- Index
- Preface
- Product Overview
- Command-Line Interfaces (CLI)
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Switch Fabric Functionality
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Power Management
- Environmental Monitoring
- Online Diagnostics
- Onboard Failure Logging (OBFL)
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling (L2PT)
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy-Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- Virtual Private LAN Services (VPLS)
- Ethernet Virtual Connections (EVC)
- Layer 2 over Multipoint GRE (L2omGRE)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- NetFlow Hardware Support
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS Overview
- PFC QoS Guidelines and Restrictions
- PFC QoS Classification, Marking, and Policing
- PFC QoS Policy Based Queueing
- PFC QoS Global and Interface Options
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Migrating From a 12.2SX QoS Configuration
Index
4K VLANs (support for 4,096 VLANs) 23-2
802.1AE Tagging 67-2
See Layer 2 protocol tunneling
mapping to ISL VLANs 23-7
trunks 18-4
restrictions 18-2
configuration guidelines 26-1
configuring tunnel ports 26-6
overview 26-4
specifying custom 18-15
802.1X 80-1
802.1x accounting 80-41
802.3af 17-2
802.3x Flow Control 10-9
fail policy 80-8, 81-5
AAA (authentication, authorization, and accounting). See also port-based authentication. 80-6, 81-2
aaa accounting dot1x command 80-41
aaa accounting system command 80-41
abbreviating commands 2-5
access, restricting MIB 83-10
access control entries and lists 66-1
access-enable host timeout (not supported) 66-4
access port, configuring 18-14
access rights 83-9
access setup, example 83-11
with 802.1x 80-41
with IEEE 802.1x 80-16
ACEs and ACLs 66-1
downloadable 81-2
downloadable (dACLs) 80-23
Filter-ID 80-24
per-user 80-24
defined 70-2
redirect URL 80-25
static sharing 80-25
acronyms, list of A-1
activating lawful intercept 83-8
admin function (mediation device) 83-7, 83-8
administration, definition 83-6
advertisements, VTP 22-4
aggregate label 34-2, 34-5
aggregate policing 60-4
for MSTP 28-45
for MSTP 28-45, 28-46
major 13-4
minor 13-4
Allow DHCP Option 82 on Untrusted Port
configuring 75-10
understanding 75-5
any transport over MPLS (AToM) 36-3
Ethernet over MPLS 36-3
ARP ACL 66-12
ARP spoofing 77-3
AToM 36-3
audience 1-xliii
authentication control-direction command 80-50
authentication event command 80-43
authentication open comand 80-15
authentication password, VTP 22-5
authentication periodic command 80-36, 80-47
authentication port-control command 80-43
authentication timer reauthenticate command 80-36
authorized ports with 802.1X 80-12
configuration guidelines and restrictions 63-2
macros 63-4
overview 63-2
AutoQoS 63-1
auto-sync command 8-4
binding database, DHCP snooping
See DHCP snooping binding database
See DHCP snooping binding database
blocking state, STP 28-8
blue beacon 1-6
RSTP format 28-16
Bridge Assurance 29-5
Shared Spanning Tree Protocol (SSTP) 29-20
description 29-4 to 29-6
inconsistent state 29-5
supported protocols and link types 29-5
configuring 38-8
bridge groups 32-1
bridge priority, STP 28-34
bridging 32-1
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
description 50-3
message format options 50-3
format options 50-3
call home 50-1
alert groups 50-28
contact information 50-19
destination profiles 50-20
displaying information 50-39
pattern matching 50-31
periodic notification 50-30
rate limit messages 50-31
severity threshold 50-30
smart call home feature 50-4
SMTP server 50-2
testing communications 50-32
configuring 50-28
description 50-28
subscribing 50-29
call home customer information
entering information 50-19
call home destination profiles
attributes 50-21
description 50-20
displaying 50-42
full-txt format for syslog 50-15
XML format for syslog 50-15
host presence detection 80-14, 82-4
to configure Cisco phones 16-3
RP 30-5
supervisor engine 30-4
examples 30-3
Layer 3 switching 30-2
packet rewrite 30-2
certificate authority (CA) 50-2
command 20-8, 20-13, 20-14
command example 20-9, 20-14
Cisco Emergency Responder 16-4
Cisco Express Forwarding 34-3
citapStreamVRF 83-2
overview 83-8
restricting access to 83-10, 83-11
accessing 83-9
overview 83-8
restricting access to 83-10, 83-11
class command 60-9
class map configuration 60-8, 61-11
clear authentication sessions command 80-38
clear counters command 10-12
clear dot1x command 80-37
clear interface command 10-13
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
collection function 83-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 83-5
lawful intercept 83-4
community ports 24-7
community VLANs 24-6, 24-7
EoMPLS port mode 36-4, 36-7
EoMPLS VLAN mode 36-4
VPLS, 802.1Q access port for untagged traffic from CE 37-8
VPLS, associating the attachment circuit with the VSI at the PE 37-13
VPLS, L2 VLAN instance on the PE 37-10
VPLS, MPLS in the PE 37-11
VPLS, using QinQ to place all VLANs into a single VPLS 37-9
VPLS, VFI in the PE 37-12
EVCs 38-2
configuring 60-9, 61-11
lawful intercept 83-10, 83-11, 83-12
SNMP 83-10
console configuration mode 2-5
content IAP 83-6
CoPP 74-1
applying QoS service policy to control plane 74-5
ACLs to match traffic 74-5
enabling MLS QoS 74-5
packet classification criteria 74-5
service-policy map 74-5
control plane configuration mode
entering 74-5
dynamic information 74-9
number of conforming bytes and packets 74-9
rate information 74-9
entering control plane configuration mode 74-5
monitoring statistics 74-9
overview 74-3
packet classification guidelines 74-2
defining 74-6
guidelines 74-7
overview 74-6
sample ACLs 74-7
sample classes 74-6
override priority 16-6, 17-4
clearing interface 10-12, 10-13
critical authentication 80-8
critical authentication, IEEE 802.1x 80-44
CSCsr62404 10-9
cTap2MediationDebug notification 83-12
cTap2MediationNewIndex object 83-8
cTap2MediationTable 83-8
cTap2MediationTimedOut notification 83-12
cTap2MIBActive notification 83-12
cTap2StreamDebug notification 83-12
cTap2StreamTable 83-8
entering for call home 50-19
See ACLs, downloadable 80-23
dCEF 30-4
IP MMLS 40-31
DEC spanning-tree protocol 32-1
802.1X 80-28, 81-7
dynamic ARP inspection 77-6
EVCs 38-9
Flex Links 19-4
IP MMLS 40-15
MSTP 28-26
MVR 44-5
UDLD 11-3
voice VLAN 16-4
VTP 22-9
default VLAN 18-10
denial of service protection 73-1
call home format 50-11, 50-12
See DHCP snooping binding database
See DHCP snooping binding database
circuit ID suboption 75-7
overview 75-5
circuit ID 75-7
remote ID 75-7
remote ID suboption 75-7
DHCP option 82 allow on untrusted port 75-10
802.1X data insertion 80-15
See DHCP snooping binding database
configuration guidelines 75-8
configuring 75-9
default configuration 75-8
displaying binding tables 75-18
enabling 75-9, 75-10, 75-11, 75-12, 75-13, 75-14
enabling the database agent 75-14
message exchange process 75-6
monitoring 76-5, 76-6
option 82 data insertion 75-5
overview 75-3
Snooping database agent 75-7
DHCP snooping binding database
described 75-5
entries 75-5
See DHCP snooping binding database
adding to the database (example) 75-18
enabling (example) 75-15
overview 75-7
reading from a TFTP file (example) 75-17
DHCP snooping increased bindings limit 75-14
configuring short pipe mode 64-30
configuring uniform mode 64-34
short pipe mode 64-27
uniform mode 64-28
DiffServ tunneling modes 64-4
Disabling PIM Snooping Designated Router Flooding 47-6
distributed Cisco Express Forwarding
distributed egress SPAN 53-10, 53-15
documentation, related 1-xliii
Domain Name System 83-2
DoS protection 73-1
monitoring packet drop statistics
using monitor session commands 73-8
using VACL capture 73-10
QoS ACLs 73-2
security ACLs 73-2
uRPF check 73-5
dot1x initialize interface command 80-37
dot1x max-reauth-req command 80-41
dot1x max-req command 80-40
dot1x pae authenticator command 80-31
dot1x re-authenticate interface command 80-36
dot1x timeout quiet-period command 80-38
DSCP-based queue mapping 62-14
duplex command 10-5, 10-6
autonegotiation status 10-6
configuring interface 10-4
ARP cache poisoning 77-3
ARP requests, described 77-3
ARP spoofing attack 77-3
configuration guidelines 77-2
log buffer 77-13, 77-15
logging system messages 77-14
rate limit for incoming ARP packets 77-5, 77-10
default configuration 77-6
denial-of-service attacks, preventing 77-10
described 77-3
DHCP snooping binding database 77-4
ARP ACLs 77-15
configuration and operating state 77-15
trust state and rate limit 77-15
error-disabled state for exceeding rate limit 77-5
function of 77-4
interface trust states 77-4
configuring 77-13, 77-15
logging of dropped packets, described 77-6
configuring 77-14
man-in-the middle attack, described 77-4
network security issues and interface trust states 77-4
priority of ARP ACLs and DHCP snooping entries 77-6
configuring 77-10
described 77-5
error-disabled state 77-5
validation checks, performing 77-11
Dynamic Host Configuration Protocol snooping 75-1
EAC 67-2
EAPOL. See also port-based authentication. 80-6
egress SPAN 53-10
electronic traffic, monitoring 83-7
assigning for call home 50-19
Call Home 50-3
enable mode 2-5
enable sticky secure MAC address 82-8
on router interfaces 40-16
lawful intercept 83-8
SNMP notifications 83-12
Endpoint Admission Control (EAC) 67-2
LED indications 13-4
SNMP traps 13-4
supervisor engine and switching modules 13-4
Syslog messages 13-4
using CLI commands 13-1
for MAC address table synchronization 18-3
EoMPLS 36-3
configuring 36-4
configuring VLAN mode 36-3
guidelines and restrictions 36-2
port mode 36-3
VLAN mode 36-3
ERSPAN 53-1
command 20-8, 20-13, 20-14
command example 20-9, 20-14
configuration guidelines 4-26, 20-2
Layer 2 20-8
configuring (tasks) 4-26, 20-7
command example 20-8
interface port-channel (command) 20-8
command example 20-10
configuring 20-8
configuring 20-11
understanding 20-7
Min-Links 20-13, 20-14
modes 20-4
understanding 20-5
port-channel interfaces 20-7
command 20-10, 20-11
command example 20-12
STP 20-7
understanding 4-4, 20-3
setting port duplex 10-10
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 36-6
EoMPLS VLAN mode 36-4
broadcast domain 38-4
configuration guidelines 38-2
default configuration 38-9
supported features 38-2
EXP mutation 64-4
extended range VLANs 23-2
MSTP 28-39
Extensible Authentication Protocol over LAN. See EAPOL.
fall-back bridging 32-1
on VSL failure 4-13
fiber-optic, detecting unidirectional links 11-1
FIB TCAM 34-3
lawful intercept overview 83-5
Flex Links 19-1
configuration guidelines 19-2
configuring 19-4
default configuration 19-4
description 19-2
monitoring 19-5
flow control 10-9
MSTP 28-45
forward-delay time, STP 28-35
See EtherChannel load balancing
get requests 83-7, 83-8, 83-11
global configuration mode 2-5
guest VLAN and 802.1x 80-19
guidelines 30-2
MSTP 28-44
hello time, STP 28-35
High Capacity Power Supply Support 12-4
CLI 2-4
kinds of 24-7
host presence CDP message 16-4, 80-14
host presence TLV message 82-4
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 20-3
content IAP 83-6
definition 83-6
content IAP 83-6
identification IAP 83-6
ICMP unreachable messages 66-2
ID IAP 83-6
serial IDs 50-12
specifying custom 18-15
IEEE 802.1Q Tagging on a Per-Port Basis 26-7
accounting 80-16, 80-41
authentication failed VLAN 80-19
critical ports 80-20
DHCP snooping 80-15
guest VLAN 80-19
MAC authentication bypass 80-26
network admission control Layer 2 validation 80-27
port security interoperability 80-22
RADIUS-supplied session timeout 80-35
voice VLAN 80-22
wake-on-LAN support 80-28
IEEE 802.3af 17-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 32-1
IGMP 43-1
configuration guidelines 42-9
enabling 43-9
join messages 43-3
enabling 43-13
queries 43-4
configuring 43-12
fast leave 43-6
joining multicast group 43-3, 45-4
leaving multicast group 43-5, 45-4
understanding 43-3, 45-3
enabling 43-9
understanding 43-3, 45-3
IGMPv3 40-26
IGMP v3lite 40-26
ignore port trust 60-11
inaccessible authentication bypass 80-20
ingress SPAN 53-10
intercept-related information (IRI) 83-6, 83-7
intercepts, multiple 83-6
configuration mode 2-5
Layer 2 modes 18-4
number 10-2
command example 20-8
interface port-channel (command) 20-8
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-12
monitoring 10-12
range of 10-2
restarting 10-13
task 10-13
interfaces command 10-2
interfaces range command 52-3
interfaces range macro command 10-2
internal VLANs 23-3
Internet Group Management Protocol 43-1, 45-1
IP accounting, IP MMLS and 40-2
topology (figure) 30-4
ip flow-export source command 55-3, 55-4, 55-5
ip http server 1-7
ip local policy route-map command 31-5
cache, overview 40-4
configuration guideline 40-1
debug commands 40-31
default configuration 40-15
on router interfaces 40-16
Layer 3 MLS cache 40-4
overview 40-2
packet rewrite 40-5
enabling globally 40-16
enabling on interfaces 40-16
PIM, enabling 40-16
IGMP snooping and 43-8
MLDv2 snooping and 42-9
overview 43-2, 45-2, 46-2
enabling IP multicast 40-16
configuring 16-5
enabling IP PIM 40-16
ip policy route-map command 31-5
IP Source Guard 76-1
configuring 76-3
configuring on private VLANs 76-5
displaying 76-5, 76-6
overview 76-2
IP unnumbered 32-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-8
IPv4 Multicast VPN 48-1
IPv6 Multicast Layer 3 Switching 41-1
IPv6 QoS 59-3
ISL trunks 18-4
isolated port 24-7
isolated VLANs 24-6, 24-7
join messages, IGMP 43-3
jumbo frames 10-6
keyboard shortcuts 2-3
label edge router 34-2
label switched path 36-1
label switch router 34-2, 34-4
system ID 20-6
Law Enforcement Agency (LEA) 83-4
admin function 83-7, 83-8
collection function 83-6
configuring 83-10, 83-11, 83-12
enabling 83-8
IRI 83-6
mediation device 83-5
overview 83-4, 83-5
prerequisites 83-1
processing 83-7
security considerations 83-9
SNMP notifications 83-12
lawful intercept processing 83-7
configuring interfaces 18-5
access port 18-14
trunk 18-8
defaults 18-5
interface modes 18-4
show interfaces 10-8, 10-9, 18-6, 18-13
understanding 18-2
understanding 18-4
interface assignment 23-6
configuring 18-1
configuring Layer 2 tunnels 27-3
overview 27-2
Layer 2 Traceroute 56-1
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
IP MMLS and MLS cache 40-4
Layer 3 switched packet rewrite
CEF 30-2
CEF 30-2
Layer 4 port operations (ACLs) 66-2
enabling 43-13
enabling 42-12
LERs 64-2, 64-6, 64-7
detecting unidirectional 28-25
link negotiation 10-5
MEC traffic recovery 4-6
Local Egress Replication 40-19
description 66-3
determining maximum number of 66-3
LSRs 64-2, 64-6
mab command 80-43, 80-47
MAC address-based blocking 69-1
MAC address table notification 18-7
MAC authentication bypass. See also port-based authentication. 80-26
MAC move (port security) 82-3
macros 3-1
MACSec 67-2
magic packet 80-28
main-cpu command 8-4
mapping 802.1Q VLANs to ISL VLANs 23-7
match ip address command 31-4
match length command 31-4
MSTP 28-45
maximum aging time, STP 28-36
maximum hop count, MSTP 28-46
configuration 4-42
described 4-14
failure 4-15
port load share deferral 4-16
admin function 83-7, 83-8
definition 83-5
description 83-5
CISCO-IP-TAP-MIB 83-2, 83-8, 83-10
CISCO-TAP2-MIB 83-8, 83-9, 83-10
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
microflow policing 60-4
Mini Protocol Analyzer 57-1
Min-Links 20-13
report 42-5
configuring 42-10
MLDv1 42-2
MLDv2 42-1
enabling 42-11
enabling 42-12
queries 42-6
fast leave 42-8
joining multicast group 42-5
leaving multicast group 42-7
understanding 42-3
enabling 42-10
understanding 42-3
MLDv2 Snooping 42-1
Flex Links 19-5
MVR 44-8
private VLANs 24-16
monitoring electronic traffic 83-7
MPLS 34-1, 34-2
aggregate label 34-2
any transport over MPLS 36-3
basic configuration 34-9
core 34-4
DiffServ Tunneling Modes 64-26
egress 34-4
experimental field 64-3
hardware features 34-5
ingress 34-4
IP to MPLS path 34-4
labels 34-2
MPLS to IP path 34-4
MPLS to MPLS path 34-4
nonaggregate lable 34-2
QoS default configuration 64-13
restrictions 34-1
VPN 64-11
VPN guidelines and restrictions 35-2
Classification 64-2
Class of Service 64-2
commands 64-15
configuring a class map 64-17
configuring a policy map 64-20
configuring egress EXP mutation 64-24
configuring EXP Value Maps 64-25
Differentiated Services Code Point 64-2
displaying a policy map 64-24
E-LSP 64-2
EXP bits 64-2
features 64-2
IP Precedence 64-2
QoS Tags 64-2
queueing-only mode 64-17
class map to classify MPLS packets 64-17
MPLS supported commands 34-2
limitations and restrictions 35-2
MQC 58-1
interoperation with Rapid PVST+ 29-20
root bridge 29-20
configuration guidelines 28-2
described 28-22
CIST, described 28-19
CIST root 28-21
configuration guidelines 28-2
forward-delay time 28-45
hello time 28-44
link type for rapid convergence 28-46
maximum aging time 28-45
maximum hop count 28-46
MST region 28-38
neighbor type 28-46
path cost 28-42
port priority 28-41
root switch 28-39
secondary root switch 28-40
switch priority 28-43
defined 28-19
operations between regions 28-20
default configuration 28-26
displaying status 28-47
enabling the mode 28-38
effects on root switch 28-39
effects on secondary root switch 28-40
unexpected behavior 28-39
implementation 28-23
port role naming change 28-23
terminology 28-21
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
defined 28-19
master 28-20
operations within a region 28-20
mapping VLANs to MST instance 28-38
CIST 28-19
configuring 28-38
described 28-19
hop-count mechanism 28-22
IST 28-19
supported spanning-tree instances 28-19
overview 28-18
configuring 28-39
effects of extended system ID 28-39
unexpected behavior 28-39
status, displaying 28-47
MTU size (default) 23-3
multiauthentication (multiauth). See also port-based authentication. 80-14
IGMP snooping and 43-8
MLDv2 snooping and 42-9
non-RPF 40-7
overview 43-2, 45-2, 46-2
PIM snooping 47-4
multicast flood blocking 79-1
joining 43-3, 45-4
leaving 42-7, 43-5
joining 42-5
Multicast Listener Discovery version 2 42-1
Multicast Replication Mode Detection enhancement 40-18
multicast television application 44-3
multicast VLAN 44-2
Multicast VLAN Registration 44-1
see MEC 4-14
Multidomain Authentication (MDA). See also port-based authentication. 80-14
Multilayer MAC ACL QoS Filtering 66-9
multiple path RPF check 73-5
MUX-UNI Support 34-7
MUX-UNI support 34-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 80-22
and IGMPv3 44-2
configuring interfaces 44-6
default configuration 44-5
example application 44-3
in the switch stack 44-5
monitoring 44-8
multicast television application 44-3
restrictions 44-1
setting global parameters 44-6
agentless audit support 80-27
critical authentication 80-20, 80-44
IEEE 802.1x authentication using a RADIUS server 80-47
IEEE 802.1x validation using RADIUS server 80-47
inaccessible authentication bypass 80-44
Layer 2 IEEE 802.1x validation 80-47
Layer 2 IEEE802.1x validation 80-27
native VLAN 18-11
NDAC 67-2
table, displaying entries 30-5
Network Device Admission Control (NDAC) 67-2
Bridge Assurance 29-5
description 29-2
nonaggregate label 34-2, 34-5
non-RPF multicast 40-7
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 6-1, 7-1
OIR 10-11
CompactFlash disk verification A-40
configuring 14-2
datapath verification A-11
diagnostic sanity check 14-24
egress datapath test A-5
error counter test A-5
interrupt counter test A-5
memory tests 14-24
overview 14-2
running tests 14-6
test descriptions A-1
understanding 14-2
online diagnostic tests A-1
out-f-band MAC address table synchronization
configuring 18-6
in a VSS 4-2
packet capture 57-2
CEF 30-2
IP MMLS and 40-5
multicast 70-6
understanding 20-5
MSTP 28-42
PBACLs 66-5
PBF 71-4
PBR 1-8
configuration (example) 31-7
enabling 31-4
in PVST simulation 29-20
per-port VTP enable and disable 22-16
recirculation 34-5
PIM, IP MMLS and 40-16
designated router flooding 47-6
enabling globally 47-5
enabling in a VLAN 47-5
overview 47-4
configuring IP MLS 49-3, 49-4
enabling IP MMLS 40-17 to 40-27
PoE 17-2
Cisco prestandard 17-2
IEEE 802.3af 17-2
PoE management 17-3
power policing 17-3
power use measurement 17-3
police command 60-13, 60-14
policy-based ACLs (PBACLs) 66-5
policy-based forwarding (PBF) 72-2
configuring 31-1
policy map 60-9, 61-11
attaching to an interface 60-17, 61-15, 73-4
policy-map command 60-9
defined 70-2
port ACLs (PACLs) 70-1
AAA authorization 80-30
accounting 80-16
configuring 80-41
defined 80-7, 81-3
RADIUS server 80-7
client, defined 80-7, 81-3
configuration guidelines 80-2, 81-1
guest VLAN 80-42
inaccessible authentication bypass 80-44
initializing authentication of a client 80-37
manual reauthentication of a client 80-36
RADIUS server 80-33, 81-10
RADIUS server parameters on the switch 80-32, 81-9
restricted VLAN 80-43
switch-to-authentication-server retransmission time 80-39
switch-to-client EAP-request frame retransmission time 80-39
switch-to-client frame-retransmission number 80-40
switch-to-client retransmission time 80-39
user distribution 80-42
VLAN group assignment 80-42
default configuration 80-28, 81-7
described 80-6
device roles 80-6, 81-3
DHCP snooping 80-15
DHCP snooping and insertion 75-6
displaying statistics 80-51, 81-15
EAPOL-start frame 80-10
EAP-request/identity frame 80-10
EAP-response/identity frame 80-10
802.1X authentication 80-30, 80-32, 81-9
periodic reauthentication 80-35
encapsulation 80-7
configuration guidelines 80-19, 80-20
described 80-19
host mode 80-13
inaccessible authentication bypass
configuring 80-44
described 80-20
guidelines 80-4
initiation and message exchange 80-10
MAC authentication bypass 80-26
magic packet 80-28
method lists 80-30
modes 80-13
multiauth mode, described 80-14
multidomain authentication mode, described 80-14
multiple-hosts mode, described 80-13
authorization state and dot1x port-control command 80-12
authorized and unauthorized 80-12
critical 80-20
voice VLAN 80-22
and voice VLAN 80-23
described 80-22
interactions 80-22
multiple-hosts mode 80-13
pre-authentication open access 80-15, 80-33
resetting to default values 80-51
supplicant, defined 80-7
as proxy 80-7, 81-3
RADIUS client 80-7
configuring 80-42
described 80-18
guidelines 80-4
AAA authorization 80-30
characteristics 80-17
configuration tasks 80-18
described 80-17
guidelines 80-4
described 80-22
PVID 80-22
VVID 80-22
wake-on-LAN, described 80-28
command 20-10, 20-11
command example 20-10, 20-12
port-channel load-defer command 4-42
port-channel port load-defer command 4-42
port cost, STP 28-32
disabling 10-10
displaying 10-10
enabling 10-10
edge ports 29-2
network ports 29-2
See STP PortFast Edge BPDU filtering
description 29-2, 29-2 to ??
edge 29-2
network 29-2
port mode 36-3
port negotiation 10-5
MSTP 28-41
port priority, STP 28-31
setting the debounce timer 10-10
aging 82-9, 82-10
configuring 82-4
described 82-3
displaying 82-10
enable sticky secure MAC address 82-8
sticky MAC address 82-3
violations 82-3
Port Security is supported on trunks 82-2, 82-5, 82-7, 82-9
port security MAC move 82-3
port security on PVLAN ports 82-2
Port Security with Sticky Secure MAC Addresses 82-3
enabling/disabling redundancy 12-2
overview 12-1
powering modules up or down 12-3
power policing 17-6
Power over Ethernet 17-2
power over ethernet 17-2
pre-authentication open access. See port-based authentication.
prerequisites for lawful intercept 83-1
primary links 19-2
primary VLANs 24-6
overriding CoS 16-6, 17-4
private hosts 25-1
configuration guidelines 25-1
configuring (detailed steps) 25-9
configuring (summary) 25-8
multicast operation 25-4
overview 25-4
port ACLs (PACLs) 25-7
port types 25-5, 25-6
protocol-independent MAC ACLs 25-4
restricting traffic flow with PACLs 25-5
spoofing protection 25-3
private VLANs 24-1
across multiple switches 24-9
and SVIs 24-10
benefits of 24-5
community VLANs 24-6, 24-7
configuration guidelines 24-2, 24-4, 24-10
configuring 24-10
host ports 24-14
pomiscuous ports 24-15
routing secondary VLAN ingress traffic 24-13
secondary VLANs with primary VLANs 24-12
VLANs as private 24-11
end station access to 24-8
IP addressing 24-8
isolated VLANs 24-6, 24-7
monitoring 24-16
community 24-7
configuration guidelines 24-4
isolated 24-7
promiscuous 24-7
primary VLANs 24-6
secondary VLANs 24-6
subdomains 24-5
traffic in 24-10
privileged EXEC mode 2-5
promiscuous ports 24-7
See Layer 2 protocol tunneling 27-2
See Rapid-PVST 28-3
description 28-3
description 29-20
peer inconsistent state 29-20
root bridge 29-20
enabling for VoIP 63-4
IPv6 59-3
See also automatic QoS 63-1
port value, configuring 62-2
QoS default configuration 65-2
maps, configuring 62-7
CoS values to DSCP values 62-4, 62-7
DSCP markdown values 62-8, 64-14
DSCP mutation 62-3, 64-25
DSCP values to CoS values 62-9
IP precedence values to DSCP values 62-7
QoS markdown 60-4
QoS out of profile 60-4
aggregate 60-4
microflow 60-4
trust state 62-10
QoS port-based or VLAN-based 62-12
QoS receive queue 62-18
QoS statistics data export 65-2
configuring 65-2
configuring destination host 65-7
configuring time interval 65-6, 65-8
QoS transmit queues 61-6, 62-15, 62-16
QoS VLAN-based or port-based 62-12
queries, IGMP 43-4
queries, MLDv2 42-6
RADIUS 75-6
RADIUS. See also port-based authentication. 80-7
command 52-3
macro 10-2
rapid convergence 28-14
enabling 28-36
interoperation with MST 29-20
overview 28-3
recirculation 34-5
described 80-25
reduced MAC address 28-3
redundancy (RPR+) 8-1
configuring 8-4
configuring supervisor engine 8-2
displaying supervisor engine configuration 8-5
redundancy command 8-4
related documentation 1-xliii
Remote Authentication Dial-In User Service. See RADIUS.
report, MLD 42-5
configuring 80-43
described 80-19
using with IEEE 802.1x 80-19
restricting MIB access 83-10, 83-11
CEF 30-2
IP MMLS 40-5
RHI 4-49
RIF cache monitoring 10-12
CLI 2-7
MST 29-20
PVST simulation 29-20
root bridge, STP 28-29
MSTP 28-39
route-map (IP) command 31-4
defining 31-4
router guard 46-1
failure 40-7
non-RPF multicast 40-7
RPR and RPR+ support IPv6 multicast traffic 8-1
active topology 28-13
format 28-16
processing 28-17
designated port, defined 28-13
designated switch, defined 28-13
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
topology changes 28-17
overview 28-13
described 28-13
synchronized 28-15
proposal-agreement handshake process 28-14
described 28-14
edge ports and Port Fast 28-14
point-to-point links 28-14, 28-46
root ports 28-14
root port, defined 28-13
secondary VLANs 24-6
Secure MAC Address Aging Type 82-9
configuring 68-1
security, port 82-3
security considerations 83-9
Security Exchange Protocol (SXP) 67-2
Security Group Access Control List (SGACL) 67-2
Security Group Tag (SGT) 67-2
description 50-12
clearing 10-13
maintaining 10-13
description 50-12
configuration mode 38-5
creating 38-4
defined 38-4
service-policy input command 60-17, 61-15, 62-4, 62-6, 64-25, 73-4
service-provider network, MSTP and RSTP 28-18
set default interface command 31-4
set interface command 31-4
set ip default next-hop command 31-4
PBR 31-4
set ip next-hop command 31-4
PBR 31-4
PBR 31-4
set power redundancy enable/disable command 12-2
set requests 83-7, 83-8, 83-11
setting up lawful intercept 83-7
SGACL 67-2
SGT 67-2
configuring 64-30
show authentication command 80-52
show catalyst6000 chassis-mac-address command 28-4
show dot1x interface command 80-36
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 18-6, 18-13
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip local policy command 31-5
show mab command 80-55
show module command 8-5
show platform aging command 49-4
show platform entry command 30-5
show platform ip multicast group command
displaying IP MMLS group 40-27
show platform ip multicast interface command
displaying IP MMLS interface 40-27
show platform ip multicast source command
displaying IP MMLS source 40-27
show platform ip multicast statistics command
displaying IP MMLS statistics 40-27
show platform ip multicast summary
displaying IP MMLS configuration 40-27
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
displaying ACLs 70-7, 70-8
show svclc rhi-routes command 4-49
show version command 10-12
shutdown command 10-13
result 10-13
slot number, description 10-2
smart call home 50-1
description 50-4
destination profile (note) 50-21
registration requirements 50-4
service contract requirements 50-2
Transport Gateway (TG) aggregation point 50-3
smart call home registration 50-4
smart port macros 3-1
configuration guidelines 3-2
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
configuring 83-10
default view 83-9
get and set requests 83-7, 83-8, 83-11
notifications 83-9, 83-12
support and documentation 1-7
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
call home event format 50-11
source specific multicast with IGMPv3, IGMP v3lite, and URD 40-26
configuration guidelines 53-2
configuring 53-12
sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28
VLAN filtering 53-30
destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29
distributed egress 53-10, 53-15
modules that disable for ERSPAN 53-7
input packets with don’t learn option
ERSPAN 53-28, 53-29
local SPAN 53-17, 53-18, 53-19
RSPAN 53-22, 53-23, 53-25
understanding 53-12
local SPAN egress session increase 53-3, 53-16
overview 53-7
SPAN Destination Port Permit Lists 53-15
command 29-15, 29-16
command example 29-15, 29-16
command 28-33
command example 28-33
command 29-2, 29-3, 29-4
command example 29-3, 29-4
spanning-tree portfast bpdu-guard
command 29-8
command 28-31
spanning-tree protocol for bridging 32-1
command 29-13
command example 29-13
command 28-27, 28-29, 28-30, 28-31, 29-8, 29-17
command example 28-28, 28-29, 28-30, 28-31
command 28-33
spanning-tree vlan forward-time
command 28-35
command example 28-35
command 28-35
command example 28-35
command 28-36
command example 28-36
spanning-tree vlan port-priority
command 28-31
command example 28-32
command 28-34
command example 28-34
configuring interface 10-4
speed command 10-4
autonegotiation status 10-6
standards, lawful intercept 83-4
standby links 19-2
description 80-25
802.1X 80-51, 81-15
sticky ARP 73-7
sticky MAC address 82-3
Sticky secure MAC addresses 82-8, 82-9
configuring 28-26
bridge priority 28-34
enabling 28-27, 28-28
forward-delay time 28-35
hello time 28-35
maximum aging time 28-36
port cost 28-32
port priority 28-31
root bridge 28-29
secondary root switch 28-30
defaults 28-25
EtherChannel 20-7
normal ports 29-3
understanding 28-2
802.1Q Trunks 28-12
Blocking State 28-8
BPDUs 28-4
disabled state 28-12
forwarding state 28-11
learning state 28-10
listening state 28-9
overview 28-3
port states 28-6
protocol timers 28-5
root bridge election 28-5
topology 28-5
configuring 29-15
adding a switch 29-18
command 29-15, 29-16
command example 29-15, 29-16
understanding 29-13
configuring 29-7
spanning-tree portfast bpdu-guard
command 29-8
understanding 29-7
STP bridge ID 28-3
STP EtherChannel guard 29-16
description ?? to 29-20
configuring 29-19
overview 29-17
configuring 29-10
BPDU filtering 29-9
configuring 29-2
command 29-2, 29-3, 29-4
command example 29-3, 29-4
understanding 29-2
normal 29-3
STP root guard 29-17
configuring 29-12
command 29-13
command example 29-13
understanding 29-11
subdomains, private VLAN 24-5
environmental monitoring 13-1
redundancy 8-1
synchronizing configurations 8-5
configuring 8-2
displaying redundancy configuration 8-5
supplicant 80-7
surveillance 83-7
svclc command 4-48
Switched Port Analyzer 53-1
switch fabric functionality 9-1
configuring 9-3
monitoring 9-4
configuring 18-14
example 18-13
show interfaces 10-8, 10-9, 18-6, 18-13
switchport access vlan 18-6, 18-7, 18-10, 18-14
example 18-15
switchport mode access 18-4, 18-6, 18-7, 18-14
example 18-15
switchport mode dynamic 18-9
switchport mode dynamic auto 18-4
switchport mode dynamic desirable 18-4
default 18-5
example 18-13
switchport mode trunk 18-4, 18-9
switchport nonegotiate 18-4
switchport trunk allowed vlan 18-11
switchport trunk encapsulation 18-7, 18-9
switchport trunk encapsulation dot1q
example 18-13
switchport trunk encapsulation negotiate
default 18-5
switchport trunk native vlan 18-11
switchport trunk pruning vlan 18-12
MSTP 28-43
foreground execution 55-2
running 55-3
viewing 55-3
SXP 67-2
system event archive (SEA) 51-1
System Hardware Capacity 1-3
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
accessing CLI 2-2
Time Domain Reflectometer 10-14
host presence detection 16-4, 80-14, 82-4
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
broadcast 78-4
described 78-2
monitoring 78-5
thresholds 78-2
trunks 18-4
802.1Q Restrictions 18-2
allowed VLANs 18-11
configuring 18-8
default interface configuration 18-6
default VLAN 18-10
different VTP domains 18-4
native VLAN 18-11
to non-DTP device 18-4
VLAN 1 minimization 18-12
trusted boundary 16-6
trusted boundary (extended trust for CDP devices) 16-4
trustpoint 50-2
tunneling 64-4, 64-26
See 802.1Q 26-4
configuration 33-5
overview 33-4
UDE and UDLR 33-1
default configuration 11-3
globally 11-3
on ports 11-4
overview 11-2
UDLR 33-1
back channel 33-3
configuration 33-6
(example) 33-7
ARP and NHRP 33-4
UDLR (unidirectional link routing) 33-1
UDP port for SNMP notifications 83-12
UMFB 79-2
unauthorized ports with 802.1X 80-12
Unidirectional Ethernet 33-1
example of setting 33-5
UniDirectional Link Detection Protocol
configuring 64-34
unknown multicast flood blocking
unknown unicast and multicast flood blocking 79-1
unknown unicast flood blocking
unknown unicast flood rate-limiting
URD 40-26
User-Based Rate Limiting 60-6, 60-15
user EXEC mode 2-5
UUFB 79-2
UUFRL 79-2
VACLs 71-2
examples 71-5
Layer 3 VLAN interfaces 71-5
Layer 4 port operations 66-2
configuration example 71-7
configuring 71-7
restrictions 71-7
MAC address based 71-2
multicast packets 70-6
SVIs 71-5
WAN interfaces 71-2
virtual private LAN services (VPLS) 37-1
associating attachment circuit with the VSI at the PE 37-13
basic configuration 37-2
configuration example 37-18
configuring MPLS in the PE 37-11
configuring PE layer 2 interface to the CE 37-7
configuring the VFI in the PE 37-12
overview 37-2
restrictions 37-2
services 37-5
command 23-5, 23-6, 53-20
command example 23-6
VLAN-based QoS filtering 66-10
VLAN-bridge spanning-tree protocol 32-1
command 23-5, 23-6, 53-20
vlan group command 80-42
VLAN locking 23-4
command 23-8, 23-9
applying 70-8
VLAN mode 36-3
VLAN port provisioning verification 23-4
allowed on trunk 18-11
configuration guidelines 23-2
configuring 23-1
configuring (tasks) 23-4
defaults 23-3
extended range 23-3
interface assignment 23-6
multicast 44-2
name (default) 23-3
normal range 23-3
reserved range 23-3
support for 4,096 VLANs 23-2
token ring 23-3
understanding 18-4
understanding 23-2
VLAN 1 minimization 18-12
VTP domain 23-4
command example 23-8, 23-9
Cisco 7960 phone, port connections 16-2
configuration guidelines 16-1
configuring IP phone for data traffic
override CoS of incoming frame 16-6, 17-4
configuring ports for voice traffic in
802.1Q frames 16-5
connecting to an IP phone 16-5
default configuration 16-4
overview 16-2
voice VLAN. See also port-based authentication. 80-22
configuration example 35-4
guidelines and restrictions 35-2
VPN supported commands 35-2
VPN switching 35-1
Enhanced PAgP, advantages 4-23
Enhanced PAgP, description 4-23
enhanced PAgP, description 4-43
fast-hello, advantages 4-23
fast-hello, description 4-23
VSLP fast-hello, configuration 4-44
advertisements 22-4, 22-5
client, configuring 22-15
configuration guidelines 22-1
default configuration 22-9
disabling 22-15
domains 22-3
VLANs 23-4
client 22-4
server 22-4
transparent 22-4
monitoring 22-17
overview 22-2
per-port enable and disable 22-16
configuration 18-12
configuring 22-12
overview 22-7
server, configuring 22-15
statistics 22-17
transparent mode, configuring 22-15
enabling 22-13
overview 22-5
enabling 22-13
overview 22-6
server type, configuring 22-11
wake-on-LAN. See also port-based authentication. 80-28
AAA fail policy 81-5
description 81-2
web browser interface 1-7
wiretaps 83-4
Index
4K VLANs (support for 4,096 VLANs) 23-2
802.1AE Tagging 67-2
See Layer 2 protocol tunneling
mapping to ISL VLANs 23-7
trunks 18-4
restrictions 18-2
configuration guidelines 26-1
configuring tunnel ports 26-6
overview 26-4
specifying custom 18-15
802.1X 80-1
802.1x accounting 80-41
802.3af 17-2
802.3x Flow Control 10-9
fail policy 80-8, 81-5
AAA (authentication, authorization, and accounting). See also port-based authentication. 80-6, 81-2
aaa accounting dot1x command 80-41
aaa accounting system command 80-41
abbreviating commands 2-5
access, restricting MIB 83-10
access control entries and lists 66-1
access-enable host timeout (not supported) 66-4
access port, configuring 18-14
access rights 83-9
access setup, example 83-11
with 802.1x 80-41
with IEEE 802.1x 80-16
ACEs and ACLs 66-1
downloadable 81-2
downloadable (dACLs) 80-23
Filter-ID 80-24
per-user 80-24
defined 70-2
redirect URL 80-25
static sharing 80-25
acronyms, list of A-1
activating lawful intercept 83-8
admin function (mediation device) 83-7, 83-8
administration, definition 83-6
advertisements, VTP 22-4
aggregate label 34-2, 34-5
aggregate policing 60-4
for MSTP 28-45
for MSTP 28-45, 28-46
major 13-4
minor 13-4
Allow DHCP Option 82 on Untrusted Port
configuring 75-10
understanding 75-5
any transport over MPLS (AToM) 36-3
Ethernet over MPLS 36-3
ARP ACL 66-12
ARP spoofing 77-3
AToM 36-3
audience 1-xliii
authentication control-direction command 80-50
authentication event command 80-43
authentication open comand 80-15
authentication password, VTP 22-5
authentication periodic command 80-36, 80-47
authentication port-control command 80-43
authentication timer reauthenticate command 80-36
authorized ports with 802.1X 80-12
configuration guidelines and restrictions 63-2
macros 63-4
overview 63-2
AutoQoS 63-1
auto-sync command 8-4
binding database, DHCP snooping
See DHCP snooping binding database
See DHCP snooping binding database
blocking state, STP 28-8
blue beacon 1-6
RSTP format 28-16
Bridge Assurance 29-5
Shared Spanning Tree Protocol (SSTP) 29-20
description 29-4 to 29-6
inconsistent state 29-5
supported protocols and link types 29-5
configuring 38-8
bridge groups 32-1
bridge priority, STP 28-34
bridging 32-1
CALEA, See Communications Assistance for Law Enforcement Act (CALEA)
description 50-3
message format options 50-3
format options 50-3
call home 50-1
alert groups 50-28
contact information 50-19
destination profiles 50-20
displaying information 50-39
pattern matching 50-31
periodic notification 50-30
rate limit messages 50-31
severity threshold 50-30
smart call home feature 50-4
SMTP server 50-2
testing communications 50-32
configuring 50-28
description 50-28
subscribing 50-29
call home customer information
entering information 50-19
call home destination profiles
attributes 50-21
description 50-20
displaying 50-42
full-txt format for syslog 50-15
XML format for syslog 50-15
host presence detection 80-14, 82-4
to configure Cisco phones 16-3
RP 30-5
supervisor engine 30-4
examples 30-3
Layer 3 switching 30-2
packet rewrite 30-2
certificate authority (CA) 50-2
command 20-8, 20-13, 20-14
command example 20-9, 20-14
Cisco Emergency Responder 16-4
Cisco Express Forwarding 34-3
citapStreamVRF 83-2
overview 83-8
restricting access to 83-10, 83-11
accessing 83-9
overview 83-8
restricting access to 83-10, 83-11
class command 60-9
class map configuration 60-8, 61-11
clear authentication sessions command 80-38
clear counters command 10-12
clear dot1x command 80-37
clear interface command 10-13
accessing 2-1
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-6
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
collection function 83-6
command line processing 2-3
commands, getting list of 2-6
Communications Assistance for Law Enforcement Act
CALEA for Voice 83-5
lawful intercept 83-4
community ports 24-7
community VLANs 24-6, 24-7
EoMPLS port mode 36-4, 36-7
EoMPLS VLAN mode 36-4
VPLS, 802.1Q access port for untagged traffic from CE 37-8
VPLS, associating the attachment circuit with the VSI at the PE 37-13
VPLS, L2 VLAN instance on the PE 37-10
VPLS, MPLS in the PE 37-11
VPLS, using QinQ to place all VLANs into a single VPLS 37-9
VPLS, VFI in the PE 37-12
EVCs 38-2
configuring 60-9, 61-11
lawful intercept 83-10, 83-11, 83-12
SNMP 83-10
console configuration mode 2-5
content IAP 83-6
CoPP 74-1
applying QoS service policy to control plane 74-5
ACLs to match traffic 74-5
enabling MLS QoS 74-5
packet classification criteria 74-5
service-policy map 74-5
control plane configuration mode
entering 74-5
dynamic information 74-9
number of conforming bytes and packets 74-9
rate information 74-9
entering control plane configuration mode 74-5
monitoring statistics 74-9
overview 74-3
packet classification guidelines 74-2
defining 74-6
guidelines 74-7
overview 74-6
sample ACLs 74-7
sample classes 74-6
override priority 16-6, 17-4
clearing interface 10-12, 10-13
critical authentication 80-8
critical authentication, IEEE 802.1x 80-44
CSCsr62404 10-9
cTap2MediationDebug notification 83-12
cTap2MediationNewIndex object 83-8
cTap2MediationTable 83-8
cTap2MediationTimedOut notification 83-12
cTap2MIBActive notification 83-12
cTap2StreamDebug notification 83-12
cTap2StreamTable 83-8
entering for call home 50-19
See ACLs, downloadable 80-23
dCEF 30-4
IP MMLS 40-31
DEC spanning-tree protocol 32-1
802.1X 80-28, 81-7
dynamic ARP inspection 77-6
EVCs 38-9
Flex Links 19-4
IP MMLS 40-15
MSTP 28-26
MVR 44-5
UDLD 11-3
voice VLAN 16-4
VTP 22-9
default VLAN 18-10
denial of service protection 73-1
call home format 50-11, 50-12
See DHCP snooping binding database
See DHCP snooping binding database
circuit ID suboption 75-7
overview 75-5
circuit ID 75-7
remote ID 75-7
remote ID suboption 75-7
DHCP option 82 allow on untrusted port 75-10
802.1X data insertion 80-15
See DHCP snooping binding database
configuration guidelines 75-8
configuring 75-9
default configuration 75-8
displaying binding tables 75-18
enabling 75-9, 75-10, 75-11, 75-12, 75-13, 75-14
enabling the database agent 75-14
message exchange process 75-6
monitoring 76-5, 76-6
option 82 data insertion 75-5
overview 75-3
Snooping database agent 75-7
DHCP snooping binding database
described 75-5
entries 75-5
See DHCP snooping binding database
adding to the database (example) 75-18
enabling (example) 75-15
overview 75-7
reading from a TFTP file (example) 75-17
DHCP snooping increased bindings limit 75-14
configuring short pipe mode 64-30
configuring uniform mode 64-34
short pipe mode 64-27
uniform mode 64-28
DiffServ tunneling modes 64-4
Disabling PIM Snooping Designated Router Flooding 47-6
distributed Cisco Express Forwarding
distributed egress SPAN 53-10, 53-15
documentation, related 1-xliii
Domain Name System 83-2
DoS protection 73-1
monitoring packet drop statistics
using monitor session commands 73-8
using VACL capture 73-10
QoS ACLs 73-2
security ACLs 73-2
uRPF check 73-5
dot1x initialize interface command 80-37
dot1x max-reauth-req command 80-41
dot1x max-req command 80-40
dot1x pae authenticator command 80-31
dot1x re-authenticate interface command 80-36
dot1x timeout quiet-period command 80-38
DSCP-based queue mapping 62-14
duplex command 10-5, 10-6
autonegotiation status 10-6
configuring interface 10-4
ARP cache poisoning 77-3
ARP requests, described 77-3
ARP spoofing attack 77-3
configuration guidelines 77-2
log buffer 77-13, 77-15
logging system messages 77-14
rate limit for incoming ARP packets 77-5, 77-10
default configuration 77-6
denial-of-service attacks, preventing 77-10
described 77-3
DHCP snooping binding database 77-4
ARP ACLs 77-15
configuration and operating state 77-15
trust state and rate limit 77-15
error-disabled state for exceeding rate limit 77-5
function of 77-4
interface trust states 77-4
configuring 77-13, 77-15
logging of dropped packets, described 77-6
configuring 77-14
man-in-the middle attack, described 77-4
network security issues and interface trust states 77-4
priority of ARP ACLs and DHCP snooping entries 77-6
configuring 77-10
described 77-5
error-disabled state 77-5
validation checks, performing 77-11
Dynamic Host Configuration Protocol snooping 75-1
EAC 67-2
EAPOL. See also port-based authentication. 80-6
egress SPAN 53-10
electronic traffic, monitoring 83-7
assigning for call home 50-19
Call Home 50-3
enable mode 2-5
enable sticky secure MAC address 82-8
on router interfaces 40-16
lawful intercept 83-8
SNMP notifications 83-12
Endpoint Admission Control (EAC) 67-2
LED indications 13-4
SNMP traps 13-4
supervisor engine and switching modules 13-4
Syslog messages 13-4
using CLI commands 13-1
for MAC address table synchronization 18-3
EoMPLS 36-3
configuring 36-4
configuring VLAN mode 36-3
guidelines and restrictions 36-2
port mode 36-3
VLAN mode 36-3
ERSPAN 53-1
command 20-8, 20-13, 20-14
command example 20-9, 20-14
configuration guidelines 4-26, 20-2
Layer 2 20-8
configuring (tasks) 4-26, 20-7
command example 20-8
interface port-channel (command) 20-8
command example 20-10
configuring 20-8
configuring 20-11
understanding 20-7
Min-Links 20-13, 20-14
modes 20-4
understanding 20-5
port-channel interfaces 20-7
command 20-10, 20-11
command example 20-12
STP 20-7
understanding 4-4, 20-3
setting port duplex 10-10
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 36-6
EoMPLS VLAN mode 36-4
broadcast domain 38-4
configuration guidelines 38-2
default configuration 38-9
supported features 38-2
EXP mutation 64-4
extended range VLANs 23-2
MSTP 28-39
Extensible Authentication Protocol over LAN. See EAPOL.
fall-back bridging 32-1
on VSL failure 4-13
fiber-optic, detecting unidirectional links 11-1
FIB TCAM 34-3
lawful intercept overview 83-5
Flex Links 19-1
configuration guidelines 19-2
configuring 19-4
default configuration 19-4
description 19-2
monitoring 19-5
flow control 10-9
MSTP 28-45
forward-delay time, STP 28-35
See EtherChannel load balancing
get requests 83-7, 83-8, 83-11
global configuration mode 2-5
guest VLAN and 802.1x 80-19
guidelines 30-2
MSTP 28-44
hello time, STP 28-35
High Capacity Power Supply Support 12-4
CLI 2-4
kinds of 24-7
host presence CDP message 16-4, 80-14
host presence TLV message 82-4
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 20-3
content IAP 83-6
definition 83-6
content IAP 83-6
identification IAP 83-6
ICMP unreachable messages 66-2
ID IAP 83-6
serial IDs 50-12
specifying custom 18-15
IEEE 802.1Q Tagging on a Per-Port Basis 26-7
accounting 80-16, 80-41
authentication failed VLAN 80-19
critical ports 80-20
DHCP snooping 80-15
guest VLAN 80-19
MAC authentication bypass 80-26
network admission control Layer 2 validation 80-27
port security interoperability 80-22
RADIUS-supplied session timeout 80-35
voice VLAN 80-22
wake-on-LAN support 80-28
IEEE 802.3af 17-2
IEEE 802.3x Flow Control 10-9
IEEE bridging protocol 32-1
IGMP 43-1
configuration guidelines 42-9
enabling 43-9
join messages 43-3
enabling 43-13
queries 43-4
configuring 43-12
fast leave 43-6
joining multicast group 43-3, 45-4
leaving multicast group 43-5, 45-4
understanding 43-3, 45-3
enabling 43-9
understanding 43-3, 45-3
IGMPv3 40-26
IGMP v3lite 40-26
ignore port trust 60-11
inaccessible authentication bypass 80-20
ingress SPAN 53-10
intercept-related information (IRI) 83-6, 83-7
intercepts, multiple 83-6
configuration mode 2-5
Layer 2 modes 18-4
number 10-2
command example 20-8
interface port-channel (command) 20-8
configuring, duplex mode 10-3
configuring, speed 10-3
configururing, overview 10-2
counters, clearing 10-12, 10-13
displaying information about 10-12
maintaining 10-12
monitoring 10-12
range of 10-2
restarting 10-13
task 10-13
interfaces command 10-2
interfaces range command 52-3
interfaces range macro command 10-2
internal VLANs 23-3
Internet Group Management Protocol 43-1, 45-1
IP accounting, IP MMLS and 40-2
topology (figure) 30-4
ip flow-export source command 55-3, 55-4, 55-5
ip http server 1-7
ip local policy route-map command 31-5
cache, overview 40-4
configuration guideline 40-1
debug commands 40-31
default configuration 40-15
on router interfaces 40-16
Layer 3 MLS cache 40-4
overview 40-2
packet rewrite 40-5
enabling globally 40-16
enabling on interfaces 40-16
PIM, enabling 40-16
IGMP snooping and 43-8
MLDv2 snooping and 42-9
overview 43-2, 45-2, 46-2
enabling IP multicast 40-16
configuring 16-5
enabling IP PIM 40-16
ip policy route-map command 31-5
IP Source Guard 76-1
configuring 76-3
configuring on private VLANs 76-5
displaying 76-5, 76-6
overview 76-2
IP unnumbered 32-1
IPv4 Multicast over Point-to-Point GRE Tunnels 1-8
IPv4 Multicast VPN 48-1
IPv6 Multicast Layer 3 Switching 41-1
IPv6 QoS 59-3
ISL trunks 18-4
isolated port 24-7
isolated VLANs 24-6, 24-7
join messages, IGMP 43-3
jumbo frames 10-6
keyboard shortcuts 2-3
label edge router 34-2
label switched path 36-1
label switch router 34-2, 34-4
system ID 20-6
Law Enforcement Agency (LEA) 83-4
admin function 83-7, 83-8
collection function 83-6
configuring 83-10, 83-11, 83-12
enabling 83-8
IRI 83-6
mediation device 83-5
overview 83-4, 83-5
prerequisites 83-1
processing 83-7
security considerations 83-9
SNMP notifications 83-12
lawful intercept processing 83-7
configuring interfaces 18-5
access port 18-14
trunk 18-8
defaults 18-5
interface modes 18-4
show interfaces 10-8, 10-9, 18-6, 18-13
understanding 18-2
understanding 18-4
interface assignment 23-6
configuring 18-1
configuring Layer 2 tunnels 27-3
overview 27-2
Layer 2 Traceroute 56-1
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
IP MMLS and MLS cache 40-4
Layer 3 switched packet rewrite
CEF 30-2
CEF 30-2
Layer 4 port operations (ACLs) 66-2
enabling 43-13
enabling 42-12
LERs 64-2, 64-6, 64-7
detecting unidirectional 28-25
link negotiation 10-5
MEC traffic recovery 4-6
Local Egress Replication 40-19
description 66-3
determining maximum number of 66-3
LSRs 64-2, 64-6
mab command 80-43, 80-47
MAC address-based blocking 69-1
MAC address table notification 18-7
MAC authentication bypass. See also port-based authentication. 80-26
MAC move (port security) 82-3
macros 3-1
MACSec 67-2
magic packet 80-28
main-cpu command 8-4
mapping 802.1Q VLANs to ISL VLANs 23-7
match ip address command 31-4
match length command 31-4
MSTP 28-45
maximum aging time, STP 28-36
maximum hop count, MSTP 28-46
configuration 4-42
described 4-14
failure 4-15
port load share deferral 4-16
admin function 83-7, 83-8
definition 83-5
description 83-5
CISCO-IP-TAP-MIB 83-2, 83-8, 83-10
CISCO-TAP2-MIB 83-8, 83-9, 83-10
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
microflow policing 60-4
Mini Protocol Analyzer 57-1
Min-Links 20-13
report 42-5
configuring 42-10
MLDv1 42-2
MLDv2 42-1
enabling 42-11
enabling 42-12
queries 42-6
fast leave 42-8
joining multicast group 42-5
leaving multicast group 42-7
understanding 42-3
enabling 42-10
understanding 42-3
MLDv2 Snooping 42-1
Flex Links 19-5
MVR 44-8
private VLANs 24-16
monitoring electronic traffic 83-7
MPLS 34-1, 34-2
aggregate label 34-2
any transport over MPLS 36-3
basic configuration 34-9
core 34-4
DiffServ Tunneling Modes 64-26
egress 34-4
experimental field 64-3
hardware features 34-5
ingress 34-4
IP to MPLS path 34-4
labels 34-2
MPLS to IP path 34-4
MPLS to MPLS path 34-4
nonaggregate lable 34-2
QoS default configuration 64-13
restrictions 34-1
VPN 64-11
VPN guidelines and restrictions 35-2
Classification 64-2
Class of Service 64-2
commands 64-15
configuring a class map 64-17
configuring a policy map 64-20
configuring egress EXP mutation 64-24
configuring EXP Value Maps 64-25
Differentiated Services Code Point 64-2
displaying a policy map 64-24
E-LSP 64-2
EXP bits 64-2
features 64-2
IP Precedence 64-2
QoS Tags 64-2
queueing-only mode 64-17
class map to classify MPLS packets 64-17
MPLS supported commands 34-2
limitations and restrictions 35-2
MQC 58-1
interoperation with Rapid PVST+ 29-20
root bridge 29-20
configuration guidelines 28-2
described 28-22
CIST, described 28-19
CIST root 28-21
configuration guidelines 28-2
forward-delay time 28-45
hello time 28-44
link type for rapid convergence 28-46
maximum aging time 28-45
maximum hop count 28-46
MST region 28-38
neighbor type 28-46
path cost 28-42
port priority 28-41
root switch 28-39
secondary root switch 28-40
switch priority 28-43
defined 28-19
operations between regions 28-20
default configuration 28-26
displaying status 28-47
enabling the mode 28-38
effects on root switch 28-39
effects on secondary root switch 28-40
unexpected behavior 28-39
implementation 28-23
port role naming change 28-23
terminology 28-21
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
defined 28-19
master 28-20
operations within a region 28-20
mapping VLANs to MST instance 28-38
CIST 28-19
configuring 28-38
described 28-19
hop-count mechanism 28-22
IST 28-19
supported spanning-tree instances 28-19
overview 28-18
configuring 28-39
effects of extended system ID 28-39
unexpected behavior 28-39
status, displaying 28-47
MTU size (default) 23-3
multiauthentication (multiauth). See also port-based authentication. 80-14
IGMP snooping and 43-8
MLDv2 snooping and 42-9
non-RPF 40-7
overview 43-2, 45-2, 46-2
PIM snooping 47-4
multicast flood blocking 79-1
joining 43-3, 45-4
leaving 42-7, 43-5
joining 42-5
Multicast Listener Discovery version 2 42-1
Multicast Replication Mode Detection enhancement 40-18
multicast television application 44-3
multicast VLAN 44-2
Multicast VLAN Registration 44-1
see MEC 4-14
Multidomain Authentication (MDA). See also port-based authentication. 80-14
Multilayer MAC ACL QoS Filtering 66-9
multiple path RPF check 73-5
MUX-UNI Support 34-7
MUX-UNI support 34-7
MVAP (Multi-VLAN Access Port). See also port-based authentication. 80-22
and IGMPv3 44-2
configuring interfaces 44-6
default configuration 44-5
example application 44-3
in the switch stack 44-5
monitoring 44-8
multicast television application 44-3
restrictions 44-1
setting global parameters 44-6
agentless audit support 80-27
critical authentication 80-20, 80-44
IEEE 802.1x authentication using a RADIUS server 80-47
IEEE 802.1x validation using RADIUS server 80-47
inaccessible authentication bypass 80-44
Layer 2 IEEE 802.1x validation 80-47
Layer 2 IEEE802.1x validation 80-27
native VLAN 18-11
NDAC 67-2
table, displaying entries 30-5
Network Device Admission Control (NDAC) 67-2
Bridge Assurance 29-5
description 29-2
nonaggregate label 34-2, 34-5
non-RPF multicast 40-7
notifications, See SNMP notifications
NSF with SSO does not support IPv6 multicast traffic. 6-1, 7-1
OIR 10-11
CompactFlash disk verification A-40
configuring 14-2
datapath verification A-11
diagnostic sanity check 14-24
egress datapath test A-5
error counter test A-5
interrupt counter test A-5
memory tests 14-24
overview 14-2
running tests 14-6
test descriptions A-1
understanding 14-2
online diagnostic tests A-1
out-f-band MAC address table synchronization
configuring 18-6
in a VSS 4-2
packet capture 57-2
CEF 30-2
IP MMLS and 40-5
multicast 70-6
understanding 20-5
MSTP 28-42
PBACLs 66-5
PBF 71-4
PBR 1-8
configuration (example) 31-7
enabling 31-4
in PVST simulation 29-20
per-port VTP enable and disable 22-16
recirculation 34-5
PIM, IP MMLS and 40-16
designated router flooding 47-6
enabling globally 47-5
enabling in a VLAN 47-5
overview 47-4
configuring IP MLS 49-3, 49-4
enabling IP MMLS 40-17 to 40-27
PoE 17-2
Cisco prestandard 17-2
IEEE 802.3af 17-2
PoE management 17-3
power policing 17-3
power use measurement 17-3
police command 60-13, 60-14
policy-based ACLs (PBACLs) 66-5
policy-based forwarding (PBF) 72-2
configuring 31-1
policy map 60-9, 61-11
attaching to an interface 60-17, 61-15, 73-4
policy-map command 60-9
defined 70-2
port ACLs (PACLs) 70-1
AAA authorization 80-30
accounting 80-16
configuring 80-41
defined 80-7, 81-3
RADIUS server 80-7
client, defined 80-7, 81-3
configuration guidelines 80-2, 81-1
guest VLAN 80-42
inaccessible authentication bypass 80-44
initializing authentication of a client 80-37
manual reauthentication of a client 80-36
RADIUS server 80-33, 81-10
RADIUS server parameters on the switch 80-32, 81-9
restricted VLAN 80-43
switch-to-authentication-server retransmission time 80-39
switch-to-client EAP-request frame retransmission time 80-39
switch-to-client frame-retransmission number 80-40
switch-to-client retransmission time 80-39
user distribution 80-42
VLAN group assignment 80-42
default configuration 80-28, 81-7
described 80-6
device roles 80-6, 81-3
DHCP snooping 80-15
DHCP snooping and insertion 75-6
displaying statistics 80-51, 81-15
EAPOL-start frame 80-10
EAP-request/identity frame 80-10
EAP-response/identity frame 80-10
802.1X authentication 80-30, 80-32, 81-9
periodic reauthentication 80-35
encapsulation 80-7
configuration guidelines 80-19, 80-20
described 80-19
host mode 80-13
inaccessible authentication bypass
configuring 80-44
described 80-20
guidelines 80-4
initiation and message exchange 80-10
MAC authentication bypass 80-26
magic packet 80-28
method lists 80-30
modes 80-13
multiauth mode, described 80-14
multidomain authentication mode, described 80-14
multiple-hosts mode, described 80-13
authorization state and dot1x port-control command 80-12
authorized and unauthorized 80-12
critical 80-20
voice VLAN 80-22
and voice VLAN 80-23
described 80-22
interactions 80-22
multiple-hosts mode 80-13
pre-authentication open access 80-15, 80-33
resetting to default values 80-51
supplicant, defined 80-7
as proxy 80-7, 81-3
RADIUS client 80-7
configuring 80-42
described 80-18
guidelines 80-4
AAA authorization 80-30
characteristics 80-17
configuration tasks 80-18
described 80-17
guidelines 80-4
described 80-22
PVID 80-22
VVID 80-22
wake-on-LAN, described 80-28
command 20-10, 20-11
command example 20-10, 20-12
port-channel load-defer command 4-42
port-channel port load-defer command 4-42
port cost, STP 28-32
disabling 10-10
displaying 10-10
enabling 10-10
edge ports 29-2
network ports 29-2
See STP PortFast Edge BPDU filtering
description 29-2, 29-2 to ??
edge 29-2
network 29-2
port mode 36-3
port negotiation 10-5
MSTP 28-41
port priority, STP 28-31
setting the debounce timer 10-10
aging 82-9, 82-10
configuring 82-4
described 82-3
displaying 82-10
enable sticky secure MAC address 82-8
sticky MAC address 82-3
violations 82-3
Port Security is supported on trunks 82-2, 82-5, 82-7, 82-9
port security MAC move 82-3
port security on PVLAN ports 82-2
Port Security with Sticky Secure MAC Addresses 82-3
enabling/disabling redundancy 12-2
overview 12-1
powering modules up or down 12-3
power policing 17-6
Power over Ethernet 17-2
power over ethernet 17-2
pre-authentication open access. See port-based authentication.
prerequisites for lawful intercept 83-1
primary links 19-2
primary VLANs 24-6
overriding CoS 16-6, 17-4
private hosts 25-1
configuration guidelines 25-1
configuring (detailed steps) 25-9
configuring (summary) 25-8
multicast operation 25-4
overview 25-4
port ACLs (PACLs) 25-7
port types 25-5, 25-6
protocol-independent MAC ACLs 25-4
restricting traffic flow with PACLs 25-5
spoofing protection 25-3
private VLANs 24-1
across multiple switches 24-9
and SVIs 24-10
benefits of 24-5
community VLANs 24-6, 24-7
configuration guidelines 24-2, 24-4, 24-10
configuring 24-10
host ports 24-14
pomiscuous ports 24-15
routing secondary VLAN ingress traffic 24-13
secondary VLANs with primary VLANs 24-12
VLANs as private 24-11
end station access to 24-8
IP addressing 24-8
isolated VLANs 24-6, 24-7
monitoring 24-16
community 24-7
configuration guidelines 24-4
isolated 24-7
promiscuous 24-7
primary VLANs 24-6
secondary VLANs 24-6
subdomains 24-5
traffic in 24-10
privileged EXEC mode 2-5
promiscuous ports 24-7
See Layer 2 protocol tunneling 27-2
See Rapid-PVST 28-3
description 28-3
description 29-20
peer inconsistent state 29-20
root bridge 29-20
enabling for VoIP 63-4
IPv6 59-3
See also automatic QoS 63-1
port value, configuring 62-2
QoS default configuration 65-2
maps, configuring 62-7
CoS values to DSCP values 62-4, 62-7
DSCP markdown values 62-8, 64-14
DSCP mutation 62-3, 64-25
DSCP values to CoS values 62-9
IP precedence values to DSCP values 62-7
QoS markdown 60-4
QoS out of profile 60-4
aggregate 60-4
microflow 60-4
trust state 62-10
QoS port-based or VLAN-based 62-12
QoS receive queue 62-18
QoS statistics data export 65-2
configuring 65-2
configuring destination host 65-7
configuring time interval 65-6, 65-8
QoS transmit queues 61-6, 62-15, 62-16
QoS VLAN-based or port-based 62-12
queries, IGMP 43-4
queries, MLDv2 42-6
RADIUS 75-6
RADIUS. See also port-based authentication. 80-7
command 52-3
macro 10-2
rapid convergence 28-14
enabling 28-36
interoperation with MST 29-20
overview 28-3
recirculation 34-5
described 80-25
reduced MAC address 28-3
redundancy (RPR+) 8-1
configuring 8-4
configuring supervisor engine 8-2
displaying supervisor engine configuration 8-5
redundancy command 8-4
related documentation 1-xliii
Remote Authentication Dial-In User Service. See RADIUS.
report, MLD 42-5
configuring 80-43
described 80-19
using with IEEE 802.1x 80-19
restricting MIB access 83-10, 83-11
CEF 30-2
IP MMLS 40-5
RHI 4-49
RIF cache monitoring 10-12
CLI 2-7
MST 29-20
PVST simulation 29-20
root bridge, STP 28-29
MSTP 28-39
route-map (IP) command 31-4
defining 31-4
router guard 46-1
failure 40-7
non-RPF multicast 40-7
RPR and RPR+ support IPv6 multicast traffic 8-1
active topology 28-13
format 28-16
processing 28-17
designated port, defined 28-13
designated switch, defined 28-13
interoperability with IEEE 802.1D
described 28-24
restarting migration process 28-47
topology changes 28-17
overview 28-13
described 28-13
synchronized 28-15
proposal-agreement handshake process 28-14
described 28-14
edge ports and Port Fast 28-14
point-to-point links 28-14, 28-46
root ports 28-14
root port, defined 28-13
secondary VLANs 24-6
Secure MAC Address Aging Type 82-9
configuring 68-1
security, port 82-3
security considerations 83-9
Security Exchange Protocol (SXP) 67-2
Security Group Access Control List (SGACL) 67-2
Security Group Tag (SGT) 67-2
description 50-12
clearing 10-13
maintaining 10-13
description 50-12
configuration mode 38-5
creating 38-4
defined 38-4
service-policy input command 60-17, 61-15, 62-4, 62-6, 64-25, 73-4
service-provider network, MSTP and RSTP 28-18
set default interface command 31-4
set interface command 31-4
set ip default next-hop command 31-4
PBR 31-4
set ip next-hop command 31-4
PBR 31-4
PBR 31-4
set power redundancy enable/disable command 12-2
set requests 83-7, 83-8, 83-11
setting up lawful intercept 83-7
SGACL 67-2
SGT 67-2
configuring 64-30
show authentication command 80-52
show catalyst6000 chassis-mac-address command 28-4
show dot1x interface command 80-36
show eobc command 10-12
show history command 2-4
show ibc command 10-12
show interfaces command 10-8, 10-9, 10-12, 18-6, 18-13
clearing interface counters 10-12
displaying, speed and duplex mode 10-6
show ip local policy command 31-5
show mab command 80-55
show module command 8-5
show platform aging command 49-4
show platform entry command 30-5
show platform ip multicast group command
displaying IP MMLS group 40-27
show platform ip multicast interface command
displaying IP MMLS interface 40-27
show platform ip multicast source command
displaying IP MMLS source 40-27
show platform ip multicast statistics command
displaying IP MMLS statistics 40-27
show platform ip multicast summary
displaying IP MMLS configuration 40-27
show protocols command 10-12
show rif command 10-12
show running-config command 10-12
displaying ACLs 70-7, 70-8
show svclc rhi-routes command 4-49
show version command 10-12
shutdown command 10-13
result 10-13
slot number, description 10-2
smart call home 50-1
description 50-4
destination profile (note) 50-21
registration requirements 50-4
service contract requirements 50-2
Transport Gateway (TG) aggregation point 50-3
smart call home registration 50-4
smart port macros 3-1
configuration guidelines 3-2
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-4
defined 3-4
displaying 3-15
tracing 3-2
configuring 83-10
default view 83-9
get and set requests 83-7, 83-8, 83-11
notifications 83-9, 83-12
support and documentation 1-7
SNMP-COMMUNITY-MIB 83-9
SNMP-USM-MIB 83-4, 83-9
SNMP-VACM-MIB 83-4, 83-9
call home event format 50-11
source specific multicast with IGMPv3, IGMP v3lite, and URD 40-26
configuration guidelines 53-2
configuring 53-12
sources 53-16, 53-19, 53-21, 53-22, 53-24, 53-25, 53-26, 53-28
VLAN filtering 53-30
destination port support on EtherChannels 53-12, 53-19, 53-22, 53-24, 53-25, 53-29
distributed egress 53-10, 53-15
modules that disable for ERSPAN 53-7
input packets with don’t learn option
ERSPAN 53-28, 53-29
local SPAN 53-17, 53-18, 53-19
RSPAN 53-22, 53-23, 53-25
understanding 53-12
local SPAN egress session increase 53-3, 53-16
overview 53-7
SPAN Destination Port Permit Lists 53-15
command 29-15, 29-16
command example 29-15, 29-16
command 28-33
command example 28-33
command 29-2, 29-3, 29-4
command example 29-3, 29-4
spanning-tree portfast bpdu-guard
command 29-8
command 28-31
spanning-tree protocol for bridging 32-1
command 29-13
command example 29-13
command 28-27, 28-29, 28-30, 28-31, 29-8, 29-17
command example 28-28, 28-29, 28-30, 28-31
command 28-33
spanning-tree vlan forward-time
command 28-35
command example 28-35
command 28-35
command example 28-35
command 28-36
command example 28-36
spanning-tree vlan port-priority
command 28-31
command example 28-32
command 28-34
command example 28-34
configuring interface 10-4
speed command 10-4
autonegotiation status 10-6
standards, lawful intercept 83-4
standby links 19-2
description 80-25
802.1X 80-51, 81-15
sticky ARP 73-7
sticky MAC address 82-3
Sticky secure MAC addresses 82-8, 82-9
configuring 28-26
bridge priority 28-34
enabling 28-27, 28-28
forward-delay time 28-35
hello time 28-35
maximum aging time 28-36
port cost 28-32
port priority 28-31
root bridge 28-29
secondary root switch 28-30
defaults 28-25
EtherChannel 20-7
normal ports 29-3
understanding 28-2
802.1Q Trunks 28-12
Blocking State 28-8
BPDUs 28-4
disabled state 28-12
forwarding state 28-11
learning state 28-10
listening state 28-9
overview 28-3
port states 28-6
protocol timers 28-5
root bridge election 28-5
topology 28-5
configuring 29-15
adding a switch 29-18
command 29-15, 29-16
command example 29-15, 29-16
understanding 29-13
configuring 29-7
spanning-tree portfast bpdu-guard
command 29-8
understanding 29-7
STP bridge ID 28-3
STP EtherChannel guard 29-16
description ?? to 29-20
configuring 29-19
overview 29-17
configuring 29-10
BPDU filtering 29-9
configuring 29-2
command 29-2, 29-3, 29-4
command example 29-3, 29-4
understanding 29-2
normal 29-3
STP root guard 29-17
configuring 29-12
command 29-13
command example 29-13
understanding 29-11
subdomains, private VLAN 24-5
environmental monitoring 13-1
redundancy 8-1
synchronizing configurations 8-5
configuring 8-2
displaying redundancy configuration 8-5
supplicant 80-7
surveillance 83-7
svclc command 4-48
Switched Port Analyzer 53-1
switch fabric functionality 9-1
configuring 9-3
monitoring 9-4
configuring 18-14
example 18-13
show interfaces 10-8, 10-9, 18-6, 18-13
switchport access vlan 18-6, 18-7, 18-10, 18-14
example 18-15
switchport mode access 18-4, 18-6, 18-7, 18-14
example 18-15
switchport mode dynamic 18-9
switchport mode dynamic auto 18-4
switchport mode dynamic desirable 18-4
default 18-5
example 18-13
switchport mode trunk 18-4, 18-9
switchport nonegotiate 18-4
switchport trunk allowed vlan 18-11
switchport trunk encapsulation 18-7, 18-9
switchport trunk encapsulation dot1q
example 18-13
switchport trunk encapsulation negotiate
default 18-5
switchport trunk native vlan 18-11
switchport trunk pruning vlan 18-12
MSTP 28-43
foreground execution 55-2
running 55-3
viewing 55-3
SXP 67-2
system event archive (SEA) 51-1
System Hardware Capacity 1-3
checking cable connectivity 10-14
enabling and disabling test 10-14
guidelines 10-14
accessing CLI 2-2
Time Domain Reflectometer 10-14
host presence detection 16-4, 80-14, 82-4
and ARP 56-2
and CDP 56-1
described 56-2
IP addresses and subnets 56-2
MAC addresses and VLANs 56-2
multicast traffic 56-2
multiple devices on a port 56-2
unicast traffic 56-2
usage guidelines 56-1
broadcast 78-4
described 78-2
monitoring 78-5
thresholds 78-2
trunks 18-4
802.1Q Restrictions 18-2
allowed VLANs 18-11
configuring 18-8
default interface configuration 18-6
default VLAN 18-10
different VTP domains 18-4
native VLAN 18-11
to non-DTP device 18-4
VLAN 1 minimization 18-12
trusted boundary 16-6
trusted boundary (extended trust for CDP devices) 16-4
trustpoint 50-2
tunneling 64-4, 64-26
See 802.1Q 26-4
configuration 33-5
overview 33-4
UDE and UDLR 33-1
default configuration 11-3
globally 11-3
on ports 11-4
overview 11-2
UDLR 33-1
back channel 33-3
configuration 33-6
(example) 33-7
ARP and NHRP 33-4
UDLR (unidirectional link routing) 33-1
UDP port for SNMP notifications 83-12
UMFB 79-2
unauthorized ports with 802.1X 80-12
Unidirectional Ethernet 33-1
example of setting 33-5
UniDirectional Link Detection Protocol
configuring 64-34
unknown multicast flood blocking
unknown unicast and multicast flood blocking 79-1
unknown unicast flood blocking
unknown unicast flood rate-limiting
URD 40-26
User-Based Rate Limiting 60-6, 60-15
user EXEC mode 2-5
UUFB 79-2
UUFRL 79-2
VACLs 71-2
examples 71-5
Layer 3 VLAN interfaces 71-5
Layer 4 port operations 66-2
configuration example 71-7
configuring 71-7
restrictions 71-7
MAC address based 71-2
multicast packets 70-6
SVIs 71-5
WAN interfaces 71-2
virtual private LAN services (VPLS) 37-1
associating attachment circuit with the VSI at the PE 37-13
basic configuration 37-2
configuration example 37-18
configuring MPLS in the PE 37-11
configuring PE layer 2 interface to the CE 37-7
configuring the VFI in the PE 37-12
overview 37-2
restrictions 37-2
services 37-5
command 23-5, 23-6, 53-20
command example 23-6
VLAN-based QoS filtering 66-10
VLAN-bridge spanning-tree protocol 32-1
command 23-5, 23-6, 53-20
vlan group command 80-42
VLAN locking 23-4
command 23-8, 23-9
applying 70-8
VLAN mode 36-3
VLAN port provisioning verification 23-4
allowed on trunk 18-11
configuration guidelines 23-2
configuring 23-1
configuring (tasks) 23-4
defaults 23-3
extended range 23-3
interface assignment 23-6
multicast 44-2
name (default) 23-3
normal range 23-3
reserved range 23-3
support for 4,096 VLANs 23-2
token ring 23-3
understanding 18-4
understanding 23-2
VLAN 1 minimization 18-12
VTP domain 23-4
command example 23-8, 23-9
Cisco 7960 phone, port connections 16-2
configuration guidelines 16-1
configuring IP phone for data traffic
override CoS of incoming frame 16-6, 17-4
configuring ports for voice traffic in
802.1Q frames 16-5
connecting to an IP phone 16-5
default configuration 16-4
overview 16-2
voice VLAN. See also port-based authentication. 80-22
configuration example 35-4
guidelines and restrictions 35-2
VPN supported commands 35-2
VPN switching 35-1
Enhanced PAgP, advantages 4-23
Enhanced PAgP, description 4-23
enhanced PAgP, description 4-43
fast-hello, advantages 4-23
fast-hello, description 4-23
VSLP fast-hello, configuration 4-44
advertisements 22-4, 22-5
client, configuring 22-15
configuration guidelines 22-1
default configuration 22-9
disabling 22-15
domains 22-3
VLANs 23-4
client 22-4
server 22-4
transparent 22-4
monitoring 22-17
overview 22-2
per-port enable and disable 22-16
configuration 18-12
configuring 22-12
overview 22-7
server, configuring 22-15
statistics 22-17
transparent mode, configuring 22-15
enabling 22-13
overview 22-5
enabling 22-13
overview 22-6
server type, configuring 22-11
wake-on-LAN. See also port-based authentication. 80-28
AAA fail policy 81-5
description 81-2
web browser interface 1-7
wiretaps 83-4