VLAN-based 58-60
QoS queues
transmit, allocating bandwidth between 58-107
QoS receive queue 58-14, 58-102, 58-104
drop thresholds 58-28
QoS RP
marking 58-23
QoS scheduling (definition) 58-121
QoS session-based 58-17
QoS single-receive, dual-transmit queue ports
configuring 58-97
QoS statistics data export 61-2
configuring 61-2
configuring destination host 61-7
configuring time interval 61-6, 61-8
QoS ToS
and CoS final values from L3 Switching Engine 58-18
definition 58-121
QoS traffic flow through QoS features 58-9
QoS transmit queue
size ratio 58-109, 58-110
QoS transmit queues 58-29, 58-100, 58-101, 58-103, 58-104
QoS trust-cos
port keyword 58-20
QoS trust-dscp
port keyword 58-20
QoS trust-ipprec
port keyword 58-20
QoS untrusted port keyword 58-20
QoS VLAN-based or port-based 58-17, 58-60
quad-supervisor
uplink forwarding 4-9
queries, IGMP 40-4
queries, MLDv2 47-6
R
RADIUS 71-6
RADIUS. See also port-based authentication. 76-7
range
command 52-3
macro 10-2
rapid convergence 30-14
Rapid-PVST
enabling 30-36
Rapid PVST+
interoperation with MST 31-20
Rapid-PVST+
overview 30-3
Rapid Spanning Tree
See RSTP
Rapid Spanning Tree Protocol
See RSTP
receive queues
see QoS receive queues
recirculation 36-5, 58-19
redirect URLs
described 76-25
reduced MAC address 30-3
redundancy (RPR+) 9-1
configuring 9-4
configuring supervisor engine 9-2
displaying supervisor engine configuration 9-5
redundancy command 9-4
related documentation 1-xliii
Remote Authentication Dial-In User Service. See RADIUS.
Replication Mode Detection 39-12
report, MLD 47-5
reserved-range VLANs
See VLANs
restricted VLAN
configuring 76-46
described 76-20
using with IEEE 802.1x 76-20
restricting MIB access 79-10, 79-11
rewrite, packet
CEF 32-2
IP MMLS 39-4
RHI 4-52
RIF cache monitoring 10-12
ROM monitor
CLI 2-7
root bridge
MST 31-20
PVST simulation 31-20
root bridge, STP 30-29
root guard
See STP root guard
root switch
MSTP 30-39
route health injection
See RHI
route-map (IP) command 33-4
route maps
defining 33-4
router guard 44-1
routing table, multicast 39-21
RPF
failure 39-6
multicast 39-3
non-RPF multicast 39-6
RPR and RPR+ support IPv6 multicast traffic 9-1
RSTP
active topology 30-13
BPDU
format 30-16
processing 30-17
designated port, defined 30-13
designated switch, defined 30-13
interoperability with IEEE 802.1D
described 30-24
restarting migration process 30-47
topology changes 30-17
overview 30-13
port roles
described 30-13
synchronized 30-15
proposal-agreement handshake process 30-14
rapid convergence
described 30-14
edge ports and Port Fast 30-14
point-to-point links 30-14, 30-46
root ports 30-14
root port, defined 30-13
See also MSTP
S
Sampled NetFlow
description 49-9
scheduling
see QoS
secondary VLANs 26-6
Secure MAC Address Aging Type 78-9
security
configuring 64-1, 70-3
security, port 78-3
security considerations 79-9
Security Exchange Protocol (SXP) 63-2
Security Group Access Control List (SGACL) 63-2
Security Group Tag (SGT) 63-2
serial IDs
description 50-14
serial interfaces
clearing 10-13
synchronous
maintaining 10-13
server IDs
description 50-14
service-policy command 58-65
service-policy input command 58-61, 58-79, 58-83, 58-85, 60-28, 69-6
service-provider network, MSTP and RSTP 30-18
set default interface command 33-4
set interface command 33-4
set ip default next-hop command 33-4
set ip df command
PBR 33-4
set ip next-hop command 33-4
set ip precedence command
PBR 33-4
set ip vrf command
PBR 33-4
set power redundancy enable/disable command 13-2
set requests 79-7, 79-8, 79-11
setting up lawful intercept 79-7
SGACL 63-2
SGT 63-2
shaped round robin 58-107
short pipe mode
configuring 60-32
show authentication command 76-58
show catalyst6000 chassis-mac-address command 30-4
show dot1x interface command 76-39
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 20-6, 20-13
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip flow export command
displaying NDE export flow IP address and UDP port 49-16
show ip interface command
displaying IP MMLS interfaces 39-19
show ip local policy command 33-5
show ip mroute command
displaying IP multicast routing table 39-21
show ip pim interface command
displaying IP MMLS router configuration 39-19
show mab command 76-61
show mls aging command 48-13
show mls ip multicast group command
displaying IP MMLS group 39-22, 39-25
show mls ip multicast interface command
displaying IP MMLS interface 39-22, 39-25
show mls ip multicast source command
displaying IP MMLS source 39-22, 39-25
show mls ip multicast statistics command
displaying IP MMLS statistics 39-22, 39-25
show mls ip multicast summary
displaying IP MMLS configuration 39-22, 39-25
show mls nde command 49-18
displaying NDE flow IP address 49-16
show mls rp command
displaying IP MLS configuration 48-11
show module command 9-5
show platform entry command 32-5
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
displaying ACLs 66-7, 66-8
show svclc rhi-routes command 4-52
show version command 10-12
shutdown command 10-13
shutdown interfaces
result 10-13
slot number, description 10-2
smart call home 50-1
description 50-5
destination profile (note) 50-23
registration requirements 50-5
service contract requirements 50-2
Transport Gateway (TG) aggregation point 50-4
SMARTnet
smart call home registration 50-5
smart port macros 3-1
configuration guidelines 3-2
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
SNMP
configuring 79-10
default view 79-9
get and set requests 79-7, 79-8, 79-11
notifications 79-9, 79-12
support and documentation 1-7
SNMP-COMMUNITY-MIB 79-9
SNMP-USM-MIB 79-4, 79-9
SNMP-VACM-MIB 79-4, 79-9
snooping
See IGMP snooping
software
upgrading router 5-5
source IDs
call home event format 50-13
source-only-ip flow mask 48-8
source specific multicast with IGMPv3, IGMP v3lite, and URD 39-10
SPAN
configuration guidelines 53-2
configuring 53-12
sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28
VLAN filtering 53-30
destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29
distributed egress 53-10, 53-15
modules that disable for ERSPAN 53-7
input packets with don't learn option
ERSPAN 53-28, 53-29
local SPAN 53-17, 53-18, 53-19
RSPAN 53-22, 53-23, 53-25
understanding 53-12
local SPAN egress session increase 53-3, 53-16
overview 53-7
SPAN Destination Port Permit Lists 53-15
spanning-tree backbonefast
command 31-15, 31-16
command example 31-15, 31-16
spanning-tree cost
command 30-33
command example 30-33
spanning-tree portfast
command 31-2, 31-3, 31-4
command example 31-3, 31-4
spanning-tree portfast bpdu-guard
command 31-8
spanning-tree port-priority
command 30-31
spanning-tree protocol for bridging 34-1
spanning-tree uplinkfast
command 31-13
command example 31-13
spanning-tree vlan
command 30-27, 30-29, 30-30, 30-31, 31-8, 31-17
command example 30-28, 30-29, 30-30, 30-31
spanning-tree vlan cost
command 30-33
spanning-tree vlan forward-time
command 30-35
command example 30-35
spanning-tree vlan hello-time
command 30-35
command example 30-35
spanning-tree vlan max-age
command 30-36
command example 30-36
spanning-tree vlan port-priority
command 30-31
command example 30-32
spanning-tree vlan priority
command 30-34
command example 30-34
speed
configuring interface 10-4
speed command 1-3, 10-4
speed mode
autonegotiation status 10-6
SRR 58-107
standards, lawful intercept 79-4
standby links 21-2
static sharing
description 76-25
statistics
802.1X 76-57, 77-15
sticky ARP 69-21
sticky MAC address 78-3
Sticky secure MAC addresses 78-8, 78-9
storm control
see traffic-storm control
STP
configuring 30-26
bridge priority 30-34
enabling 30-27, 30-28
forward-delay time 30-35
hello time 30-35
maximum aging time 30-36
port cost 30-32
port priority 30-31
root bridge 30-29
secondary root switch 30-30
defaults 30-25
EtherChannel 22-7
normal ports 31-3
understanding 30-2
802.1Q Trunks 30-12
Blocking State 30-8
BPDUs 30-4
disabled state 30-12
forwarding state 30-11
learning state 30-10
listening state 30-9
overview 30-3
port states 30-6
protocol timers 30-5
root bridge election 30-5
topology 30-5
STP BackboneFast
configuring 31-15
figure
adding a switch 31-18
spanning-tree backbonefast
command 31-15, 31-16
command example 31-15, 31-16
understanding 31-13
STP BPDU Guard
configuring 31-7
spanning-tree portfast bpdu-guard
command 31-8
understanding 31-7
STP bridge ID 30-3
STP EtherChannel guard 31-16
STP extensions
description??to 31-20
STP loop guard
configuring 31-19
overview 31-17
STP PortFast
BPDU filter
configuring 31-10
BPDU filtering 31-9
configuring 31-2
spanning-tree portfast
command 31-2, 31-3, 31-4
command example 31-3, 31-4
understanding 31-2
STP port types
normal 31-3
STP root guard 31-17
STP UplinkFast
configuring 31-12
spanning-tree uplinkfast
command 31-13
command example 31-13
understanding 31-11
subdomains, private VLAN 26-5
supervisor engine
environmental monitoring 14-1
redundancy 9-1
synchronizing configurations 9-5
supervisor engine redundancy
configuring 9-2
supervisor engines
displaying redundancy configuration 9-5
supplicant 76-7
surveillance 79-7
svclc command 4-51
Switched Port Analyzer 53-1
switch fabric functionality 17-1
configuring 17-3
monitoring 17-4
switchport
configuring 20-14
example 20-13
show interfaces 10-8, 10-9, 20-6, 20-13
switchport access vlan 20-6, 20-7, 20-10, 20-14
example 20-15
switchport mode access 20-4, 20-6, 20-7, 20-14
example 20-15
switchport mode dynamic 20-9
switchport mode dynamic auto 20-4
switchport mode dynamic desirable 20-4
default 20-5
example 20-13
switchport mode trunk 20-4, 20-9
switchport nonegotiate 20-4
switchport trunk allowed vlan 20-11
switchport trunk encapsulation 20-7, 20-9
switchport trunk encapsulation dot1q
example 20-13
switchport trunk encapsulation negotiate
default 20-5
switchport trunk native vlan 20-11
switchport trunk pruning vlan 20-12
switch priority
MSTP 30-43
switch TopN reports
foreground execution 55-2
running 55-3
viewing 55-3
SXP 63-2
system event archive (SEA) 51-1
System Hardware Capacity 1-4
T
TDR
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
Telnet
accessing CLI 2-2
Time Domain Reflectometer 10-14
TLV
host presence detection 18-4, 76-14, 78-4
traceroute, Layer 2
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
traffic-storm control
command
broadcast 74-4
described 74-2
monitoring 74-5
thresholds 74-2
traffic suppression
see traffic-storm control
transmit queues
see QoS transmit queues
traps, see SNMP notifications
trunks 20-4
802.1Q Restrictions 20-2
allowed VLANs 20-11
configuring 20-8
default interface configuration 20-6
default VLAN 20-10
different VTP domains 20-4
native VLAN 20-11
to non-DTP device 20-4
VLAN 1 minimization 20-12
trust-dscp
see QoS trust-dscp
trusted boundary 18-6
trusted boundary (extended trust for CDP devices) 18-4
trust-ipprec
see QoS trust-ipprec
trustpoint 50-2
tunneling 60-4, 60-29
tunneling, 802.1Q
See 802.1Q 28-4
type length value
See TLV
U
UDE
configuration 35-5
overview 35-4
UDE and UDLR 35-1
UDLD
default configuration 11-4
enabling
globally 11-5
on ports 11-5, 11-6
overview 11-2
UDLR 35-1
back channel 35-3
configuration 35-6
tunnel
(example) 35-7
ARP and NHRP 35-4
UDLR (unidirectional link routing) 35-1
UDP port for SNMP notifications 79-12
UMFB 75-2
unauthorized ports with 802.1X 76-12
unicast storms
see traffic-storm control
Unidirectional Ethernet 35-1
unidirectional ethernet
example of setting 35-5
UniDirectional Link Detection Protocol
see UDLD
uniform mode
configuring 60-36
unknown multicast flood blocking
See UMFB
unknown unicast and multicast flood blocking 75-1
unknown unicast flood blocking
See UUFB
unknown unicast flood rate-limiting
See UUFRL
untrusted
see QoS trust-cos
see QoS untrusted
UplinkFast
See STP UplinkFast
URD 39-10
User-Based Rate Limiting 58-25, 58-76
user EXEC mode 2-5
UUFB 75-2
UUFRL 75-2
V
VACLs 67-2
configuring
examples 67-5
Layer 3 VLAN interfaces 67-5
Layer 4 port operations 62-2
logging
configuration example 67-8
configuring 67-7
restrictions 67-7
MAC address based 67-2
multicast packets 66-6
SVIs 67-5
WAN interfaces 67-2
vlan
command 25-5, 25-6, 49-13, 53-20
command example 25-6
VLAN Access Control Lists
See VACLs
VLAN-based QoS filtering 58-67, 62-10
VLAN-bridge spanning-tree protocol 34-1
vlan database
command 25-5, 25-6, 49-13, 53-20
vlan group command 76-44
VLAN locking 25-4
vlan mapping dot1q
command 25-8
VLAN maps
applying 66-8
VLAN mode 38-3
VLAN port provisioning verification 25-4
VLANs
allowed on trunk 20-11
configuration guidelines 25-2
configuring 25-1
configuring (tasks) 25-4
defaults 25-3
extended range 25-3
interface assignment 25-6
multicast 42-2
name (default) 25-3
normal range 25-3
reserved range 25-3
support for 4,096 VLANs 25-2
token ring 25-3
trunks
understanding 20-4
understanding 25-2
VLAN 1 minimization 20-12
VTP domain 25-4
VLAN translation
command example 25-8, 25-9
voice VLAN
Cisco 7960 phone, port connections 18-2
configuration guidelines 18-1
configuring IP phone for data traffic
override CoS of incoming frame 18-6, 19-5
configuring ports for voice traffic in
802.1Q frames 18-5
connecting to an IP phone 18-5
default configuration 18-4
overview 18-2
voice VLAN. See also port-based authentication. 76-22
VPN
configuration example 37-4
guidelines and restrictions 37-2
VPN supported commands 37-2
VPN switching 37-1
VSS
dual-active detection
Enhanced PAgP, advantages 4-24
Enhanced PAgP, description 4-24
enhanced PAgP, description 4-46
fast-hello, advantages 4-24
fast-hello, description 4-25
VSLP fast-hello, configuration 4-47
VTP
advertisements 24-4, 24-5
client, configuring 24-15
configuration guidelines 24-1
default configuration 24-9
disabling 24-15
domains 24-3
VLANs 25-4
modes
client 24-4
server 24-4
transparent 24-4
monitoring 24-17
overview 24-2
per-port enable and disable 24-16
pruning
configuration 20-12
configuring 24-12
overview 24-7
server, configuring 24-15
statistics 24-17
transparent mode, configuring 24-15
version 2
enabling 24-13
overview 24-5
version 3
enabling 24-13
overview 24-6
server type, configuring 24-11
W
wake-on-LAN. See also port-based authentication. 76-28
web-based authentication
AAA fail policy 77-5
description 77-2
web browser interface 1-7
weighted round robin 58-107
wiretaps 79-4
WRR 58-107