Numerics
10/100 autonegotiation feature, forced 6-13
10-Gigabit Ethernet or Gigabit Ethernet ports
deploy on WS-X4606-10GE-E and Sup 6-E 6-11
10-Gigabit Ethernet port
deploy with Gigabit Ethernet SFP ports 6-11
1400 W DC Power supply
special considerations 10-17
1400 W DC SP Triple Input power supply
special considerations 10-18
802.10 SAID (default) 13-5
802.1AE
standard 40-2
802.1Q
trunks 18-6
tunneling
compatibility with other features 25-5
defaults 25-3
described 25-2
tunnel ports with other features 25-6
802.1Q VLANs
trunk restrictions 15-4
802.1s
See MST
802.1w
See MST
802.1X
See port-based authentication
802.1X authentication
Authentication Failed VLAN assignment 41-17
for Critical Authentication 41-14
for guest VLANs 41-11
for MAC Authentication Bypass 41-12
for Unidirectional Controlled Port 41-15
VLAN User Distribution 41-16
web-based authentication 41-14
with port security 41-19
with VLAN assignment 41-10
with voice VLAN ports 41-22
802.1X Host Mode 41-6
multiauthentication mode 41-8
multidomain authentication mode 41-7
single-host 41-7
802.1x-REV 40-2
802.3ad
See LACP
A
AAA 45-1
AAA (authentication, authorization, and accounting). See also port-based authentication. 43-2
abbreviating commands 2-5
about Wireshark 53-1
access control entries
See ACEs
access control entries and lists 45-1
access-group mode, configuring on Layer 2 interface 49-31
access-group mode, using PACL with 49-30
access list filtering, SPAN enhancement 54-13
access lists
using with WCCP 66-8
access ports
and Layer 2 protocol tunneling 25-15
configure port security 44-7, 44-22
configuring 15-7
access VLANs 15-5
accounting
with RADIUS 41-100
with TACACS+ 3-16, 3-21
ACEs
ACLs 49-2
IP 1-35, 49-2
Layer 4 operation restrictions 49-10
ACEs and ACLs 45-1
ACL assignments, port-based authentication 41-20
ACL configuration, displaying a Layer 2 interface 49-32
ACLs
ACEs 49-2
and SPAN 54-5
and TCAM programming for Sup 6-E 49-9
and TCAM programming for Sup II-Plus thru V-10GE 49-6
applying IPv6 ACLs to a Layer 3 interface 49-17
applying on routed packets 49-26
applying on switched packets 49-25
compatibility on the same switch 49-3
configuring with VLAN maps 49-25
CPU impact 49-12
downloadable 43-7
hardware and software support 49-5
IP, matching criteria for port ACLs 49-4
MAC extended 49-13
matching criteria for router ACLs 49-3
port
and voice VLAN 49-4
defined 49-3
processing 49-12
selecting mode of capturing control packets 49-7
troubleshooting high CPU 49-6
types supported 49-3
understanding 49-2
VLAN maps 49-5
ACLs, applying to a Layer 2 interface 49-31
ACLs and VLAN maps, examples 49-19
acronyms, list of A-1
action drivers, marking 37-20
activating and deactivating a capture point, Wireshark 53-10
activating and deactivating Wiresharkcapture points, conceptual, Wireshark 53-5
active queue management 37-9
active queue management via DBL, QoS on Sup 6-E 37-33
active traffic monitoring, IP SLAs 63-1
adding members to a community 12-9
addresses
displaying the MAC table 4-37
dynamic
changing the aging time 4-23
defined 4-21
learning 4-21
removing 4-24
IPv6 47-2
MAC, discovering 4-37
See MAC addresses
static
adding and removing 4-29
defined 4-21
address resolution 4-37
adjacency tables
description 31-2
displaying statistics 31-9
administrative VLAN
REP, configuring 20-9
administrative VLAN, REP 20-8
advertisements
LLDP 1-6, 27-2
advertisements, VTP
See VTP advertisements
aggregation switch, enabling DHCP snooping 48-9
aging time
MAC address table 4-23
All Auth manager sessions, displaying summary 41-106
All Auth manager sessions on the switch authorized for a specified authentication method 41-107
ANCP client
enabling and configuring 34-2
guidelines and restrictions 34-5
identify a port with DHCP option 82 34-4
identify a port with protocol 34-2
overview 34-1
ANCP protocol
identifying a port with 34-2
applying IPv6 ACLs to a Layer 3 interface 49-17
AQM via DBL, QoS on Sup 6-E 37-33
archiving crashfiles information 2-8
ARP
defined 4-37
table
address resolution 4-37
managing 4-37
asymmetrical links, and 802.1Q tunneling 25-3
attachment points, Wireshark 53-2
attributes, RADIUS
vendor-proprietary 41-103
vendor-specific 41-101
authentication
NTP associations 4-4
RADIUS
key 41-93
login 41-95
See also port-based authentication
TACACS+
defined 3-16
key 3-18
login 3-19
Authentication, Authorization, and Accounting (AAA) 45-1
Authentication Failed, configuring 80.1X 41-64
Authentication methods registered with the Auth manager, determining 41-106
authentication open comand 41-8
authentication proxy web pages 43-4
authentication server
defined 41-3
RADIUS server 41-3
Auth manager session for an interface, verifying 41-107
Auth manager summary, displaying 41-106
authoritative time source, described 4-2
authorization
with RADIUS 41-99
with TACACS+ 3-16, 3-21
authorized and unauthorized ports 41-5
authorized ports with 802.1X 41-5
autoconfiguration 3-2
automatic discovery
considerations 12-7
Auto-MDIX on a port
configuring 6-23
displaying the configuration 6-24
overview 6-22
autonegotiation feature
forced 10/100Mbps 6-13
Auto SmartPorts built-in macros
configuring parameters 17-6
Auto SmartPorts macros
built-in macros 17-5
configuration guidelines 17-5
default configuration 17-4
defined 17-1
displaying 17-13
enabling 17-4
IOS shell 17-2, 17-10
Auto Smartports macros
defined 1-2
Auto SmartPorts user-defined macros
configuring 17-10
auto-sync command 8-7
Auto SmartPorts macros
See also SmartPorts macros
Auto Smartports macros
See also Smartports macros
B
Baby Giants
interacting with 6-21
BackboneFast
adding a switch (figure) 21-3
and MST 18-23
configuring 21-15
link failure (figure) 21-14, 21-15
not supported MST 18-23
understanding 21-13
See also STP
banners
configuring
login 4-20
message-of-the-day login 4-18
default configuration 4-18
when displayed 4-17
b command 67-3
b flash command 67-3
BGP 1-14
routing session with multi-VRF CE 36-12
blocking packets 50-1
blocking state (STP)
RSTP comparisons (table) 18-24
Boolean expressions in tracked lists 55-4
boot bootldr command 3-32
boot command 3-28
boot commands 67-3
boot fields
See configuration register boot fields
bootstrap program
See ROM monitor
boot system command 3-26, 3-32
boot system flash command 3-28
Border Gateway Protocol
See BGP
boundary ports
description 18-27
BPDU Guard
and MST 18-23
configuring 21-15
overview 21-8
BPDUs
and media speed 18-2
pseudobridges and 18-25
what they contain 18-3
bridge ID
See STP bridge ID
bridge priority (STP) 18-17
bridge protocol data units
See BPDUs
Broadcast Storm Control
disabling 51-5
enabling 51-3
Built-in macros and user-defined triggers, configuring mapping 17-9
C
cache engine clusters 66-1
cache engines 66-1
cache farms
See cache engine clusters
Call Home
description 1-21, 62-2
message format options 62-2
messages
format options 62-2
call home 62-1
alert groups 62-6
configuring e-mail options 62-9
contact information 62-4
default settings 62-18
destination profiles 62-5
displaying information 62-14
mail-server priority 62-10
pattern matching 62-9
periodic notification 62-8
rate limit messages 62-9
severity threshold 62-8
smart call home feature 62-2
SMTP server 62-9
testing communications 62-10
call home alert groups
configuring 62-6
description 62-6
subscribing 62-7
call home contacts
assigning information 62-4
call home destination profiles
attributes 62-5
configuring 62-5
description 62-5
displaying 62-16
call home notifications
full-txt format for syslog 62-25
XML format for syslog 62-28
candidates
automatic discovery 12-7
candidate switch, cluster
defined 12-12
capture filter, Wireshark 53-3
capture points, Wireshark 53-2
Capturing control packets
selecting mode 49-7
cautions
Unicast RPF
BGP optional attributes 32-5
cautions for passwords
encrypting 3-22
CDP
automatic discovery in communities 12-7
configuration 26-2
defined with LLDP 27-1
displaying configuration 26-3
enabling on interfaces 26-3
host presence detection 41-8
Layer 2 protocol tunneling 25-13
maintaining 26-3
monitoring 26-3
overview 1-3, 26-1
cdp enable command 26-3
CEF
adjacency tables 31-2
and NSF with SSO 9-4
configuring load balancing 31-7
displaying statistics 31-8
enabling 31-6, 65-2
hardware switching 31-4
load balancing 31-6
overview 31-2
software switching 31-4
certificate authority (CA) 62-3
CFM
and Ethernet OAM, configuring 60-51
and Ethernet OAM interaction 60-51
clearing 60-31
configuration guidelines 60-7, 61-4
configuring crosscheck for VLANs 60-11
configuring fault alarms 60-16
configuring port MEP 60-14
configuring static remote MEP 60-13, 60-16, 60-18
crosscheck 60-5
defined 60-2
EtherChannel support 60-7, 61-4
fault alarms
configuring 60-16
IP SLAs support for 60-6
IP SLAs with endpoint discovers 60-21
maintenance domain 60-2
manually configuring IP SLAs ping or jitter 60-19
measuring network performance 60-6
monitoring 60-32, 60-33
port MEP, configuring 60-14
remote MEPs 60-5
static RMEP, configuring 60-13, 60-16, 60-18
static RMEP check 60-5
Y.1731
described 60-27
CGMP
overview 23-1
Change of Authorization, RADIUS 41-86
channel-group group command 22-8, 22-10
Cisco 7600 series Internet router
enabling SNMP 68-4, 68-5
Cisco Discovery Protocol
See CDP
Cisco Express Forwarding
See CEF
Cisco Group Management Protocol
See CGMP
Cisco IOS IP SLAs 63-2
Cisco IOS NSF-aware
support 9-2
Cisco IOS NSF-capable support 9-2
Cisco IP Phones
configuring 38-3
sound quality 38-1
Cisco TrustSec
credentials 40-10
switch-to-switch security
802.1x mode 40-11
configuration example 40-14
manual mode 40-12
Cisco TrustSec Network Device Admission Control
See NDAC
CiscoWorks 2000 58-4
CIST
description 18-22
civic location 27-3
class level, configure in a service policy 37-30
class of service
See CoS
clear cdp counters command 26-4
clear cdp table command 26-3
clear counters command 6-28
clearing
Ethernet CFM 60-31
IP multicast table entries 33-27
clear ip eigrp neighbors command 30-18
CLI
accessing 2-1
backing out one level 2-5
getting commands 2-5
history substitution 2-3
managing clusters 12-13
modes 2-5
monitoring environments 54-1
ROM monitor 2-7
software basics 2-4
client processes, tracking 55-1
clients
in 802.1X authentication 41-3
clock
See system clock
clustering switches
command switch characteristics
and VTY 12-12
convert to a community 12-10
managing
through CLI 12-13
overview 12-2
planning considerations
CLI 12-13
passwords 12-8
CoA Request Commands 41-89
command-line processing 2-3
command modes 2-5
commands
b 67-3
b flash 67-3
boot 67-3
confreg 67-3
dev 67-3
dir device 67-3
frame 67-5
i 67-3
listing 2-5
meminfo 67-5
reset 67-3
ROM monitor 67-2 to 67-3
ROM monitor debugging 67-5
SNMP 68-4
sysret 67-5
command switch, cluster
requirements 12-11
common and internal spanning tree
See CIST
common spanning tree
See CST
community of switches
access modes in Network Assistant 12-9
adding devices 12-9
communication protocols 12-8
community name 12-8
configuration information 12-9
converting from a cluster 12-10
host name 12-8
passwords 12-8
community ports 39-3
community strings
configuring 58-7
overview 58-4
community VLANs 39-2, 39-3
configure as a PVLAN 39-15
compiling MIBs 68-4
config-register command 3-29
config terminal command 3-9
configurable leave timer,IGMP 23-4
configuration examples
SNMP 58-15
configuration files
limiting TFTP server access 58-15
obtaining with DHCP 3-6
saving 3-10
system contact and location information 58-14
configuration guidelines
CFM 60-7, 61-4
Ethernet OAM 60-35
REP 20-7
SNMP 58-6
VLAN mapping 25-10
configuration register
boot fields
listing value 3-29
modifying 3-28
changing from ROM monitor 67-3
changing settings 3-28 to 3-29
configuring 3-26
settings at startup 3-27
configure class-level queue-limit in a service policy 37-30
configure terminal command 3-29, 6-2
configuring access-group mode on Layer 2 interface 49-31
configuring flow control 6-15
configuring interface link and trunk status envents 6-29
configuring named IPv6 ACLs 49-16
configuring named MAC extended ACLs 49-13, 49-15
configuring unicast MAC address filtering 49-13
configuring VLAN maps 49-17
confreg command 67-3
Connectivity Fault Management
See CFM
console configuration mode 2-5
console download 67-4 to 67-5
console port
disconnecting user sessions 7-8
monitoring user sessions 7-7
contact information
assigning for call home 62-4
controlling switch access with RADIUS 41-84
Control Plane Policing
and Layer 2 Control packet QoS, configuration example 45-13
configuration guidelines and restrictions 45-7
configuring for control plane traffic 45-4
configuring for data plane and management plan traffic 45-5
defaults 45-3
general guidelines 45-3
monitoring 45-7
understanding 45-2
control protocol, IP SLAs 63-4
convergence
REP 20-4
copy running-config startup-config command 3-10
copy system:running-config nvram:startup-config command 3-32
core system filter, Wireshark 53-3
CoS
definition 37-3
figure 37-2
overriding on Cisco IP Phones 38-5
priority 38-5
counters
clearing MFIB 33-27
clearing on interfaces 6-28
CPU, impact of ACL processing 49-12
CPU port sniffing 54-10
crashfiles information, archiving 2-8
Critical Authentication
configure with 802.1X 41-58
crosscheck, CFM 60-5, 60-11
CST
description 18-25
IST and 18-22
MST and 18-22
customer edge devices 36-2
C-VLAN 1-2, 25-7
D
database agent
configuration examples 48-15
enabling the DHCP Snooping 48-13
daylight saving time 4-13
debug commands, ROM monitor 67-5
decoding and displaying packets, Wireshark 53-5
default configuration
802.1X 41-27
banners 4-18
DNS 4-16
Ethernet OAM 60-35
IGMP filtering 23-20
IGMP snooping 24-5, 24-6
IP SLAs 63-6
IPv6 47-7
Layer 2 protocol tunneling 25-16
LLDP 27-5
MAC address table 4-23
multi-VRF CE 36-3
NTP 4-4
private VLANs 39-12
RADIUS 41-92
REP 20-7
resetting the interface 6-32
RMON 64-3
SNMP 58-5
SPAN and RSPAN 54-6
system message logging 56-3
TACACS+ 3-18
VLAN mapping 25-9
Y.1731 60-29
default gateway
configuring 3-11
verifying configuration 3-11
default settings, erase commad 3-32
default web-based authentication configuration
802.1X 43-6
defining/modifying/deleting a capture point, Wireshark 53-8
denial-of-service attacks
IP address spoofing, mitigating 32-5
Unicast RPF, deploying 32-5
denying access to a server on another VLAN 49-23
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-11
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-11
description command 6-15
dev command 67-3
device discovery protocol 27-1
device IDs
call home format 62-21, 62-22
DHCP
configuring
rate limit for incoming packets 48-13
denial-of-service attacks, preventing 48-13
rate limiting of packets
configuring 48-13
DHCP-based autoconfiguration
client request message exchange 3-3
configuring
client side 3-3
DNS 3-5
relay device 3-5
server-side 3-4
TFTP server 3-4
example 3-7
lease options
for IP address information 3-4
for receiving the configuration file 3-4
overview 3-2
relationship to BOOTP 3-3
DHCP option 82
identifying a port with 34-4
overview 48-4
DHCP Snooping
enabling, and Option 82 48-10
DHCP snooping
accepting untrusted packets form edge switch 48-10
configuring 48-6
default configuration 48-7
displaying binding tables 48-19
displaying configuration 48-19
displaying information 48-18
enabling 48-7
enabling on private VLAN 48-12
enabling on the aggregation switch 48-9
enabling the database agent 48-13
message exchange process 48-4
monitoring 48-23
option 82 data insertion 48-4
overview 48-1
Snooping database agent 48-2
DHCP Snooping Database Agent
adding to the database (example) 48-18
enabling (example) 48-15
overview 48-2
reading from a TFTP file (example) 48-17
Diagnostics
online 65-1
Power-On-Self-Test
causes of failure 65-14
how it works 65-10
overview 65-10
Power-On-Self-Test for Supervisor Engine V-10GE 65-10
Differentiated Services Code Point values
See DSCP values
DiffServ architecture, QoS 37-2
Digital optical monitoring transceiver support 6-11
dir device command 67-3
disabled state
RSTP comparisons (table) 18-24
disabling
broadcast storm control 51-5
disabling multicast storm control 51-5
disconnect command 7-8
discovery, clusters
See automatic discovery
discovery, Ethernet OAM 60-34
display dection and removal events 11-7
display filter, Wireshark 53-3
displaying
Auth Manager sumary for an interface 41-106
MAB details 41-109
summary of all Auth manager sessions 41-106
summary of all Auth manager sessions on the switch authorized for a specified authentication method 41-107
displaying EtherChannel to a Virtual Switch System 22-16
displaying storm control 51-6
displaying Wireshark information 53-13
display PoE consumed by a module 11-8
display PoE detection and removal events 11-7
DNS
and DHCP-based autoconfiguration 3-5
default configuration 4-16
displaying the configuration 4-17
overview 4-15
setting up 4-16
document conventions iii-lv
domain names
DNS 4-15
Domain Name System
See DNS
double-tagged packets
802.1Q tunneling 25-2
Layer 2 protocol tunneling 25-15
downloading MIBs 68-3, 68-4
drop threshold for Layer 2 protocol packets 25-16
DSCP values
definition 37-4
IP precedence 37-2
duplex command 6-14
duplex mode
configuring interface 6-12
dynamic ARP inspection
ARP cache poisoning 46-2
configuring
ACLs for non-DHCP environments 46-11
in DHCP environments 46-5
log buffer 46-14
rate limit for incoming ARP packets 46-16
denial-of-service attacks, preventing 46-16
interface trust state, security coverage 46-3
log buffer
configuring 46-14
logging of dropped packets 46-4
overview 46-1
port channels, their behavior 46-5
priority of static bindings 46-4
purpose of 46-2
rate limiting of ARP packets 46-4
configuring 46-16
validation checks, performing 46-19
Dynamic Host Configuration Protocol snooping
See DHCP snooping
dynamic port VLAN membership
example 13-29
limit on hosts 13-29
reconfirming 13-26
troubleshooting 13-29
E
EAP frames
changing retransmission time 41-75
exchanging (figure) 41-4, 41-6, 41-13
request/identity 41-4
response/identity 41-4
setting retransmission number 41-76
EAPOL frames
802.1X authentication and 41-3
OTP authentication, example (figure) 41-4, 41-13
start 41-4
edge ports
description 18-27
EGP
overview 1-14
EIGRP
configuration examples 30-19
monitoring and maintaining 30-18
EIGRP (Enhanced IGRP)
stub routing
benefits 30-17
configuration tasks 30-17
configuring 30-13
overview 30-13
restrictions 30-17
verifying 30-18
EIGRP (enhanced IGRP)
overview 1-15
eigrp stub command 30-18
EIGRP stub routing, configuring 30-12
ELIN location 27-3
e-mail addresses
assigning for call home 62-4
e-mail notifications
Call Home 1-21, 62-2
Embedded CiscoView
displaying information 4-41
installing and configuring 4-38
overview 4-38
emergency alarms on Sup Engine 6-E systems 10-3
enable command 3-9, 3-28
enable mode 2-5
enabling SNMP 68-4, 68-5
encryption keying 40-2
encryption keys, MKA 40-2
Enhanced Interior Gateway Routing Protocol
See EIGRP
enhanced object tracking
defined 55-1
IP routing state 55-2
line-protocol state 55-2
tracked lists 55-3
Enhanced PoE support on E-series 11-15
Enhanced PoE support on E-series,configuring Universal PoE 11-16
environmental monitoring
using CLI commands 10-1
EPM logging 41-109
errdisable recovery
configuring 11-14
EtherChannel
channel-group group command 22-8, 22-10
configuration guidelines 22-5
configuring 22-6 to 22-15
configuring Layer 2 22-10
configuring Layer 3 22-6
displaying to a virtual switch system 22-16
interface port-channel command 22-7
lacp system-priority
command example 22-13
modes 22-3
overview 22-2
PAgP
Understanding 22-3
physical interface configuration 22-7
port-channel interfaces 22-2
port-channel load-balance command 22-14
removing 22-15
removing interfaces 22-15
EtherChannel guard
disabling 21-6
enabling 21-6
overview 21-6
Ethernet management port
and routing 6-6
and routing protocols 6-6
configuring 6-10
default setting 6-6
described 1-26, 6-6
for network management 1-26, 6-6
specifying 6-10
supported features 6-9
unsupported features 6-10
Ethernet management port, internal
and routing protocols 6-6
Ethernet Management Port, using 6-6
Ethernet OAM 60-34
and CFM interaction 60-51
configuration guidelines 60-35
configuring with CFM 60-51
default configuration 60-35
discovery 60-34
enabling 60-36, 60-52
link monitoring 60-34, 60-38
messages 60-34
protocol
defined 60-33
monitoring 60-49
remote failure indications 60-34
remote loopback 60-34, 60-37
templates 60-44
Ethernet OAM protocol CFM notifications 60-51
Ethernet Remote Defect Indication (ETH-RDI) 60-28
event triggers, user-defined
configuring, 802.1X-based 17-8
configuring, MAC address-based 17-9
explicit host tracking
enabling 23-11
extended range VLANs
See VLANs
Extensible Authentication Protocol over LAN 41-2
Exterior Gateway Protocol
See EGP
F
Fa0 port
See Ethernet management port
Fallback Authentication
configure with 802.1X 41-68
FastDrop
overview 33-10
fastethernet0 port
See Ethernet management port
Fast UDLD
configuring probe message interval 28-8
default configuration 28-4
displaying link status 28-8
enabling globally 28-5
enabling on individual interface 28-7
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
Fast UDLD, overview 28-1
feature interactions, Wireshark 53-6
FIB
description 31-2
See also MFIB
fiber-optics interfaces
disabling UDLD 28-7
Filter-ID ACL and Per-User ACL, configureport-based authentication
configure Per-User ACL and Filter-ID ACL 41-43
filtering
in a VLAN 49-17
non-IP traffic 49-13, 49-15
filters, Wireshark 53-2
flags 33-11
Flash memory
configuring router to boot from 3-31
loading system images from 3-31
security precautions 3-31
Flexible NetFlow
caveats 59-1
defined 1-4, 59-1
Flex Links
configuration guidelines 19-6
configuring 19-6, 19-7
configuring preferred VLAN 19-9
configuring VLAN load balancing 19-8
monitoring 19-12
flooded traffic, blocking 50-2
flowchart, traffic marking procedure 37-20
flow control, configuring 6-15
For 11-13
forward-delay time (STP)
configuring 18-19
forwarding information base
See FIB
frame command 67-5
G
gateway
See default gateway
get-bulk-request operation 58-3
get-next-request operation 58-3, 58-4
get-request operation 58-3, 58-4
get-response operation 58-3
Gigabit Ethernet SFP ports
deploy with 10-Gigabit Ethernet 6-11
global configuration mode 2-5
Guest-VLANs
configure with 802.1X 41-54
H
hardware and software ACL support 49-5
hardware switching 31-5
hello time (STP)
configuring 18-17
high CPU due to ACLs, troubleshooting 49-6
history
CLI 2-3
history table, level and number of syslog messages 56-9
hop counts
configuring MST bridges 18-28
host
limit on dynamic port 13-29
host modes, MACsec 40-4
host ports
kinds of 39-4
host presence CDP message 41-8
Hot Standby Routing Protocol
See HSRP
HSRP
description 1-13
hw-module module num power command 10-18
I
ICMP
enabling 7-13
ping 7-8
running IP traceroute 7-10
time exceeded messages 7-10
ICMP Echo operation
configuring 63-11
IP SLAs 63-11
i command 67-3
IDS
using with SPAN and RSPAN 54-2
IEEE 802.1ag 60-2
IEEE 802.1s
See MST
IEEE 802.1w
See MST
IEEE 802.3ad
See LACP
IGMP
configurable-leave timer 23-4
description 33-3
enabling 33-13
explicit host tracking 23-4
immediate-leave processing 23-3
leave processing, enabling 24-8
overview 23-1
report suppression
disabling 24-10
IGMP filtering
configuring 23-20
default configuration 23-20
described 23-20
monitoring 23-23
IGMP groups
setting the maximum number 23-22
IGMP Immediate Leave
configuration guidelines 23-9
IGMP profile
applying 23-21
configuration mode 23-20
configuring 23-20
IGMP Snooping
configure
leave timer 23-9
configuring
Learning Methods 23-7
static connection to a multicast router 23-7
configuring host statically 23-11
enabling
Immediate-Leave processing
explicit host tracking 23-11
suppressing multicast flooding 23-12
IGMP snooping
configuration guidelines 23-5
default configuration 24-5, 24-6
enabling
globally 23-5
on a VLAN 23-6
enabling and disabling 24-6
IP multicast and 33-4
monitoring 23-14, 24-10
overview 23-1
IGMP Snooping, displaying
group 23-16
hot membership 23-15
how to 23-14
MAC address entries 23-17
multicast router interfaces 23-17
on a VLAN interface 23-18
Querier information 23-18
IGMPSnooping Querier, configuring 23-10
Immediate Leave, IGMP
enabling 24-8
immediate-leave processing
enabling 23-8
IGMP
See fast-leave processing
ingress packets, SPAN enhancement 54-12
inline power
configuring on Cisco IP phones 38-5
insufficient inline power handling for Supervisor Engine II-TS 10-18
Intelligent Power Management 11-4
interacting with Baby Giants 6-21
interface
displaying operational status 11-6
interface command 3-9, 6-2
interface configuration
REP 20-10
interface link and trunk status events
configuring 6-29
interface port-channel command 22-7
interface range command 6-4
interface range macro command 6-10
interfaces
adding descriptive name 6-15
clearing counters 6-28
configuring 6-2
configuring ranges 6-4
displaying information about 6-28
Layer 2 modes 15-3
maintaining 6-27
monitoring 6-27
naming 6-15
numbers 6-2
overview 6-2
restarting 6-29
See also Layer 2 interfaces
using the Ethernet Management Port 6-6
Internet Control Message Protocol
See ICMP
Internet Group Management Protocol
See IGMP
Internet Protocol version 6
See IPv6
introduction
802.1X Identity-Based Network Security, list of supported features 1-30
Cisco Call Home 1-21
Cisco Energy Wise 1-21
Cisco IOS IP Service Level Agreements 1-21
Cisco IOS Mediatrace and Performance Monitor 1-23
Cisco Medianet AutoQoS 1-22
Cisco Medianet Flow Metadata 1-23
Cisco Media Services Proxy 1-22
Cisco TrustSec MACsec Encryption 1-31
Cisco TrustSec Security Architecture 1-32
Debugging Features (platform and debug platform) 1-37
Dynamic Host Control Protocol 1-25
Easy Virtual Network 1-25
Embedded Event Manager 1-26
Ethernet Management Port 1-26
hard-based Control Plane Policing 1-33
Intelligent Power Management 1-27
IP Source Guard 1-33
IP Source Guard or Static Hosts 1-33
Layer 2 traceroute 1-36
MAC Address Notification 1-27
NAC
Layer 2 802.1X authentication 1-34
Layer 2 IP validation 1-34
Network Security with ACLs (IP ACLs, MAC ACLs, Port ACLs, Router, ACLs, and VLAN ACLs) 1-35
Port Security 1-35
Power over Ethernet 1-27
Simple Network Management Protocol 1-28
SPAN and RSPAN 1-28
Time Domain Reflectometry 1-36
Universal Power over Ethernet 1-28
Web-based Authentication 1-37
Web Content Coordination Protocol 1-29
XML-PI 1-29
Intrusion Detection System
See IDS
inventory management TLV 27-3, 27-9
IOS shell
See Auto SmartPorts macros
IP
configuring default gateway 3-11
configuring static routes 3-11
displaying statistics 31-8
IP addresses
128-bit 47-2
cluster candidate or member 12-12
cluster command switch 12-11
discovering 4-37
IPv6 47-2
ip cef command 31-6, 65-2
IP Enhanced IGRP
interfaces, displaying 30-19
ip icmp rate-limit unreachable command 7-13
ip igmp profile command 23-20
ip igmp snooping tcn flood command 23-13
ip igmp snooping tcn flood query count command 23-13
ip igmp snooping tcn query solicit command 23-14
IP information
assigned
through DHCP-based autoconfiguration 3-2
ip load-sharing per-destination command 31-7
ip local policy route-map command 35-7
ip mask-reply command 7-14
IP MTU sizes,configuring 30-9
IP multicast
clearing table entries 33-27
configuring 33-12
default configuration 33-12
displaying PIM information 33-22
displaying the routing table information 33-23
enabling dense-mode PIM 33-14
enabling sparse-mode 33-14
features not supported 33-12
hardware forwarding 33-8
IGMP snooping and 23-4, 33-4
overview 33-1
routing protocols 33-2
software forwarding 33-8
See also Auto-RP; IGMP; PIM; RP; RPF
IP multicast routing
enabling 33-13
monitoring and maintaining 33-22
ip multicast-routing command 33-13
IP multicast traffic, load splitting 33-21
IP phones
configuring voice ports 38-3
See Cisco IP Phones 38-1
ip pim command 33-14
ip pim dense-mode command 33-14
ip pim sparse-dense-mode command 33-15
ip policy route-map command 35-7
IP Port Security for Static Hosts
on a Layer 2 access port 48-25
on a PVLAN host port 48-28
overview 48-24
ip redirects command 7-14
IP routing tables
deleting entries 33-27
IPsec VPN, introduction 1-34
IP Service Level Agreements
See IP SLAs
IP service levels, analyzing 63-1
IP SLAs
benefits 63-2
CFM endpoint discovery 60-21
configuration guidelines 63-6
Control Protocol 63-4
default configuration 63-6
definition 63-1
ICMP echo operation 63-11
manually configuring CFM ping or jitter 60-19
measuring network performance 63-3
multioperations scheduling 63-5
operation 63-3
reachability tracking 55-9
responder
described 63-4
enabling 63-7
response time 63-4
scheduling 63-5
SNMP support 63-2
supported metrics 63-2
threshold monitoring 63-6
track state 55-9
UDP jitter operation 63-8
IP Source Guard
configuring 48-20
configuring on private VLANs 48-22
displaying 48-22, 48-23
overview 48-23
IP statistics
displaying 31-8
IP traceroute
executing 7-10
overview 7-9
IP unicast
displaying statistics 31-8
IP Unnumbered support
configuring on a range of Ethernet VLANs 14-5
configuring on LAN and VLAN interfaces 14-4
configuring with connected host polling 14-6
DHCP Option 82 14-2
displaying settings 14-7
format of agent remote ID suboptions 14-2
troubleshooting 14-8
with conected host polling 14-3
with DHCP server and Relay agent 14-2
ip unreachables command 7-13
IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 49-29
IPv6
addresses 47-2
default configuration 47-7
defined 1-17, 47-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 47-6
Router ID 47-6
OSPF 47-6
IPv6 control traffic, policing 45-15
IPX
redistribution of route information with EIGRP 1-15
is 25-19
ISL
trunking with 802.1Q tunneling 25-4
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
ISSU
compatibility matrix 5-13
compatiblity verification using Cisco Feature Navigator 5-14
NSF overview 5-3
perform the process
aborting a software upgrade 5-31
configuring the rollback timer as a safeguard 5-32
displaying a compatibility matrix 5-34
loading the new software on the new standby 5-24
stopping the rollback timer 5-23
switching to the standby 5-21
verify the ISSU state 5-17
verify the redundancy mode 5-16
verify the software installation 5-15
vload the new software on standby 5-18
prerequisites 5-2
process overview 5-6
restrictions 5-2
SNMP support 5-14
SSO overview 5-3
IST
and MST regions 18-22
description 18-22
master 18-27
ITU-T Y.1731
See Y.1731
J
jumbo frames
and ethernet ports 6-19
configuring MTU sizes for 6-20
ports and linecards that support 6-18
understanding MTUs 6-18
understanding support 6-18
VLAN interfaces 6-20
K
keyboard shortcuts 2-3
L
l2protocol-tunnel command 25-17
labels, definition 37-3
LACP
system ID 22-4
Layer 2 access ports 15-7
Layer 2 Control Packet QoS
and CoPP configuration example 45-13
default configuation 45-10
disabling 45-12
enabvling 45-11
guideline and restrictions 45-15
understanding 45-10
Layer 2 frames
classification with CoS 37-2
Layer 2 interface
applying ACLs 49-31
configuring access-mode mode on 49-31
configuring IPv4, IPv6, and MAC ACLs 49-29
displaying an ACL configuration 49-32
Layer 2 interfaces
assigning VLANs 13-7
configuring 15-5
configuring as PVLAN host ports 39-18
configuring as PVLAN promiscuous ports 39-17
configuring as PVLAN trunk ports 39-19
defaults 15-4
disabling configuration 15-8
modes 15-3
show interfaces command 15-6
Layer 2 interface type
resetting 39-24
setting 39-24
Layer 2 protocol tunneling
default configuration 25-16
guidelines 25-16
Layer 2 switching
overview 15-1
Layer 2 Traceroute
and ARP 7-11
and CDP 7-11
host-to-host paths 7-11
IP addresses and subnets 7-11
MAC addresses and VLANs 7-11
multicast traffic 7-11
multiple devices on a port 7-11
unicast traffic 1-36, 7-10
usage guidelines 7-11
Layer 2 trunks
configuring 15-5
overview 15-3
Layer 3 interface, applying IPv6 ACLs 49-17
Layer 3 interface counters,configuring 30-10
Layer 3 interface counters,understanding 30-3
Layer 3 interfaces
changing from Layer 2 mode 36-7
configuration guidelines 30-5
configuring VLANs as interfaces 30-7
overview 30-1
counters 30-3
logical 30-2
physical 30-2
SVI autostate exclude 30-3
Layer 3 packets
classification methods 37-2
Layer 4 port operations
configuration guidelines 49-11
restrictions 49-10
Leave timer, enabling 23-9
link and trunk status events
configuring interface 6-29
link integrity, verifying with REP 20-4
Link Layer Discovery Protocol
See CDP
link monitoring, Ethernet OAM 60-34, 60-38
link-state tracking
configuration guidelines 22-21
default configuration 22-21
described 22-18
displaying status 22-22
generic configuration procedure 22-21
link status, displaying UDLD 28-8
listening state (STP)
RSTP comparisons (table) 18-24
LLDP
configuring 27-4
characteristics 27-5
default configuration 27-5
disabling and enabling
globally 27-6
on an interface 27-7
monitoring and maintaining 27-14
overview 27-1
transmission timer and holdtime, setting 27-5
LLDP-MED
configuring
procedures 27-4
TLVs 27-9, 27-11
monitoring and maintaining 27-14
overview 27-1
supported TLVs 27-2
LLDP Media Endpoint Discovery
See LLDP-MED
load balancing
configuring for CEF 31-7
configuring for EtherChannel 22-14
overview 22-5, 31-6
per-destination 31-7
load splitting IP multicast traffic 33-21
Location Service
overview 27-1
location service
configuring 27-12
understanding 27-3
location TLV 27-3, 27-9
logging, EPM 41-109
Logical Layer 3 interfaces
configuring 30-6
logical layer 3 VLAN interfaces 30-2
login authentication
with RADIUS 41-95
with TACACS+ 3-19
login banners 4-17
login timer
changing 7-7
logoutwarning command 7-7
loop guard
and MST 18-23
configuring 21-4
overview 21-3
M
MAC/PHY configuration status TLV 27-2
MAC addresses
aging time 4-23
allocating 18-6
and VLAN association 4-22
building tables 4-21, 15-2
convert dynamic to sticky secure 44-5
default configuration 4-23
disabling learning on a VLAN 4-32
discovering 4-37
displaying 7-4
displaying in DHCP snooping binding table 48-19
dynamic
learning 4-21
removing 4-24
in ACLs 49-13
static
adding 4-30
allowing 4-31
characteristics of 4-29
dropping 4-31
removing 4-30
sticky 44-4
sticky secure, adding 44-5
MAC address learning, disabling on a VLAN 4-32
confuguring 4-32
deployment scenarios 4-33
feature compatibility 4-35
feature incompatibility 4-36
feature inompatibility 4-36
usage guidelines 4-33
MAC address table
displaying 4-37
MAC address-table move update
configuration guidelines 19-10
configuring 19-10
monitoring 19-12
MAC Authentication Bypass
configure with 802.1X 41-57
MAC details, displaying 41-109
MAC extended access lists 49-13
macl 49-14
macros
See Auto SmartPorts macros
See Auto Smartports macros
See Smartports macros
MACSec
802.1AE Tagging 40-8
MACsec 40-2
configuring on an interface 40-7
defined 40-1, 40-2
switch-to-switch security 40-1
MACsec Key Agreement Protocol
See MKA
main-cpu command 8-7
management address TLV 27-2
management options
SNMP 58-1
Management Port, Ethernet 6-6
manual preemption, REP, configuring 20-13
marking
hardware capabilities 37-22
marking action drivers 37-20
marking network traffic 37-17
marking support, multi-attribute 37-21
match ip address command 35-6
maximum aging time (STP)
configuring 18-18
MDA
configuration guidelines 41-23 to ??
described 41-22
Media Access Control Security
See MACsec
members
automatic discovery 12-7
member switch
managing 12-13
member switch, cluster
defined 12-2
meminfo command 67-5
messages, Ethernet OAM 60-34
messages, to users through banners 4-17
Metro features
Ethernet CFM, introduction 1-3
Ethernet OAM Protocol, introduction 1-3
Flex Link and MAC Address-Table Move Update, introduction 1-4
Y.1731 (AIS and RDI), introduction 1-10
metro tags 25-2
MFIB
CEF 33-5
overview 33-11
MFIB, IP
displaying 33-25
MIBs
compiling 68-4
downloading 68-3, 68-4
overview 58-1
related information 68-3
SNMP interaction with 58-4
MKA
configuring policies 40-6
defined 40-2
policies 40-3
replay protection 40-3
statistics 40-5
virtual ports 40-3
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
MLD Snooping
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
Multicast client aging robustness 24-3
Multicast router discovery 24-3
overview 24-1
Mode of capturing control packets, selecting 49-7
modules
checking status 7-2
powering down 10-18
monitoring
802.1Q tunneling 25-18
ACL information 49-35
Ethernet CFM 60-32, 60-33
Ethernet OAM 60-49
Ethernet OAM protocol 60-49
Flex Links 19-12
IGMP
snooping 24-10
IGMP filters 23-23
IGMP snooping 23-14
Layer 2 protocol tunneling 25-18
MAC address-table move update 19-12
multicast router interfaces 24-11
multi-VRF CE 36-17
object tracking 55-12
REP 20-14
traffic flowing among switches 64-1
tunneling 25-18
VLAN filters 49-24
VLAN maps 49-24
M-record 18-23
MST
and multiple spanning trees 1-7, 18-22
boundary ports 18-27
BPDUs 18-23
configuration parameters 18-26
configuring 18-29
displaying configurations 18-33
edge ports 18-27
enabling 18-29
hop count 18-28
instances
configuring parameters 18-32
description 18-23
number supported 18-26
interoperability with PVST+ 18-23
link type 18-28
master 18-27
message age 18-28
regions 18-26
restrictions 18-29
to-SST interoperability 18-24
MSTP
EtherChannel guard
enabling 21-6
M-record 18-23
M-tree 18-23
M-tree 18-23
MTUS
understanding 6-18
MTU size
configuring 6-20, 6-21, 6-30
default 13-5
Multi-authentication
described 41-22
multiauthentication mode 41-8
multicast
See IP multicast
Multicast client aging robustness 24-3
multicast Ethernet loopback, using 60-31
multicast Ethernet loopback (ETH-LB) 60-29
multicast groups
static joins 24-7
multicast packets
blocking 50-2
Multicast router discovery 24-3
multicast router interfaces, displaying 23-17
multicast router interfaces, monitoring 24-11
multicast router ports, adding 24-7
multicast routers
flood suppression 23-12
multicast router table
displaying 33-23
Multicast Storm Control
enabling 51-4
disabling 51-5
multidomain authentication
See MDA
multidomain authentication mode 41-7
multioperations scheduling, IP SLAs 63-5
Multiple AuthorizationAuthentication
configuring 41-33
Multiple Domain Authentication 41-33
multiple forwarding paths 1-7, 18-22
multiple-hosts mode 41-7
Multiple Spanning Tree
See MST
multiple VPN routing/forwarding
See multi-VRF CE
multi-VRF CE
components 36-3
configuration example 36-13
default configuration 36-3
defined 36-1
displaying 36-17
monitoring 36-17
network components 36-3
packet-forwarding process 36-3
N
NAC Layer 2 802.1X authentication, intro 1-34
NAC Layer 2 IP validation, intro 1-34
named IPv6 ACLs, configuring
ACLs
configuring named IPv6 ACLs 49-16
named MAC extended ACLs
ACLs
configuring named MAC extended 49-13, 49-15
native VLAN
and 802.1Q tunneling 25-4
specifying 15-5
NDAC 40-9
defined 40-9
MACsec 40-1
NEAT
configuring 41-77
overview 41-24
neighbor offset numbers, REP 20-5
Network Assistant
and VTY 12-12
configure
enable communication with switch 12-13, 12-17
default configuration 12-3
overview of CLI commands 12-3
Network Device Admission Control (NDAC) 40-9
Network Edge Access Topology
See NEAT
network fault tolerance 1-7, 18-22
network management
configuring 26-1
RMON 64-1
SNMP 58-1
network performance, measuring with IP SLAs 63-3
network policy TLV 27-2, 27-9
Network Time Protocol
See NTP
network traffic, marking 37-17
New Software Features in Release 7.7
TDR 7-4
Next Hop Resolution Protocol
See NHRP
NHRP
support 1-15
non-fiber-optics interfaces
disabling UDLD 28-7
non-IP traffic filtering 49-13, 49-15
non-RPF traffic
description 33-9
in redundant configurations (figure) 33-10
Nonstop Forwarding
See NSF
nonvolatile random-access memory
See NVRAM
normal-range VLANs
See VLANs
NSF
defined 9-1
guidelines and restrictions 9-8
operation 9-4
NSF-aware
support 9-2
NSF-capable
support 9-2
NSF with SSO supervisor engine redundancy
and CEF 9-4
overview 9-3
SSO operation 9-3
NTP
associations
authenticating 4-4
defined 4-2
enabling broadcast messages 4-7
peer 4-6
server 4-6
default configuration 4-4
displaying the configuration 4-11
overview 4-2
restricting access
creating an access group 4-9
disabling NTP services per interface 4-10
source IP address, configuring 4-10
stratum 4-2
synchronizing devices 4-6
time
services 4-2
synchronizing 4-2
ntroduction
PPPoE Intermediate Agent 1-35
Storm Control 1-36
uRPF Strict Mode 1-36
NVRAM
saving settings 3-10
O
OAM
client 60-34
features 60-34
sublayer 60-34
OAM manager
configuring 60-52
with CFM and Ethernet OAM 60-51
OAM PDUs 60-35
OAM protocol data units 60-33
object tracking
monitoring 55-12
OIR
overview 6-25
on-demaind online diagnostics 65-2
online diagnostic
troubleshooting 65-8
Online Diagnostics 65-1
online diagnostics
configuring on-demaind 65-2
data path, displaying test results 65-7
displaying tests and test results 65-4
linecard 65-8
scheduling 65-2
starting and stopping tests 65-3
online insertion and removal
See OIR
Open Shortest Path First
See OSPF
operating system images
See system images
Option 82
enabling DHCP Snooping 48-10
OSPF
area concept 1-16
description 1-16
for IPv6 47-6
P
packets
modifying 37-9
packet type filtering
overview 54-14
SPAN enhancement 54-14
PACL
using with access-group mode 49-30
PACL configuration guidelines 49-28
PACL with VLAN maps and router ACLs 49-32
PAgP
understanding 22-3
passwords
configuring enable password 3-14
configuring enable secret password 3-14
encrypting 3-22
in clusters 12-8
recovering lost enable password 3-25
setting line password 3-14
PBR (policy-based routing)
configuration (example) 35-8
enabling 35-6
features 35-2
overview 35-1
route-map processing logic 35-3
route-map processing logic example 35-4
route maps 35-2
when to use 35-5
percentage thresholds in tracked lists 55-6
per-port and VLAN Access Control List 48-19
per-port per-VLAN QoS
enabling 37-34
overview 37-10
Per-User ACL and Filter-ID ACL, configure 41-43
Per-VLAN Rapid Spanning Tree 18-6
enabling 18-20
overview 18-6
PE to CE routing, configuring 36-12
physical layer 3 interfaces 30-2
Physical Layer 3 interfaces, configuring 30-11
PIM
configuring dense mode 33-14
configuring sparse mode 33-14
displaying information 33-22
displaying statistics 33-26
enabling sparse-dense mode 33-14, 33-15
overview 33-3
PIM-DM 33-3
PIM on an interface, enabling 33-13
PIM-SM 33-3
PIM-SSM mapping, enabling 33-16
ping
executing 7-9
overview 7-8
ping command 7-9, 33-22
PoE 11-7, 11-8
configuring power consumption, powered devices 11-5
configuring power consumption for single device 11-5, 11-16
displaying operational status for an interface 11-6
Enhanced PoE support on E-series 11-15
policing and monitoring 11-12
power consumption for powered devices
Intelligent Power Management 11-4
powering down a module 10-18
power management modes 11-2
PoE policing
configuring errdisable recovery 11-14
configuring on an interface 11-13
displaying on an interface 11-14
power modes 11-12
point-to-point
in 802.1X authentication (figure) 41-3
policing
how to implement 37-17
See QoS policing
policing, PoE 11-12
policing IPv6 control traffic 45-15
policy associations, QoS on Sup 6-E 37-38
policy-map command 37-15
policy map marking action, configuring 37-22
port ACLs
and voice VLAN 49-4
defined 49-3
Port Aggregation Protocol
see PAgP
port-based authentication
802.1X with voice VLAN 41-22
Authentication Failed VLAN assignment 41-17
authentication server
defined 43-2
changing the quiet period 41-74
client, defined 41-3, 43-2
configuration guidelines 41-28, 43-6
configure switch-to-RADIUS server communication 41-31
configure with Authentication Failed 41-64
configure with Critical Authentication 41-58
configure with Guest-VLANs 41-54
configure with MAC Authentication Bypass 41-57
configure with VLAN User Distribution 41-61
configure with Voice VLAN 41-65
configuring
Multiple Domain Authentication and Multiple Authorization 41-33
RADIUS server 43-10
RADIUS server parameters on the switch 43-9
configuring Fallback Authentication 41-68
configuring Guest-VLAN 41-31
configuring manual re-authentication of a client 41-83
configuring with Unidirectional Controlled Port 41-60
controlling authorization state 41-5
default configuration 41-27, 43-6
described 41-1
device roles 41-2, 43-2
displaying statistics 41-105, 43-14
enabling 41-28
802.1X authentication 43-9
enabling multiple hosts 41-73
enabling periodic re-authentication 41-72
encapsulation 41-3
host mode 41-6
how 802.1X fails on a port 41-25
initiation and message exchange 41-4
method lists 41-28
modes 41-6
multidomain authentication 41-22
multiple-hosts mode, described 41-7
port security
multiple-hosts mode 41-7
ports not supported 41-5
pre-authentication open access 41-8
resetting to default values 41-84
setting retransmission number 41-76
setting retransmission time 41-75
switch
as proxy 43-2
switch supplicant
configuring 41-77
overview 41-24
topologies, supported 41-25
using with ACL assignments and redirect URLs 41-20
using with port security 41-19
with Critical Authentication 41-14
with Guest VLANs 41-11
with MAC Authentication Bypass 41-12
with Unidirectional Controlled Port 41-15
with VLAN assignment 41-10
with VLAN User Distribution 41-16
port-channel interfaces
See also EtherChannel
creating 22-7
overview 22-2
port-channel load-balance
command 22-13
command example 22-13
port-channel load-balance command 22-14
port cost (STP)
configuring 18-15
port description TLV 27-2
PortFast
and MST 18-23
BPDU filter, configuring 21-9
configuring or enabling 21-15
overview 21-6
PortFast BPDU filtering
and MST 18-23
enabling 21-9
overview 21-9
port priority
configuring MST instances 18-32
configuring STP 18-13
ports
blocking 50-1
checking status 7-3
dynamic VLAN membership
example 13-29
reconfirming 13-26
forwarding, resuming 50-3
REP 20-6
See also interfaces
port security
aging 44-5
configuring 44-7
displaying 44-28
guidelines and restrictions 44-33
on access ports 44-7, 44-22
on private VLAN 44-14
host 44-14
promiscuous 44-16
topology 44-15, 44-18, 44-33
on trunk port 44-17
guidelines and restrictions 44-15, 44-18, 44-33
port mode changes 44-22
on voice ports 44-22
sticky learning 44-5
using with 802.1X 41-19
violations 44-6
with 802.1X Authentication 44-32
with DHCP and IP Source Guard 44-31
with other features 44-33
port states
description 18-5
port VLAN ID TLV 27-2
power
inline 38-5
power dc input command 10-17
powered devices, configuring power consumption 11-5
power handling for Supervisor Engine II-TS 11-12
power inline command 11-3
power inline consumption command 11-5
power management
Catalyst 4500 series 10-5
Catalyst 4500 Switch power supplies 10-12
configuring combined mode 10-11
configuring redundant mode 10-10
overview 10-1
redundancy 10-5
power management for Catalyst 4500 Switch
combined mode 10-7
redundant mode 10-7
power management limitations in Catalyst 4500 Switch 10-8
power management mode
selecting 10-7
power management TLV 27-2, 27-3, 27-9
power negotiation
through LLDP 27-11
Power-On-Self-Test diagnostics 65-10, 65-14
Power-On-Self-Test for Supervisor Engine V-10GE 65-10
power policing, displaying on an interface 11-14
power redundancy-mode command 10-10
power supplies
available power for Catalyst 4500 Switch 10-12
fixed 10-6
variable 10-6
pre-authentication open access 41-8
pre-authentication open access. See port-based authentication.
preempt delay time, REP 20-5
primary edge port, REP 20-4
primary VLANs 39-2, 39-4
associating with secondary VLANs 39-16
configuring as a PVLAN 39-15
priority
overriding CoS of incoming frames 38-5
priority queuing, QoS on Sup 6-E 37-29
private VLAN
configure port security 44-14, 44-15
enabling DHCP Snooping 48-12
private VLANs
across multiple switches 39-5
and SVIs 39-10
benefits of 39-2
community ports 39-3
community VLANs 39-2, 39-3
default configuration 39-12
end station access to 39-3
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
ports
community 39-3
isolated 39-4
promiscuous 39-4
primary VLANs 39-2, 39-4
promiscuous ports 39-4
secondary VLANs 39-2
subdomains 39-2
traffic in 39-9
privileged EXEC mode 2-5
privileges
changing default 3-23
configuring levels 3-23
exiting 3-24
logging in 3-24
promiscuous ports
configuring PVLAN 39-17
defined 39-4
setting mode 39-24
protocol timers 18-4
provider edge devices 36-2
pruning, VTP
See VTP pruning
pseudobridges
description 18-25
PVACL 48-19
PVID (port VLAN ID)
and 802.1X with voice VLAN ports 41-22
PVLAN promiscuous trunk port
configuring 39-11, 39-17, 39-21
PVLANs
802.1q support 39-14
across multiple switches 39-5
configuration guidelines 39-12
configure port security 44-14, 44-16, 44-18
configure port security in a wireless setting 44-33
configuring 39-11
configuring a VLAN 39-15
configuring promiscuous ports 39-17
host ports
configuring a Layer 2 interface 39-18
setting 39-24
overview 39-1
permitting routing, example 39-23
promiscuous mode
setting 39-24
setting
interface mode 39-24
Q
QoS
classification 37-6 to ??
definitions 37-3
enabling per-port per-VLAN 37-34
overview 37-1
overview of per-port per-VLAN 37-10
packet modification 37-9
traffic shaping 37-9
See also COS; DSCP values; transmit queues
QoS active queue management
tracking queue length 37-9
QoS labels
definition 37-3
QoS marking
description 37-5
QoS on Sup 6-E
Active Queue management via DBL 37-33
active queue management via DBL 37-26, 37-33
classification 37-15
configuring 37-12
configuring CoS mutation 37-44
configuring the policy map marking action 37-22
hardware capabilities for marking 37-22
how to implement policing 37-17
marking action drivers 37-20
marking network traffic 37-17
MQC-based QoS configuration 37-13
multi-attribute marking support 37-21
platform hardware capabilities 37-14
platform restrictions 37-17
platform-supported classification criteria and QoS features 37-13
policing 37-16
policy associations 37-38
prerequisites for applying a service policy 37-14
priority queuing 37-29
queue-limiting 37-30
restrictions for applying a service policy 37-14
shaping 37-24
sharing(bandwidth) 37-26
sharing(blandwidth), shapring, and priority queuing 37-24
software QoS 37-39
traffic marking procedure flowchart 37-20
QoS policing
definition 37-5
described 37-8
QoS policy
attaching to interfaces 37-8
QoS service policy
prerequisites 37-14
restrictions for applying 37-14
QoS transmit queues
burst 37-9
maximum rate 37-9
sharing link bandwidth 37-9
Quality of service
See QoS
queueing 37-8
queue-limiting, QoS on Sup 6-E 37-30
R
RADIUS
attributes
vendor-proprietary 41-103
vendor-specific 41-101
change of authorization 41-86
configuring
accounting 41-100
authentication 41-95
authorization 41-99
communication, global 41-93, 41-101
communication, per-server 41-92, 41-93
multiple UDP ports 41-93
default configuration 41-92
defining AAA server groups 41-97
displaying the configuration 41-105
identifying the server 41-92
limiting the services to the user 41-99
method list, defined 41-92
operation of 41-86
server load balancing 41-105
suggested network environments 41-85
tracking services accessed by user 41-100
understanding 41-85
RADIUS, controlling switch access with 41-84
RADIUS Change of Authorization 41-86
RADIUS server
configure to-Switch communication 41-31
configuring settings 41-33
parameters on the switch 41-31
RA Guard
configuring 49-36
deployment 49-36
examples 49-36
introduction 49-35
usage guidelines 49-37
range command 6-4
range macros
defining 6-10
ranges of interfaces
configuring 6-4
Rapid Spanning Tree
See RSTP
rcommand command 12-13
reachability, tracking IP SLAs IP host 55-9
re-authentication of a client
configuring manual 41-83
enabling periodic 41-72
redirect URLs, port-based authentication 41-20
reduced MAC address 18-2
redundancy
configuring 8-7
guidelines and restrictions 8-5
changes made through SNMP 8-10
NSF-aware support 9-2
NSF-capable support 9-2
overview 8-2
redundancy command 8-7
understanding synchronization 8-4
redundancy (NSF) 9-1
configuring
BGP 9-11
CEF 9-10
EIGRP 9-16
IS-IS 9-13
OSPF 9-12
routing protocols 9-5
redundancy (RPR)
route processor redundancy 8-2
synchronization 8-5
redundancy (SSO)
redundancy command 9-9
route processor redundancy 8-3
synchronization 8-5
reload command 3-28, 3-29
Remote Authentication Dial-In User Service
See RADIUS
remote failure indications 60-34
remote loopback, Ethernet OAM 60-34, 60-37
Remote Network Monitoring
See RMON
rendezvous point, configuring 33-16
rendezvous point, configuring single static 33-19
REP
administrative VLAN 20-8
administrative VLAN, configuring 20-9
and STP 20-6
configuration guidelines 20-7
configuring interfaces 20-10
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-13
monitoring 20-14
neighbor offset numbers 20-5
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments 20-1
characteristics 20-2
SNMP traps, configuring 20-14
supported interfaces 20-1
triggering VLAN load balancing 20-6
verifying link integrity 20-4
VLAN blocking 20-13
VLAN load balancing 20-4
replication
description 33-8
report suppression, IGMP
disabling 24-10
reserved-range VLANs
See VLANs
reset command 67-3
resetting an interface to default configuration 6-32
resetting a switch to defaults 3-32
Resilient Ethernet ProtocolLSee REP
responder, IP SLAs
described 63-4
enabling 63-7
response time, measuring with IP SLAs 63-4
restricting access
NTP services 4-8
RADIUS 41-84
TACACS+ 3-15
retransmission number
setting in 802.1X authentication 41-76
retransmission time
changing in 802.1X authentication 41-75
RFC
1157, SNMPv1 58-2
1305, NTP 4-2
1757, RMON 64-2
1901, SNMPv2C 58-2
1902 to 1907, SNMPv2 58-2
2273-2275, SNMPv3 58-2
RFC 5176 Compliance 41-87
RIP
description 1-16
for IPv6 47-5
RMON
default configuration 64-3
displaying status 64-6
enabling alarms and events 64-3
groups supported 64-2
overview 64-1
ROM monitor
boot process and 3-26
CLI 2-7
commands 67-2 to 67-3
debug commands 67-5
entering 67-1
exiting 67-6
overview 67-1
root bridge
configuring 18-9
selecting in MST 18-22
root guard
and MST 18-23
enabling 21-2
overview 21-2
routed packets
ACLs 49-26
route-map (IP) command 35-6
route maps
defining 35-6
PBR 35-2
router ACLs
description 1-35, 49-3
using with VLAN maps 49-25
router ACLs, using PACL with VLAN maps 49-32
route targets
VPN 36-3
Routing Information Protocol
See RIP
RPF
See Unicast RPF
RSPAN
configuration guidelines 54-16
destination ports 54-5
IDS 54-2
monitored ports 54-4
monitoring ports 54-5
received traffic 54-3
sessions
creating 54-17
defined 54-3
limiting source traffic to specific VLANs 54-23
monitoring VLANs 54-21
removing source (monitored) ports 54-20
specifying monitored ports 54-17
source ports 54-4
transmitted traffic 54-4
VLAN-based 54-5
RSTP
compatibility 18-23
description 18-22
port roles 18-24
port states 18-24
S
SAID
See 802.10 SAID
SAP
defined 40-9
negotiation 40-9
support 40-1
scheduling 37-8
scheduling, IP SLAs operations 63-5
secondary edge port, REP 20-4
secondary root switch 18-12
secondary VLANs 39-2
associating with primary 39-16
permitting routing 39-23
security
configuring 45-1
Security Association Identifier
See 802.10 SAID
Security Exchange Protocol
See SXP
Security Exchange Protocol
See SAP
selecting a power management mode 10-7
sequence numbers in log messages 56-7
server IDs
description 62-23
service policy, configure class-level queue-limit 37-30
service-policy input command 29-2
service-provider networks
and customer VLANs 25-2
session keys, MKA 40-2
set default interface command 35-6, 35-7
set interface command 35-6
set ip default next-hop command 35-6
set ip next-hop command 35-6
set-request operation 58-4
severity levels, defining in system messages 56-8
shaping, QoS on Sup 6-E 37-24
sharing(bandwidth), QoS on Sup 6-E 37-26
Shell functions
See Auto SmartPorts macros
See Auto Smartports macros
Shell triggers
See Auto SmartPorts macros
See Auto Smartports macros
show adjacency command 31-9
show boot command 3-32
show catalyst4000 chassis-mac-address command 18-3
show cdp command 26-2, 26-3
show cdp entry command 26-4
show cdp interface command 26-3
show cdp neighbors command 26-4
show cdp traffic command 26-4
show ciscoview package command 4-41
show ciscoview version command 4-41
show cluster members command 12-13
show configuration command 6-15
show debugging command 26-4
show environment command 10-2
show history command 2-4
show interfaces command 6-20, 6-21, 6-28, 6-30
show interfaces status command 7-3
show ip cef command 31-8
show ip eigrp interfaces command 30-19
show ip eigrp neighbors command 30-19
show ip eigrp topology command 30-19
show ip eigrp traffic command 30-19
show ip interface command 33-22
show ip local policy command 35-7
show ip mroute command 33-22
show ip pim interface command 33-22
show l2protocol command 25-18
show lldp traffic command 27-15
show mac-address-table address command 7-4
show mac-address-table interface command 7-4
show mls entry command 31-8
show module command 7-2, 18-6
show PoE consumed 11-8
show power inline command 11-6
show power supplies command 10-11
show protocols command 6-28
show running-config command
adding description for an interface 6-15
checking your settings 3-9
displaying ACLs 49-19, 49-21, 49-30, 49-31
show startup-config command 3-10
show users command 7-7
show version command 3-29
shutdown, command 6-29
shutdown threshold for Layer 2 protocol packets 25-16
shutting down
interfaces 6-29
Simple Network Management Protocol
See SNMP
single-host mode 41-7
single spanning tree
See SST
single static RP, configuring 33-19
slot numbers, description 6-2
smart call home 62-1
description 62-2
destination profile (note) 62-5
registration requirements 62-3
service contract requirements 62-3
Transport Gateway (TG) aggregation point 62-2
SMARTnet
smart call home registration 62-3
Smartports macros
applying global parameter values 16-8, 16-15
applying macros 16-8
applying parameter values 16-9
configuration guidelines 16-6, 16-14
configuring 16-2
creating 16-8
default configuration 16-4, 16-13
defined 1-8, 16-1
displaying 16-13
tracing 16-7, 16-14
SNMP
accessing MIB variables with 58-4
agent
described 58-4
disabling 58-7
and IP SLAs 63-2
authentication level 58-10
community strings
configuring 58-7
overview 58-4
configuration examples 58-15
configuration guidelines 58-6
default configuration 58-5
enabling 68-4, 68-5
engine ID 58-6
groups 58-6, 58-9
host 58-6
informs
and trap keyword 58-11
described 58-5
differences from traps 58-5
enabling 58-14
limiting access by TFTP servers 58-15
limiting system log messages to NMS 56-9
manager functions 58-3
notifications 58-5
overview 58-1, 58-4
status, displaying 58-16
system contact and location 58-14
trap manager, configuring 58-13
traps
described 58-3, 58-5
differences from informs 58-5
enabling 58-11
enabling MAC address notification 4-24
enabling MAC move notification 4-26
enabling MAC threshold notification 4-28
overview 58-1, 58-4
types of 58-11
users 58-6, 58-9
versions supported 58-2
SNMP commands 68-4
SNMP traps
REP 20-14
SNMPv1 58-2
SNMPv2C 58-2
SNMPv3 58-2
software
upgrading 8-12
software configuration register 3-26
software QoS, on Sup 6-E 37-39
software switching
description 31-5
interfaces 31-6
key data structures used 33-7
source IDs
call home event format 62-22
SPAN
and ACLs 54-5
configuration guidelines 54-7
configuring 54-7 to 54-10
destination ports 54-5
IDS 54-2
monitored port, defined 54-4
monitoring port, defined 54-5
received traffic 54-3
sessions
defined 54-3
source ports 54-4
transmitted traffic 54-4
VLAN-based 54-5
SPAN and RSPAN
concepts and terminology 54-3
default configuration 54-6
displaying status 54-24
overview 54-1
session limits 54-6
SPAN enhancements
access list filtering 54-13
configuration example 54-15
CPU port sniffing 54-10
encapsulation configuration 54-12
ingress packets 54-12
packet type filtering 54-14
spanning-tree backbonefast command 21-16
spanning-tree cost command 18-15
spanning-tree guard root command 21-2
spanning-tree portfast bpdu-guard command 21-8
spanning-tree portfast command 21-7
spanning-tree port-priority command 18-13
spanning-tree uplinkfast command 21-12
spanning-tree vlan
command 18-9
command example 18-9
spanning-tree vlan command 18-8
spanning-tree vlan cost command 18-16
spanning-tree vlan forward-time command 18-19
spanning-tree vlan hello-time command 18-18
spanning-tree vlan max-age command 18-18
spanning-tree vlan port-priority command 18-13
spanning-tree vlan priority command 18-17
spanning-tree vlan root primary command 18-10
spanning-tree vlan root secondary command 18-12
speed
configuring interface 6-12
speed command 6-13
SSO
configuring 9-9
SSO operation 9-3
SST
description 18-22
interoperability 18-24
static ACL, removing the requirement 49-28
static addresses
See addresses
static routes
configuring 3-11
verifying 3-12
statistics
802.1X 43-14
displaying 802.1X 41-105
displaying PIM 33-26
LLDP 27-14
LLDP-MED 27-14
MKA 40-5
SNMP input and output 58-16
sticky learning
configuration file 44-6
defined 44-5
disabling 44-6
enabling 44-5
saving addresses 44-6
sticky MAC addresses
configuring 44-7
defined 44-4
storing captured packets to a.pcap file, Wireshark 53-4
Storm Control
displaying 51-6
enabling Broadcast 51-3
enabling Multicast 51-4
hardware-based, implementing 51-2
overview 51-1
software-based, implementing 51-2
STP
and REP 20-6
bridge ID 18-2
configuring 18-7 to 18-20
creating topology 18-4
defaults 18-7
disabling 18-20
enabling 18-8
enabling extended system ID 18-9
enabling Per-VLAN Rapid Spanning Tree 18-20
EtherChannel guard
disabling 21-6
forward-delay time 18-19
hello time 18-17
Layer 2 protocol tunneling 25-13
maximum aging time 18-18
overview 18-1, 18-3
per-VLAN rapid spanning tree 18-6
port cost 18-15
port priority 18-13
root bridge 18-9
stratum, NTP 4-2
stub routing (EIGRP)
benefits 30-17
configuration tasks 30-17
configuring 30-13
overview 30-13
restrictions 30-17
verifying 30-18
subdomains, private VLAN 39-2
summer time 4-13
supervisor engine
accessing the redundant 8-13
configuring 3-8 to 3-13
copying files to standby 8-13
default configuration 3-1
default gateways 3-11
environmental monitoring 10-1
redundancy 9-1
ROM monitor 3-26
startup configuration 3-25
static routes 3-11
synchronizing configurations 8-10
Supervisor Engine II-TS
insufficient inline power handling 10-18, 11-12
Smartports macros
See also Auto Smartports macros
SVI Autostate Exclude
understanding 30-3
SVI Autostate exclude
configuring 30-7
S-VLAN 1-2, 25-7
switch 47-2
switch access with RADIUS, controlling 41-84
switched packets
and ACLs 49-25
Switched Port Analyzer
See SPAN
switchport
show interfaces 6-20, 6-21, 6-30
switchport access vlan command 15-5, 15-7
switchport block multicast command 50-2
switchport block unicast command 50-2
switchport mode access command 15-7
switchport mode dot1q-tunnel command 25-6
switchport mode dynamic command 15-5
switchport mode trunk command 15-5
switch ports
See access ports
switchport trunk allowed vlan command 15-5
switchport trunk encapsulation command 15-5
switchport trunk native vlan command 15-5
switchport trunk pruning vlan command 15-6
switch-to-RADIUS server communication
configuring 41-31
sysret command 67-5
system
reviewing configuration 3-10
settings at startup 3-27
system alarms
overview 10-4
system and network statistics, displaying 33-22
system capabilities TLV 27-2
system clock
configuring
daylight saving time 4-13
manually 4-11
summer time 4-13
time zones 4-12
displaying the time and date 4-12
overview 4-2
See also NTP
system description TLV 27-2
system images
loading from Flash memory 3-31
modifying boot field 3-27
specifying 3-30
system message logging
default configuration 56-3
defining error message severity levels 56-8
disabling 56-4
displaying the configuration 56-12
enabling 56-4
facility keywords, described 56-12
level keywords, described 56-9
limiting messages 56-9
message format 56-2
overview 56-1
sequence numbers, enabling and disabling 56-7
setting the display destination device 56-5
synchronizing log messages 56-6
timestamps, enabling and disabling 56-7
UNIX syslog servers
configuring the daemon 56-10
configuring the logging facility 56-11
facilities supported 56-12
system MTU
802.1Q tunneling 25-5
maximums 25-5
system name
manual configuration 4-15
See also DNS
system name TLV 27-2
system prompt, default setting 4-14
T
TACACS+ 45-1
accounting, defined 3-16
authentication, defined 3-16
authorization, defined 3-16
configuring
accounting 3-21
authentication key 3-18
authorization 3-21
login authentication 3-19
default configuration 3-18
displaying the configuration 3-22
identifying the server 3-18
limiting the services to the user 3-21
operation of 3-17
overview 3-15
tracking services accessed by user 3-21
tagged packets
802.1Q 25-3
Layer 2 protocol 25-13
TCAM programming and ACLs 49-7
for Sup II-Plust thru V-10GE 49-6
TCAM programming and ACLs for Sup 6-E 49-9
TDR
checking cable connectivity 7-4
enabling and disabling test 7-4
guidelines 7-4
Telnet
accessing CLI 2-2
disconnecting user sessions 7-8
executing 7-6
monitoring user sessions 7-7
telnet command 7-7
templates, Ethernet OAM 60-44
Terminal Access Controller Access Control System Plus
See TACACS+
TFTP
configuration files in base directory 3-5
configuring for autoconfiguration 3-4
limiting access by servers 58-15
TFTP download
See also console download
threshold monitoring, IP SLAs 63-6
time
See NTP and system clock
Time Domain Reflectometer
See TDR
time exceeded messages 7-10
timer
See login timer
timestamps in log messages 56-7
time zones 4-12
TLV
host presence detection 41-8
TLVs
defined 1-6, 27-2
LLDP-MED 27-2
Token Ring
media not supported (note) 13-5, 13-10
Topology change notification processing
MLD Snooping
Topology change notification processing 24-4
TOS
description 37-4
trace command 7-10
traceroute
See IP traceroute
See Layer 2 Traceroute
traceroute mac command 7-12
traceroute mac ip command 7-12
tracked lists
configuring 55-3
types 55-3
tracked objects
by Boolean expression 55-4
by threshold percentage 55-6
by threshold weight 55-5
tracking interface line-protocol state 55-2
tracking IP routing state 55-2
tracking objects 55-1
tracking process 55-1
track state, tracking IP SLAs 55-9
traffic
blocking flooded 50-2
traffic control
using ACLs (figure) 49-4
using VLAN maps (figure) 49-5
traffic marking procedure flowchart 37-20
traffic shaping 37-9
translational bridge numbers (defaults) 13-5
traps
configuring MAC address notification 4-24
configuring MAC move notification 4-26
configuring MAC threshold notification 4-28
configuring managers 58-11
defined 58-3
enabling 4-24, 4-26, 4-28, 58-11
notification types 58-11
overview 58-1, 58-4
troubleshooting
with CiscoWorks 58-4
with system message logging 56-1
with traceroute 7-9
troubleshooting high CPU due to ACLs 49-6
trunk failover
See link-state tracking
trunk ports
configure port security 44-17
configuring PVLAN 39-19 to 39-21
trunks
802.1Q restrictions 15-4
configuring 15-5
configuring access VLANs 15-5
configuring allowed VLANs 15-5
default interface configuration 15-5
enabling to non-DTP device 15-3
specifying native VLAN 15-5
understanding 15-3
trustpoint 62-3
tunneling
defined 25-1
tunnel ports
802.1Q, configuring 25-6
described 25-2
incompatibilities with other features 25-5
type length value
See TLV
type of service
See TOS
U
UDLD
configuring probe message interval per-interface 28-8
default configuration 28-4
disabling on fiber-optic interfaces 28-7
disabling on non-fiber-optic interfaces 28-7
displaying link status 28-8
enabling globally 28-5
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
UDLD, overview 28-1
UDP jitter, configuring 63-9
UDP jitter operation, IP SLAs 63-8
unauthorized ports with 802.1X 41-5
unicast
See IP unicast
unicast flood blocking
configuring 50-1
unicast MAC address filtering
and adding static addresses 4-31
and broadcast MAC addresses 4-30
and CPU packets 4-30
and multicast addresses 4-30
and router MAC addresses 4-30
configuration guidelines 4-30
described 4-30
unicast MAC address filtering, configuring
ACLs
configuring unicast MAC address filtering 49-13
Unicast RPF (Unicast Reverse Path Forwarding)
applying 32-5
BGP attributes
caution 32-5
CEF
requirement 32-2
tables 32-7
configuring 32-9
(examples) ?? to 32-12
BOOTP 32-8
DHCP 32-8
enterprise network (figure) 32-6
prerequisites 32-9
routing table requirements 32-7
tasks 32-9
verifying 32-10
deploying 32-5
description 1-19, 32-2
disabling 32-11
enterprise network (figure) 32-6
FIB 32-2
implementing 32-4
packets, dropping (figure) 32-4
prerequisites 32-9
restrictions
basic 32-8
routing asymmetry 32-7
routing asymmetry (figure) 32-8
routing table requirements 32-7
security policy
applying 32-5
attacks, mitigating 32-5
deploying 32-5
tunneling 32-5
source addresses, validating 32-3
(figure) 32-3, 32-4
failure 32-3
traffic filtering 32-5
tunneling 32-5
validation
failure 32-3, 32-4
packets, dropping 32-3
source addresses 32-3
verifying 32-10
unicast traffic
blocking 50-2
Unidirectional Controlled Port, configuring 802.1X 41-60
unidirectional ethernet
enabling 29-2
example of setting 29-2
overview 29-1
UniDirectional Link Detection Protocol
See UDLD
Universal PoE, configuring 11-16
UNIX syslog servers
daemon configuration 56-10
facilities supported 56-12
message logging configuration 56-11
UplinkFast
and MST 18-23
enabling 21-15
MST and 18-23
overview 21-11
usage examples, Wireshark 53-17
user-defined event triggers
configuring, 802.1X-based 17-8
configuring, MAC address-based 17-9
User-defined triggers and built-in macros, configuring mapping 17-9
user EXEC mode 2-5
user sessions
disconnecting 7-8
monitoring 7-7
V
VACLs
Layer 4 port operations 49-10
virtual configuration register 67-3
virtual LANs
See VLANs
virtual ports, MKA 40-3
Virtual Private Network
See VPN
Virtual Switch System(VSS), displaying EtherChannel to 22-16
VLAN ACLs
See VLAN maps
VLAN blocking, REP 20-13
vlan command 13-6
vlan dot1q tag native command 25-4
VLAN ID
service provider 25-9
VLAN ID, discovering 4-37
VLAN ID translation
See VLAN mapping
VLAN load balancing
REP 20-4
VLAN load balancing, triggering 20-6
VLAN load balancing on flex links 19-2
configuration guidelines 19-6
VLAN Management Policy Server
See VMPS
VLAN mapping
1-to-1 25-8
1-to-1, configuring 25-11
configuration guidelines 25-10
configuring 25-11
configuring on a trunk port 25-11
default 25-9
described 1-2, 25-7
selective QinQ 25-8
selective Q-in-Q, configuring 25-12
traditional QinQ 25-8
traditional Q-in-Q, configuring 25-12
types of 25-8
VLAN maps
applying to a VLAN 49-21
configuration example 49-22
configuration guidelines 49-18
configuring 49-17
creating and deleting entries 49-19
defined 1-35
denying access example 49-23
denying packets 49-19
displaying 49-24
order of entries 49-18
permitting packets 49-19
router ACLs and 49-25
using (figure) 49-5
using in your network 49-22
VLAN maps, PACL and Router ACLs 49-32
VLANs
allowed on trunk 15-5
configuration guidelines 13-3
configuring 13-5
configuring as Layer 3 interfaces 30-7
customer numbering in service-provider networks 25-3
default configuration 13-4
description 1-9
extended range 13-3
IDs (default) 13-5
interface assignment 13-7
limiting source traffic with RSPAN 54-23
monitoring with RSPAN 54-21
name (default) 13-5
normal range 13-3
overview 13-1
reserved range 13-3
See also PVLANs
VLAN Trunking Protocol
See VTP
VLAN trunks
overview 15-3
VLAN User Distribution, configuring 802.1X 41-61
VMPS
configuration file example 13-32
configuring dynamic access ports on client 13-25
configuring retry interval 13-27
database configuration file 13-32
dynamic port membership
example 13-29
reconfirming 13-26
reconfirming assignments 13-26
reconfirming membership interval 13-26
server overview 13-21
VMPS client
administering and monitoring 13-28
configure switch
configure reconfirmation interval 13-26
dynamic ports 13-25
entering IP VMPS address 13-24
reconfirmation interval 13-27
reconfirm VLAM membership 13-26
default configuration 13-24
dynamic VLAN membership overview 13-23
troubleshooting dynamic port VLAN membership 13-29
VMPS server
fall-back VLAN 13-23
illegal VMPS client requests 13-23
overview 13-21
security modes
multiple 13-22
open 13-22
secure 13-22
voice interfaces
configuring 38-1
Voice over IP
configuring 38-1
voice ports
configuring VVID 38-3
voice traffic 11-2, 38-5
voice VLAN
IP phone data traffic, described 38-2
IP phone voice traffic, described 38-2
Voice VLAN, configure 802.1X 41-65
voice VLAN ports
using 802.1X 41-22
VPN
configuring routing in 36-12
forwarding 36-3
in service provider networks 36-1
routes 36-2
routing and forwarding table
See VRF
VRF
defining 36-3
tables 36-1
VRF-aware services
ARP 36-6, 36-9
configuring 36-5
ftp 36-8
ping 36-6
SNMP 36-7
syslog 36-8
tftp 36-8
traceroute 36-8
uRPF 36-7
VRF-lite
description 1-19
VTP
client, configuring 13-16
configuration guidelines 13-12
default configuration 13-13
disabling 13-16
Layer 2 protocol tunneling 25-14
monitoring 13-19
overview 13-8
pruning
configuring 13-15
See also VTP version 2
server, configuring 13-16
statistics 13-19
transparent mode, configuring 13-16
version 2
enabling 13-15
VTP advertisements
description 13-9
VTP domains
description 13-8
VTP modes 13-9
VTP pruning
overview 13-11
VTP versions 2 and 3
overview 13-9
See also VTP
VTY and Network Assistant 12-12
VVID (voice VLAN ID)
and 802.1X authentication 41-22
configuring 38-3
W
WCCP
configuration examples 66-10
configuring on a router 66-2, 66-11
features 66-4
restrictions 66-5
service groups 66-6
web-based authentication
authentication proxy web pages 43-4
description 1-37, 41-14, 43-1
web-based authentication, interactions with other features 43-4
Web Cache Communication Protocol
See WCCP 66-1
web caches
See cache engines
web cache services
description 66-4
web caching
See web cache services
See also WCCP
web scaling 66-1
weight thresholds in tracked lists 55-5
Wireshark
activating and deactivating, capture points, conceptual 53-5
attachment points 53-2
capture filter 53-3
capture points 53-2
core system filter 53-3
decoding and displaying packets 53-5
display filter 53-3
feature interactions 53-6
filters 53-2
storing captured packets to a.pcap filter 53-4
usage examples 53-17
Wireshark, about 53-1
Wireshark, activating and deactivating a capture point 53-10
Wireshark, defining/modifying/deleting a capture point 53-8
Wireshark, displaying information 53-13
Y
Y.1731
default configuration 60-29
described 60-27
ETH-AIS
Ethernet Alarm Signal function (ETH-AIS)
60-28
ETH-RDI 60-28
multicast Ethernet loopback 60-31
multicast ETH-LB 60-29
terminology 60-27