- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Ugrade (eFSU)
- NSF with SSO Supervisor Engine Redundancy
- RPR Supervisor Engine Redundancy
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Power Management and Environmental Monitoring
- EnergyWise
- Online Diagnostics
- Onboard Failure Logging
- Switch Fabric Functionality
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Ports
- Flex Links
- EtherChannels
- mLACP for Server Access
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- STP and MST
- Optional STP Features
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- L2VPN Advanced VPLS (A-VPLS)
- IP Unicast Layer 3 Switching
- IPv6 Multicast Layer 3 Switching
- MLD Snooping for IPv6 Multicast Traffic
- IPv4 Multicast Layer 3 Switching
- IGMP Snooping and MVR for IPv4 Multicast Traffic
- Configuring MVR for IPv4 Multicast Traffic
- IPv4 IGMP Filtering and Router Guard
- PIM Snooping
- IPv4 Multicast VPN Support
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Network Security
- AutoSecure
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- Port ACLs (PACLs) and VLAN ACLs (VACLs)
- Denial of Service Protection
- Control Plane Policing (CoPP)
- DHCP Snooping
- IP Source Guard
- Dynamic ARP Inspection
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- Network Admission Control (NAC)
- IEEE 802.1X Port-Based Authentication
- Web-Based Authentication
- Port Security
- NetFlow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- Ethernet Services Line Cards
- Online Diagnostic Tests
- Acronyms
Numerics -
A -
B -
C -
D -
E -
F -
G -
H -
I -
J -
K -
L -
M -
N -
O -
P -
Q -
R -
S -
T -
U -
V -
W -
X -
Index
Numerics
4K VLANs (support for 4,096 VLANs) 23-2
802.1AE Tagging 50-2
802.1Q
encapsulation 17-4
Layer 2 protocol tunneling
See Layer 2 protocol tunneling
mapping to ISL VLANs 23-7, 23-10
trunks 17-3
restrictions 17-5
tunneling
configuration guidelines 26-3
configuring tunnel ports 26-6
overview 26-1
802.1Q Ethertype
specifying custom 17-18
802.1X
802.1x accounting 60-48
802.3ad
802.3af 16-2
802.3at 16-2
802.3x Flow Control 8-13
A
AAA 47-1, 48-1, 49-1, 52-1, 53-1
AAA (authentication, authorization, and accounting). See also port-based authentication. 60-1, 61-2
aaa accounting dot1x command 60-48
aaa accounting system command 60-48
abbreviating commands 2-5
access control entries and lists 47-1, 48-1, 49-1, 52-1, 53-1
access-enable host timeout (not supported) 49-2
access port, configuring 17-16
accounting
with 802.1x 60-48
with IEEE 802.1x 60-12
ACEs and ACLs 47-1, 48-1, 49-1, 52-1
ACLs
downloadable 61-7
downloadable (dACLs) 60-20
Filter-ID 60-21
per-user 60-20
port, defined 51-2
redirect URL 60-21
static sharing 60-22
advertisements, VTP 22-3
aggregate policing
aging time
accelerated
for MSTP 28-47
maximum
for MSTP 28-48
aging-time
IP MLS 63-11
alarms
major 10-12
minor 10-12
Allow DHCP Option 82 on Untrusted Port
configuring 54-11
understanding 54-3
any transport over MPLS (AToM) 32-17
compatibility with previous releases of AToM 32-19
Ethernet over MPLS 32-19
ARP ACL 43-72
ARP spoofing 56-1
AToM 32-17
audience 1-xli
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) 52-1, 53-1
authentication control-direction command 60-62
authentication event command 60-50
authentication failed VLAN
authentication open comand 60-11
authentication password, VTP 22-4
authentication periodic command 60-42, 60-59
authentication port-control command 60-50
authentication timer reauthenticate command 60-43
authorized ports with 802.1X 60-8
auto enablement 60-28
automatic FPD image upgrade
(example) A-56
disabling A-53
re-enabling A-53
automatic QoS
configuration guidelines and restrictions 44-3
macros 44-3
overview 44-1
AutoQoS 44-1
auto-sync command 7-4
auxiliary VLAN
B
BackboneFast
backup interfaces
binding database, DHCP snooping
See DHCP snooping binding database
binding table, DHCP snooping
See DHCP snooping binding database
blocking floods 58-1
blocking state, STP 28-7
BPDU
RSTP format 28-16
BPDU guard
BPDUs
Bridge Assurance 29-3
Shared Spanning Tree Protocol (SSTP) 29-12
Bridge Assurance
inconsistent state 29-3
supported protocols and link types 29-3
bridge groups 30-2
bridge ID
bridge priority, STP 28-35
bridge protocol data units
bridging 30-2
broadcast storms
C
Call Home
description 65-2
message format options 65-2
messages
format options 65-2
call home 65-1
alert groups 65-13
contact information 65-4
default settings 65-3
destination profiles 65-5
displaying information 65-23
pattern matching 65-16
periodic notification 65-15
rate limit messages 65-11
severity threshold 65-15
smart call home feature 65-3
SMTP server 65-4
testing communications 65-16
call home alert groups
configuring 65-13
description 65-14
subscribing 65-14
call home customer information
entering information 65-4
call home destination profiles
attributes 65-6
description 65-6
displaying 65-25
call home notifications
full-txt format for syslog 65-37
XML format for syslog 65-37
CDP
host presence detection 60-10, 62-3
to configure Cisco phones 15-2
CEF 34-1
configuring
RP 34-5
supervisor engine 34-5
examples 34-3
Layer 3 switching 34-2
packet rewrite 34-2
CEF for PFC2
certificate authority (CA) 65-4
CGMP 38-8
disabling automatic detection 38-14
Change of Authorization
channel-group group
command 19-9, 19-14, 19-15, 19-16, 19-17
Cisco Discovery Protocol
Cisco Emergency Responder 15-3
Cisco EnergyWise 11-1
Cisco Express Forwarding 32-3
Cisco Group Management Protocol
Cisco IOS Unicast Reverse Path Forwarding 47-2
CISP 60-28
CIST regional root
CIST root
class command 43-76
class-map command 43-68
class map configuration 43-73
clear authentication sessions command 60-45
clear counters command 8-18
clear dot1x command 60-44
clear interface command 8-18
clear mls ip multicast statistics command
clears IP MMLS statistics 37-28
CLI
accessing 2-2
backing out one level 2-5
console configuration mode 2-5
getting list of commands 2-5
global configuration mode 2-5
history substitution 2-4
interface configuration mode 2-5
privileged EXEC mode 2-5
ROM monitor 2-7
software basics 2-4
Client Information Signalling Protocol
CoA
description 60-25
command line processing 2-3
commands
commands, getting list of 2-5
Committed Access Rate (CAR), not supported 43-2
community ports 24-3
Concurrent routing and bridging (CRB) 30-2
configuration example
EoMPLS VLAN mode 32-21
configure terminal command 8-2, A-61
configuring 43-75
console configuration mode 2-5
control plane policing
CoPP 53-1
applying QoS service policy to control plane 53-3
configuring
ACLs to match traffic 53-3
enabling MLS QoS 53-3
packet classification criteria 53-3
service-policy map 53-3
control plane configuration mode
entering 53-3
displaying
dynamic information 53-4
number of conforming bytes and packets 53-4
rate information 53-4
entering control plane configuration mode 53-3
monitoring statistics 53-4
overview 53-1
packet classification guidelines 53-4
traffic classification
defining 53-6
guidelines 53-7
overview 53-6
sample ACLs 53-7
sample classes 53-6
CoS
counters
clearing interface 8-18
critical authentication 60-4
critical authentication, IEEE 802.1x 60-53
CSCsr62404 8-14
CSCtc21076 49-8
CSCtd34068 43-53
CSCte95941 43-55
customer contact information
entering for call home 65-4
D
dACL
See ACLs, downloadable 60-20
deactivation, verifying for ES+ modules A-60
debug commands
IP MMLS 37-28
DEC spanning-tree protocol 30-2
default configuration
dynamic ARP inspection 56-5
Flex Links 18-4
IP MMLS 37-9
MSTP 28-39
MVR 39-4
UDLD 9-4
voice VLAN 15-4
VTP 22-8
default NDE configuration 64-10
default VLAN 17-12
deficit weighted round robin 43-110
denial of service protection
description command 8-16
destination-ip flow mask 63-2
destination-source-ip flow mask 63-3
device IDs
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 54-5
overview 54-3
packet format, suboption
circuit ID 54-5
remote ID 54-5
remote ID suboption 54-5
DHCP option 82 allow on untrusted port 54-11
DHCP snooping
802.1X data insertion 60-11
binding database
See DHCP snooping binding database
configuration guidelines 54-7
configuring 54-9
default configuration 54-7
detecting spurious servers 54-14
displaying binding tables 54-19
enabling 54-9, 54-10, 54-11, 54-12, 54-13, 54-14, 54-15
enabling the database agent 54-16
message exchange process 54-4
option 82 data insertion 54-3
overview 54-1
Snooping database agent 54-5
DHCP snooping binding database
described 54-3
entries 54-3
DHCP snooping binding table
See DHCP snooping binding database
DHCP Snooping Database Agent
adding to the database (example) 54-19
enabling (example) 54-16
overview 54-5
reading from a TFTP file (example) 54-18
DHCP snooping increased bindings limit 54-7, 54-16
differentiated services codepoint
DiffServ
configuring short pipe mode 45-34
configuring uniform mode 45-39
short pipe mode 45-31
uniform mode 45-32
DiffServ tunneling modes 45-4
Disabling PIM Snooping Designated Router Flooding 41-6
distributed Cisco Express Forwarding
distributed egress SPAN 68-5, 68-18
documentation, related 1-xli
DoS protection
configuration guidelines and restrictions 52-13
default configurations 52-13
egress ACL bridget packet rate limiters 52-7
FIB glean rate limiters 52-9
FIB receive rate limiters 52-8
ICMP redirect rate limiters 52-9
IGMP unreachable rate limiters 52-8
ingress ACL bridget packet rate limiters 52-7
IP errors rate limiters 52-11
IPv4 multicast rate limiters 52-11
IPv6 multicast rate limiters 52-12
Layer 2 PDU rate limiters 52-10
Layer 2 protocol tunneling rate limiters 52-10
Layer 3 security features rate limiters 52-9
monitoring packet drop statistics
using monitor session commands 52-14, 52-15
using VACL capture 52-16
MTU failure rate limiters 52-10
multicast directyly connected rate limiters 52-11
multicast FIB miss rate limiters 52-11
multicast IGMP snooping rate limiters 52-10
network under SYN attack 52-4
QoS ACLs 52-2
security ACLs 52-2
TCP intercept 52-4
traffic storm control 52-3
TTL failure rate limiter 52-8
understanding how it works 52-2
uRPF check 52-3
uRPF failure rate limiters 52-7
VACL log rate limiters 52-9
dot1x auth-fail max-attempts command 60-52
dot1x critical command 60-55
dot1x initialize interface command 60-44
dot1x mac-auth-bypass command 60-57
dot1x max-reauth-req command 60-47
dot1x max-req command 60-47
dot1x pae authenticator command 60-36
dot1x port-control command 60-50
dot1x re-authenticate interface command 60-43
dot1x reauthentication command 60-42
dot1x timeout quiet-period command 60-45
dot1x timeout reauth-period command 60-43
DSCP
DSCP-based queue mapping 43-101
duplex mode
autonegotiation status 8-9
configuring interface 8-7
DWRR 43-110
dynamic ARP inspection
ARP cache poisoning 56-2
ARP requests, described 56-2
ARP spoofing attack 56-2
clearing
log buffer 56-15
statistics 56-15
configuration guidelines 56-6
configuring
logging system messages 56-13
rate limit for incoming ARP packets 56-4, 56-9
default configuration 56-5
denial-of-service attacks, preventing 56-9
described 56-1
DHCP snooping binding database 56-3
displaying
ARP ACLs 56-14
configuration and operating state 56-15
log buffer 56-15
statistics 56-15
trust state and rate limit 56-15
error-disabled state for exceeding rate limit 56-4
function of 56-2
interface trust states 56-3
log buffer
clearing 56-15
displaying 56-15
logging of dropped packets, described 56-5
logging system messages
configuring 56-13
man-in-the middle attack, described 56-2
network security issues and interface trust states 56-3
priority of ARP ACLs and DHCP snooping entries 56-4
rate limiting of ARP packets
configuring 56-9
described 56-4
error-disabled state 56-4
statistics
clearing 56-15
displaying 56-15
validation checks, performing 56-11
Dynamic Host Configuration Protocol snooping
E
EAC 50-2
EAPOL. See also port-based authentication. 60-1
eFSU
for a virtual switching system 4-54
eFSU, See Enhanced Fast Software Upgrade (eFSU)
eFSU. See enhanced Fast Software Upgrade (eFSU)
Egress ACL support for remarked DSCP 43-13
egress ACL support for remarked DSCP 43-63
egress replication performance improvement 37-15
egress SPAN 68-5
e-mail addresses
assigning for call home 65-4
e-mail notifications
Call Home 65-2
enable mode 2-5
enable sticky secure MAC address 62-9
enabling
IP MMLS
on router interfaces 37-13
encapsulation 17-4
Endpoint Admission Control (EAC) 50-2
EnergyWise 11-1
enhanced Fast Software Upgrade (eFSU)
aborting (issu abortversion command) 5-13
accepting the new software version 5-11
commiting the new software to standby RP (issu commitversion command) 5-12
displaying maximum outage time for module 5-10
error handling 5-4
forcing a switchover (issu runversion command) 5-10
issu loadversion command 5-8
loading new software onto standby RP 5-8
memory reservation on module 5-3
memory reservation on module, prohibiting 5-3
OIR not supported 5-4
operation 5-2
outage times 5-3
restrictions 5-4
steps 5-5
verifying redundancy mode 5-7
environmental monitoring
LED indications 10-12
SNMP traps 10-12
supervisor engine and switching modules 10-12
Syslog messages 10-12
using CLI commands 10-10
EOBC
for MAC address table synchronization 17-2
EoMPLS 32-17
configuring 32-19
configuring VLAN mode 32-19
guidelines and restrictions 32-18
port mode 32-19
port mode configuration guidelines 32-23
VLAN mode 32-19
ERSPAN 68-1
ES+ module
activation (example) A-61
deactivating A-60
deactivation (example) A-61
reactivating A-60
restrictions A-2
EtherChannel
channel-group group
command 19-9, 19-14, 19-15, 19-16, 19-17
configuration guidelines 4-30, 19-6
configuring
configuring (tasks) 4-29, 19-8
DFC restriction, see CSCdt27074 in the Release Notes
interface port-channel
command example 19-8
interface port-channel (command) 19-8
lacp system-priority
command example 19-11
Layer 2
load balancing
configuring 19-12
understanding 19-5
modes 19-3
PAgP
understanding 19-3
port-channel interfaces 19-5
port-channel load-balance
command example 19-12
STP 19-5
switchport trunk encapsulation dot1q 19-6
EtherChannel Guard
Ethernet
setting port duplex 8-15
Ethernet over MPLS (EoMPLS) configuration
EoMPLS port mode 32-23
EoMPLS VLAN mode 32-20
event tracer feature A-58
EXP mutation 45-4
extended range VLANs 23-2
extended system ID
MSTP 28-41
Extensible Authentication Protocol over LAN. See EAPOL.
F
fabric switching mode
fabric switching-mode allow dcef-only command on Supervisor Engine 720 6-2
fabric switchover 6-9
fall-back bridging 30-2
fastethernet 8-2
fast fabric switchover 6-9
fast link notification
on VSL failure 4-13
fiber-optic, detecting unidirectional links 9-1
FIB TCAM 32-3
filters, NDE
destination host filter, specifying 64-17
destination TCP/UDP port, specifying 64-16
protocol 64-17
source host and destination TCP/UDP port 64-16
Flex Links 18-1
configuration guidelines 18-4
configuring 18-4
default configuration 18-4
description 18-1
monitoring 18-5
flood blocking 58-1
flow control 8-13
flow masks
IP MLS
destination-ip 63-2
destination-source-ip 63-3
ip-full 63-3
minimum 63-10
overview 64-3
flows
IP MMLS
completely and partially switched 37-4
forward-delay time
MSTP 28-47
forward-delay time, STP 28-36
FPD image packages
displaying default information A-56
modifying the default pathA-55to A-56
overview A-49
version number requirements A-50
FPD images
displaying minimum and current versions A-56
manually upgrading A-54
upgrade scenarios A-51
upgrading in productionA-52to A-53
FPDs (field-programmable devices), description A-49
frame distribution
See EtherChannel load balancing
FSU
for a virtual switching system 4-54
FTP server, downloading FPD images toA-54to A-55
G
global configuration mode 2-5
guest VLAN and 802.1x 60-15
guidelines 25-6
H
hardware Layer 3 switching
guidelines 34-4
hello time
MSTP 28-46
hello time, STP 28-36
hierarchical QoS A-31
High Capacity Power Supply Support 10-4
history
CLI 2-4
host mode
host ports
kinds of 24-3
host presence CDP message 15-3, 60-10
host presence TLV message 62-3
http
//www-tac.cisco.com/Teams/ks/c3/xmlkwery.php?srId=612293409 19-7
hw-module subslot shutdown command A-61
I
ICMP unreachable messages 49-3
IDs
serial IDs 65-34
IEEE 802.1Q
IEEE 802.1Q Ethertype
specifying custom 17-18
IEEE 802.1Q Tagging on a Per-Port Basis 26-7
IEEE 802.1w
IEEE 802.1x
authentication failed VLAN 60-16
critical ports 60-17
DHCP snooping 60-11
guest VLAN 60-15
MAC authentication bypass 60-23
network admission control Layer 2 validation 60-24
port security interoperability 60-19
RADIUS-supplied session timeout 60-42
voice VLAN 60-18
wake-on-LAN support 60-25
IEEE 802.3ad
IEEE 802.3af 16-2
IEEE 802.3at 16-2
IEEE 802.3x Flow Control 8-13
IEEE bridging protocol 30-2
IGMP
configuration guidelines 36-8, 38-7
enabling 38-9
general query interval
Internet Group Management Protocol 38-1
join messages 38-2
leave processing
enabling 38-13
queries 38-3
query interval
configuring 38-13
snooping
fast leave 38-5
joining multicast group 38-2, 40-2
leaving multicast group 38-4, 40-4
snooping querier
enabling 38-10
IGMPv3 37-11
IGMP v3lite 37-11
ignore port trust 43-9, 43-16, 43-60, 43-77
inaccessible authentication bypass 60-17
ingress SPAN 68-5
Integrated routing and bridging (IRB) 30-2
interface
configuration mode 2-5
Layer 2 modes 17-4
number 8-2
interface port-channel
command example 19-8
interface port-channel (command) 19-8
interfaces
configuring 8-2
configuring, duplex mode 8-7
configuring, speed 8-7
configururing, overview 8-2
counters, clearing 8-18
descriptive name, adding 8-16
displaying information about 8-17
maintaining 8-17
monitoring 8-17
naming 8-16
range of 8-4
restarting 8-19
shutting down
task 8-19
interfaces command 8-2
interfaces range command 8-4, 67-2
interfaces range macro command 8-6
internal VLANs 23-2
Internet Group Management Protocol
IP accounting, IP MMLS and 37-10
IP CEF
topology (figure) 34-4
ip flow-export destination command 64-14
ip flow-export source command 63-14, 64-13, 64-14, 70-3, 70-4
ip-full flow mask 63-3
ip http server 1-6
IP MLS
aging-time 63-11
flow masks
destination-ip 63-2
destination-source-ip 63-3
ip-full 63-3
minimum 63-10
overview 64-3
IP MMLS
cache, overview 37-2
configuration guideline 37-10
debug commands 37-28
default configuration 37-9
enabling
on router interfaces 37-13
flows
completely and partially switched 37-4
Layer 3 MLS cache 37-2
overview 37-2
packet rewrite 37-3
router
enabling globally 37-11
enabling on interfaces 37-13
multicast routing table, displaying 37-22
PIM, enabling 37-12
switch
statistics, clearing 37-28
unsupported features 37-10
IP multicast
IGMP snooping and 38-9
MLDv2 snooping and 36-10
IP multicast MLS
ip multicast-routing command
enabling IP multicast 37-12
IP phone
configuring 15-5
ip pim command
enabling IP PIM 37-12
IP Source Guard
configuring 55-3
configuring on private VLANs 55-4
overview 55-1
IP unnumbered 30-2
IPv4 Multicast over Point-to-Point GRE Tunnels 1-6
IPv4 Multicast VPN 42-1
IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 35-1
IPv6 QoS 43-55
ISL encapsulation 17-4
ISL trunks 17-3
isolated port 24-3
J
join messages, IGMP 38-2
jumbo frames 8-10
K
keyboard shortcuts 2-3
L
label edge router 32-2
label switched path 32-19
label switch router 32-2, 32-4
LACP
system ID 19-4
Layer 2
configuring interfaces 17-6
access port 17-16
trunk 17-10
defaults 17-5
interface modes 17-4
show interfaces 8-12, 8-13, 17-7, 17-15
switching
understanding 17-1
trunks
understanding 17-3
VLAN
interface assignment 23-6
Layer 2 Interfaces
configuring 17-1
Layer 2 protocol tunneling
configuring Layer 2 tunnels 27-2
overview 27-1
Layer 2 remarking 43-15
Layer 2 Traceroute 71-1
Layer 2 traceroute
and ARP 71-2
and CDP 71-2
described 71-1
IP addresses and subnets 71-2
MAC addresses and VLANs 71-2
multicast traffic 71-2
multiple devices on a port 71-2
unicast traffic 71-1
usage guidelines 71-2
Layer 3
IP MMLS and MLS cache 37-2
Layer 3 switched packet rewrite
CEF 34-2
Layer 3 switching
CEF 34-2
Layer 4 port operations (ACLs) 49-10
leave processing, IGMP
enabling 38-13
leave processing, MLDv2
enabling 36-12
Link Failure
detecting unidirectional 28-25
link negotiation 8-8
link redundancy
LLDP-MED
configuring
TLVs 16-8
LLQ A-27
Load Balancing 32-8
Local Egress Replication 37-15
logical operation unit
loop guard
LOU
description 49-11
determining maximum number of 49-11
M
MAC address-based blocking 47-2
MAC address table notification 17-8
mac-address-table synchronize command 17-3
MAC authentication bypass. See also port-based authentication. 60-23
MAC move (port security) 62-2
macros 3-1
MACSec 50-2
magic packet 60-25
main-cpu command 7-4
mapping 802.1Q VLANs to ISL VLANs 23-7, 23-10
markdown
marking A-16
match access-group command A-7
match cos command A-7
match input vlan command A-7
match ip dscp command A-7
match ip precedence command A-7
match mpls experimental command A-7
match vlan command A-7
maximum aging time
MSTP 28-48
maximum aging time, STP 28-37
maximum hop count, MSTP 28-48
MEC
configuration 4-44
described 4-14
failure 4-15
port load share deferral 4-16
microflow policing rule
Mini Protocol Analyzer 72-1
Min-Links 19-14
MLD
report 36-4
MLD snooping
query interval
configuring 36-12
MLDv1 36-8
MLDv2 36-1
enabling 36-10
leave processing
enabling 36-12
queries 36-5
snooping
fast leave 36-7
joining multicast group 36-4
leaving multicast group 36-6
understanding 36-2
snooping querier
enabling 36-9
understanding 36-2
MLDv2 Snooping 36-1
MLS
configuring threshold 37-16
RP
threshold 37-16
mls aging command
configuring IP MLS 63-12
mls flow command
configuring IP MLS 63-11, 63-15, 64-12
mls ip multicast command
mls nde flow command
configuring a host and port filter 64-16
configuring a host flow filter 64-17
configuring a port filter 64-16
configuring a protocol flow filter 64-17
mls nde sender command 64-11
monitoring
Flex Links 18-5
private VLANs 24-17
MPLS 32-2
aggregate label 32-2
any transport over MPLS 32-17
basic configuration 32-8
core 32-4
DiffServ Tunneling Modes 45-30
egress 32-4
experimental field 45-3
guidelines and restrictions 32-7
hardware-supported features 32-5
ingress 32-3
IP to MPLS path 32-3
labels 32-2
Layer 2 VPN load balancing 32-8
MPLS to IP path 32-4
MPLS to MPLS path 32-4
nonaggregate lable 32-2
QoS default configuration 45-15
supported commands 32-7
traffic engineering A-33
VPN 45-12
VPN guidelines and restrictions 32-14
mpls l2 transport route command 32-19
MPLS QoS
Classification 45-2
Class of Service 45-2
commands 45-16
configuring a class map 45-20
configuring a policy map 45-22
configuring egress EXP mutation 45-28
configuring EXP Value Maps 45-29
Differentiated Services Code Point 45-2
displaying a policy map 45-27
E-LSP 45-2
enabling QoS globally 45-18
EXP bits 45-2
features 45-3
IP Precedence 45-2
QoS Tags 45-2
queueing-only mode 45-19
MPLS QoS configuration
class map to classify MPLS packets 45-20
MPLS VPN
limitations and restrictions 32-14
MQC 43-1
not supported
CAR 43-2
queuing 43-2
supported
policy maps 43-3
MST
interoperation with Rapid PVST+ 29-11
root bridge 29-12
MSTP
boundary ports
configuration guidelines 28-39
described 28-23
CIST, described 28-20
CIST root 28-22
configuration guidelines 28-39
configuring
forward-delay time 28-47
hello time 28-46
link type for rapid convergence 28-48
maximum aging time 28-48
maximum hop count 28-48
MST region 28-40
neighbor type 28-49
path cost 28-44
port priority 28-43
root switch 28-41
secondary root switch 28-43
switch priority 28-45
CST
defined 28-20
operations between regions 28-21
default configuration 28-39
displaying status 28-50
enabling the mode 28-40
extended system ID
effects on root switch 28-41
effects on secondary root switch 28-43
unexpected behavior 28-42
IEEE 802.1s
implementation 28-24
port role naming change 28-24
terminology 28-22
interoperability with IEEE 802.1D
described 28-26
restarting migration process 28-50
IST
defined 28-20
master 28-20
operations within a region 28-20
mapping VLANs to MST instance 28-40
MST region
CIST 28-20
configuring 28-40
described 28-19
hop-count mechanism 28-23
IST 28-20
supported spanning-tree instances 28-19
overview 28-18
root switch
configuring 28-41
effects of extended system ID 28-41
unexpected behavior 28-42
status, displaying 28-50
MTU size (default) 23-4
multiauthentication (multiauth). See also port-based authentication. 60-10
multicast
IGMP snooping and 38-9
MLDv2 snooping and 36-10
NetFlow statistics 64-10
non-RPF 37-5
PIM snooping 41-4
multicast, displaying routing table 37-22
Multicast enhancement - egress replication performance improvement 37-15
Multicast Enhancement - Replication Mode Detection 37-13
multicast flood blocking 58-1
multicast groups
multicast groups, IPv6
joining 36-4
Multicast Listener Discovery version 2
multicast multilayer switching
Multicast Replication Mode Detection enhancement 37-13
multicast RPF 37-2
multicast storms
multicast television application 39-2
multicast VLAN 39-1
Multicast VLAN Registration
multicast VLAN registration (MVR)
MVR 39-1
multichassis EtherChannel
see MEC 4-14
Multidomain Authentication (MDA). See also port-based authentication. 60-10
Multilayer MAC ACL QoS Filtering 43-69
multilayer switch feature card
multiple path RPF check 47-2
Multiple Spanning Tree
MUX-UNI Support 32-26
MUX-UNI support 32-26
MVAP (Multi-VLAN Access Port). See also port-based authentication. 60-18
MVR
and IGMPv3 39-5
configuration guidelines 39-5
configuring interfaces 39-6
default configuration 39-4
described 39-1
example application 39-2
in the switch stack 39-4
multicast television application 39-2
setting global parameters 39-5
N
NAC
agentless audit support 60-24
critical authentication 60-17, 60-53
for Layer 3 interfaces 59-2, 59-14
IEEE 802.1x authentication using a RADIUS server 60-58
IEEE 802.1x validation using RADIUS server 60-58
inaccessible authentication bypass 60-53
Layer 2 IEEE 802.1x validation 60-58
Layer 2 IEEE802.1x validation 60-24
non-responsive hosts 59-6
SSO 59-12
native VLAN 17-13
NBAR 43-1
NDAC 50-2
NDE
configuration, displaying 64-17
displaying configuration 64-17
enabling 64-10
filters
destination host, specifying 64-17
destination TCP/UDP port, specifying 64-16
protocol, specifying 64-17
source host and destination TCP/UDP port, specifying 64-16
multicast 64-10
specifying
destination host filters 64-17
destination TCP/UDP port filters 64-16
protocol filters 64-17
NDE configuration, default 64-10
NDE version 8 64-3
NEAT
configuring 60-64
overview 60-27
NetFlow
table, displaying entries 34-6
Netflow Multiple Export Destinations 64-14
NetFlow search engine 37-6
NetFlow version 9 64-3
Network Admission Control
Network Admission Control (NAC) 59-1
network admission control for Layer 3 interfaces 59-2, 59-14
Network-Based Application Recognition 43-1
Network Device Admission Control (NDAC) 50-2
Network Edge Access Topology
network ports
Bridge Assurance 29-3
description 29-2
non-RPF multicast 37-5
Nonstop Forwarding
no power enable module command A-59, A-60, A-61
normal-range VLANs
no upgrade fpd auto command A-53
NSF 6-1
NSF with SSO does not support IPv6 multicast traffic. 6-1
O
online diagnostics
CompactFlash disk verification B-44
configuring 12-2
datapath verification B-14
egress datapath test B-4
error counter test B-4
interrupt counter test B-4
memory tests 12-12
overview 12-1
running tests 12-5
test descriptions B-1
understanding 12-1
online diagnostic tests B-1
online insertion and removal A-59
out-f-band MAC address table synchronization
configuring 17-8
in a VSS 4-27
out of profile
P
packet burst 52-7
packet capture 72-1
packet recirculation 43-13
packet rewrite
CEF 34-2
IP MMLS and 37-3
packets
multicast 51-7
PAgP
understanding 19-3
path cost
MSTP 28-44
PBACLs 49-3
PBF 51-14
peer inconsistent state
in PVST simulation 29-12
per-port VTP enable and disable 22-17
PFC
recirculation 32-4
PFC3 37-6
PIM, IP MMLS and 37-12
PIM snooping
designated router flooding 41-6
enabling globally 41-5
enabling in a VLAN 41-5
overview 41-4
platform cwan acl software-switched command 51-12
platform ipv4 pbr optimize tcam command 30-4
PoE 16-2
Cisco prestandard 16-2
IEEE 802.3af 16-2
IEEE 802.3at 16-2
PoE management 16-3
power policing 16-3
power use measurement 16-3
police command 43-78
policing
policy 43-67
policy-based ACLs (PBACLs) 49-3
policy-based forwarding (PBF) 51-3
policy-based routing
policy enforcement 59-7
policy map 43-75
attaching to an interface 43-82
policy-map command 43-68, 43-75
port ACLs
defined 51-2
port ACLs (PACLs) 51-1
Port Aggregation Protocol
port-based authentication
AAA authorization 60-35
accounting 60-12
configuring 60-48
authentication server
configuration guidelines 60-29, 61-7
configuring
guest VLAN 60-49
inaccessible authentication bypass 60-53
initializing authentication of a client 60-44
manual reauthentication of a client 60-43
RADIUS server parameters on the switch 60-37, 61-9
restricted VLAN 60-51
switch-to-authentication-server retransmission time 60-46
switch-to-client EAP-request frame retransmission time 60-46
switch-to-client frame-retransmission number 60-47
switch-to-client retransmission time 60-46
user distribution 60-49
VLAN group assignment 60-49
default configuration 60-34, 61-7
described 60-1
DHCP snooping 60-11
DHCP snooping and insertion 54-4
displaying statistics 60-66, 61-15
EAPOL-start frame 60-6
EAP-request/identity frame 60-6
EAP-response/identity frame 60-6
enabling
802.1X authentication 60-35, 60-37, 61-9
periodic reauthentication 60-42
encapsulation 60-3
guest VLAN
configuration guidelines 60-16, 60-17
described 60-15
host mode 60-9
inaccessible authentication bypass
configuring 60-53
described 60-17
guidelines 60-32
initiation and message exchange 60-6
MAC authentication bypass 60-23
magic packet 60-25
method lists 60-35
modes 60-9
multiauth mode, described 60-10
multidomain authentication mode, described 60-10
multiple-hosts mode, described 60-9
ports
authorization state and dot1x port-control command 60-8
authorized and unauthorized 60-8
critical 60-17
voice VLAN 60-18
port security
and voice VLAN 60-20
described 60-19
interactions 60-19
multiple-hosts mode 60-9
pre-authentication open access 60-11, 60-39
resetting to default values 60-63
supplicant, defined 60-3
switch
RADIUS client 60-3
switch supplicant
configuring 60-64
overview 60-27
user distribution
configuring 60-49
described 60-15
guidelines 60-31
VLAN assignment
AAA authorization 60-35
characteristics 60-14
configuration tasks 60-14
described 60-13
VLAN group
guidelines 60-31
voice VLAN
described 60-18
PVID 60-18
VVID 60-18
wake-on-LAN, described 60-25
port-based QoS features
port channel
switchport trunk encapsulation dot1q 19-6
port-channel
port-channel load-balance
port-channel load-defer command 4-45
port-channel port load-defer command 4-45
port cost, STP 28-33
port debounce timer
disabling 8-15
displaying 8-15
enabling 8-15
PortFast
PortFast BPDU filtering
See STP PortFast BPDU filtering
port mode 32-19
port negotiation 8-8
port priority
MSTP 28-43
port priority, STP 28-32
ports
setting the debounce timer 8-15
port security
configuring 62-5
default configuration 62-3
described 62-2
displaying 62-12
enable sticky secure MAC address 62-9
sticky MAC address 62-2
violations 62-2
Port Security is supported on trunks 62-4, 62-5, 62-9, 62-10
port security MAC move 62-2
port security on PVLAN ports 62-4
Port Security with Sticky Secure MAC Addresses 62-2
power enable module command A-60, A-61
power management
enabling/disabling redundancy 10-2
overview 10-1
powering modules up or down 10-3
power policing 16-8
system power requirements, nine-slot chassis 10-5
power negotiation
through LLDP 16-8
Power over Ethernet 16-2
power over ethernet 16-2
pre-authentication open access. See port-based authentication.
primary links 18-1
primary VLANs 24-2
priority
private hosts 25-1
private hosts feature
configuration guidelines 25-6
configuring (detailed steps) 25-9
configuring (summary) 25-8
multicast operation 25-8
overview 25-2
port ACLs (PACLs) 25-5
protocol-independent MAC ACLs 25-2
restricting traffic flow with PACLs 25-3
spoofing protection 25-7
private VLANs 24-1
across multiple switches 24-5
and SVIs 24-6
benefits of 24-2
configuration guidelines 24-7, 24-9, 24-11
configuring 24-11
host ports 24-15
pomiscuous ports 24-16
routing secondary VLAN ingress traffic 24-13
secondary VLANs with primary VLANs 24-12
VLANs as private 24-11
end station access to 24-4
IP addressing 24-4
monitoring 24-17
ports
community 24-3
configuration guidelines 24-9
isolated 24-3
promiscuous 24-3
primary VLANs 24-2
secondary VLANs 24-2
subdomains 24-2
traffic in 24-6
privileged EXEC mode 2-5
promiscuous ports 24-3
protocol tunneling
See Layer 2 protocol tunneling 27-1
pruning, VTP
PVLANs
PVRST
See Rapid-PVST 28-18
PVST
description 28-2
PVST+
description 28-12
PVST simulation
description 29-11
peer inconsistent state 29-12
root bridge 29-12
Q
QoS
auto-QoS
enabling for VoIP 44-4
ingress trust A-4
IPv6 43-55
marking A-16
policing A-9
See also automatic QoS 44-1
shaping A-19
QoS classification (definition) 43-123
QoS congestion avoidance
definition 43-124
QoS CoS
and ToS final L3 Switching Engine values 43-12
and ToS final values from L3 Switching Engine 43-12
definition 43-123
port value, configuring 43-94
QoS default configuration 43-114, 46-2
QoS DSCP
definition 43-124
internal values 43-10
maps, configuring 43-89
QoS dual transmit queue
thresholds
QoS Ethernet egress port
scheduling 43-114
scheduling, congestion avoidance, and marking 43-12
QoS Ethernet ingress port
classification, marking, scheduling, and congestion avoidance 43-6
QoS final L3 Switching Engine CoS and ToS values 43-12
QoS internal DSCP values 43-10
QoS L3 Switching Engine
classification, marking, and policing 43-9
feature summary 43-16
QoS labels (definition) 43-124
QoS mapping
CoS values to DSCP values 43-86, 43-89
DSCP markdown values 43-28, 43-90, 45-16
DSCP values to CoS values 43-92
IP precedence values to DSCP values 43-90
QoS markdown 43-20
QoS marking
definition 43-124
trusted ports 43-15
untrusted ports 43-15
QoS multilayer switch feature card 43-17
QoS out of profile 43-20
QoS policing
definition 43-124
microflow, enabling for nonrouted traffic 43-62
QoS policing rule
aggregate 43-17
creating 43-67
microflow 43-17
QoS port
QoS port-based or VLAN-based 43-63
QoS queues
transmit, allocating bandwidth between 43-110
QoS receive queue 43-8, 43-105, 43-107
drop thresholds 43-22
QoS RP
marking 43-17
QoS scheduling (definition) 43-124
QoS session-based 43-11
QoS single-receive, dual-transmit queue ports
configuring 43-100
QoS statistics data export 46-1
configuring 46-2
configuring destination host 46-7
configuring time interval 46-6, 46-8
QoS ToS
and CoS final values from L3 Switching Engine 43-12
definition 43-124
QoS traffic flow through QoS features 43-4
QoS transmit queue
QoS transmit queues 43-23, 43-103, 43-104, 43-106, 43-107
QoS trust-cos
port keyword 43-14
QoS trust-dscp
port keyword 43-14
QoS trust-ipprec
port keyword 43-14
QoS untrusted port keyword 43-14
QoS VLAN-based or port-based 43-11, 43-63
quad-supervisor
uplink forwarding 4-7
queries, IGMP 38-3
queries, MLDv2 36-5
queue scheduling A-21
R
RADIUS 54-4
RADIUS. See also port-based authentication. 60-3
range
macro 8-6
of interfaces 8-4
rapid convergence 28-14
Rapid-PVST
enabling 28-37
overview 28-18
Rapid PVST+
interoperation with MST 29-11
Rapid Spanning Tree
Rapid Spanning Tree Protocol
receive queues
redirect URLs
described 60-21
reduced MAC address 28-2
redundancy (NSF) 6-1
configuring
BGP 6-14
CEF 6-13
EIGRP 6-19
IS-IS 6-17
OSPF 6-15
configuring multicast NSF with SSO 6-13
configuring supervisor engine 6-10
routing protocols 6-4
redundancy (RPR) 7-1
configuring 7-4
configuring supervisor engine 7-3
displaying supervisor engine configuration 7-5
redundancy command 7-4
redundancy (SSO)
redundancy command 6-11
related documentation 1-xli
Remote Authentication Dial-In User Service. See RADIUS.
Remote source-route bridging (RSRB) 30-2
Replication Mode Detection 37-13
report, MLD 36-4
reserved-range VLANs
restricted VLAN
configuring 60-51
described 60-16
using with IEEE 802.1x 60-16
rewrite, packet
CEF 34-2
IP MMLS 37-3
RHI 4-53
RIF cache monitoring 8-17
ROM monitor
CLI 2-7
root bridge
MST 29-12
PVST simulation 29-12
root bridge, STP 28-30
root guard
root switch
MSTP 28-41
route health injection
route processor redundancy
router guard 40-1
routing table, multicast 37-22
RPF
failure 37-5
multicast 37-2
non-RPF multicast 37-5
unicast 47-2
RPR
RPR support IPv6 multicast traffic 7-1
RSTP
active topology 28-13
BPDU
format 28-16
processing 28-17
designated port, defined 28-13
designated switch, defined 28-13
interoperability with IEEE 802.1D
described 28-26
restarting migration process 28-50
topology changes 28-17
overview 28-13
port roles
described 28-13
synchronized 28-15
proposal-agreement handshake process 28-14
rapid convergence
described 28-14
edge ports and Port Fast 28-14
point-to-point links 28-14, 28-48
root ports 28-14
root port, defined 28-13
S
Sampled NetFlow
description 64-8
scheduling
SEA
secondary VLANs 24-2
Secure MAC Address Aging Type 62-11
security
configuring 47-1, 48-1, 49-1, 52-1, 53-1
security, port 62-2
Security Exchange Protocol (SXP) 50-2
Security Group Access Control List (SGACL) 50-2
Security Group Tag (SGT) 50-2
serial IDs
description 65-34
serial interfaces
clearing 8-18
synchronous
maintaining 8-18
server IDs
description 65-34
service-policy command 43-68
service-policy input command 43-63, 43-82, 43-86, 43-88, 45-29
service-provider network, MSTP and RSTP 28-19
set cos command A-17
set-dscp-transmit command A-10, A-11
set ip dscp command A-17
set ip precedence command A-17
set mpls experimental imposition command A-17
set-mpls-experimental-imposition-transmit command A-10, A-11
set mpls experimental topmost command A-17
set-mpls-experimental-topmost-transmit command A-10, A-11
set power redundancy enable/disable command 10-2
set-prec-transmit command A-10, A-11
SGACL 50-2
SGT 50-2
shape adaptive command A-19
shaped round robin 43-110
shape peak command A-20
short pipe mode
configuring 45-34
show authentication command 60-67
show catalyst6000 chassis-mac-address command 28-3
show configuration command 8-16
show dot1x interface command 60-43
show eobc command 8-17
show hardware command 8-3
show history command 2-4
show hw-module subslot command A-56
show ibc command 8-17
show interfaces command 8-3, 8-12, 8-13, 8-16, 8-17, 17-7, 17-15
clearing interface counters 8-18
displaying, interface type numbers 8-3
displaying, speed and duplex mode 8-9
show ip flow export command
displaying NDE export flow IP address and UDP port 64-15
show ip interface command
displaying IP MMLS interfaces 37-20
show ip mroute command
displaying IP multicast routing table 37-22
show ip pim interface command
displaying IP MMLS router configuration 37-20
show mab command 60-70
show mls aging command 63-12
show mls entry command 34-6
show mls ip multicast group command
displaying IP MMLS group 37-23, 37-26
show mls ip multicast interface command
displaying IP MMLS interface 37-23, 37-26
show mls ip multicast source command
displaying IP MMLS source 37-23, 37-26
show mls ip multicast statistics command
displaying IP MMLS statistics 37-23, 37-26
show mls ip multicast summary
displaying IP MMLS configuration 37-23, 37-26
show mls nde command 64-17
displaying NDE flow IP address 64-15
show mls rp command
displaying IP MLS configuration 63-11
show platform acl software-switched command 51-12
show policy-map class command A-26
show policy-map command A-26
show policy-map interface command A-27
show protocols command 8-17
show queue command A-27
show rif command 8-17
show running-config command 8-16, 8-17, A-55
displaying ACLs 51-9
show svclc rhi-routes command 4-53
show upgrade package default command A-56
show version command 8-17
show vlan group command 60-49
shutdown command 8-19
shutdown interfaces
result 8-19
slot number, description 8-2
smart call home 65-1
description 65-3
destination profile (note) 65-6
registration requirements 65-3
service contract requirements 65-4
Transport Gateway (TG) aggregation point 65-2
SMARTnet
smart call home registration 65-3
smart port macros 3-1
configuration guidelines 3-3
Smartports macros
applying global parameter values 3-14
applying macros 3-14
creating 3-13
default configuration 3-2
defined 3-2
displaying 3-16
tracing 3-4
SNMP
support and documentation 1-5
snooping
software
source IDs
call home event format 65-34
source-only-ip flow mask 63-2
source specific multicast with IGMPv3, IGMP v3lite, and URD 37-11
SPAN
configuration guidelines 68-7
configuring 68-15
sources 68-20, 68-22, 68-24, 68-26, 68-27, 68-28, 68-30, 68-32
VLAN filtering 68-34
CPU source 68-6, 68-20, 68-21, 68-24, 68-30
destination port support on EtherChannels 68-7, 68-22, 68-26, 68-28, 68-29, 68-33
distributed egress 68-5, 68-18
modules that disable 68-14
modules that disable for ERSPAN 68-14
input packets with don't learn option
local SPAN 68-20, 68-21, 68-22, 68-23
understanding 68-7
local SPAN egress session increase 68-10, 68-20
overview 68-1
SPAN Destination Port Permit Lists 68-18
spanning-tree backbonefast
spanning-tree cost
command 28-34
command example 28-34
spanning-tree portfast
command example 29-13
spanning-tree portfast bpdu-guard
command 29-17
spanning-tree port-priority
command 28-32
spanning-tree protocol for bridging 30-2
spanning-tree uplinkfast
command 29-18
spanning-tree vlan
command 28-28, 28-29, 28-31, 29-18, 29-20
command example 28-28, 28-29, 28-31
spanning-tree vlan cost
command 28-34
spanning-tree vlan forward-time
command 28-36
command example 28-37
spanning-tree vlan hello-time
command 28-36
command example 28-36
spanning-tree vlan max-age
command 28-37
command example 28-37
spanning-tree vlan port-priority
command 28-32
command example 28-33
spanning-tree vlan priority
command 28-35
command example 28-35
speed
configuring interface 8-7
speed mode
autonegotiation status 8-9
SRR 43-110
SSO for network admission control 59-12
standby links 18-1
static sharing
configuring 60-36
description 60-22
statistics
sticky ARP 52-18
sticky MAC address 62-2
Sticky secure MAC addresses 62-9, 62-10
storm control
STP
configuring 28-26
bridge priority 28-35
forward-delay time 28-36
hello time 28-36
maximum aging time 28-37
port cost 28-33
port priority 28-32
root bridge 28-30
secondary root switch 28-31
defaults 28-27
edge ports 29-2
EtherChannel 19-5
network ports 29-2
normal ports 29-2
PortFast 29-2
understanding 28-2
802.1Q Trunks 28-12
Blocking State 28-7
BPDUs 28-4
disabled state 28-11
forwarding state 28-10
learning state 28-9
listening state 28-8
overview 28-2
port states 28-6
protocol timers 28-5
root bridge election 28-4
topology 28-5
STP BackboneFast
configuring 29-19
figure
adding a switch 29-10
spanning-tree backbonefast
understanding 29-7
STP BPDU Guard
configuring 29-16
spanning-tree portfast bpdu-guard
command 29-17
understanding 29-5
STP bridge ID 28-2
STP EtherChannel guard 29-9
STP extensions
STP loop guard
configuring 29-21
overview 29-10
STP PortFast
BPDU filter
configuring 29-15
BPDU filtering 29-5
configuring 29-12
spanning-tree portfast
command example 29-13
understanding 29-2
STP port types
description 29-2
edge 29-2
network 29-2
normal 29-2
STP UplinkFast
configuring 29-18
spanning-tree uplinkfast
command 29-18
understanding 29-6
subdomains, private VLAN 24-2
supervisor engine
environmental monitoring 10-10
synchronizing configurations 6-20, 7-5
supervisor engine redundancy
supervisor engines
displaying redundancy configuration 7-5
supplicant 60-3
svclc command 4-52
Switched Port Analyzer
switch fabric functionality 14-1
configuring 14-3
monitoring 14-4
switchport
configuring 17-16
example 17-15
show interfaces 8-12, 8-13, 17-7, 17-15
switchport access vlan 17-8, 17-9, 17-12, 17-16
example 17-17
switchport mode access 17-4, 17-8, 17-9, 17-16
example 17-17
switchport mode dynamic 17-11
switchport mode dynamic auto 17-4
switchport mode dynamic desirable 17-4
default 17-5
example 17-15
switchport mode trunk 17-4, 17-11
switchport nonegotiate 17-4
switchport trunk allowed vlan 17-13
switchport trunk encapsulation 17-9, 17-10
switchport trunk encapsulation dot1q 17-4
example 17-15
switchport trunk encapsulation isl 17-4
switchport trunk encapsulation negotiate 17-4
default 17-5
switchport trunk native vlan 17-13
switchport trunk pruning vlan 17-14
switch priority
MSTP 28-45
switch TopN reports
foreground execution 70-2
running 70-2
viewing 70-2
SXP 50-2
system event archive (SEA) 66-1
System Event Archive, configuring 66-1
System Hardware Capacity 10-5
T
TACACS+ 47-1, 48-1, 49-1, 52-1, 53-1
TCP Intercept 47-2
TDR
checking cable connectivity 8-19
enabling and disabling test 8-19
guidelines 8-19
Telnet
accessing CLI 2-2
TFTP server, downloading FPD images toA-54to A-55
Time Domain Reflectometer
TLV
host presence detection 15-3, 60-10, 62-3
traceroute, Layer 2
and ARP 71-2
and CDP 71-2
described 71-1
IP addresses and subnets 71-2
MAC addresses and VLANs 71-2
multicast traffic 71-2
multiple devices on a port 71-2
unicast traffic 71-1
usage guidelines 71-2
traffic flood blocking 58-1
traffic-storm control
command
described 57-1
monitoring 57-7
thresholds 57-1
traffic suppression
transmit queues
trunks 17-3
802.1Q Restrictions 17-5
allowed VLANs 17-13
configuring 17-10
default interface configuration 17-7
default VLAN 17-12
different VTP domains 17-3
encapsulation 17-4
native VLAN 17-13
to non-DTP device 17-5
VLAN 1 minimization 17-14
trust-dscp
trusted boundary 15-6
trusted boundary (extended trust for CDP devices) 15-3
trust-ipprec
trustpoint 65-4
tunneling, 802.1Q
See 802.1Q 26-1
type length value
U
UDE 31-1
configuration 31-4
overview 31-2
UDE and UDLR 31-1
UDLD
default configuration 9-4
enabling
globally 9-5
overview 9-1
UDLR 31-1
back channel 31-2
configuration 31-6
tunnel
(example) 31-7
ARP and NHRP 31-3
UDLR (unidirectional link routing)
UMFB 58-1
unauthorized ports with 802.1X 60-8
Unicast and Multicast Flood Blocking 58-1
unicast flood blocking 58-1
unicast RPF 47-2
unicast storms
Unidirectional Ethernet
unidirectional ethernet
example of setting 31-5
UniDirectional Link Detection Protocol
uniform mode
configuring 45-39
unknown multicast flood blocking
unknown unicast flood blocking
unknown unicast flood rate-limiting
untrusted
upgrade fpd auto command A-53, A-55, A-56
upgrade fpd path command A-54, A-56
upgrade guidelines 32-19
upgrade hw-module subslot command A-54
UplinkFast
uplink forwarding
quad-supervisor 4-7
URD 37-11
User-Based Rate Limiting 43-19, 43-79
user EXEC mode 2-5
UUFB 58-1
UUFRL 58-1
V
VACLs 51-2
configuring 51-11
examples 51-16
Layer 3 VLAN interfaces 51-15
Layer 4 port operations 49-10
logging
configuration example 51-20
configuring 51-20
restrictions 51-20
MAC address based 51-11
multicast packets 51-7
SVIs 51-15
WAN interfaces 51-2
virtual LAN
vlan
command 23-5, 23-7, 64-12, 64-13, 68-24
command example 23-6
VLAN Access Control Lists
VLAN-based QoS filtering 43-70
VLAN-bridge spanning-tree protocol 30-2
vlan database
command 23-5, 23-7, 64-12, 64-13, 68-24
example 23-6
vlan group command 60-49
VLAN locking 23-4
vlan mapping dot1q
command example 23-11
VLAN maps
applying 51-9
VLAN mode 32-19
VLAN port provisioning verification 23-4
VLANs
allowed on trunk 17-13
configuration guidelines 23-3
configuring 23-1
configuring (tasks) 23-3
defaults 23-4
extended range 23-2
interface assignment 23-6
multicast 39-1
name (default) 23-4
normal range 23-2
private
reserved range 23-2
support for 4,096 VLANs 23-2
token ring 23-4
trunks
understanding 17-3
understanding 23-1
VLAN 1 minimization 17-14
VTP domain 23-4
VLAN translation
command example 23-10
VLAN Trunking Protocol
voice VLAN
Cisco 7960 phone, port connections 15-2
configuration guidelines 15-4
configuring IP phone for data traffic
override CoS of incoming frame 15-6, 16-5
configuring ports for voice traffic in
802.1Q frames 15-5
connecting to an IP phone 15-5
default configuration 15-4
overview 15-1
voice VLAN. See also port-based authentication. 60-18
VPN
configuration example 32-15
guidelines and restrictions 32-14
VPN supported commands 32-14
VPN switching 32-13
VSS
dual-active detection
Enhanced PAgP, advantages 4-23
Enhanced PAgP, description 4-23
enhanced PAgP, description 4-45
fast-hello, advantages 4-23
fast hello, description 4-24
IP BFD, advantages 4-23
IP BFD, description 4-24
IP BFG, configuration 4-47
VSLP fast-hello, configuration 4-48
VTP
client, configuring 22-15
configuration guidelines 22-9
default configuration 22-8
disabling 22-15
domains 22-2
VLANs 23-4
modes
client 22-3
server 22-3
transparent 22-3
monitoring 22-18
overview 22-1
per-port enable and disable 22-17
pruning
configuration 17-14
configuring 22-13
overview 22-6
server, configuring 22-15
statistics 22-18
transparent mode, configuring 22-15
version 2
enabling 22-13
overview 22-4
version 3
enabling 22-14
overview 22-5
server type, configuring 22-12
W
wake-on-LAN. See also port-based authentication. 60-25
web-based authentication
AAA fail policy 61-4
description 61-1
web browser interface 1-6
weighted round robin 43-110
WRR 43-110
X
xconnect command 32-19
XFPs, troubleshooting A-58
Feedback