Index Numerics
4K VLANs (support for 4,096 VLANs) 16-2
802.1AE Tagging 41-2
802.1Q
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 16-7
trunks 11-4
restrictions 11-2
tunneling
configuration guidelines 19-1
configuring tunnel ports 19-6
overview 19-4
802.1Q Ethertype
specifying custom 11-15
802.1X 54-1
802.1x accounting 54-43
802.3ad
See LACP
802.3af 10-2
802.3at 10-2
802.3x Flow Control 10-9
A
AAA
fail policy 54-8, 55-5
AAA (authentication, authorization, and accounting). See also port-based authentication. 54-6, 55-2
aaa accounting dot1x command 54-44
aaa accounting system command 54-44
abbreviating commands 2-5
access, restricting MIB 57-10
access control entries and lists 40-1
access-enable host timeout (not supported) 40-4
access port, configuring 11-13
access rights 57-9
access setup, example 57-11
accounting
with 802.1x 54-43
with IEEE 802.1x 54-16
ACEs and ACLs 40-1
ACLs
downloadable 55-2
downloadable (dACLs) 54-24
Filter-ID 54-25
per-user 54-24
port
defined 44-2
redirect URL 54-25
static sharing 54-25
acronyms, list of 1-1
activating lawful intercept 57-8
admin function (mediation device) 57-7, 57-8
administration, definition 57-6
advertisements, VTP 15-4
aggregate label 7-2, 7-5
aggregate policing 34-4
aging time
accelerated
for MSTP 1-45
maximum
for MSTP 1-45, 1-46
alarms
major 5-4
minor 5-4
Allow DHCP Option 82 on Untrusted Port
configuring 49-10
understanding 49-5
any transport over MPLS (AToM) 9-3
Ethernet over MPLS 9-3
ARP ACL 40-12
ARP spoofing 51-3
AToM 9-3
audience 1-45
authentication control-direction command 54-53
authentication event command 54-45
authentication failed VLAN
See restricted VLAN
authentication open comand 54-15
authentication password, VTP 15-5
authentication periodic command 54-38, 54-50
authentication port-control command 54-45
authentication timer reauthenticate command 54-38
authorized ports with 802.1X 54-12
auto enablement 54-30
automatic QoS
configuration guidelines and restrictions 37-2
macros 37-4
overview 37-2
AutoQoS 37-1
auto-sync command 9-4
B
BackboneFast
See STP BackboneFast
backup interfaces
See Flex Links
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking state, STP 1-8
blue beacon 1-8
BPDU
RSTP format 1-16
BPDU guard
See STP BPDU guard
BPDUs
Bridge Assurance 2-5
Shared Spanning Tree Protocol (SSTP) 2-20
Bridge Assurance
description 2-4 to 2-6
inconsistent state 2-5
supported protocols and link types 2-5
bridge domain
configuring 12-8
bridge groups 5-1
bridge ID
See STP bridge ID
bridge priority, STP 1-34
bridge protocol data units
see BPDUs
bridging 5-1
broadcast storms
see traffic-storm control
C
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
Call Home
description 24-3
message format options 24-3
messages
format options 24-3
call home 24-1
alert groups 24-31
contact information 24-21
destination profiles 24-22
displaying information 24-45
pattern matching 24-36
periodic notification 24-33
rate limit messages 24-38
severity threshold 24-33
smart call home feature 24-4
SMTP server 24-2
testing communications 24-38
call home alert groups
configuring 24-31
description 24-31
subscribing 24-31
call home customer information
entering information 24-21
call home destination profiles
attributes 24-23
description 24-23
displaying 24-48
call home notifications
full-txt format for syslog 24-17
XML format for syslog 24-17
CDP
host presence detection 54-14, 56-4
to configure Cisco phones 9-3
CEF
configuring
RP 3-5
supervisor engine 3-4
examples 3-3
Layer 3 switching 3-2
packet rewrite 3-2
certificate authority (CA) 24-2
channel-group group
command 2-8, 2-11, 13-9, 13-14, 13-15, 13-16
command example 13-9, 13-15
Cisco Discovery Protocol
See CDP
Cisco Emergency Responder 9-4
Cisco EnergyWise 3-1
Cisco Express Forwarding 7-3
CISCO-IP-TAP-MIB
citapStreamVRF 57-2
overview 57-8
restricting access to 57-10, 57-11
CISCO-TAP2-MIB
accessing 57-9
overview 57-8
restricting access to 57-10, 57-11
CISP 54-30
CIST regional root
See MSTP
CIST root
See MSTP
class command 34-9
class map configuration 34-8, 35-11
clear authentication sessions command 54-40
clear counters command 10-12
clear dot1x command 54-40
clear interface command 10-13
CLI
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
Client Information Signalling Protocol
See CISP
collection function 57-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 57-5
lawful intercept 57-4
community ports 17-7
community VLANs 17-6, 17-7
configuration example
EoMPLS port mode 9-4, 9-7
EoMPLS VLAN mode 9-4
VPLS, 802.1Q access port for untagged traffic from CE 10-8
VPLS, associating the attachment circuit with the VSI at the PE 10-13
VPLS, L2 VLAN instance on the PE 10-10
VPLS, MPLS in the PE 10-11
VPLS, using QinQ to place all VLANs into a single VPLS 10-9
VPLS, VFI in the PE 10-12
configuration guidelines
EVCs 12-2
configuring 34-9, 35-11
lawful intercept 57-10, 57-11, 57-12
SNMP 57-10
console configuration mode 2-5
content IAP 57-6
control plane policing
See CoPP
CoPP 48-1
applying QoS service policy to control plane 48-5
configuring
ACLs to match traffic 48-5
enabling MLS QoS 48-5
packet classification criteria 48-5
service-policy map 48-5
control plane configuration mode
entering 48-5
displaying
dynamic information 48-9
number of conforming bytes and packets 48-9
rate information 48-9
entering control plane configuration mode 48-5
monitoring statistics 48-9
overview 48-3
packet classification guidelines 48-2
traffic classification
defining 48-6
guidelines 48-7
overview 48-6
sample ACLs 48-8
sample classes 48-6
CoS
override priority 9-6, 10-5
counters
clearing interface 10-12, 10-13
critical authentication 54-8
critical authentication, IEEE 802.1x 54-47
CSCsr62404 10-9
CSCtx75254 5-2
cTap2MediationDebug notification 57-12
cTap2MediationNewIndex object 57-8
cTap2MediationTable 57-8
cTap2MediationTimedOut notification 57-12
cTap2MIBActive notification 57-12
cTap2StreamDebug notification 57-12
cTap2StreamTable 57-8
customer contact information
entering for call home 24-21
D
dACL
See ACLs, downloadable 54-24
dCEF 3-4
debug commands
IP MMLS 14-31
DEC spanning-tree protocol 5-1
default configuration
802.1X 54-31, 55-7
dynamic ARP inspection 51-6
EVCs 12-9
Flex Links 12-4
IP MMLS 14-15
MSTP 1-26
MVR 17-5
UDLD 1-4
voice VLAN 9-4
VTP 15-9
default VLAN 11-10
denial of service protection 47-1
device IDs
call home format 24-13, 24-14
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 49-7
overview 49-5
packet format, suboption
circuit ID 49-7
remote ID 49-7
remote ID suboption 49-7
DHCP option 82 allow on untrusted port 49-10
DHCP snooping
802.1X data insertion 54-15
binding database
See DHCP snooping binding database
configuration guidelines 49-8
configuring 49-9
default configuration 49-8
displaying binding tables 49-18
enabling 49-9, 49-10, 49-11, 49-12, 49-13, 49-14
enabling the database agent 49-14
message exchange process 49-6
monitoring 50-5, 50-6
option 82 data insertion 49-5
overview 49-3
Snooping database agent 49-7
DHCP snooping binding database
described 49-5
entries 49-5
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 49-18
enabling (example) 49-15
overview 49-7
reading from a TFTP file (example) 49-17
DHCP snooping increased bindings limit 49-14
DiffServ
configuring short pipe mode 38-30
configuring uniform mode 38-34
short pipe mode 38-27
uniform mode 38-28
DiffServ tunneling modes 38-4
Disabling PIM Snooping Designated Router Flooding 16-6
distributed Cisco Express Forwarding
See dCEF
distributed egress SPAN 27-10, 27-15
DNS, See Domain Name System
DNS, see Domain Name System
documentation, related 1-45
Domain Name System 57-2
DoS protection 47-1
monitoring packet drop statistics
using monitor session commands 47-10
using VACL capture 47-12
QoS ACLs 47-2
security ACLs 47-2
uRPF check 47-6
dot1x initialize interface command 54-39
dot1x max-reauth-req command 54-43
dot1x max-req command 54-42
dot1x pae authenticator command 54-34
dot1x re-authenticate interface command 54-39
dot1x timeout quiet-period command 54-41
DSCP-based queue mapping 36-14
duplex command 10-5, 10-6
duplex mode
autonegotiation status 10-6
configuring interface 10-4
dynamic ARP inspection
ARP cache poisoning 51-3
ARP requests, described 51-3
ARP spoofing attack 51-3
configuration guidelines 51-2
configuring
log buffer 51-13, 51-15
logging system messages 51-14
rate limit for incoming ARP packets 51-5, 51-10
default configuration 51-6
denial-of-service attacks, preventing 51-10
described 51-3
DHCP snooping binding database 51-4
displaying
ARP ACLs 51-15
configuration and operating state 51-15
trust state and rate limit 51-15
error-disabled state for exceeding rate limit 51-5
function of 51-4
interface trust states 51-4
log buffer
configuring 51-13, 51-15
logging of dropped packets, described 51-6
logging system messages
configuring 51-14
man-in-the middle attack, described 51-4
network security issues and interface trust states 51-4
priority of ARP ACLs and DHCP snooping entries 51-6
rate limiting of ARP packets
configuring 51-10
described 51-5
error-disabled state 51-5
validation checks, performing 51-11
Dynamic Host Configuration Protocol snooping 49-1
E
EAC 41-2
EAPOL. See also port-based authentication. 54-6
eFSU, See Enhanced Fast Software Upgrade (eFSU)
egress SPAN 27-10
electronic traffic, monitoring 57-7
e-mail addresses
assigning for call home 24-21
e-mail notifications
Call Home 24-3
enable mode 2-5
enable sticky secure MAC address 56-8
enabling
IP MMLS
on router interfaces 14-16
lawful intercept 57-8
SNMP notifications 57-12
Endpoint Admission Control (EAC) 41-2
EnergyWise 3-1
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-13
accepting the new software version 5-11
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-5
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-4
memory reservation on module, prohibiting 5-4
OIR not supported 5-2
operation 5-3
outage times 5-4
performing 5-5
steps 5-5
usage guidelines and limitations 5-2
verifying redundancy mode 5-7
environmental monitoring
LED indications 5-4
SNMP traps 5-4
supervisor engine and switching modules 5-4
Syslog messages 5-4
using CLI commands 5-1
EOBC
for MAC address table synchronization 11-3
EoMPLS 9-3
configuring 9-4
configuring VLAN mode 9-3
guidelines and restrictions 9-2
port mode 9-3
VLAN mode 9-3
ERSPAN 27-1
EtherChannel
channel-group group
command 2-8, 2-11, 13-9, 13-14, 13-15, 13-16
command example 13-9, 13-15
configuration guidelines 4-28, 13-2
configuring
Layer 2 13-9
configuring (tasks) 4-28, 13-7
interface port-channel
command example 13-8
interface port-channel (command) 2-7, 2-8, 13-8
lacp system-priority
command example 13-11
Layer 2
configuring 13-9, 13-15
load balancing
configuring 13-11
understanding 13-7
Min-Links 13-13, 13-14
modes 13-4
PAgP
understanding 13-5
port-channel interfaces 13-7
port-channel load-balance
command 13-11
command example 13-12
STP 13-7
understanding 4-4, 13-3
EtherChannel Guard
See STP EtherChannel Guard
Ethernet
setting port duplex 10-10
Ethernet flow point
See EFP
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 9-6
EoMPLS VLAN mode 9-4
Ethernet Virtual Connection
See EVC
EVC
broadcast domain 12-4
configuration guidelines 12-2
default configuration 12-9
supported features 12-2
EXP mutation 38-4
extended range VLANs 16-2
See VLANs
extended system ID
MSTP 1-39
Extensible Authentication Protocol over LAN. See EAPOL.
F
fall-back bridging 5-1
fast link notification
on VSL failure 4-15
fiber-optic, detecting unidirectional links 1-1
FIB TCAM 7-3
figure
lawful intercept overview 57-5
Flex Links 12-1
configuration guidelines 12-2
configuring 12-4
default configuration 12-4
description 12-2
monitoring 12-6
flex links
interface preemption 12-3
flow control 10-9
forward-delay time
MSTP 1-45
forward-delay time, STP 1-35
frame distribution
See EtherChannel load balancing
G
get requests 57-7, 57-8, 57-11
global configuration mode 2-5
guest VLAN and 802.1x 54-19
H
hardware Layer 3 switching
guidelines 3-1
hello time
MSTP 1-44
hello time, STP 1-35
High Capacity Power Supply Support 4-4
history
CLI 2-4
host mode
see port-based authentication
host ports
kinds of 17-7
host presence CDP message 9-4, 54-14
host presence TLV message 56-4
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 13-3
I
IAP
content IAP 57-6
definition 57-6
content IAP 57-6
identification IAP 57-6
types of
ICMP unreachable messages 40-2
ID IAP 57-6
IDs
serial IDs 24-14
IEEE 802.1Q Ethertype
specifying custom 11-15
IEEE 802.1Q Tagging on a Per-Port Basis 19-7
IEEE 802.1w
See RSTP
IEEE 802.1x
accounting 54-16, 54-43
authentication failed VLAN 54-20
critical ports 54-21
DHCP snooping 54-15
guest VLAN 54-19
MAC authentication bypass 54-26
network admission control Layer 2 validation 54-27
port security interoperability 54-23
RADIUS-supplied session timeout 54-38
voice VLAN 54-22
wake-on-LAN support 54-28
IEEE 802.3ad
See LACP
IEEE 802.3af 10-2
IEEE 802.3at 10-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 5-1
IGMP 15-1
configuration guidelines 22-9
enabling 15-9
join messages 15-3
leave processing
enabling 15-13
queries 15-4
query interval
configuring 15-12
snooping
fast leave 15-6
joining multicast group 15-3, 18-4
leaving multicast group 15-5, 18-4
understanding 15-3, 18-3
snooping querier
enabling 15-9
understanding 15-3, 18-3
IGMPv3 14-26
IGMP v3lite 14-26
ignore port trust 34-11
inaccessible authentication bypass 54-21
ingress SPAN 27-10
intercept access point
See IAP
intercept-related information (IRI) 57-6, 57-7
intercepts, multiple 57-6
interface
configuration mode 2-5
Layer 2 modes 11-4
number 10-2
interface port-channel
command example 13-8
interface port-channel (command) 2-7, 2-8, 13-8
interfaces
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-11
monitoring 10-11
range of 10-2
restarting 10-13
shutting down
task 10-13
interfaces command 10-2
interfaces range command 26-3
interfaces range macro command 10-2
internal VLANs 16-3
Internet Group Management Protocol 15-1, 18-1
IP accounting, IP MMLS and 14-2
IP CEF
topology (figure) 3-4
ip flow-export source command 29-3, 29-4, 29-5
ip http server 1-9
ip local policy route-map command 4-5
IP MMLS
cache, overview 14-4
configuration guideline 14-1
debug commands 14-31
default configuration 14-15
enabling
on router interfaces 14-16
Layer 3 MLS cache 14-4
overview 14-2
packet rewrite 14-5
router
enabling globally 14-16
enabling on interfaces 14-16
PIM, enabling 14-16
IP multicast
IGMP snooping and 15-8
MLDv2 snooping and 22-9
overview 15-2, 18-2, 19-2
IP multicast MLS
See IP MMLS
ip multicast-routing command
enabling IP multicast 14-16
IP phone
configuring 9-5
ip pim command
enabling IP PIM 14-16
ip policy route-map command 4-5
IP Source Guard 50-1
configuring 50-3
configuring on private VLANs 50-5
displaying 50-5, 50-6
overview 50-2
IP unnumbered 5-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-10
IPv4 Multicast VPN 20-1
IPv6 Multicast Layer 3 Switching 21-1
IPv6 QoS 33-4
ISL trunks 11-4
isolated port 17-7
isolated VLANs 17-6, 17-7
J
join messages, IGMP 15-3
jumbo frames 10-6
K
keyboard shortcuts 2-3
L
label edge router 7-2
label switched path 9-1
label switch router 7-2, 7-4
LACP
system ID 13-6
Law Enforcement Agency (LEA) 57-4
lawful intercept
admin function 57-7, 57-8
collection function 57-6
configuring 57-10, 57-11, 57-12
enabling 57-8
IRI 57-6
mediation device 57-5
overview 57-4, 57-5
prerequisites 57-1
processing 57-7
security considerations 57-9
SNMP notifications 57-12
lawful intercept processing 57-7
Layer 2
configuring interfaces 11-5
access port 11-13
trunk 11-8
defaults 11-5
interface modes 11-4
show interfaces 10-8, 10-9, 11-6, 11-12
switching
understanding 11-2
trunks
understanding 11-4
VLAN
interface assignment 16-6
Layer 2 Interfaces
configuring 11-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 20-3
overview 20-2
Layer 2 Traceroute 30-1
Layer 2 traceroute
and ARP 30-2
and CDP 30-1
described 30-2
IP addresses and subnets 30-2
MAC addresses and VLANs 30-2
multicast traffic 30-2
multiple devices on a port 30-2
unicast traffic 30-2
usage guidelines 30-1
Layer 3
IP MMLS and MLS cache 14-4
Layer 3 switched packet rewrite
CEF 3-2
Layer 3 switching
CEF 3-2
Layer 4 port operations (ACLs) 40-2
leave processing, IGMP
enabling 15-13
leave processing, MLDv2
enabling 22-12
LERs 38-2, 38-6, 38-7
Link Failure
detecting unidirectional 1-25
link negotiation 10-5
link redundancy
See Flex Links
LLDP-MED
configuring
TLVs 10-8
load deferral
MEC traffic recovery 4-6
Local Egress Replication 14-19
logical operation unit
See LOU
loop guard
See STP loop guard
LOU
description 40-3
determining maximum number of 40-3
LSRs 38-2, 38-6
M
mab command 54-45, 54-50
MAC address-based blocking 43-1
MAC address table notification 11-7
MAC authentication bypass. See also port-based authentication. 54-26
MAC move (port security) 56-3
macros 3-1
See Smartports macros
MACSec 41-2
magic packet 54-28
main-cpu command 9-4
mapping 802.1Q VLANs to ISL VLANs 16-7
markdown
see QoS markdown
match ip address command 4-4
match length command 4-4
maximum aging time
MSTP 1-45
maximum aging time, STP 1-36
maximum hop count, MSTP 1-46
MEC
configuration 4-45
described 4-15
failure 4-16
port load share deferral 4-17
mediation device
admin function 57-7, 57-8
definition 57-5
description 57-5
MIBs
CISCO-IP-TAP-MIB 57-2, 57-8, 57-10
CISCO-TAP2-MIB 57-8, 57-9, 57-10
SNMP-COMMUNITY-MIB 57-9
SNMP-USM-MIB 57-4, 57-9
SNMP-VACM-MIB 57-4, 57-9
microflow policing 34-4
Mini Protocol Analyzer 31-1
Min-Links 13-13
MLD
report 22-5
MLD snooping
query interval
configuring 22-10
MLDv1 22-2
MLDv2 22-1
enabling 22-11
leave processing
enabling 22-12
queries 22-6
snooping
fast leave 22-8
joining multicast group 22-5
leaving multicast group 22-7
understanding 22-3
snooping querier
enabling 22-10
understanding 22-3
MLDv2 Snooping 22-1
monitoring
Flex Links 12-6
MVR 17-8
private VLANs 17-16
monitoring electronic traffic 57-7
MPLS 7-1, 7-2
aggregate label 7-2
any transport over MPLS 9-3
basic configuration 7-9
core 7-4
DiffServ Tunneling Modes 38-26
egress 7-4
experimental field 38-3
hardware features 7-5
ingress 7-4
IP to MPLS path 7-4
labels 7-2
MPLS to IP path 7-4
MPLS to MPLS path 7-4
nonaggregate lable 7-2
QoS default configuration 38-13
restrictions 7-1
VPN 38-11
VPN guidelines and restrictions 8-2
MPLS QoS
Classification 38-2
Class of Service 38-2
commands 38-15
configuring a class map 38-17
configuring a policy map 38-20
configuring egress EXP mutation 38-24
configuring EXP Value Maps 38-25
Differentiated Services Code Point 38-2
displaying a policy map 38-24
E-LSP 38-2
EXP bits 38-2
features 38-2
IP Precedence 38-2
QoS Tags 38-2
queueing-only mode 38-17
MPLS QoS configuration
class map to classify MPLS packets 38-17
MPLS supported commands 7-2
MPLS VPN
limitations and restrictions 8-2
MQC 32-1
MST
interoperation with Rapid PVST+ 2-20
root bridge 2-20
MSTP
boundary ports
configuration guidelines 1-2
described 1-22
CIST, described 1-19
CIST regional root 1-20
CIST root 1-21
configuration guidelines 1-2
configuring
forward-delay time 1-45
hello time 1-44
link type for rapid convergence 1-46
maximum aging time 1-45
maximum hop count 1-46
MST region 1-38
neighbor type 1-46
path cost 1-42
port priority 1-41
root switch 1-39
secondary root switch 1-40
switch priority 1-43
CST
defined 1-19
operations between regions 1-20
default configuration 1-26
displaying status 1-47
enabling the mode 1-38
extended system ID
effects on root switch 1-39
effects on secondary root switch 1-40
unexpected behavior 1-39
IEEE 802.1s
implementation 1-23
port role naming change 1-23
terminology 1-21
interoperability with IEEE 802.1D
described 1-24
restarting migration process 1-47
IST
defined 1-19
master 1-20
operations within a region 1-20
mapping VLANs to MST instance 1-38
MST region
CIST 1-19
configuring 1-38
described 1-19
hop-count mechanism 1-22
IST 1-19
supported spanning-tree instances 1-19
overview 1-18
root switch
configuring 1-39
effects of extended system ID 1-39
unexpected behavior 1-39
status, displaying 1-47
MTU size (default) 16-3
multiauthentication (multiauth). See also port-based authentication. 54-15
multicast
IGMP snooping and 15-8
MLDv2 snooping and 22-9
non-RPF 14-7
overview 15-2, 18-2, 19-2
PIM snooping 16-4
multicast flood blocking 53-1
multicast groups
joining 15-3, 18-4
leaving 15-5, 22-7
multicast groups, IPv6
joining 22-5
Multicast Listener Discovery version 2 22-1
Multicast Replication Mode Detection enhancement 14-18
multicast storms
see traffic-storm control
multicast television application 17-3
multicast VLAN 17-2
Multicast VLAN Registration 17-1
multichassis EtherChannel
see MEC 4-15
Multidomain Authentication (MDA). See also port-based authentication. 54-14
Multilayer MAC ACL QoS Filtering 40-9
multiple path RPF check 47-7
Multiple Spanning Tree
See MST
MUX-UNI Support 7-7
MUX-UNI support 7-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 54-22
MVR
and IGMPv3 17-2
configuring interfaces 17-6
default configuration 17-5
example application 17-3
in the switch stack 17-5
monitoring 17-8
multicast television application 17-3
restrictions 17-1
setting global parameters 17-6
N
NAC
agentless audit support 54-27
critical authentication 54-21, 54-47
IEEE 802.1x authentication using a RADIUS server 54-50
IEEE 802.1x validation using RADIUS server 54-50
inaccessible authentication bypass 54-47
Layer 2 IEEE 802.1x validation 54-50
Layer 2 IEEE802.1x validation 54-27
native VLAN 11-10
NDAC 41-2
NEAT
configuring 54-54
overview 54-30
NetFlow
table, displaying entries 3-5
Network Device Admission Control (NDAC) 41-2
Network Edge Access Topology
See NEAT
network ports
Bridge Assurance 2-5
description 2-2
nonaggregate label 7-2, 7-5
non-RPF multicast 14-7
normal-range VLANs
See VLANs
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1
O
OIR 10-11
online diagnostics
CompactFlash disk verification 1-45
configuring 6-2
datapath verification 1-15
diagnostic sanity check 6-24
egress datapath test 1-5
error counter test 1-5
interrupt counter test 1-5
memory tests 6-24
overview 6-2
running tests 6-6
test descriptions 1-1
understanding 6-2
online diagnostic tests 1-1
online insertion and removal
See OIR
out-f-band MAC address table synchronization
configuring 11-6
in a VSS 4-2
out of profile
see QoS out of profile
P
packet capture 31-2
packet rewrite
CEF 3-2
IP MMLS and 14-5
packets
multicast 44-6
PAgP
understanding 13-5
path cost
MSTP 1-42
PBACLs 40-5
PBF 45-4
PBR 1-10
PBR (policy-based routing)
configuration (example) 4-7
enabling 4-4
peer inconsistent state
in PVST simulation 2-20
per-port VTP enable and disable 15-16
PFC
recirculation 7-5
PIM, IP MMLS and 14-16
PIM snooping
designated router flooding 16-6
enabling globally 16-5
enabling in a VLAN 16-5
overview 16-4
platform aging command
configuring IP MLS 23-3, 23-4
platform ip multicast command
enabling IP MMLS 14-17 to 14-27
PoE 10-2
Cisco prestandard 10-3
IEEE 802.3af 10-2
IEEE 802.3at 10-2
PoE management 10-3
power policing 10-4
power use measurement 10-4
police command 34-13, 34-15
policy-based ACLs (PBACLs) 40-5
policy-based forwarding (PBF) 46-2
policy-based routing
See PBR
policy-based routing (PBR)
configuring 4-1
policy map 34-9, 35-11
attaching to an interface 34-17, 35-17, 47-6
policy-map command 34-9
port ACLs
defined 44-2
port ACLs (PACLs) 44-1
Port Aggregation Protocol
see PAgP
port-based authentication
AAA authorization 54-33
accounting 54-16
configuring 54-43
authentication server
defined 54-7, 55-3
RADIUS server 54-7
client, defined 54-7, 55-3
configuration guidelines 54-2, 55-1
configuring
guest VLAN 54-45
inaccessible authentication bypass 54-47
initializing authentication of a client 54-39
manual reauthentication of a client 54-39
RADIUS server 54-35, 55-10
RADIUS server parameters on the switch 54-34, 55-9
restricted VLAN 54-46
switch-to-authentication-server retransmission time 54-42
switch-to-client EAP-request frame retransmission time 54-41
switch-to-client frame-retransmission number 54-42, 54-43
switch-to-client retransmission time 54-41
user distribution 54-44
VLAN group assignment 54-44
default configuration 54-31, 55-7
described 54-6
device roles 54-7, 55-3
DHCP snooping 54-15
DHCP snooping and insertion 49-6
displaying statistics 54-57, 55-15
EAPOL-start frame 54-10
EAP-request/identity frame 54-10
EAP-response/identity frame 54-10
enabling
802.1X authentication 54-33, 54-34, 55-9
periodic reauthentication 54-38
encapsulation 54-7
guest VLAN
configuration guidelines 54-19, 54-20
described 54-19
host mode 54-13
inaccessible authentication bypass
configuring 54-47
described 54-21
guidelines 54-4
initiation and message exchange 54-10
MAC authentication bypass 54-26
magic packet 54-28
method lists 54-33
modes 54-13
multiauth mode, described 54-15
multidomain authentication mode, described 54-14
multiple-hosts mode, described 54-13
ports
authorization state and dot1x port-control command 54-12
authorized and unauthorized 54-12
critical 54-21
voice VLAN 54-22
port security
and voice VLAN 54-23
described 54-23
interactions 54-23
multiple-hosts mode 54-13
pre-authentication open access 54-15, 54-36
resetting to default values 54-57
supplicant, defined 54-7
switch
as proxy 54-7, 55-3
RADIUS client 54-7
switch supplicant
configuring 54-54
overview 54-30
user distribution
configuring 54-44
described 54-18
guidelines 54-4
VLAN assignment
AAA authorization 54-33
characteristics 54-17
configuration tasks 54-18
described 54-17
VLAN group
guidelines 54-4
voice VLAN
described 54-22
PVID 54-22
VVID 54-22
wake-on-LAN, described 54-28
port-based QoS features
see QoS
port-channel
see EtherChannel
port-channel load-balance
command 13-11
command example 13-11, 13-12
port-channel load-defer command 4-46
port-channel port load-defer command 4-46
port cost, STP 1-32
port debounce timer
disabling 10-10
displaying 10-10
enabling 10-10
PortFast
edge ports 2-2
network ports 2-2
See STP PortFast
PortFast Edge BPDU filtering
See STP PortFast Edge BPDU filtering
PortFast port types
description 2-2, 2-2 to ??
edge 2-2
network 2-2
port mode 9-3
port negotiation 10-5
port priority
MSTP 1-41
port priority, STP 1-31
ports
setting the debounce timer 10-10
port security
aging 56-9, 56-10
configuring 56-4
described 56-3
displaying 56-10
enable sticky secure MAC address 56-8
sticky MAC address 56-3
violations 56-3
Port Security is supported on trunks 56-2, 56-5, 56-7, 56-9
port security MAC move 56-3
port security on PVLAN ports 56-2
Port Security with Sticky Secure MAC Addresses 56-3
power management
enabling/disabling redundancy 4-2
overview 4-1
powering modules up or down 4-3
power policing 10-8
power negotiation
through LLDP 10-8
Power over Ethernet 10-2
power over ethernet 10-2
pre-authentication open access. See port-based authentication.
preemption, default configuration 12-4
preemption delay, default configuration 12-4
prerequisites for lawful intercept 57-1
primary links 12-2
primary VLANs 17-6
priority
overriding CoS 9-6, 10-5
private hosts 18-1
private hosts feature
configuration guidelines 18-1
configuring (detailed steps) 18-9
configuring (summary) 18-8
multicast operation 18-4
overview 18-4
port ACLs (PACLs) 18-7
port types 18-5, 18-6
protocol-independent MAC ACLs 18-4
restricting traffic flow with PACLs 18-5
spoofing protection 18-3
private VLANs 17-1
across multiple switches 17-9
and SVIs 17-10
benefits of 17-5
community VLANs 17-6, 17-7
configuration guidelines 17-2, 17-4, 17-10
configuring 17-10
host ports 17-14
pomiscuous ports 17-15
routing secondary VLAN ingress traffic 17-13
secondary VLANs with primary VLANs 17-12
VLANs as private 17-11
end station access to 17-8
IP addressing 17-8
isolated VLANs 17-6, 17-7
monitoring 17-16
ports
community 17-7
configuration guidelines 17-4
isolated 17-7
promiscuous 17-7
primary VLANs 17-6
secondary VLANs 17-6
subdomains 17-5
traffic in 17-10
privileged EXEC mode 2-5
promiscuous ports 17-7
protocol tunneling
See Layer 2 protocol tunneling 20-2
PVRST
See Rapid-PVST 1-3
PVST
description 1-3
PVST simulation
description 2-20
peer inconsistent state 2-20
root bridge 2-20
Q
QoS
auto-QoS
enabling for VoIP 37-4
IPv6 33-4
See also automatic QoS 37-1
QoS CoS
port value, configuring 36-2
QoS default configuration 39-2
QoS DSCP
maps, configuring 36-7
QoS mapping
CoS values to DSCP values 36-4, 36-7
DSCP markdown values 36-8, 38-14
DSCP mutation 36-3, 38-25
DSCP values to CoS values 36-9
IP precedence values to DSCP values 36-7
QoS markdown 34-4
QoS out of profile 34-4
QoS policing rule
aggregate 34-4
microflow 34-4
QoS port
trust state 36-10
QoS port-based or VLAN-based 36-12
QoS receive queue 36-18
QoS statistics data export 39-2
configuring 39-2
configuring destination host 39-7
configuring time interval 39-6, 39-8
QoS transmit queues 35-6, 36-15, 36-16
QoS VLAN-based or port-based 36-12
queries, IGMP 15-4
queries, MLDv2 22-6
R
RADIUS 49-6
RADIUS. See also port-based authentication. 54-7
range
command 26-3
macro 10-2
rapid convergence 1-14
Rapid-PVST
enabling 1-36
Rapid PVST+
interoperation with MST 2-20
Rapid-PVST+
overview 1-3
Rapid Spanning Tree
See RSTP
Rapid Spanning Tree Protocol
See RSTP
receive queues
see QoS receive queues
recirculation 7-5
redirect URLs
described 54-25
reduced MAC address 1-3
redundancy (RPR+) 9-1
configuring 9-4
configuring supervisor engine 9-2
displaying supervisor engine configuration 9-5
redundancy command 9-4
related documentation 1-45
Remote Authentication Dial-In User Service. See RADIUS.
report, MLD 22-5
reserved-range VLANs
See VLANs
restricted VLAN
configuring 54-46
described 54-20
using with IEEE 802.1x 54-20
restricting MIB access 57-10, 57-11
rewrite, packet
CEF 3-2
IP MMLS 14-5
RHI 4-52
RIF cache monitoring 10-12
ROM monitor
CLI 2-7
root bridge
MST 2-20
PVST simulation 2-20
root bridge, STP 1-29
root guard
See STP root guard
root switch
MSTP 1-39
route health injection
See RHI
route-map (IP) command 4-4
route maps
defining 4-4
router guard 19-1
RPF
failure 14-7
non-RPF multicast 14-7
RPR and RPR+ support IPv6 multicast traffic 9-1
RSTP
active topology 1-13
BPDU
format 1-16
processing 1-17
designated port, defined 1-13
designated switch, defined 1-13
interoperability with IEEE 802.1D
described 1-24
restarting migration process 1-47
topology changes 1-17
overview 1-13
port roles
described 1-13
synchronized 1-15
proposal-agreement handshake process 1-14
rapid convergence
described 1-14
edge ports and Port Fast 1-14
point-to-point links 1-14, 1-46
root ports 1-14
root port, defined 1-13
See also MSTP
S
secondary VLANs 17-6
Secure MAC Address Aging Type 56-9
security
configuring 42-1
security, port 56-3
security considerations 57-9
Security Exchange Protocol (SXP) 41-2
Security Group Access Control List (SGACL) 41-2
Security Group Tag (SGT) 41-2
serial IDs
description 24-14
serial interfaces
clearing 10-13
synchronous
maintaining 10-13
server IDs
description 24-14
service instance
configuration mode 12-5
creating 12-4
defined 12-4
service-policy input command 34-17, 35-17, 36-4, 36-6, 38-25, 47-6
service-provider network, MSTP and RSTP 1-18
set default interface command 4-4
set interface command 4-4
set ip default next-hop command 4-4
set ip df command
PBR 4-4
set ip next-hop command 4-4
set ip precedence command
PBR 4-4
set ip vrf command
PBR 4-4
set power redundancy enable/disable command 4-2
set requests 57-7, 57-8, 57-11
setting up lawful intercept 57-7
SGACL 41-2
SGT 41-2
short pipe mode
configuring 38-30
show authentication command 54-58
show catalyst6000 chassis-mac-address command 1-4
show dot1x interface command 54-39
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 11-6, 11-12
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip local policy command 4-5
show mab command 54-61
show module command 9-5
show platform aging command 23-4
show platform entry command 3-5
show platform ip multicast group command
displaying IP MMLS group 14-27
show platform ip multicast interface command
displaying IP MMLS interface 14-27
show platform ip multicast source command
displaying IP MMLS source 14-27
show platform ip multicast statistics command
displaying IP MMLS statistics 14-27
show platform ip multicast summary
displaying IP MMLS configuration 14-27
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
displaying ACLs 44-7, 44-8
show svclc rhi-routes command 4-52
show version command 10-12
shutdown command 10-13
shutdown interfaces
result 10-13
slot number, description 10-2
smart call home 24-1
description 24-4
destination profile (note) 24-23
registration requirements 24-5
service contract requirements 24-2
Transport Gateway (TG) aggregation point 24-4
SMARTnet
smart call home registration 24-5
smart port macros 3-1
configuration guidelines 3-2
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
SNMP
configuring 57-10
default view 57-9
get and set requests 57-7, 57-8, 57-11
notifications 57-9, 57-12
support and documentation 1-9
SNMP-COMMUNITY-MIB 57-9
SNMP-USM-MIB 57-4, 57-9
SNMP-VACM-MIB 57-4, 57-9
snooping
See IGMP snooping
software
upgrading router 5-5
source IDs
call home event format 24-13
source specific multicast with IGMPv3, IGMP v3lite, and URD 14-26
SPAN
configuration guidelines 27-2
configuring 27-12
sources 27-16, 27-19, 27-21, 27-22, 27-24, 27-25, 27-26, 27-28
VLAN filtering 27-30
destination port support on EtherChannels 27-12, 27-19, 27-22, 27-24, 27-25, 27-29
distributed egress 27-10, 27-15
modules that disable for ERSPAN 27-7
input packets with don’t learn option
ERSPAN 27-28, 27-29
local SPAN 27-17, 27-18, 27-19
RSPAN 27-22, 27-23, 27-25
understanding 27-12
local SPAN egress session increase 27-3, 27-16
overview 27-7
SPAN Destination Port Permit Lists 27-15
spanning-tree backbonefast
command 2-15, 2-16
command example 2-15, 2-16
spanning-tree cost
command 1-33
command example 1-33
spanning-tree portfast
command 2-2, 2-3, 2-4
command example 2-3, 2-4
spanning-tree portfast bpdu-guard
command 2-8
spanning-tree port-priority
command 1-31
spanning-tree protocol for bridging 5-1
spanning-tree uplinkfast
command 2-13
command example 2-13
spanning-tree vlan
command 1-27, 1-29, 1-30, 1-31, 2-8, 2-17
command example 1-28, 1-29, 1-30, 1-31
spanning-tree vlan cost
command 1-33
spanning-tree vlan forward-time
command 1-35
command example 1-35
spanning-tree vlan hello-time
command 1-35
command example 1-35
spanning-tree vlan max-age
command 1-36
command example 1-36
spanning-tree vlan port-priority
command 1-31
command example 1-32
spanning-tree vlan priority
command 1-34
command example 1-34
speed
configuring interface 10-4
speed command 10-4
speed mode
autonegotiation status 10-6
standards, lawful intercept 57-4
standby links 12-2
static sharing
description 54-25
statistics
802.1X 54-57, 55-15
sticky ARP 47-9
sticky MAC address 56-3
Sticky secure MAC addresses 56-8, 56-9
storm control
see traffic-storm control
STP
configuring 1-26
bridge priority 1-34
enabling 1-27, 1-28
forward-delay time 1-35
hello time 1-35
maximum aging time 1-36
port cost 1-32
port priority 1-31
root bridge 1-29
secondary root switch 1-30
defaults 1-25
EtherChannel 13-7
normal ports 2-3
understanding 1-2
802.1Q Trunks 1-12
Blocking State 1-8
BPDUs 1-4
disabled state 1-12
forwarding state 1-11
learning state 1-10
listening state 1-9
overview 1-3
port states 1-6
protocol timers 1-5
root bridge election 1-5
topology 1-5
STP BackboneFast
configuring 2-15
figure
adding a switch 2-18
spanning-tree backbonefast
command 2-15, 2-16
command example 2-15, 2-16
understanding 2-13
STP BPDU Guard
configuring 2-7
spanning-tree portfast bpdu-guard
command 2-8
understanding 2-7
STP bridge ID 1-3
STP EtherChannel guard 2-16
STP extensions
description ?? to 2-20
STP loop guard
configuring 2-19
overview 2-17
STP PortFast
BPDU filter
configuring 2-10
BPDU filtering 2-9
configuring 2-2
spanning-tree portfast
command 2-2, 2-3, 2-4
command example 2-3, 2-4
understanding 2-2
STP port types
normal 2-3
STP root guard 2-17
STP UplinkFast
configuring 2-12
spanning-tree uplinkfast
command 2-13
command example 2-13
understanding 2-11
subdomains, private VLAN 17-5
supervisor engine
environmental monitoring 5-1
redundancy 9-1
synchronizing configurations 9-5
supervisor engine redundancy
configuring 9-2
supervisor engines
displaying redundancy configuration 9-5
supplicant 54-7
surveillance 57-7
svclc command 4-52
Switched Port Analyzer 27-1
switch fabric functionality 8-1
configuring 8-3
monitoring 8-4
switchport
configuring 11-13
example 11-12
show interfaces 10-8, 10-9, 11-6, 11-12
switchport access vlan 11-6, 11-7, 11-10, 11-13
example 11-14
switchport mode access 11-4, 11-6, 11-7, 11-13
example 11-14
switchport mode dynamic 11-8
switchport mode dynamic auto 11-4
switchport mode dynamic desirable 11-4
default 11-5
example 11-12
switchport mode trunk 11-4, 11-8
switchport nonegotiate 11-4
switchport trunk allowed vlan 11-11
switchport trunk encapsulation 11-7
switchport trunk encapsulation dot1q
example 11-12
switchport trunk encapsulation negotiate
default 11-5
switchport trunk native vlan 11-10
switchport trunk pruning vlan 11-11
switch priority
MSTP 1-43
switch TopN reports
foreground execution 29-2
running 29-3
viewing 29-3
SXP 41-2
system event archive (SEA) 25-1
System Hardware Capacity 1-5
T
TDR
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
Telnet
accessing CLI 2-2
Time Domain Reflectometer 10-14
TLV
host presence detection 9-4, 54-14, 56-4
traceroute, Layer 2
and ARP 30-2
and CDP 30-1
described 30-2
IP addresses and subnets 30-2
MAC addresses and VLANs 30-2
multicast traffic 30-2
multiple devices on a port 30-2
unicast traffic 30-2
usage guidelines 30-1
traffic-storm control
command
broadcast 52-4
described 52-2
monitoring 52-5
thresholds 52-2
traffic suppression
see traffic-storm control
transmit queues
see QoS transmit queues
traps, see SNMP notifications
trunks 11-4
802.1Q Restrictions 11-2
allowed VLANs 11-11
configuring 11-8
default interface configuration 11-6
default VLAN 11-10
different VTP domains 11-4
native VLAN 11-10
to non-DTP device 11-4
VLAN 1 minimization 11-11
trusted boundary 9-6
trusted boundary (extended trust for CDP devices) 9-4
trustpoint 24-2
tunneling 38-4, 38-26
tunneling, 802.1Q
See 802.1Q 19-4
type length value
See TLV
U
UDE
configuration 6-5
overview 6-4
UDE and UDLR 6-1
UDLD
default configuration 1-4
enabling
globally 1-5
on ports 1-5, 1-6
overview 1-2
UDLR 6-1
back channel 6-3
configuration 6-6
tunnel
(example) 6-7
ARP and NHRP 6-4
UDLR (unidirectional link routing) 6-1
UDP port for SNMP notifications 57-12
unauthorized ports with 802.1X 54-12
unicast storms
see traffic-storm control
Unidirectional Ethernet 6-1
unidirectional ethernet
example of setting 6-5
UniDirectional Link Detection Protocol
see UDLD
uniform mode
configuring 38-34
unknown unicast and multicast flood blocking 53-1
unknown unicast flood blocking
See UUFB
unknown unicast flood rate-limiting
See UUFRL
UplinkFast
See STP UplinkFast
URD 14-26
User-Based Rate Limiting 34-6, 34-15
user EXEC mode 2-5
UUFB 53-2
UUFRL 53-2
V
VACLs 45-2
configuring
examples 45-5
Layer 3 VLAN interfaces 45-5
Layer 4 port operations 40-2
logging
configuration example 45-8
configuring 45-7
restrictions 45-7
MAC address based 45-2
multicast packets 44-6
SVIs 45-5
WAN interfaces 45-2
virtual private LAN services (VPLS) 10-1
associating attachment circuit with the VSI at the PE 10-13
basic configuration 10-2
configuration example 10-18
configuring MPLS in the PE 10-11
configuring PE layer 2 interface to the CE 10-7
configuring the VFI in the PE 10-12
overview 10-2
restrictions 10-2
services 10-5
vlan
command 16-5, 16-6, 27-20
command example 16-6
VLAN Access Control Lists
See VACLs
VLAN-based QoS filtering 40-10
VLAN-bridge spanning-tree protocol 5-1
vlan database
command 16-5, 16-6, 27-20
vlan group command 54-44
VLAN locking 16-4
vlan mapping dot1q
command 16-8, 16-9
VLAN maps
applying 44-8
VLAN mode 9-3
VLAN port provisioning verification 16-4
VLANs
allowed on trunk 11-11
configuration guidelines 16-2
configuring 16-1
configuring (tasks) 16-4
defaults 16-3
extended range 16-3
interface assignment 16-6
multicast 17-2
name (default) 16-3
normal range 16-3
reserved range 16-3
support for 4,096 VLANs 16-2
token ring 16-3
trunks
understanding 11-4
understanding 16-2
VLAN 1 minimization 11-11
VTP domain 16-4
VLAN translation
command example 16-8, 16-9
voice VLAN
Cisco 7960 phone, port connections 9-2
configuration guidelines 9-1
configuring IP phone for data traffic
override CoS of incoming frame 9-6, 10-5
configuring ports for voice traffic in
802.1Q frames 9-5
connecting to an IP phone 9-5
default configuration 9-4
overview 9-2
voice VLAN. See also port-based authentication. 54-22
VPN
configuration example 8-4
guidelines and restrictions 8-2
VPN supported commands 8-2
VPN switching 8-1
VSS
dual-active detection
Enhanced PAgP, advantages 4-24
Enhanced PAgP, description 4-24
enhanced PAgP, description 4-46
fast-hello, advantages 4-24
fast-hello, description 4-25
VSLP fast-hello, configuration 4-48
VSS Quad-Sup SSO (V4SO) 4-9
VTP
advertisements 15-4, 15-5
client, configuring 15-15
configuration guidelines 15-1
default configuration 15-9
disabling 15-15
domains 15-3
VLANs 16-4
modes
client 15-4
server 15-4
transparent 15-4
monitoring 15-17
overview 15-2
per-port enable and disable 15-16
pruning
configuration 11-11
configuring 15-12
overview 15-7
server, configuring 15-15
statistics 15-17
transparent mode, configuring 15-15
version 2
enabling 15-13
overview 15-5
version 3
enabling 15-13
overview 15-6
server type, configuring 15-11
W
wake-on-LAN. See also port-based authentication. 54-28
web-based authentication
AAA fail policy 55-5
description 55-2
web browser interface 1-9
wiretaps 57-4
Index
Numerics
4K VLANs (support for 4,096 VLANs) 16-2
802.1AE Tagging 41-2
802.1Q
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 16-7
trunks 11-4
restrictions 11-2
tunneling
configuration guidelines 19-1
configuring tunnel ports 19-6
overview 19-4
802.1Q Ethertype
specifying custom 11-15
802.1X 54-1
802.1x accounting 54-43
802.3ad
See LACP
802.3af 10-2
802.3at 10-2
802.3x Flow Control 10-9
A
AAA
fail policy 54-8, 55-5
AAA (authentication, authorization, and accounting). See also port-based authentication. 54-6, 55-2
aaa accounting dot1x command 54-44
aaa accounting system command 54-44
abbreviating commands 2-5
access, restricting MIB 57-10
access control entries and lists 40-1
access-enable host timeout (not supported) 40-4
access port, configuring 11-13
access rights 57-9
access setup, example 57-11
accounting
with 802.1x 54-43
with IEEE 802.1x 54-16
ACEs and ACLs 40-1
ACLs
downloadable 55-2
downloadable (dACLs) 54-24
Filter-ID 54-25
per-user 54-24
port
defined 44-2
redirect URL 54-25
static sharing 54-25
acronyms, list of 1-1
activating lawful intercept 57-8
admin function (mediation device) 57-7, 57-8
administration, definition 57-6
advertisements, VTP 15-4
aggregate label 7-2, 7-5
aggregate policing 34-4
aging time
accelerated
for MSTP 1-45
maximum
for MSTP 1-45, 1-46
alarms
major 5-4
minor 5-4
Allow DHCP Option 82 on Untrusted Port
configuring 49-10
understanding 49-5
any transport over MPLS (AToM) 9-3
Ethernet over MPLS 9-3
ARP ACL 40-12
ARP spoofing 51-3
AToM 9-3
audience 1-45
authentication control-direction command 54-53
authentication event command 54-45
authentication failed VLAN
See restricted VLAN
authentication open comand 54-15
authentication password, VTP 15-5
authentication periodic command 54-38, 54-50
authentication port-control command 54-45
authentication timer reauthenticate command 54-38
authorized ports with 802.1X 54-12
auto enablement 54-30
automatic QoS
configuration guidelines and restrictions 37-2
macros 37-4
overview 37-2
AutoQoS 37-1
auto-sync command 9-4
B
BackboneFast
See STP BackboneFast
backup interfaces
See Flex Links
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking state, STP 1-8
blue beacon 1-8
BPDU
RSTP format 1-16
BPDU guard
See STP BPDU guard
BPDUs
Bridge Assurance 2-5
Shared Spanning Tree Protocol (SSTP) 2-20
Bridge Assurance
description 2-4 to 2-6
inconsistent state 2-5
supported protocols and link types 2-5
bridge domain
configuring 12-8
bridge groups 5-1
bridge ID
See STP bridge ID
bridge priority, STP 1-34
bridge protocol data units
see BPDUs
bridging 5-1
broadcast storms
see traffic-storm control
C
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
Call Home
description 24-3
message format options 24-3
messages
format options 24-3
call home 24-1
alert groups 24-31
contact information 24-21
destination profiles 24-22
displaying information 24-45
pattern matching 24-36
periodic notification 24-33
rate limit messages 24-38
severity threshold 24-33
smart call home feature 24-4
SMTP server 24-2
testing communications 24-38
call home alert groups
configuring 24-31
description 24-31
subscribing 24-31
call home customer information
entering information 24-21
call home destination profiles
attributes 24-23
description 24-23
displaying 24-48
call home notifications
full-txt format for syslog 24-17
XML format for syslog 24-17
CDP
host presence detection 54-14, 56-4
to configure Cisco phones 9-3
CEF
configuring
RP 3-5
supervisor engine 3-4
examples 3-3
Layer 3 switching 3-2
packet rewrite 3-2
certificate authority (CA) 24-2
channel-group group
command 2-8, 2-11, 13-9, 13-14, 13-15, 13-16
command example 13-9, 13-15
Cisco Discovery Protocol
See CDP
Cisco Emergency Responder 9-4
Cisco EnergyWise 3-1
Cisco Express Forwarding 7-3
CISCO-IP-TAP-MIB
citapStreamVRF 57-2
overview 57-8
restricting access to 57-10, 57-11
CISCO-TAP2-MIB
accessing 57-9
overview 57-8
restricting access to 57-10, 57-11
CISP 54-30
CIST regional root
See MSTP
CIST root
See MSTP
class command 34-9
class map configuration 34-8, 35-11
clear authentication sessions command 54-40
clear counters command 10-12
clear dot1x command 54-40
clear interface command 10-13
CLI
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
Client Information Signalling Protocol
See CISP
collection function 57-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 57-5
lawful intercept 57-4
community ports 17-7
community VLANs 17-6, 17-7
configuration example
EoMPLS port mode 9-4, 9-7
EoMPLS VLAN mode 9-4
VPLS, 802.1Q access port for untagged traffic from CE 10-8
VPLS, associating the attachment circuit with the VSI at the PE 10-13
VPLS, L2 VLAN instance on the PE 10-10
VPLS, MPLS in the PE 10-11
VPLS, using QinQ to place all VLANs into a single VPLS 10-9
VPLS, VFI in the PE 10-12
configuration guidelines
EVCs 12-2
configuring 34-9, 35-11
lawful intercept 57-10, 57-11, 57-12
SNMP 57-10
console configuration mode 2-5
content IAP 57-6
control plane policing
See CoPP
CoPP 48-1
applying QoS service policy to control plane 48-5
configuring
ACLs to match traffic 48-5
enabling MLS QoS 48-5
packet classification criteria 48-5
service-policy map 48-5
control plane configuration mode
entering 48-5
displaying
dynamic information 48-9
number of conforming bytes and packets 48-9
rate information 48-9
entering control plane configuration mode 48-5
monitoring statistics 48-9
overview 48-3
packet classification guidelines 48-2
traffic classification
defining 48-6
guidelines 48-7
overview 48-6
sample ACLs 48-8
sample classes 48-6
CoS
override priority 9-6, 10-5
counters
clearing interface 10-12, 10-13
critical authentication 54-8
critical authentication, IEEE 802.1x 54-47
CSCsr62404 10-9
CSCtx75254 5-2
cTap2MediationDebug notification 57-12
cTap2MediationNewIndex object 57-8
cTap2MediationTable 57-8
cTap2MediationTimedOut notification 57-12
cTap2MIBActive notification 57-12
cTap2StreamDebug notification 57-12
cTap2StreamTable 57-8
customer contact information
entering for call home 24-21
D
dACL
See ACLs, downloadable 54-24
dCEF 3-4
debug commands
IP MMLS 14-31
DEC spanning-tree protocol 5-1
default configuration
802.1X 54-31, 55-7
dynamic ARP inspection 51-6
EVCs 12-9
Flex Links 12-4
IP MMLS 14-15
MSTP 1-26
MVR 17-5
UDLD 1-4
voice VLAN 9-4
VTP 15-9
default VLAN 11-10
denial of service protection 47-1
device IDs
call home format 24-13, 24-14
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 49-7
overview 49-5
packet format, suboption
circuit ID 49-7
remote ID 49-7
remote ID suboption 49-7
DHCP option 82 allow on untrusted port 49-10
DHCP snooping
802.1X data insertion 54-15
binding database
See DHCP snooping binding database
configuration guidelines 49-8
configuring 49-9
default configuration 49-8
displaying binding tables 49-18
enabling 49-9, 49-10, 49-11, 49-12, 49-13, 49-14
enabling the database agent 49-14
message exchange process 49-6
monitoring 50-5, 50-6
option 82 data insertion 49-5
overview 49-3
Snooping database agent 49-7
DHCP snooping binding database
described 49-5
entries 49-5
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 49-18
enabling (example) 49-15
overview 49-7
reading from a TFTP file (example) 49-17
DHCP snooping increased bindings limit 49-14
DiffServ
configuring short pipe mode 38-30
configuring uniform mode 38-34
short pipe mode 38-27
uniform mode 38-28
DiffServ tunneling modes 38-4
Disabling PIM Snooping Designated Router Flooding 16-6
distributed Cisco Express Forwarding
See dCEF
distributed egress SPAN 27-10, 27-15
DNS, See Domain Name System
DNS, see Domain Name System
documentation, related 1-45
Domain Name System 57-2
DoS protection 47-1
monitoring packet drop statistics
using monitor session commands 47-10
using VACL capture 47-12
QoS ACLs 47-2
security ACLs 47-2
uRPF check 47-6
dot1x initialize interface command 54-39
dot1x max-reauth-req command 54-43
dot1x max-req command 54-42
dot1x pae authenticator command 54-34
dot1x re-authenticate interface command 54-39
dot1x timeout quiet-period command 54-41
DSCP-based queue mapping 36-14
duplex command 10-5, 10-6
duplex mode
autonegotiation status 10-6
configuring interface 10-4
dynamic ARP inspection
ARP cache poisoning 51-3
ARP requests, described 51-3
ARP spoofing attack 51-3
configuration guidelines 51-2
configuring
log buffer 51-13, 51-15
logging system messages 51-14
rate limit for incoming ARP packets 51-5, 51-10
default configuration 51-6
denial-of-service attacks, preventing 51-10
described 51-3
DHCP snooping binding database 51-4
displaying
ARP ACLs 51-15
configuration and operating state 51-15
trust state and rate limit 51-15
error-disabled state for exceeding rate limit 51-5
function of 51-4
interface trust states 51-4
log buffer
configuring 51-13, 51-15
logging of dropped packets, described 51-6
logging system messages
configuring 51-14
man-in-the middle attack, described 51-4
network security issues and interface trust states 51-4
priority of ARP ACLs and DHCP snooping entries 51-6
rate limiting of ARP packets
configuring 51-10
described 51-5
error-disabled state 51-5
validation checks, performing 51-11
Dynamic Host Configuration Protocol snooping 49-1
E
EAC 41-2
EAPOL. See also port-based authentication. 54-6
eFSU, See Enhanced Fast Software Upgrade (eFSU)
egress SPAN 27-10
electronic traffic, monitoring 57-7
e-mail addresses
assigning for call home 24-21
e-mail notifications
Call Home 24-3
enable mode 2-5
enable sticky secure MAC address 56-8
enabling
IP MMLS
on router interfaces 14-16
lawful intercept 57-8
SNMP notifications 57-12
Endpoint Admission Control (EAC) 41-2
EnergyWise 3-1
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-13
accepting the new software version 5-11
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-5
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-4
memory reservation on module, prohibiting 5-4
OIR not supported 5-2
operation 5-3
outage times 5-4
performing 5-5
steps 5-5
usage guidelines and limitations 5-2
verifying redundancy mode 5-7
environmental monitoring
LED indications 5-4
SNMP traps 5-4
supervisor engine and switching modules 5-4
Syslog messages 5-4
using CLI commands 5-1
EOBC
for MAC address table synchronization 11-3
EoMPLS 9-3
configuring 9-4
configuring VLAN mode 9-3
guidelines and restrictions 9-2
port mode 9-3
VLAN mode 9-3
ERSPAN 27-1
EtherChannel
channel-group group
command 2-8, 2-11, 13-9, 13-14, 13-15, 13-16
command example 13-9, 13-15
configuration guidelines 4-28, 13-2
configuring
Layer 2 13-9
configuring (tasks) 4-28, 13-7
interface port-channel
command example 13-8
interface port-channel (command) 2-7, 2-8, 13-8
lacp system-priority
command example 13-11
Layer 2
configuring 13-9, 13-15
load balancing
configuring 13-11
understanding 13-7
Min-Links 13-13, 13-14
modes 13-4
PAgP
understanding 13-5
port-channel interfaces 13-7
port-channel load-balance
command 13-11
command example 13-12
STP 13-7
understanding 4-4, 13-3
EtherChannel Guard
See STP EtherChannel Guard
Ethernet
setting port duplex 10-10
Ethernet flow point
See EFP
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 9-6
EoMPLS VLAN mode 9-4
Ethernet Virtual Connection
See EVC
EVC
broadcast domain 12-4
configuration guidelines 12-2
default configuration 12-9
supported features 12-2
EXP mutation 38-4
extended range VLANs 16-2
See VLANs
extended system ID
MSTP 1-39
Extensible Authentication Protocol over LAN. See EAPOL.
F
fall-back bridging 5-1
fast link notification
on VSL failure 4-15
fiber-optic, detecting unidirectional links 1-1
FIB TCAM 7-3
figure
lawful intercept overview 57-5
Flex Links 12-1
configuration guidelines 12-2
configuring 12-4
default configuration 12-4
description 12-2
monitoring 12-6
flex links
interface preemption 12-3
flow control 10-9
forward-delay time
MSTP 1-45
forward-delay time, STP 1-35
frame distribution
See EtherChannel load balancing
G
get requests 57-7, 57-8, 57-11
global configuration mode 2-5
guest VLAN and 802.1x 54-19
H
hardware Layer 3 switching
guidelines 3-1
hello time
MSTP 1-44
hello time, STP 1-35
High Capacity Power Supply Support 4-4
history
CLI 2-4
host mode
see port-based authentication
host ports
kinds of 17-7
host presence CDP message 9-4, 54-14
host presence TLV message 56-4
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 13-3
I
IAP
content IAP 57-6
definition 57-6
content IAP 57-6
identification IAP 57-6
types of
ICMP unreachable messages 40-2
ID IAP 57-6
IDs
serial IDs 24-14
IEEE 802.1Q Ethertype
specifying custom 11-15
IEEE 802.1Q Tagging on a Per-Port Basis 19-7
IEEE 802.1w
See RSTP
IEEE 802.1x
accounting 54-16, 54-43
authentication failed VLAN 54-20
critical ports 54-21
DHCP snooping 54-15
guest VLAN 54-19
MAC authentication bypass 54-26
network admission control Layer 2 validation 54-27
port security interoperability 54-23
RADIUS-supplied session timeout 54-38
voice VLAN 54-22
wake-on-LAN support 54-28
IEEE 802.3ad
See LACP
IEEE 802.3af 10-2
IEEE 802.3at 10-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 5-1
IGMP 15-1
configuration guidelines 22-9
enabling 15-9
join messages 15-3
leave processing
enabling 15-13
queries 15-4
query interval
configuring 15-12
snooping
fast leave 15-6
joining multicast group 15-3, 18-4
leaving multicast group 15-5, 18-4
understanding 15-3, 18-3
snooping querier
enabling 15-9
understanding 15-3, 18-3
IGMPv3 14-26
IGMP v3lite 14-26
ignore port trust 34-11
inaccessible authentication bypass 54-21
ingress SPAN 27-10
intercept access point
See IAP
intercept-related information (IRI) 57-6, 57-7
intercepts, multiple 57-6
interface
configuration mode 2-5
Layer 2 modes 11-4
number 10-2
interface port-channel
command example 13-8
interface port-channel (command) 2-7, 2-8, 13-8
interfaces
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-11
monitoring 10-11
range of 10-2
restarting 10-13
shutting down
task 10-13
interfaces command 10-2
interfaces range command 26-3
interfaces range macro command 10-2
internal VLANs 16-3
Internet Group Management Protocol 15-1, 18-1
IP accounting, IP MMLS and 14-2
IP CEF
topology (figure) 3-4
ip flow-export source command 29-3, 29-4, 29-5
ip http server 1-9
ip local policy route-map command 4-5
IP MMLS
cache, overview 14-4
configuration guideline 14-1
debug commands 14-31
default configuration 14-15
enabling
on router interfaces 14-16
Layer 3 MLS cache 14-4
overview 14-2
packet rewrite 14-5
router
enabling globally 14-16
enabling on interfaces 14-16
PIM, enabling 14-16
IP multicast
IGMP snooping and 15-8
MLDv2 snooping and 22-9
overview 15-2, 18-2, 19-2
IP multicast MLS
See IP MMLS
ip multicast-routing command
enabling IP multicast 14-16
IP phone
configuring 9-5
ip pim command
enabling IP PIM 14-16
ip policy route-map command 4-5
IP Source Guard 50-1
configuring 50-3
configuring on private VLANs 50-5
displaying 50-5, 50-6
overview 50-2
IP unnumbered 5-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-10
IPv4 Multicast VPN 20-1
IPv6 Multicast Layer 3 Switching 21-1
IPv6 QoS 33-4
ISL trunks 11-4
isolated port 17-7
isolated VLANs 17-6, 17-7
J
join messages, IGMP 15-3
jumbo frames 10-6
K
keyboard shortcuts 2-3
L
label edge router 7-2
label switched path 9-1
label switch router 7-2, 7-4
LACP
system ID 13-6
Law Enforcement Agency (LEA) 57-4
lawful intercept
admin function 57-7, 57-8
collection function 57-6
configuring 57-10, 57-11, 57-12
enabling 57-8
IRI 57-6
mediation device 57-5
overview 57-4, 57-5
prerequisites 57-1
processing 57-7
security considerations 57-9
SNMP notifications 57-12
lawful intercept processing 57-7
Layer 2
configuring interfaces 11-5
access port 11-13
trunk 11-8
defaults 11-5
interface modes 11-4
show interfaces 10-8, 10-9, 11-6, 11-12
switching
understanding 11-2
trunks
understanding 11-4
VLAN
interface assignment 16-6
Layer 2 Interfaces
configuring 11-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 20-3
overview 20-2
Layer 2 Traceroute 30-1
Layer 2 traceroute
and ARP 30-2
and CDP 30-1
described 30-2
IP addresses and subnets 30-2
MAC addresses and VLANs 30-2
multicast traffic 30-2
multiple devices on a port 30-2
unicast traffic 30-2
usage guidelines 30-1
Layer 3
IP MMLS and MLS cache 14-4
Layer 3 switched packet rewrite
CEF 3-2
Layer 3 switching
CEF 3-2
Layer 4 port operations (ACLs) 40-2
leave processing, IGMP
enabling 15-13
leave processing, MLDv2
enabling 22-12
LERs 38-2, 38-6, 38-7
Link Failure
detecting unidirectional 1-25
link negotiation 10-5
link redundancy
See Flex Links
LLDP-MED
configuring
TLVs 10-8
load deferral
MEC traffic recovery 4-6
Local Egress Replication 14-19
logical operation unit
See LOU
loop guard
See STP loop guard
LOU
description 40-3
determining maximum number of 40-3
LSRs 38-2, 38-6
M
mab command 54-45, 54-50
MAC address-based blocking 43-1
MAC address table notification 11-7
MAC authentication bypass. See also port-based authentication. 54-26
MAC move (port security) 56-3
macros 3-1
See Smartports macros
MACSec 41-2
magic packet 54-28
main-cpu command 9-4
mapping 802.1Q VLANs to ISL VLANs 16-7
markdown
see QoS markdown
match ip address command 4-4
match length command 4-4
maximum aging time
MSTP 1-45
maximum aging time, STP 1-36
maximum hop count, MSTP 1-46
MEC
configuration 4-45
described 4-15
failure 4-16
port load share deferral 4-17
mediation device
admin function 57-7, 57-8
definition 57-5
description 57-5
MIBs
CISCO-IP-TAP-MIB 57-2, 57-8, 57-10
CISCO-TAP2-MIB 57-8, 57-9, 57-10
SNMP-COMMUNITY-MIB 57-9
SNMP-USM-MIB 57-4, 57-9
SNMP-VACM-MIB 57-4, 57-9
microflow policing 34-4
Mini Protocol Analyzer 31-1
Min-Links 13-13
MLD
report 22-5
MLD snooping
query interval
configuring 22-10
MLDv1 22-2
MLDv2 22-1
enabling 22-11
leave processing
enabling 22-12
queries 22-6
snooping
fast leave 22-8
joining multicast group 22-5
leaving multicast group 22-7
understanding 22-3
snooping querier
enabling 22-10
understanding 22-3
MLDv2 Snooping 22-1
monitoring
Flex Links 12-6
MVR 17-8
private VLANs 17-16
monitoring electronic traffic 57-7
MPLS 7-1, 7-2
aggregate label 7-2
any transport over MPLS 9-3
basic configuration 7-9
core 7-4
DiffServ Tunneling Modes 38-26
egress 7-4
experimental field 38-3
hardware features 7-5
ingress 7-4
IP to MPLS path 7-4
labels 7-2
MPLS to IP path 7-4
MPLS to MPLS path 7-4
nonaggregate lable 7-2
QoS default configuration 38-13
restrictions 7-1
VPN 38-11
VPN guidelines and restrictions 8-2
MPLS QoS
Classification 38-2
Class of Service 38-2
commands 38-15
configuring a class map 38-17
configuring a policy map 38-20
configuring egress EXP mutation 38-24
configuring EXP Value Maps 38-25
Differentiated Services Code Point 38-2
displaying a policy map 38-24
E-LSP 38-2
EXP bits 38-2
features 38-2
IP Precedence 38-2
QoS Tags 38-2
queueing-only mode 38-17
MPLS QoS configuration
class map to classify MPLS packets 38-17
MPLS supported commands 7-2
MPLS VPN
limitations and restrictions 8-2
MQC 32-1
MST
interoperation with Rapid PVST+ 2-20
root bridge 2-20
MSTP
boundary ports
configuration guidelines 1-2
described 1-22
CIST, described 1-19
CIST regional root 1-20
CIST root 1-21
configuration guidelines 1-2
configuring
forward-delay time 1-45
hello time 1-44
link type for rapid convergence 1-46
maximum aging time 1-45
maximum hop count 1-46
MST region 1-38
neighbor type 1-46
path cost 1-42
port priority 1-41
root switch 1-39
secondary root switch 1-40
switch priority 1-43
CST
defined 1-19
operations between regions 1-20
default configuration 1-26
displaying status 1-47
enabling the mode 1-38
extended system ID
effects on root switch 1-39
effects on secondary root switch 1-40
unexpected behavior 1-39
IEEE 802.1s
implementation 1-23
port role naming change 1-23
terminology 1-21
interoperability with IEEE 802.1D
described 1-24
restarting migration process 1-47
IST
defined 1-19
master 1-20
operations within a region 1-20
mapping VLANs to MST instance 1-38
MST region
CIST 1-19
configuring 1-38
described 1-19
hop-count mechanism 1-22
IST 1-19
supported spanning-tree instances 1-19
overview 1-18
root switch
configuring 1-39
effects of extended system ID 1-39
unexpected behavior 1-39
status, displaying 1-47
MTU size (default) 16-3
multiauthentication (multiauth). See also port-based authentication. 54-15
multicast
IGMP snooping and 15-8
MLDv2 snooping and 22-9
non-RPF 14-7
overview 15-2, 18-2, 19-2
PIM snooping 16-4
multicast flood blocking 53-1
multicast groups
joining 15-3, 18-4
leaving 15-5, 22-7
multicast groups, IPv6
joining 22-5
Multicast Listener Discovery version 2 22-1
Multicast Replication Mode Detection enhancement 14-18
multicast storms
see traffic-storm control
multicast television application 17-3
multicast VLAN 17-2
Multicast VLAN Registration 17-1
multichassis EtherChannel
see MEC 4-15
Multidomain Authentication (MDA). See also port-based authentication. 54-14
Multilayer MAC ACL QoS Filtering 40-9
multiple path RPF check 47-7
Multiple Spanning Tree
See MST
MUX-UNI Support 7-7
MUX-UNI support 7-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 54-22
MVR
and IGMPv3 17-2
configuring interfaces 17-6
default configuration 17-5
example application 17-3
in the switch stack 17-5
monitoring 17-8
multicast television application 17-3
restrictions 17-1
setting global parameters 17-6
N
NAC
agentless audit support 54-27
critical authentication 54-21, 54-47
IEEE 802.1x authentication using a RADIUS server 54-50
IEEE 802.1x validation using RADIUS server 54-50
inaccessible authentication bypass 54-47
Layer 2 IEEE 802.1x validation 54-50
Layer 2 IEEE802.1x validation 54-27
native VLAN 11-10
NDAC 41-2
NEAT
configuring 54-54
overview 54-30
NetFlow
table, displaying entries 3-5
Network Device Admission Control (NDAC) 41-2
Network Edge Access Topology
See NEAT
network ports
Bridge Assurance 2-5
description 2-2
nonaggregate label 7-2, 7-5
non-RPF multicast 14-7
normal-range VLANs
See VLANs
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 7-1, 8-1
O
OIR 10-11
online diagnostics
CompactFlash disk verification 1-45
configuring 6-2
datapath verification 1-15
diagnostic sanity check 6-24
egress datapath test 1-5
error counter test 1-5
interrupt counter test 1-5
memory tests 6-24
overview 6-2
running tests 6-6
test descriptions 1-1
understanding 6-2
online diagnostic tests 1-1
online insertion and removal
See OIR
out-f-band MAC address table synchronization
configuring 11-6
in a VSS 4-2
out of profile
see QoS out of profile
P
packet capture 31-2
packet rewrite
CEF 3-2
IP MMLS and 14-5
packets
multicast 44-6
PAgP
understanding 13-5
path cost
MSTP 1-42
PBACLs 40-5
PBF 45-4
PBR 1-10
PBR (policy-based routing)
configuration (example) 4-7
enabling 4-4
peer inconsistent state
in PVST simulation 2-20
per-port VTP enable and disable 15-16
PFC
recirculation 7-5
PIM, IP MMLS and 14-16
PIM snooping
designated router flooding 16-6
enabling globally 16-5
enabling in a VLAN 16-5
overview 16-4
platform aging command
configuring IP MLS 23-3, 23-4
platform ip multicast command
enabling IP MMLS 14-17 to 14-27
PoE 10-2
Cisco prestandard 10-3
IEEE 802.3af 10-2
IEEE 802.3at 10-2
PoE management 10-3
power policing 10-4
power use measurement 10-4
police command 34-13, 34-15
policy-based ACLs (PBACLs) 40-5
policy-based forwarding (PBF) 46-2
policy-based routing
See PBR
policy-based routing (PBR)
configuring 4-1
policy map 34-9, 35-11
attaching to an interface 34-17, 35-17, 47-6
policy-map command 34-9
port ACLs
defined 44-2
port ACLs (PACLs) 44-1
Port Aggregation Protocol
see PAgP
port-based authentication
AAA authorization 54-33
accounting 54-16
configuring 54-43
authentication server
defined 54-7, 55-3
RADIUS server 54-7
client, defined 54-7, 55-3
configuration guidelines 54-2, 55-1
configuring
guest VLAN 54-45
inaccessible authentication bypass 54-47
initializing authentication of a client 54-39
manual reauthentication of a client 54-39
RADIUS server 54-35, 55-10
RADIUS server parameters on the switch 54-34, 55-9
restricted VLAN 54-46
switch-to-authentication-server retransmission time 54-42
switch-to-client EAP-request frame retransmission time 54-41
switch-to-client frame-retransmission number 54-42, 54-43
switch-to-client retransmission time 54-41
user distribution 54-44
VLAN group assignment 54-44
default configuration 54-31, 55-7
described 54-6
device roles 54-7, 55-3
DHCP snooping 54-15
DHCP snooping and insertion 49-6
displaying statistics 54-57, 55-15
EAPOL-start frame 54-10
EAP-request/identity frame 54-10
EAP-response/identity frame 54-10
enabling
802.1X authentication 54-33, 54-34, 55-9
periodic reauthentication 54-38
encapsulation 54-7
guest VLAN
configuration guidelines 54-19, 54-20
described 54-19
host mode 54-13
inaccessible authentication bypass
configuring 54-47
described 54-21
guidelines 54-4
initiation and message exchange 54-10
MAC authentication bypass 54-26
magic packet 54-28
method lists 54-33
modes 54-13
multiauth mode, described 54-15
multidomain authentication mode, described 54-14
multiple-hosts mode, described 54-13
ports
authorization state and dot1x port-control command 54-12
authorized and unauthorized 54-12
critical 54-21
voice VLAN 54-22
port security
and voice VLAN 54-23
described 54-23
interactions 54-23
multiple-hosts mode 54-13
pre-authentication open access 54-15, 54-36
resetting to default values 54-57
supplicant, defined 54-7
switch
as proxy 54-7, 55-3
RADIUS client 54-7
switch supplicant
configuring 54-54
overview 54-30
user distribution
configuring 54-44
described 54-18
guidelines 54-4
VLAN assignment
AAA authorization 54-33
characteristics 54-17
configuration tasks 54-18
described 54-17
VLAN group
guidelines 54-4
voice VLAN
described 54-22
PVID 54-22
VVID 54-22
wake-on-LAN, described 54-28
port-based QoS features
see QoS
port-channel
see EtherChannel
port-channel load-balance
command 13-11
command example 13-11, 13-12
port-channel load-defer command 4-46
port-channel port load-defer command 4-46
port cost, STP 1-32
port debounce timer
disabling 10-10
displaying 10-10
enabling 10-10
PortFast
edge ports 2-2
network ports 2-2
See STP PortFast
PortFast Edge BPDU filtering
See STP PortFast Edge BPDU filtering
PortFast port types
description 2-2, 2-2 to ??
edge 2-2
network 2-2
port mode 9-3
port negotiation 10-5
port priority
MSTP 1-41
port priority, STP 1-31
ports
setting the debounce timer 10-10
port security
aging 56-9, 56-10
configuring 56-4
described 56-3
displaying 56-10
enable sticky secure MAC address 56-8
sticky MAC address 56-3
violations 56-3
Port Security is supported on trunks 56-2, 56-5, 56-7, 56-9
port security MAC move 56-3
port security on PVLAN ports 56-2
Port Security with Sticky Secure MAC Addresses 56-3
power management
enabling/disabling redundancy 4-2
overview 4-1
powering modules up or down 4-3
power policing 10-8
power negotiation
through LLDP 10-8
Power over Ethernet 10-2
power over ethernet 10-2
pre-authentication open access. See port-based authentication.
preemption, default configuration 12-4
preemption delay, default configuration 12-4
prerequisites for lawful intercept 57-1
primary links 12-2
primary VLANs 17-6
priority
overriding CoS 9-6, 10-5
private hosts 18-1
private hosts feature
configuration guidelines 18-1
configuring (detailed steps) 18-9
configuring (summary) 18-8
multicast operation 18-4
overview 18-4
port ACLs (PACLs) 18-7
port types 18-5, 18-6
protocol-independent MAC ACLs 18-4
restricting traffic flow with PACLs 18-5
spoofing protection 18-3
private VLANs 17-1
across multiple switches 17-9
and SVIs 17-10
benefits of 17-5
community VLANs 17-6, 17-7
configuration guidelines 17-2, 17-4, 17-10
configuring 17-10
host ports 17-14
pomiscuous ports 17-15
routing secondary VLAN ingress traffic 17-13
secondary VLANs with primary VLANs 17-12
VLANs as private 17-11
end station access to 17-8
IP addressing 17-8
isolated VLANs 17-6, 17-7
monitoring 17-16
ports
community 17-7
configuration guidelines 17-4
isolated 17-7
promiscuous 17-7
primary VLANs 17-6
secondary VLANs 17-6
subdomains 17-5
traffic in 17-10
privileged EXEC mode 2-5
promiscuous ports 17-7
protocol tunneling
See Layer 2 protocol tunneling 20-2
PVRST
See Rapid-PVST 1-3
PVST
description 1-3
PVST simulation
description 2-20
peer inconsistent state 2-20
root bridge 2-20
Q
QoS
auto-QoS
enabling for VoIP 37-4
IPv6 33-4
See also automatic QoS 37-1
QoS CoS
port value, configuring 36-2
QoS default configuration 39-2
QoS DSCP
maps, configuring 36-7
QoS mapping
CoS values to DSCP values 36-4, 36-7
DSCP markdown values 36-8, 38-14
DSCP mutation 36-3, 38-25
DSCP values to CoS values 36-9
IP precedence values to DSCP values 36-7
QoS markdown 34-4
QoS out of profile 34-4
QoS policing rule
aggregate 34-4
microflow 34-4
QoS port
trust state 36-10
QoS port-based or VLAN-based 36-12
QoS receive queue 36-18
QoS statistics data export 39-2
configuring 39-2
configuring destination host 39-7
configuring time interval 39-6, 39-8
QoS transmit queues 35-6, 36-15, 36-16
QoS VLAN-based or port-based 36-12
queries, IGMP 15-4
queries, MLDv2 22-6
R
RADIUS 49-6
RADIUS. See also port-based authentication. 54-7
range
command 26-3
macro 10-2
rapid convergence 1-14
Rapid-PVST
enabling 1-36
Rapid PVST+
interoperation with MST 2-20
Rapid-PVST+
overview 1-3
Rapid Spanning Tree
See RSTP
Rapid Spanning Tree Protocol
See RSTP
receive queues
see QoS receive queues
recirculation 7-5
redirect URLs
described 54-25
reduced MAC address 1-3
redundancy (RPR+) 9-1
configuring 9-4
configuring supervisor engine 9-2
displaying supervisor engine configuration 9-5
redundancy command 9-4
related documentation 1-45
Remote Authentication Dial-In User Service. See RADIUS.
report, MLD 22-5
reserved-range VLANs
See VLANs
restricted VLAN
configuring 54-46
described 54-20
using with IEEE 802.1x 54-20
restricting MIB access 57-10, 57-11
rewrite, packet
CEF 3-2
IP MMLS 14-5
RHI 4-52
RIF cache monitoring 10-12
ROM monitor
CLI 2-7
root bridge
MST 2-20
PVST simulation 2-20
root bridge, STP 1-29
root guard
See STP root guard
root switch
MSTP 1-39
route health injection
See RHI
route-map (IP) command 4-4
route maps
defining 4-4
router guard 19-1
RPF
failure 14-7
non-RPF multicast 14-7
RPR and RPR+ support IPv6 multicast traffic 9-1
RSTP
active topology 1-13
BPDU
format 1-16
processing 1-17
designated port, defined 1-13
designated switch, defined 1-13
interoperability with IEEE 802.1D
described 1-24
restarting migration process 1-47
topology changes 1-17
overview 1-13
port roles
described 1-13
synchronized 1-15
proposal-agreement handshake process 1-14
rapid convergence
described 1-14
edge ports and Port Fast 1-14
point-to-point links 1-14, 1-46
root ports 1-14
root port, defined 1-13
See also MSTP
S
secondary VLANs 17-6
Secure MAC Address Aging Type 56-9
security
configuring 42-1
security, port 56-3
security considerations 57-9
Security Exchange Protocol (SXP) 41-2
Security Group Access Control List (SGACL) 41-2
Security Group Tag (SGT) 41-2
serial IDs
description 24-14
serial interfaces
clearing 10-13
synchronous
maintaining 10-13
server IDs
description 24-14
service instance
configuration mode 12-5
creating 12-4
defined 12-4
service-policy input command 34-17, 35-17, 36-4, 36-6, 38-25, 47-6
service-provider network, MSTP and RSTP 1-18
set default interface command 4-4
set interface command 4-4
set ip default next-hop command 4-4
set ip df command
PBR 4-4
set ip next-hop command 4-4
set ip precedence command
PBR 4-4
set ip vrf command
PBR 4-4
set power redundancy enable/disable command 4-2
set requests 57-7, 57-8, 57-11
setting up lawful intercept 57-7
SGACL 41-2
SGT 41-2
short pipe mode
configuring 38-30
show authentication command 54-58
show catalyst6000 chassis-mac-address command 1-4
show dot1x interface command 54-39
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 11-6, 11-12
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip local policy command 4-5
show mab command 54-61
show module command 9-5
show platform aging command 23-4
show platform entry command 3-5
show platform ip multicast group command
displaying IP MMLS group 14-27
show platform ip multicast interface command
displaying IP MMLS interface 14-27
show platform ip multicast source command
displaying IP MMLS source 14-27
show platform ip multicast statistics command
displaying IP MMLS statistics 14-27
show platform ip multicast summary
displaying IP MMLS configuration 14-27
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
displaying ACLs 44-7, 44-8
show svclc rhi-routes command 4-52
show version command 10-12
shutdown command 10-13
shutdown interfaces
result 10-13
slot number, description 10-2
smart call home 24-1
description 24-4
destination profile (note) 24-23
registration requirements 24-5
service contract requirements 24-2
Transport Gateway (TG) aggregation point 24-4
SMARTnet
smart call home registration 24-5
smart port macros 3-1
configuration guidelines 3-2
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
SNMP
configuring 57-10
default view 57-9
get and set requests 57-7, 57-8, 57-11
notifications 57-9, 57-12
support and documentation 1-9
SNMP-COMMUNITY-MIB 57-9
SNMP-USM-MIB 57-4, 57-9
SNMP-VACM-MIB 57-4, 57-9
snooping
See IGMP snooping
software
upgrading router 5-5
source IDs
call home event format 24-13
source specific multicast with IGMPv3, IGMP v3lite, and URD 14-26
SPAN
configuration guidelines 27-2
configuring 27-12
sources 27-16, 27-19, 27-21, 27-22, 27-24, 27-25, 27-26, 27-28
VLAN filtering 27-30
destination port support on EtherChannels 27-12, 27-19, 27-22, 27-24, 27-25, 27-29
distributed egress 27-10, 27-15
modules that disable for ERSPAN 27-7
input packets with don’t learn option
ERSPAN 27-28, 27-29
local SPAN 27-17, 27-18, 27-19
RSPAN 27-22, 27-23, 27-25
understanding 27-12
local SPAN egress session increase 27-3, 27-16
overview 27-7
SPAN Destination Port Permit Lists 27-15
spanning-tree backbonefast
command 2-15, 2-16
command example 2-15, 2-16
spanning-tree cost
command 1-33
command example 1-33
spanning-tree portfast
command 2-2, 2-3, 2-4
command example 2-3, 2-4
spanning-tree portfast bpdu-guard
command 2-8
spanning-tree port-priority
command 1-31
spanning-tree protocol for bridging 5-1
spanning-tree uplinkfast
command 2-13
command example 2-13
spanning-tree vlan
command 1-27, 1-29, 1-30, 1-31, 2-8, 2-17
command example 1-28, 1-29, 1-30, 1-31
spanning-tree vlan cost
command 1-33
spanning-tree vlan forward-time
command 1-35
command example 1-35
spanning-tree vlan hello-time
command 1-35
command example 1-35
spanning-tree vlan max-age
command 1-36
command example 1-36
spanning-tree vlan port-priority
command 1-31
command example 1-32
spanning-tree vlan priority
command 1-34
command example 1-34
speed
configuring interface 10-4
speed command 10-4
speed mode
autonegotiation status 10-6
standards, lawful intercept 57-4
standby links 12-2
static sharing
description 54-25
statistics
802.1X 54-57, 55-15
sticky ARP 47-9
sticky MAC address 56-3
Sticky secure MAC addresses 56-8, 56-9
storm control
see traffic-storm control
STP
configuring 1-26
bridge priority 1-34
enabling 1-27, 1-28
forward-delay time 1-35
hello time 1-35
maximum aging time 1-36
port cost 1-32
port priority 1-31
root bridge 1-29
secondary root switch 1-30
defaults 1-25
EtherChannel 13-7
normal ports 2-3
understanding 1-2
802.1Q Trunks 1-12
Blocking State 1-8
BPDUs 1-4
disabled state 1-12
forwarding state 1-11
learning state 1-10
listening state 1-9
overview 1-3
port states 1-6
protocol timers 1-5
root bridge election 1-5
topology 1-5
STP BackboneFast
configuring 2-15
figure
adding a switch 2-18
spanning-tree backbonefast
command 2-15, 2-16
command example 2-15, 2-16
understanding 2-13
STP BPDU Guard
configuring 2-7
spanning-tree portfast bpdu-guard
command 2-8
understanding 2-7
STP bridge ID 1-3
STP EtherChannel guard 2-16
STP extensions
description ?? to 2-20
STP loop guard
configuring 2-19
overview 2-17
STP PortFast
BPDU filter
configuring 2-10
BPDU filtering 2-9
configuring 2-2
spanning-tree portfast
command 2-2, 2-3, 2-4
command example 2-3, 2-4
understanding 2-2
STP port types
normal 2-3
STP root guard 2-17
STP UplinkFast
configuring 2-12
spanning-tree uplinkfast
command 2-13
command example 2-13
understanding 2-11
subdomains, private VLAN 17-5
supervisor engine
environmental monitoring 5-1
redundancy 9-1
synchronizing configurations 9-5
supervisor engine redundancy
configuring 9-2
supervisor engines
displaying redundancy configuration 9-5
supplicant 54-7
surveillance 57-7
svclc command 4-52
Switched Port Analyzer 27-1
switch fabric functionality 8-1
configuring 8-3
monitoring 8-4
switchport
configuring 11-13
example 11-12
show interfaces 10-8, 10-9, 11-6, 11-12
switchport access vlan 11-6, 11-7, 11-10, 11-13
example 11-14
switchport mode access 11-4, 11-6, 11-7, 11-13
example 11-14
switchport mode dynamic 11-8
switchport mode dynamic auto 11-4
switchport mode dynamic desirable 11-4
default 11-5
example 11-12
switchport mode trunk 11-4, 11-8
switchport nonegotiate 11-4
switchport trunk allowed vlan 11-11
switchport trunk encapsulation 11-7
switchport trunk encapsulation dot1q
example 11-12
switchport trunk encapsulation negotiate
default 11-5
switchport trunk native vlan 11-10
switchport trunk pruning vlan 11-11
switch priority
MSTP 1-43
switch TopN reports
foreground execution 29-2
running 29-3
viewing 29-3
SXP 41-2
system event archive (SEA) 25-1
System Hardware Capacity 1-5
T
TDR
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
Telnet
accessing CLI 2-2
Time Domain Reflectometer 10-14
TLV
host presence detection 9-4, 54-14, 56-4
traceroute, Layer 2
and ARP 30-2
and CDP 30-1
described 30-2
IP addresses and subnets 30-2
MAC addresses and VLANs 30-2
multicast traffic 30-2
multiple devices on a port 30-2
unicast traffic 30-2
usage guidelines 30-1
traffic-storm control
command
broadcast 52-4
described 52-2
monitoring 52-5
thresholds 52-2
traffic suppression
see traffic-storm control
transmit queues
see QoS transmit queues
traps, see SNMP notifications
trunks 11-4
802.1Q Restrictions 11-2
allowed VLANs 11-11
configuring 11-8
default interface configuration 11-6
default VLAN 11-10
different VTP domains 11-4
native VLAN 11-10
to non-DTP device 11-4
VLAN 1 minimization 11-11
trusted boundary 9-6
trusted boundary (extended trust for CDP devices) 9-4
trustpoint 24-2
tunneling 38-4, 38-26
tunneling, 802.1Q
See 802.1Q 19-4
type length value
See TLV
U
UDE
configuration 6-5
overview 6-4
UDE and UDLR 6-1
UDLD
default configuration 1-4
enabling
globally 1-5
on ports 1-5, 1-6
overview 1-2
UDLR 6-1
back channel 6-3
configuration 6-6
tunnel
(example) 6-7
ARP and NHRP 6-4
UDLR (unidirectional link routing) 6-1
UDP port for SNMP notifications 57-12
unauthorized ports with 802.1X 54-12
unicast storms
see traffic-storm control
Unidirectional Ethernet 6-1
unidirectional ethernet
example of setting 6-5
UniDirectional Link Detection Protocol
see UDLD
uniform mode
configuring 38-34
unknown unicast and multicast flood blocking 53-1
unknown unicast flood blocking
See UUFB
unknown unicast flood rate-limiting
See UUFRL
UplinkFast
See STP UplinkFast
URD 14-26
User-Based Rate Limiting 34-6, 34-15
user EXEC mode 2-5
UUFB 53-2
UUFRL 53-2
V
VACLs 45-2
configuring
examples 45-5
Layer 3 VLAN interfaces 45-5
Layer 4 port operations 40-2
logging
configuration example 45-8
configuring 45-7
restrictions 45-7
MAC address based 45-2
multicast packets 44-6
SVIs 45-5
WAN interfaces 45-2
virtual private LAN services (VPLS) 10-1
associating attachment circuit with the VSI at the PE 10-13
basic configuration 10-2
configuration example 10-18
configuring MPLS in the PE 10-11
configuring PE layer 2 interface to the CE 10-7
configuring the VFI in the PE 10-12
overview 10-2
restrictions 10-2
services 10-5
vlan
command 16-5, 16-6, 27-20
command example 16-6
VLAN Access Control Lists
See VACLs
VLAN-based QoS filtering 40-10
VLAN-bridge spanning-tree protocol 5-1
vlan database
command 16-5, 16-6, 27-20
vlan group command 54-44
VLAN locking 16-4
vlan mapping dot1q
command 16-8, 16-9
VLAN maps
applying 44-8
VLAN mode 9-3
VLAN port provisioning verification 16-4
VLANs
allowed on trunk 11-11
configuration guidelines 16-2
configuring 16-1
configuring (tasks) 16-4
defaults 16-3
extended range 16-3
interface assignment 16-6
multicast 17-2
name (default) 16-3
normal range 16-3
reserved range 16-3
support for 4,096 VLANs 16-2
token ring 16-3
trunks
understanding 11-4
understanding 16-2
VLAN 1 minimization 11-11
VTP domain 16-4
VLAN translation
command example 16-8, 16-9
voice VLAN
Cisco 7960 phone, port connections 9-2
configuration guidelines 9-1
configuring IP phone for data traffic
override CoS of incoming frame 9-6, 10-5
configuring ports for voice traffic in
802.1Q frames 9-5
connecting to an IP phone 9-5
default configuration 9-4
overview 9-2
voice VLAN. See also port-based authentication. 54-22
VPN
configuration example 8-4
guidelines and restrictions 8-2
VPN supported commands 8-2
VPN switching 8-1
VSS
dual-active detection
Enhanced PAgP, advantages 4-24
Enhanced PAgP, description 4-24
enhanced PAgP, description 4-46
fast-hello, advantages 4-24
fast-hello, description 4-25
VSLP fast-hello, configuration 4-48
VSS Quad-Sup SSO (V4SO) 4-9
VTP
advertisements 15-4, 15-5
client, configuring 15-15
configuration guidelines 15-1
default configuration 15-9
disabling 15-15
domains 15-3
VLANs 16-4
modes
client 15-4
server 15-4
transparent 15-4
monitoring 15-17
overview 15-2
per-port enable and disable 15-16
pruning
configuration 11-11
configuring 15-12
overview 15-7
server, configuring 15-15
statistics 15-17
transparent mode, configuring 15-15
version 2
enabling 15-13
overview 15-5
version 3
enabling 15-13
overview 15-6
server type, configuring 15-11
W
wake-on-LAN. See also port-based authentication. 54-28
web-based authentication
AAA fail policy 55-5
description 55-2
web browser interface 1-9
wiretaps 57-4