- Title
- Table of Contents
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring the Cisco IOS XE In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 8-E
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring Cisco IOS Auto Smartport Macros
- Configuring STP and MST
- Configuring Flex Links and MAC Address-Table Move Update
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannel and Link State Tracking
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Location Service
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring MACsec Encryption
- Configuring 802.1X Port-Based Authentication
- Configuring the PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing and Layer 2 Control Packet QoS
- Configuring Dynamic ARP Inspection
- Support for IPv6
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Network Security with ACLs
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring Wireshark
- Configuring SPAN and RSPAN
- Configuring Enhanced Object Tracking
- Configuring System Message Logging
- Onboard Failure Logging (OBFL)
- Configuring SNMP
- Configuring Flexible NetFlow
- Configuring Ethernet OAM and CFM
- Configuring Y.1731 (AIS and RDI)
- Configuring Call Home
- Configuring Cisco IOS IP SLA Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- ROM Monitor
- Configuring MIB Support
- Acronyms and Abbreviations
- Index
10/100 autonegotiation feature, forced 6-13
10-Gigabit Ethernet or Gigabit Ethernet ports
deploy on WS-X4606-10GE-E and Sup 6-E 6-11
deploy with Gigabit Ethernet SFP ports 6-11
special considerations 10-17
1400 W DC SP Triple Input power supply
special considerations 10-18
802.10 SAID (default) 13-5
standard 40-2
trunks 18-6
compatibility with other features 25-5
defaults 25-3
described 25-2
tunnel ports with other features 25-6
trunk restrictions 15-4
Authentication Failed VLAN assignment 41-17
for Critical Authentication 41-14
for guest VLANs 41-11
for MAC Authentication Bypass 41-12
for Unidirectional Controlled Port 41-15
VLAN User Distribution 41-16
web-based authentication 41-14
with port security 41-19
with VLAN assignment 41-10
with voice VLAN ports 41-22
802.1X Host Mode 41-6
multiauthentication mode 41-8
multidomain authentication mode 41-7
single-host 41-7
802.1x-REV 40-2
AAA 45-1
AAA (authentication, authorization, and accounting). See also port-based authentication. 43-2
abbreviating commands 2-5
about Wireshark 53-1
access control entries and lists 45-1
access-group mode, configuring on Layer 2 interface 49-31
access-group mode, using PACL with 49-30
access list filtering, SPAN enhancement 54-13
using with WCCP 66-8
and Layer 2 protocol tunneling 25-15
configure port security 44-7, 44-22
configuring 15-7
access VLANs 15-5
with RADIUS 41-100
with TACACS+ 3-16, 3-21
ACLs 49-2
IP 1-35, 49-2
Layer 4 operation restrictions 49-10
ACEs and ACLs 45-1
ACL assignments, port-based authentication 41-20
ACL configuration, displaying a Layer 2 interface 49-32
ACEs 49-2
and SPAN 54-5
and TCAM programming for Sup 6-E 49-9
and TCAM programming for Sup II-Plus thru V-10GE 49-6
applying IPv6 ACLs to a Layer 3 interface 49-17
applying on routed packets 49-26
applying on switched packets 49-25
compatibility on the same switch 49-3
configuring with VLAN maps 49-25
CPU impact 49-12
downloadable 43-7
hardware and software support 49-5
IP, matching criteria for port ACLs 49-4
MAC extended 49-13
matching criteria for router ACLs 49-3
and voice VLAN 49-4
defined 49-3
processing 49-12
selecting mode of capturing control packets 49-7
troubleshooting high CPU 49-6
types supported 49-3
understanding 49-2
VLAN maps 49-5
ACLs, applying to a Layer 2 interface 49-31
ACLs and VLAN maps, examples 49-19
acronyms, list of A-1
action drivers, marking 37-20
activating and deactivating a capture point, Wireshark 53-10
activating and deactivating Wiresharkcapture points, conceptual, Wireshark 53-5
active queue management 37-9
active queue management via DBL, QoS on Sup 6-E 37-33
active traffic monitoring, IP SLAs 63-1
adding members to a community 12-9
displaying the MAC table 4-37
changing the aging time 4-23
defined 4-21
learning 4-21
removing 4-24
IPv6 47-2
MAC, discovering 4-37
adding and removing 4-29
defined 4-21
address resolution 4-37
description 31-2
displaying statistics 31-9
REP, configuring 20-9
administrative VLAN, REP 20-8
LLDP 1-6, 27-2
aggregation switch, enabling DHCP snooping 48-9
MAC address table 4-23
All Auth manager sessions, displaying summary 41-106
All Auth manager sessions on the switch authorized for a specified authentication method 41-107
enabling and configuring 34-2
guidelines and restrictions 34-5
identify a port with DHCP option 82 34-4
identify a port with protocol 34-2
overview 34-1
identifying a port with 34-2
applying IPv6 ACLs to a Layer 3 interface 49-17
AQM via DBL, QoS on Sup 6-E 37-33
archiving crashfiles information 2-8
defined 4-37
address resolution 4-37
managing 4-37
asymmetrical links, and 802.1Q tunneling 25-3
attachment points, Wireshark 53-2
vendor-proprietary 41-103
vendor-specific 41-101
NTP associations 4-4
key 41-93
login 41-95
See also port-based authentication
defined 3-16
key 3-18
login 3-19
Authentication, Authorization, and Accounting (AAA) 45-1
Authentication Failed, configuring 80.1X 41-64
Authentication methods registered with the Auth manager, determining 41-106
authentication open comand 41-8
authentication proxy web pages 43-4
defined 41-3
RADIUS server 41-3
Auth manager session for an interface, verifying 41-107
Auth manager summary, displaying 41-106
authoritative time source, described 4-2
with RADIUS 41-99
with TACACS+ 3-16, 3-21
authorized and unauthorized ports 41-5
authorized ports with 802.1X 41-5
autoconfiguration 3-2
considerations 12-7
configuring 6-23
displaying the configuration 6-24
overview 6-22
forced 10/100Mbps 6-13
Auto SmartPorts built-in macros
configuring parameters 17-6
built-in macros 17-5
configuration guidelines 17-5
default configuration 17-4
defined 17-1
displaying 17-13
enabling 17-4
IOS shell 17-2, 17-10
defined 1-2
Auto SmartPorts user-defined macros
configuring 17-10
auto-sync command 8-7
interacting with 6-21
adding a switch (figure) 21-3
and MST 18-23
configuring 21-15
link failure (figure) 21-14, 21-15
not supported MST 18-23
understanding 21-13
login 4-20
message-of-the-day login 4-18
default configuration 4-18
when displayed 4-17
b command 67-3
b flash command 67-3
BGP 1-14
routing session with multi-VRF CE 36-12
blocking packets 50-1
RSTP comparisons (table) 18-24
Boolean expressions in tracked lists 55-4
boot bootldr command 3-32
boot command 3-28
boot commands 67-3
See configuration register boot fields
boot system command 3-26, 3-32
boot system flash command 3-28
description 18-27
and MST 18-23
configuring 21-15
overview 21-8
and media speed 18-2
pseudobridges and 18-25
what they contain 18-3
bridge priority (STP) 18-17
disabling 51-5
enabling 51-3
Built-in macros and user-defined triggers, configuring mapping 17-9
cache engine clusters 66-1
cache engines 66-1
description 1-21, 62-2
message format options 62-2
format options 62-2
call home 62-1
alert groups 62-6
configuring e-mail options 62-9
contact information 62-4
default settings 62-18
destination profiles 62-5
displaying information 62-14
mail-server priority 62-10
pattern matching 62-9
periodic notification 62-8
rate limit messages 62-9
severity threshold 62-8
smart call home feature 62-2
SMTP server 62-9
testing communications 62-10
configuring 62-6
description 62-6
subscribing 62-7
assigning information 62-4
call home destination profiles
attributes 62-5
configuring 62-5
description 62-5
displaying 62-16
full-txt format for syslog 62-25
XML format for syslog 62-28
automatic discovery 12-7
defined 12-12
capture filter, Wireshark 53-3
capture points, Wireshark 53-2
selecting mode 49-7
BGP optional attributes 32-5
encrypting 3-22
automatic discovery in communities 12-7
configuration 26-2
defined with LLDP 27-1
displaying configuration 26-3
enabling on interfaces 26-3
host presence detection 41-8
Layer 2 protocol tunneling 25-13
maintaining 26-3
monitoring 26-3
overview 1-3, 26-1
cdp enable command 26-3
adjacency tables 31-2
and NSF with SSO 9-4
configuring load balancing 31-7
displaying statistics 31-8
enabling 31-6, 65-2
hardware switching 31-4
load balancing 31-6
overview 31-2
software switching 31-4
certificate authority (CA) 62-3
and Ethernet OAM, configuring 60-51
and Ethernet OAM interaction 60-51
clearing 60-31
configuration guidelines 60-7, 61-4
configuring crosscheck for VLANs 60-11
configuring fault alarms 60-16
configuring port MEP 60-14
configuring static remote MEP 60-13, 60-16, 60-18
crosscheck 60-5
defined 60-2
EtherChannel support 60-7, 61-4
configuring 60-16
IP SLAs support for 60-6
IP SLAs with endpoint discovers 60-21
maintenance domain 60-2
manually configuring IP SLAs ping or jitter 60-19
measuring network performance 60-6
monitoring 60-32, 60-33
port MEP, configuring 60-14
remote MEPs 60-5
static RMEP, configuring 60-13, 60-16, 60-18
static RMEP check 60-5
described 60-27
overview 23-1
Change of Authorization, RADIUS 41-86
channel-group group command 22-8, 22-10
Cisco 7600 series Internet router
enabling SNMP 68-4, 68-5
Cisco Group Management Protocol
Cisco IOS IP SLAs 63-2
support 9-2
Cisco IOS NSF-capable support 9-2
configuring 38-3
sound quality 38-1
credentials 40-10
802.1x mode 40-11
configuration example 40-14
manual mode 40-12
Cisco TrustSec Network Device Admission Control
CiscoWorks 2000 58-4
description 18-22
civic location 27-3
class level, configure in a service policy 37-30
clear cdp counters command 26-4
clear cdp table command 26-3
clear counters command 6-28
Ethernet CFM 60-31
IP multicast table entries 33-27
clear ip eigrp neighbors command 30-18
accessing 2-1
backing out one level 2-5
getting commands 2-5
history substitution 2-3
managing clusters 12-13
modes 2-5
monitoring environments 54-1
ROM monitor 2-7
software basics 2-4
client processes, tracking 55-1
in 802.1X authentication 41-3
command switch characteristics
and VTY 12-12
convert to a community 12-10
through CLI 12-13
overview 12-2
CLI 12-13
passwords 12-8
CoA Request Commands 41-89
command-line processing 2-3
command modes 2-5
b 67-3
b flash 67-3
boot 67-3
confreg 67-3
dev 67-3
dir device 67-3
frame 67-5
i 67-3
listing 2-5
meminfo 67-5
reset 67-3
ROM monitor 67-2 to 67-3
ROM monitor debugging 67-5
SNMP 68-4
sysret 67-5
requirements 12-11
common and internal spanning tree
access modes in Network Assistant 12-9
adding devices 12-9
communication protocols 12-8
community name 12-8
configuration information 12-9
converting from a cluster 12-10
host name 12-8
passwords 12-8
community ports 39-3
configuring 58-7
overview 58-4
community VLANs 39-2, 39-3
configure as a PVLAN 39-15
compiling MIBs 68-4
config-register command 3-29
config terminal command 3-9
configurable leave timer,IGMP 23-4
SNMP 58-15
limiting TFTP server access 58-15
obtaining with DHCP 3-6
saving 3-10
system contact and location information 58-14
CFM 60-7, 61-4
Ethernet OAM 60-35
REP 20-7
SNMP 58-6
VLAN mapping 25-10
listing value 3-29
modifying 3-28
changing from ROM monitor 67-3
changing settings 3-28 to 3-29
configuring 3-26
settings at startup 3-27
configure class-level queue-limit in a service policy 37-30
configure terminal command 3-29, 6-2
configuring access-group mode on Layer 2 interface 49-31
configuring flow control 6-15
configuring interface link and trunk status envents 6-29
configuring named IPv6 ACLs 49-16
configuring named MAC extended ACLs 49-13, 49-15
configuring unicast MAC address filtering 49-13
configuring VLAN maps 49-17
confreg command 67-3
console configuration mode 2-5
console download 67-4 to 67-5
disconnecting user sessions 7-8
monitoring user sessions 7-7
assigning for call home 62-4
controlling switch access with RADIUS 41-84
and Layer 2 Control packet QoS, configuration example 45-13
configuration guidelines and restrictions 45-7
configuring for control plane traffic 45-4
configuring for data plane and management plan traffic 45-5
defaults 45-3
general guidelines 45-3
monitoring 45-7
understanding 45-2
control protocol, IP SLAs 63-4
REP 20-4
copy running-config startup-config command 3-10
copy system:running-config nvram:startup-config command 3-32
core system filter, Wireshark 53-3
definition 37-3
figure 37-2
overriding on Cisco IP Phones 38-5
priority 38-5
clearing MFIB 33-27
clearing on interfaces 6-28
CPU, impact of ACL processing 49-12
CPU port sniffing 54-10
crashfiles information, archiving 2-8
configure with 802.1X 41-58
crosscheck, CFM 60-5, 60-11
description 18-25
IST and 18-22
MST and 18-22
customer edge devices 36-2
C-VLAN 1-2, 25-7
configuration examples 48-15
enabling the DHCP Snooping 48-13
daylight saving time 4-13
debug commands, ROM monitor 67-5
decoding and displaying packets, Wireshark 53-5
802.1X 41-27
banners 4-18
DNS 4-16
Ethernet OAM 60-35
IGMP filtering 23-20
IGMP snooping 24-5, 24-6
IP SLAs 63-6
IPv6 47-7
Layer 2 protocol tunneling 25-16
LLDP 27-5
MAC address table 4-23
multi-VRF CE 36-3
NTP 4-4
private VLANs 39-12
RADIUS 41-92
REP 20-7
resetting the interface 6-32
RMON 64-3
SNMP 58-5
SPAN and RSPAN 54-6
system message logging 56-3
TACACS+ 3-18
VLAN mapping 25-9
Y.1731 60-29
configuring 3-11
verifying configuration 3-11
default settings, erase commad 3-32
default web-based authentication configuration
802.1X 43-6
defining/modifying/deleting a capture point, Wireshark 53-8
IP address spoofing, mitigating 32-5
Unicast RPF, deploying 32-5
denying access to a server on another VLAN 49-23
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 6-11
deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports on WS-X4606-10GE-E and Sup 6-E 6-11
description command 6-15
dev command 67-3
device discovery protocol 27-1
call home format 62-21, 62-22
rate limit for incoming packets 48-13
denial-of-service attacks, preventing 48-13
configuring 48-13
client request message exchange 3-3
client side 3-3
DNS 3-5
relay device 3-5
server-side 3-4
TFTP server 3-4
example 3-7
for IP address information 3-4
for receiving the configuration file 3-4
overview 3-2
relationship to BOOTP 3-3
identifying a port with 34-4
overview 48-4
enabling, and Option 82 48-10
accepting untrusted packets form edge switch 48-10
configuring 48-6
default configuration 48-7
displaying binding tables 48-19
displaying configuration 48-19
displaying information 48-18
enabling 48-7
enabling on private VLAN 48-12
enabling on the aggregation switch 48-9
enabling the database agent 48-13
message exchange process 48-4
monitoring 48-23
option 82 data insertion 48-4
overview 48-1
Snooping database agent 48-2
adding to the database (example) 48-18
enabling (example) 48-15
overview 48-2
reading from a TFTP file (example) 48-17
online 65-1
causes of failure 65-14
how it works 65-10
overview 65-10
Power-On-Self-Test for Supervisor Engine V-10GE 65-10
Differentiated Services Code Point values
DiffServ architecture, QoS 37-2
Digital optical monitoring transceiver support 6-11
dir device command 67-3
RSTP comparisons (table) 18-24
broadcast storm control 51-5
disabling multicast storm control 51-5
disconnect command 7-8
discovery, Ethernet OAM 60-34
display dection and removal events 11-7
display filter, Wireshark 53-3
Auth Manager sumary for an interface 41-106
MAB details 41-109
summary of all Auth manager sessions 41-106
summary of all Auth manager sessions on the switch authorized for a specified authentication method 41-107
displaying EtherChannel to a Virtual Switch System 22-16
displaying storm control 51-6
displaying Wireshark information 53-13
display PoE consumed by a module 11-8
display PoE detection and removal events 11-7
and DHCP-based autoconfiguration 3-5
default configuration 4-16
displaying the configuration 4-17
overview 4-15
setting up 4-16
document conventions iii-lv
DNS 4-15
802.1Q tunneling 25-2
Layer 2 protocol tunneling 25-15
downloading MIBs 68-3, 68-4
drop threshold for Layer 2 protocol packets 25-16
definition 37-4
IP precedence 37-2
duplex command 6-14
configuring interface 6-12
ARP cache poisoning 46-2
ACLs for non-DHCP environments 46-11
in DHCP environments 46-5
log buffer 46-14
rate limit for incoming ARP packets 46-16
denial-of-service attacks, preventing 46-16
interface trust state, security coverage 46-3
configuring 46-14
logging of dropped packets 46-4
overview 46-1
port channels, their behavior 46-5
priority of static bindings 46-4
purpose of 46-2
rate limiting of ARP packets 46-4
configuring 46-16
validation checks, performing 46-19
Dynamic Host Configuration Protocol snooping
example 13-29
limit on hosts 13-29
reconfirming 13-26
troubleshooting 13-29
changing retransmission time 41-75
exchanging (figure) 41-4, 41-6, 41-13
request/identity 41-4
response/identity 41-4
setting retransmission number 41-76
802.1X authentication and 41-3
OTP authentication, example (figure) 41-4, 41-13
start 41-4
description 18-27
overview 1-14
configuration examples 30-19
monitoring and maintaining 30-18
benefits 30-17
configuration tasks 30-17
configuring 30-13
overview 30-13
restrictions 30-17
verifying 30-18
overview 1-15
eigrp stub command 30-18
EIGRP stub routing, configuring 30-12
ELIN location 27-3
assigning for call home 62-4
Call Home 1-21, 62-2
displaying information 4-41
installing and configuring 4-38
overview 4-38
emergency alarms on Sup Engine 6-E systems 10-3
enable command 3-9, 3-28
enable mode 2-5
enabling SNMP 68-4, 68-5
encryption keying 40-2
encryption keys, MKA 40-2
Enhanced Interior Gateway Routing Protocol
defined 55-1
IP routing state 55-2
line-protocol state 55-2
tracked lists 55-3
Enhanced PoE support on E-series 11-15
Enhanced PoE support on E-series,configuring Universal PoE 11-16
using CLI commands 10-1
EPM logging 41-109
configuring 11-14
channel-group group command 22-8, 22-10
configuration guidelines 22-5
configuring 22-6 to 22-15
configuring Layer 2 22-10
configuring Layer 3 22-6
displaying to a virtual switch system 22-16
interface port-channel command 22-7
command example 22-13
modes 22-3
overview 22-2
Understanding 22-3
physical interface configuration 22-7
port-channel interfaces 22-2
port-channel load-balance command 22-14
removing 22-15
removing interfaces 22-15
disabling 21-6
enabling 21-6
overview 21-6
and routing 6-6
and routing protocols 6-6
configuring 6-10
default setting 6-6
described 1-26, 6-6
for network management 1-26, 6-6
specifying 6-10
supported features 6-9
unsupported features 6-10
Ethernet management port, internal
and routing protocols 6-6
Ethernet Management Port, using 6-6
Ethernet OAM 60-34
and CFM interaction 60-51
configuration guidelines 60-35
configuring with CFM 60-51
default configuration 60-35
discovery 60-34
enabling 60-36, 60-52
link monitoring 60-34, 60-38
messages 60-34
defined 60-33
monitoring 60-49
remote failure indications 60-34
remote loopback 60-34, 60-37
templates 60-44
Ethernet OAM protocol CFM notifications 60-51
Ethernet Remote Defect Indication (ETH-RDI) 60-28
configuring, 802.1X-based 17-8
configuring, MAC address-based 17-9
enabling 23-11
Extensible Authentication Protocol over LAN 41-2
configure with 802.1X 41-68
overview 33-10
configuring probe message interval 28-8
default configuration 28-4
displaying link status 28-8
enabling globally 28-5
enabling on individual interface 28-7
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
Fast UDLD, overview 28-1
feature interactions, Wireshark 53-6
description 31-2
disabling UDLD 28-7
Filter-ID ACL and Per-User ACL, configureport-based authentication
configure Per-User ACL and Filter-ID ACL 41-43
in a VLAN 49-17
non-IP traffic 49-13, 49-15
filters, Wireshark 53-2
flags 33-11
configuring router to boot from 3-31
loading system images from 3-31
security precautions 3-31
caveats 59-1
defined 1-4, 59-1
configuration guidelines 19-6
configuring 19-6, 19-7
configuring preferred VLAN 19-9
configuring VLAN load balancing 19-8
monitoring 19-12
flooded traffic, blocking 50-2
flowchart, traffic marking procedure 37-20
flow control, configuring 6-15
For 11-13
configuring 18-19
frame command 67-5
get-bulk-request operation 58-3
get-next-request operation 58-3, 58-4
get-request operation 58-3, 58-4
get-response operation 58-3
deploy with 10-Gigabit Ethernet 6-11
global configuration mode 2-5
configure with 802.1X 41-54
hardware and software ACL support 49-5
hardware switching 31-5
configuring 18-17
high CPU due to ACLs, troubleshooting 49-6
CLI 2-3
history table, level and number of syslog messages 56-9
configuring MST bridges 18-28
limit on dynamic port 13-29
host modes, MACsec 40-4
kinds of 39-4
host presence CDP message 41-8
description 1-13
hw-module module num power command 10-18
enabling 7-13
ping 7-8
running IP traceroute 7-10
time exceeded messages 7-10
configuring 63-11
IP SLAs 63-11
i command 67-3
using with SPAN and RSPAN 54-2
IEEE 802.1ag 60-2
configurable-leave timer 23-4
description 33-3
enabling 33-13
explicit host tracking 23-4
immediate-leave processing 23-3
leave processing, enabling 24-8
overview 23-1
disabling 24-10
configuring 23-20
default configuration 23-20
described 23-20
monitoring 23-23
setting the maximum number 23-22
configuration guidelines 23-9
applying 23-21
configuration mode 23-20
configuring 23-20
leave timer 23-9
Learning Methods 23-7
static connection to a multicast router 23-7
configuring host statically 23-11
explicit host tracking 23-11
suppressing multicast flooding 23-12
configuration guidelines 23-5
default configuration 24-5, 24-6
globally 23-5
on a VLAN 23-6
enabling and disabling 24-6
IP multicast and 33-4
monitoring 23-14, 24-10
overview 23-1
group 23-16
hot membership 23-15
how to 23-14
MAC address entries 23-17
multicast router interfaces 23-17
on a VLAN interface 23-18
Querier information 23-18
IGMPSnooping Querier, configuring 23-10
enabling 24-8
enabling 23-8
ingress packets, SPAN enhancement 54-12
configuring on Cisco IP phones 38-5
insufficient inline power handling for Supervisor Engine II-TS 10-18
Intelligent Power Management 11-4
interacting with Baby Giants 6-21
displaying operational status 11-6
interface command 3-9, 6-2
REP 20-10
interface link and trunk status events
configuring 6-29
interface port-channel command 22-7
interface range command 6-4
interface range macro command 6-10
adding descriptive name 6-15
clearing counters 6-28
configuring 6-2
configuring ranges 6-4
displaying information about 6-28
Layer 2 modes 15-3
maintaining 6-27
monitoring 6-27
naming 6-15
numbers 6-2
overview 6-2
restarting 6-29
using the Ethernet Management Port 6-6
Internet Control Message Protocol
Internet Group Management Protocol
802.1X Identity-Based Network Security, list of supported features 1-30
Cisco Call Home 1-21
Cisco Energy Wise 1-21
Cisco IOS IP Service Level Agreements 1-21
Cisco IOS Mediatrace and Performance Monitor 1-23
Cisco Medianet AutoQoS 1-22
Cisco Medianet Flow Metadata 1-23
Cisco Media Services Proxy 1-22
Cisco TrustSec MACsec Encryption 1-31
Cisco TrustSec Security Architecture 1-32
Debugging Features (platform and debug platform) 1-37
Dynamic Host Control Protocol 1-25
Easy Virtual Network 1-25
Embedded Event Manager 1-26
Ethernet Management Port 1-26
hard-based Control Plane Policing 1-33
Intelligent Power Management 1-27
IP Source Guard 1-33
IP Source Guard or Static Hosts 1-33
Layer 2 traceroute 1-36
MAC Address Notification 1-27
Layer 2 802.1X authentication 1-34
Layer 2 IP validation 1-34
Network Security with ACLs (IP ACLs, MAC ACLs, Port ACLs, Router, ACLs, and VLAN ACLs) 1-35
Port Security 1-35
Power over Ethernet 1-27
Simple Network Management Protocol 1-28
SPAN and RSPAN 1-28
Time Domain Reflectometry 1-36
Universal Power over Ethernet 1-28
Web-based Authentication 1-37
Web Content Coordination Protocol 1-29
XML-PI 1-29
inventory management TLV 27-3, 27-9
configuring default gateway 3-11
configuring static routes 3-11
displaying statistics 31-8
128-bit 47-2
cluster candidate or member 12-12
cluster command switch 12-11
discovering 4-37
IPv6 47-2
ip cef command 31-6, 65-2
interfaces, displaying 30-19
ip icmp rate-limit unreachable command 7-13
ip igmp profile command 23-20
ip igmp snooping tcn flood command 23-13
ip igmp snooping tcn flood query count command 23-13
ip igmp snooping tcn query solicit command 23-14
through DHCP-based autoconfiguration 3-2
ip load-sharing per-destination command 31-7
ip local policy route-map command 35-7
ip mask-reply command 7-14
IP MTU sizes,configuring 30-9
clearing table entries 33-27
configuring 33-12
default configuration 33-12
displaying PIM information 33-22
displaying the routing table information 33-23
enabling dense-mode PIM 33-14
enabling sparse-mode 33-14
features not supported 33-12
hardware forwarding 33-8
IGMP snooping and 23-4, 33-4
overview 33-1
routing protocols 33-2
software forwarding 33-8
See also Auto-RP; IGMP; PIM; RP; RPF
enabling 33-13
monitoring and maintaining 33-22
ip multicast-routing command 33-13
IP multicast traffic, load splitting 33-21
configuring voice ports 38-3
See Cisco IP Phones 38-1
ip pim command 33-14
ip pim dense-mode command 33-14
ip pim sparse-dense-mode command 33-15
ip policy route-map command 35-7
IP Port Security for Static Hosts
on a Layer 2 access port 48-25
on a PVLAN host port 48-28
overview 48-24
ip redirects command 7-14
deleting entries 33-27
IPsec VPN, introduction 1-34
IP service levels, analyzing 63-1
benefits 63-2
CFM endpoint discovery 60-21
configuration guidelines 63-6
Control Protocol 63-4
default configuration 63-6
definition 63-1
ICMP echo operation 63-11
manually configuring CFM ping or jitter 60-19
measuring network performance 63-3
multioperations scheduling 63-5
operation 63-3
reachability tracking 55-9
described 63-4
enabling 63-7
response time 63-4
scheduling 63-5
SNMP support 63-2
supported metrics 63-2
threshold monitoring 63-6
track state 55-9
UDP jitter operation 63-8
configuring 48-20
configuring on private VLANs 48-22
displaying 48-22, 48-23
overview 48-23
displaying 31-8
executing 7-10
overview 7-9
displaying statistics 31-8
configuring on a range of Ethernet VLANs 14-5
configuring on LAN and VLAN interfaces 14-4
configuring with connected host polling 14-6
DHCP Option 82 14-2
displaying settings 14-7
format of agent remote ID suboptions 14-2
troubleshooting 14-8
with conected host polling 14-3
with DHCP server and Relay agent 14-2
ip unreachables command 7-13
IPv4, IPv6, and MAC ACLs, configuring on a Layer 2 interface 49-29
addresses 47-2
default configuration 47-7
defined 1-17, 47-1
Enhanced Interior Gateway Routing Protocol (EIGRP) IPv6 47-6
Router ID 47-6
OSPF 47-6
IPv6 control traffic, policing 45-15
redistribution of route information with EIGRP 1-15
is 25-19
trunking with 802.1Q tunneling 25-4
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
compatibility matrix 5-13
compatiblity verification using Cisco Feature Navigator 5-14
NSF overview 5-3
aborting a software upgrade 5-31
configuring the rollback timer as a safeguard 5-32
displaying a compatibility matrix 5-34
loading the new software on the new standby 5-24
stopping the rollback timer 5-23
switching to the standby 5-21
verify the ISSU state 5-17
verify the redundancy mode 5-16
verify the software installation 5-15
vload the new software on standby 5-18
prerequisites 5-2
process overview 5-6
restrictions 5-2
SNMP support 5-14
SSO overview 5-3
and MST regions 18-22
description 18-22
master 18-27
and ethernet ports 6-19
configuring MTU sizes for 6-20
ports and linecards that support 6-18
understanding MTUs 6-18
understanding support 6-18
VLAN interfaces 6-20
keyboard shortcuts 2-3
l2protocol-tunnel command 25-17
labels, definition 37-3
system ID 22-4
Layer 2 access ports 15-7
and CoPP configuration example 45-13
default configuation 45-10
disabling 45-12
enabvling 45-11
guideline and restrictions 45-15
understanding 45-10
classification with CoS 37-2
applying ACLs 49-31
configuring access-mode mode on 49-31
configuring IPv4, IPv6, and MAC ACLs 49-29
displaying an ACL configuration 49-32
assigning VLANs 13-7
configuring 15-5
configuring as PVLAN host ports 39-18
configuring as PVLAN promiscuous ports 39-17
configuring as PVLAN trunk ports 39-19
defaults 15-4
disabling configuration 15-8
modes 15-3
show interfaces command 15-6
resetting 39-24
setting 39-24
default configuration 25-16
guidelines 25-16
overview 15-1
and ARP 7-11
and CDP 7-11
host-to-host paths 7-11
IP addresses and subnets 7-11
MAC addresses and VLANs 7-11
multicast traffic 7-11
multiple devices on a port 7-11
unicast traffic 1-36, 7-10
usage guidelines 7-11
configuring 15-5
overview 15-3
Layer 3 interface, applying IPv6 ACLs 49-17
Layer 3 interface counters,configuring 30-10
Layer 3 interface counters,understanding 30-3
changing from Layer 2 mode 36-7
configuration guidelines 30-5
configuring VLANs as interfaces 30-7
overview 30-1
counters 30-3
logical 30-2
physical 30-2
SVI autostate exclude 30-3
classification methods 37-2
configuration guidelines 49-11
restrictions 49-10
Leave timer, enabling 23-9
configuring interface 6-29
link integrity, verifying with REP 20-4
link monitoring, Ethernet OAM 60-34, 60-38
configuration guidelines 22-21
default configuration 22-21
described 22-18
displaying status 22-22
generic configuration procedure 22-21
link status, displaying UDLD 28-8
RSTP comparisons (table) 18-24
configuring 27-4
characteristics 27-5
default configuration 27-5
globally 27-6
on an interface 27-7
monitoring and maintaining 27-14
overview 27-1
transmission timer and holdtime, setting 27-5
procedures 27-4
TLVs 27-9, 27-11
monitoring and maintaining 27-14
overview 27-1
supported TLVs 27-2
configuring for CEF 31-7
configuring for EtherChannel 22-14
overview 22-5, 31-6
per-destination 31-7
load splitting IP multicast traffic 33-21
overview 27-1
configuring 27-12
understanding 27-3
location TLV 27-3, 27-9
logging, EPM 41-109
configuring 30-6
logical layer 3 VLAN interfaces 30-2
with RADIUS 41-95
with TACACS+ 3-19
login banners 4-17
changing 7-7
logoutwarning command 7-7
and MST 18-23
configuring 21-4
overview 21-3
MAC/PHY configuration status TLV 27-2
aging time 4-23
allocating 18-6
and VLAN association 4-22
building tables 4-21, 15-2
convert dynamic to sticky secure 44-5
default configuration 4-23
disabling learning on a VLAN 4-32
discovering 4-37
displaying 7-4
displaying in DHCP snooping binding table 48-19
learning 4-21
removing 4-24
in ACLs 49-13
adding 4-30
allowing 4-31
characteristics of 4-29
dropping 4-31
removing 4-30
sticky 44-4
sticky secure, adding 44-5
MAC address learning, disabling on a VLAN 4-32
confuguring 4-32
deployment scenarios 4-33
feature compatibility 4-35
feature incompatibility 4-36
feature inompatibility 4-36
usage guidelines 4-33
displaying 4-37
configuration guidelines 19-10
configuring 19-10
monitoring 19-12
configure with 802.1X 41-57
MAC details, displaying 41-109
MAC extended access lists 49-13
macl 49-14
802.1AE Tagging 40-8
MACsec 40-2
configuring on an interface 40-7
defined 40-1, 40-2
switch-to-switch security 40-1
main-cpu command 8-7
management address TLV 27-2
SNMP 58-1
Management Port, Ethernet 6-6
manual preemption, REP, configuring 20-13
hardware capabilities 37-22
marking action drivers 37-20
marking network traffic 37-17
marking support, multi-attribute 37-21
match ip address command 35-6
configuring 18-18
configuration guidelines 41-23 to ??
described 41-22
automatic discovery 12-7
managing 12-13
defined 12-2
meminfo command 67-5
messages, Ethernet OAM 60-34
messages, to users through banners 4-17
Ethernet CFM, introduction 1-3
Ethernet OAM Protocol, introduction 1-3
Flex Link and MAC Address-Table Move Update, introduction 1-4
Y.1731 (AIS and RDI), introduction 1-10
metro tags 25-2
CEF 33-5
overview 33-11
displaying 33-25
compiling 68-4
downloading 68-3, 68-4
overview 58-1
related information 68-3
SNMP interaction with 58-4
configuring policies 40-6
defined 40-2
policies 40-3
replay protection 40-3
statistics 40-5
virtual ports 40-3
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
MLD Done messages and Immediate-leave 24-4
MLD messages 24-2
MLD queries 24-3
MLD reports 24-4
Multicast client aging robustness 24-3
Multicast router discovery 24-3
overview 24-1
Mode of capturing control packets, selecting 49-7
checking status 7-2
powering down 10-18
802.1Q tunneling 25-18
ACL information 49-35
Ethernet CFM 60-32, 60-33
Ethernet OAM 60-49
Ethernet OAM protocol 60-49
Flex Links 19-12
snooping 24-10
IGMP filters 23-23
IGMP snooping 23-14
Layer 2 protocol tunneling 25-18
MAC address-table move update 19-12
multicast router interfaces 24-11
multi-VRF CE 36-17
object tracking 55-12
REP 20-14
traffic flowing among switches 64-1
tunneling 25-18
VLAN filters 49-24
VLAN maps 49-24
M-record 18-23
and multiple spanning trees 1-7, 18-22
boundary ports 18-27
BPDUs 18-23
configuration parameters 18-26
configuring 18-29
displaying configurations 18-33
edge ports 18-27
enabling 18-29
hop count 18-28
configuring parameters 18-32
description 18-23
number supported 18-26
interoperability with PVST+ 18-23
link type 18-28
master 18-27
message age 18-28
regions 18-26
restrictions 18-29
to-SST interoperability 18-24
enabling 21-6
M-record 18-23
M-tree 18-23
M-tree 18-23
understanding 6-18
configuring 6-20, 6-21, 6-30
default 13-5
described 41-22
multiauthentication mode 41-8
Multicast client aging robustness 24-3
multicast Ethernet loopback, using 60-31
multicast Ethernet loopback (ETH-LB) 60-29
static joins 24-7
blocking 50-2
Multicast router discovery 24-3
multicast router interfaces, displaying 23-17
multicast router interfaces, monitoring 24-11
multicast router ports, adding 24-7
flood suppression 23-12
displaying 33-23
enabling 51-4
disabling 51-5
multidomain authentication mode 41-7
multioperations scheduling, IP SLAs 63-5
Multiple AuthorizationAuthentication
configuring 41-33
Multiple Domain Authentication 41-33
multiple forwarding paths 1-7, 18-22
multiple-hosts mode 41-7
multiple VPN routing/forwarding
components 36-3
configuration example 36-13
default configuration 36-3
defined 36-1
displaying 36-17
monitoring 36-17
network components 36-3
packet-forwarding process 36-3
NAC Layer 2 802.1X authentication, intro 1-34
NAC Layer 2 IP validation, intro 1-34
configuring named IPv6 ACLs 49-16
configuring named MAC extended 49-13, 49-15
and 802.1Q tunneling 25-4
specifying 15-5
NDAC 40-9
defined 40-9
MACsec 40-1
configuring 41-77
overview 41-24
neighbor offset numbers, REP 20-5
and VTY 12-12
enable communication with switch 12-13, 12-17
default configuration 12-3
overview of CLI commands 12-3
Network Device Admission Control (NDAC) 40-9
network fault tolerance 1-7, 18-22
configuring 26-1
RMON 64-1
SNMP 58-1
network performance, measuring with IP SLAs 63-3
network policy TLV 27-2, 27-9
network traffic, marking 37-17
New Software Features in Release 7.7
TDR 7-4
support 1-15
disabling UDLD 28-7
non-IP traffic filtering 49-13, 49-15
description 33-9
in redundant configurations (figure) 33-10
nonvolatile random-access memory
defined 9-1
guidelines and restrictions 9-8
operation 9-4
support 9-2
support 9-2
NSF with SSO supervisor engine redundancy
and CEF 9-4
overview 9-3
SSO operation 9-3
authenticating 4-4
defined 4-2
enabling broadcast messages 4-7
peer 4-6
server 4-6
default configuration 4-4
displaying the configuration 4-11
overview 4-2
creating an access group 4-9
disabling NTP services per interface 4-10
source IP address, configuring 4-10
stratum 4-2
synchronizing devices 4-6
services 4-2
synchronizing 4-2
PPPoE Intermediate Agent 1-35
Storm Control 1-36
uRPF Strict Mode 1-36
saving settings 3-10
client 60-34
features 60-34
sublayer 60-34
configuring 60-52
with CFM and Ethernet OAM 60-51
OAM PDUs 60-35
OAM protocol data units 60-33
monitoring 55-12
overview 6-25
on-demaind online diagnostics 65-2
troubleshooting 65-8
Online Diagnostics 65-1
configuring on-demaind 65-2
data path, displaying test results 65-7
displaying tests and test results 65-4
linecard 65-8
scheduling 65-2
starting and stopping tests 65-3
enabling DHCP Snooping 48-10
area concept 1-16
description 1-16
for IPv6 47-6
modifying 37-9
overview 54-14
SPAN enhancement 54-14
using with access-group mode 49-30
PACL configuration guidelines 49-28
PACL with VLAN maps and router ACLs 49-32
understanding 22-3
configuring enable password 3-14
configuring enable secret password 3-14
encrypting 3-22
in clusters 12-8
recovering lost enable password 3-25
setting line password 3-14
configuration (example) 35-8
enabling 35-6
features 35-2
overview 35-1
route-map processing logic 35-3
route-map processing logic example 35-4
route maps 35-2
when to use 35-5
percentage thresholds in tracked lists 55-6
per-port and VLAN Access Control List 48-19
enabling 37-34
overview 37-10
Per-User ACL and Filter-ID ACL, configure 41-43
Per-VLAN Rapid Spanning Tree 18-6
enabling 18-20
overview 18-6
PE to CE routing, configuring 36-12
physical layer 3 interfaces 30-2
Physical Layer 3 interfaces, configuring 30-11
configuring dense mode 33-14
configuring sparse mode 33-14
displaying information 33-22
displaying statistics 33-26
enabling sparse-dense mode 33-14, 33-15
overview 33-3
PIM-DM 33-3
PIM on an interface, enabling 33-13
PIM-SM 33-3
PIM-SSM mapping, enabling 33-16
executing 7-9
overview 7-8
ping command 7-9, 33-22
PoE 11-7, 11-8
configuring power consumption, powered devices 11-5
configuring power consumption for single device 11-5, 11-16
displaying operational status for an interface 11-6
Enhanced PoE support on E-series 11-15
policing and monitoring 11-12
power consumption for powered devices
Intelligent Power Management 11-4
powering down a module 10-18
power management modes 11-2
configuring errdisable recovery 11-14
configuring on an interface 11-13
displaying on an interface 11-14
power modes 11-12
in 802.1X authentication (figure) 41-3
how to implement 37-17
policing, PoE 11-12
policing IPv6 control traffic 45-15
policy associations, QoS on Sup 6-E 37-38
policy-map command 37-15
policy map marking action, configuring 37-22
and voice VLAN 49-4
defined 49-3
802.1X with voice VLAN 41-22
Authentication Failed VLAN assignment 41-17
defined 43-2
changing the quiet period 41-74
client, defined 41-3, 43-2
configuration guidelines 41-28, 43-6
configure switch-to-RADIUS server communication 41-31
configure with Authentication Failed 41-64
configure with Critical Authentication 41-58
configure with Guest-VLANs 41-54
configure with MAC Authentication Bypass 41-57
configure with VLAN User Distribution 41-61
configure with Voice VLAN 41-65
Multiple Domain Authentication and Multiple Authorization 41-33
RADIUS server 43-10
RADIUS server parameters on the switch 43-9
configuring Fallback Authentication 41-68
configuring Guest-VLAN 41-31
configuring manual re-authentication of a client 41-83
configuring with Unidirectional Controlled Port 41-60
controlling authorization state 41-5
default configuration 41-27, 43-6
described 41-1
device roles 41-2, 43-2
displaying statistics 41-105, 43-14
enabling 41-28
802.1X authentication 43-9
enabling multiple hosts 41-73
enabling periodic re-authentication 41-72
encapsulation 41-3
host mode 41-6
how 802.1X fails on a port 41-25
initiation and message exchange 41-4
method lists 41-28
modes 41-6
multidomain authentication 41-22
multiple-hosts mode, described 41-7
multiple-hosts mode 41-7
ports not supported 41-5
pre-authentication open access 41-8
resetting to default values 41-84
setting retransmission number 41-76
setting retransmission time 41-75
as proxy 43-2
configuring 41-77
overview 41-24
topologies, supported 41-25
using with ACL assignments and redirect URLs 41-20
using with port security 41-19
with Critical Authentication 41-14
with Guest VLANs 41-11
with MAC Authentication Bypass 41-12
with Unidirectional Controlled Port 41-15
with VLAN assignment 41-10
with VLAN User Distribution 41-16
creating 22-7
overview 22-2
command 22-13
command example 22-13
port-channel load-balance command 22-14
configuring 18-15
port description TLV 27-2
and MST 18-23
BPDU filter, configuring 21-9
configuring or enabling 21-15
overview 21-6
and MST 18-23
enabling 21-9
overview 21-9
configuring MST instances 18-32
configuring STP 18-13
blocking 50-1
checking status 7-3
example 13-29
reconfirming 13-26
forwarding, resuming 50-3
REP 20-6
aging 44-5
configuring 44-7
displaying 44-28
guidelines and restrictions 44-33
on access ports 44-7, 44-22
on private VLAN 44-14
host 44-14
promiscuous 44-16
topology 44-15, 44-18, 44-33
on trunk port 44-17
guidelines and restrictions 44-15, 44-18, 44-33
port mode changes 44-22
on voice ports 44-22
sticky learning 44-5
using with 802.1X 41-19
violations 44-6
with 802.1X Authentication 44-32
with DHCP and IP Source Guard 44-31
with other features 44-33
description 18-5
port VLAN ID TLV 27-2
inline 38-5
power dc input command 10-17
powered devices, configuring power consumption 11-5
power handling for Supervisor Engine II-TS 11-12
power inline command 11-3
power inline consumption command 11-5
Catalyst 4500 series 10-5
Catalyst 4500 Switch power supplies 10-12
configuring combined mode 10-11
configuring redundant mode 10-10
overview 10-1
redundancy 10-5
power management for Catalyst 4500 Switch
combined mode 10-7
redundant mode 10-7
power management limitations in Catalyst 4500 Switch 10-8
selecting 10-7
power management TLV 27-2, 27-3, 27-9
through LLDP 27-11
Power-On-Self-Test diagnostics 65-10, 65-14
Power-On-Self-Test for Supervisor Engine V-10GE 65-10
power policing, displaying on an interface 11-14
power redundancy-mode command 10-10
available power for Catalyst 4500 Switch 10-12
fixed 10-6
variable 10-6
pre-authentication open access 41-8
pre-authentication open access. See port-based authentication.
preempt delay time, REP 20-5
primary edge port, REP 20-4
primary VLANs 39-2, 39-4
associating with secondary VLANs 39-16
configuring as a PVLAN 39-15
overriding CoS of incoming frames 38-5
priority queuing, QoS on Sup 6-E 37-29
configure port security 44-14, 44-15
enabling DHCP Snooping 48-12
across multiple switches 39-5
and SVIs 39-10
benefits of 39-2
community ports 39-3
community VLANs 39-2, 39-3
default configuration 39-12
end station access to 39-3
isolated port 39-4
isolated VLANs 39-2, 39-3, 39-4
community 39-3
isolated 39-4
promiscuous 39-4
primary VLANs 39-2, 39-4
promiscuous ports 39-4
secondary VLANs 39-2
subdomains 39-2
traffic in 39-9
privileged EXEC mode 2-5
changing default 3-23
configuring levels 3-23
exiting 3-24
logging in 3-24
configuring PVLAN 39-17
defined 39-4
setting mode 39-24
protocol timers 18-4
provider edge devices 36-2
description 18-25
PVACL 48-19
and 802.1X with voice VLAN ports 41-22
configuring 39-11, 39-17, 39-21
802.1q support 39-14
across multiple switches 39-5
configuration guidelines 39-12
configure port security 44-14, 44-16, 44-18
configure port security in a wireless setting 44-33
configuring 39-11
configuring a VLAN 39-15
configuring promiscuous ports 39-17
configuring a Layer 2 interface 39-18
setting 39-24
overview 39-1
permitting routing, example 39-23
setting 39-24
interface mode 39-24
classification 37-6 to ??
definitions 37-3
enabling per-port per-VLAN 37-34
overview 37-1
overview of per-port per-VLAN 37-10
packet modification 37-9
traffic shaping 37-9
See also COS; DSCP values; transmit queues
tracking queue length 37-9
definition 37-3
description 37-5
Active Queue management via DBL 37-33
active queue management via DBL 37-26, 37-33
classification 37-15
configuring 37-12
configuring CoS mutation 37-44
configuring the policy map marking action 37-22
hardware capabilities for marking 37-22
how to implement policing 37-17
marking action drivers 37-20
marking network traffic 37-17
MQC-based QoS configuration 37-13
multi-attribute marking support 37-21
platform hardware capabilities 37-14
platform restrictions 37-17
platform-supported classification criteria and QoS features 37-13
policing 37-16
policy associations 37-38
prerequisites for applying a service policy 37-14
priority queuing 37-29
queue-limiting 37-30
restrictions for applying a service policy 37-14
shaping 37-24
sharing(bandwidth) 37-26
sharing(blandwidth), shapring, and priority queuing 37-24
software QoS 37-39
traffic marking procedure flowchart 37-20
definition 37-5
described 37-8
attaching to interfaces 37-8
prerequisites 37-14
restrictions for applying 37-14
burst 37-9
maximum rate 37-9
sharing link bandwidth 37-9
queueing 37-8
queue-limiting, QoS on Sup 6-E 37-30
vendor-proprietary 41-103
vendor-specific 41-101
change of authorization 41-86
accounting 41-100
authentication 41-95
authorization 41-99
communication, global 41-93, 41-101
communication, per-server 41-92, 41-93
multiple UDP ports 41-93
default configuration 41-92
defining AAA server groups 41-97
displaying the configuration 41-105
identifying the server 41-92
limiting the services to the user 41-99
method list, defined 41-92
operation of 41-86
server load balancing 41-105
suggested network environments 41-85
tracking services accessed by user 41-100
understanding 41-85
RADIUS, controlling switch access with 41-84
RADIUS Change of Authorization 41-86
configure to-Switch communication 41-31
configuring settings 41-33
parameters on the switch 41-31
configuring 49-36
deployment 49-36
examples 49-36
introduction 49-35
usage guidelines 49-37
range command 6-4
defining 6-10
configuring 6-4
rcommand command 12-13
reachability, tracking IP SLAs IP host 55-9
configuring manual 41-83
enabling periodic 41-72
redirect URLs, port-based authentication 41-20
reduced MAC address 18-2
configuring 8-7
guidelines and restrictions 8-5
changes made through SNMP 8-10
NSF-aware support 9-2
NSF-capable support 9-2
overview 8-2
redundancy command 8-7
understanding synchronization 8-4
redundancy (NSF) 9-1
BGP 9-11
CEF 9-10
EIGRP 9-16
IS-IS 9-13
OSPF 9-12
routing protocols 9-5
route processor redundancy 8-2
synchronization 8-5
redundancy command 9-9
route processor redundancy 8-3
synchronization 8-5
reload command 3-28, 3-29
Remote Authentication Dial-In User Service
remote failure indications 60-34
remote loopback, Ethernet OAM 60-34, 60-37
rendezvous point, configuring 33-16
rendezvous point, configuring single static 33-19
administrative VLAN 20-8
administrative VLAN, configuring 20-9
and STP 20-6
configuration guidelines 20-7
configuring interfaces 20-10
convergence 20-4
default configuration 20-7
manual preemption, configuring 20-13
monitoring 20-14
neighbor offset numbers 20-5
open segment 20-2
ports 20-6
preempt delay time 20-5
primary edge port 20-4
ring segment 20-2
secondary edge port 20-4
segments 20-1
characteristics 20-2
SNMP traps, configuring 20-14
supported interfaces 20-1
triggering VLAN load balancing 20-6
verifying link integrity 20-4
VLAN blocking 20-13
VLAN load balancing 20-4
description 33-8
disabling 24-10
reset command 67-3
resetting an interface to default configuration 6-32
resetting a switch to defaults 3-32
Resilient Ethernet ProtocolLSee REP
described 63-4
enabling 63-7
response time, measuring with IP SLAs 63-4
NTP services 4-8
RADIUS 41-84
TACACS+ 3-15
setting in 802.1X authentication 41-76
changing in 802.1X authentication 41-75
1157, SNMPv1 58-2
1305, NTP 4-2
1757, RMON 64-2
1901, SNMPv2C 58-2
1902 to 1907, SNMPv2 58-2
2273-2275, SNMPv3 58-2
RFC 5176 Compliance 41-87
description 1-16
for IPv6 47-5
default configuration 64-3
displaying status 64-6
enabling alarms and events 64-3
groups supported 64-2
overview 64-1
boot process and 3-26
CLI 2-7
commands 67-2 to 67-3
debug commands 67-5
entering 67-1
exiting 67-6
overview 67-1
configuring 18-9
selecting in MST 18-22
and MST 18-23
enabling 21-2
overview 21-2
ACLs 49-26
route-map (IP) command 35-6
defining 35-6
PBR 35-2
description 1-35, 49-3
using with VLAN maps 49-25
router ACLs, using PACL with VLAN maps 49-32
VPN 36-3
See Unicast RPF
configuration guidelines 54-16
destination ports 54-5
IDS 54-2
monitored ports 54-4
monitoring ports 54-5
received traffic 54-3
creating 54-17
defined 54-3
limiting source traffic to specific VLANs 54-23
monitoring VLANs 54-21
removing source (monitored) ports 54-20
specifying monitored ports 54-17
source ports 54-4
transmitted traffic 54-4
VLAN-based 54-5
compatibility 18-23
description 18-22
port roles 18-24
port states 18-24
defined 40-9
negotiation 40-9
support 40-1
scheduling 37-8
scheduling, IP SLAs operations 63-5
secondary edge port, REP 20-4
secondary root switch 18-12
secondary VLANs 39-2
associating with primary 39-16
permitting routing 39-23
configuring 45-1
Security Association Identifier
selecting a power management mode 10-7
sequence numbers in log messages 56-7
description 62-23
service policy, configure class-level queue-limit 37-30
service-policy input command 29-2
and customer VLANs 25-2
session keys, MKA 40-2
set default interface command 35-6, 35-7
set interface command 35-6
set ip default next-hop command 35-6
set ip next-hop command 35-6
set-request operation 58-4
severity levels, defining in system messages 56-8
shaping, QoS on Sup 6-E 37-24
sharing(bandwidth), QoS on Sup 6-E 37-26
show adjacency command 31-9
show boot command 3-32
show catalyst4000 chassis-mac-address command 18-3
show cdp command 26-2, 26-3
show cdp entry command 26-4
show cdp interface command 26-3
show cdp neighbors command 26-4
show cdp traffic command 26-4
show ciscoview package command 4-41
show ciscoview version command 4-41
show cluster members command 12-13
show configuration command 6-15
show debugging command 26-4
show environment command 10-2
show history command 2-4
show interfaces command 6-20, 6-21, 6-28, 6-30
show interfaces status command 7-3
show ip cef command 31-8
show ip eigrp interfaces command 30-19
show ip eigrp neighbors command 30-19
show ip eigrp topology command 30-19
show ip eigrp traffic command 30-19
show ip interface command 33-22
show ip local policy command 35-7
show ip mroute command 33-22
show ip pim interface command 33-22
show l2protocol command 25-18
show lldp traffic command 27-15
show mac-address-table address command 7-4
show mac-address-table interface command 7-4
show mls entry command 31-8
show module command 7-2, 18-6
show PoE consumed 11-8
show power inline command 11-6
show power supplies command 10-11
show protocols command 6-28
adding description for an interface 6-15
checking your settings 3-9
displaying ACLs 49-19, 49-21, 49-30, 49-31
show startup-config command 3-10
show users command 7-7
show version command 3-29
shutdown, command 6-29
shutdown threshold for Layer 2 protocol packets 25-16
interfaces 6-29
Simple Network Management Protocol
single-host mode 41-7
single static RP, configuring 33-19
slot numbers, description 6-2
smart call home 62-1
description 62-2
destination profile (note) 62-5
registration requirements 62-3
service contract requirements 62-3
Transport Gateway (TG) aggregation point 62-2
smart call home registration 62-3
applying global parameter values 16-8, 16-15
applying macros 16-8
applying parameter values 16-9
configuration guidelines 16-6, 16-14
configuring 16-2
creating 16-8
default configuration 16-4, 16-13
defined 1-8, 16-1
displaying 16-13
tracing 16-7, 16-14
accessing MIB variables with 58-4
described 58-4
disabling 58-7
and IP SLAs 63-2
authentication level 58-10
configuring 58-7
overview 58-4
configuration examples 58-15
configuration guidelines 58-6
default configuration 58-5
enabling 68-4, 68-5
engine ID 58-6
groups 58-6, 58-9
host 58-6
and trap keyword 58-11
described 58-5
differences from traps 58-5
enabling 58-14
limiting access by TFTP servers 58-15
limiting system log messages to NMS 56-9
manager functions 58-3
notifications 58-5
overview 58-1, 58-4
status, displaying 58-16
system contact and location 58-14
trap manager, configuring 58-13
described 58-3, 58-5
differences from informs 58-5
enabling 58-11
enabling MAC address notification 4-24
enabling MAC move notification 4-26
enabling MAC threshold notification 4-28
overview 58-1, 58-4
types of 58-11
users 58-6, 58-9
versions supported 58-2
SNMP commands 68-4
REP 20-14
SNMPv1 58-2
SNMPv2C 58-2
SNMPv3 58-2
upgrading 8-12
software configuration register 3-26
software QoS, on Sup 6-E 37-39
description 31-5
interfaces 31-6
key data structures used 33-7
call home event format 62-22
and ACLs 54-5
configuration guidelines 54-7
configuring 54-7 to 54-10
destination ports 54-5
IDS 54-2
monitored port, defined 54-4
monitoring port, defined 54-5
received traffic 54-3
defined 54-3
source ports 54-4
transmitted traffic 54-4
VLAN-based 54-5
concepts and terminology 54-3
default configuration 54-6
displaying status 54-24
overview 54-1
session limits 54-6
access list filtering 54-13
configuration example 54-15
CPU port sniffing 54-10
encapsulation configuration 54-12
ingress packets 54-12
packet type filtering 54-14
spanning-tree backbonefast command 21-16
spanning-tree cost command 18-15
spanning-tree guard root command 21-2
spanning-tree portfast bpdu-guard command 21-8
spanning-tree portfast command 21-7
spanning-tree port-priority command 18-13
spanning-tree uplinkfast command 21-12
command 18-9
command example 18-9
spanning-tree vlan command 18-8
spanning-tree vlan cost command 18-16
spanning-tree vlan forward-time command 18-19
spanning-tree vlan hello-time command 18-18
spanning-tree vlan max-age command 18-18
spanning-tree vlan port-priority command 18-13
spanning-tree vlan priority command 18-17
spanning-tree vlan root primary command 18-10
spanning-tree vlan root secondary command 18-12
configuring interface 6-12
speed command 6-13
configuring 9-9
SSO operation 9-3
description 18-22
interoperability 18-24
static ACL, removing the requirement 49-28
configuring 3-11
verifying 3-12
802.1X 43-14
displaying 802.1X 41-105
displaying PIM 33-26
LLDP 27-14
LLDP-MED 27-14
MKA 40-5
SNMP input and output 58-16
configuration file 44-6
defined 44-5
disabling 44-6
enabling 44-5
saving addresses 44-6
configuring 44-7
defined 44-4
storing captured packets to a.pcap file, Wireshark 53-4
displaying 51-6
enabling Broadcast 51-3
enabling Multicast 51-4
hardware-based, implementing 51-2
overview 51-1
software-based, implementing 51-2
and REP 20-6
bridge ID 18-2
configuring 18-7 to 18-20
creating topology 18-4
defaults 18-7
disabling 18-20
enabling 18-8
enabling extended system ID 18-9
enabling Per-VLAN Rapid Spanning Tree 18-20
disabling 21-6
forward-delay time 18-19
hello time 18-17
Layer 2 protocol tunneling 25-13
maximum aging time 18-18
overview 18-1, 18-3
per-VLAN rapid spanning tree 18-6
port cost 18-15
port priority 18-13
root bridge 18-9
stratum, NTP 4-2
benefits 30-17
configuration tasks 30-17
configuring 30-13
overview 30-13
restrictions 30-17
verifying 30-18
subdomains, private VLAN 39-2
summer time 4-13
accessing the redundant 8-13
configuring 3-8 to 3-13
copying files to standby 8-13
default configuration 3-1
default gateways 3-11
environmental monitoring 10-1
redundancy 9-1
ROM monitor 3-26
startup configuration 3-25
static routes 3-11
synchronizing configurations 8-10
insufficient inline power handling 10-18, 11-12
See also Auto Smartports macros
understanding 30-3
configuring 30-7
S-VLAN 1-2, 25-7
switch 47-2
switch access with RADIUS, controlling 41-84
and ACLs 49-25
show interfaces 6-20, 6-21, 6-30
switchport access vlan command 15-5, 15-7
switchport block multicast command 50-2
switchport block unicast command 50-2
switchport mode access command 15-7
switchport mode dot1q-tunnel command 25-6
switchport mode dynamic command 15-5
switchport mode trunk command 15-5
switchport trunk allowed vlan command 15-5
switchport trunk encapsulation command 15-5
switchport trunk native vlan command 15-5
switchport trunk pruning vlan command 15-6
switch-to-RADIUS server communication
configuring 41-31
sysret command 67-5
reviewing configuration 3-10
settings at startup 3-27
overview 10-4
system and network statistics, displaying 33-22
system capabilities TLV 27-2
daylight saving time 4-13
manually 4-11
summer time 4-13
time zones 4-12
displaying the time and date 4-12
overview 4-2
system description TLV 27-2
loading from Flash memory 3-31
modifying boot field 3-27
specifying 3-30
default configuration 56-3
defining error message severity levels 56-8
disabling 56-4
displaying the configuration 56-12
enabling 56-4
facility keywords, described 56-12
level keywords, described 56-9
limiting messages 56-9
message format 56-2
overview 56-1
sequence numbers, enabling and disabling 56-7
setting the display destination device 56-5
synchronizing log messages 56-6
timestamps, enabling and disabling 56-7
configuring the daemon 56-10
configuring the logging facility 56-11
facilities supported 56-12
802.1Q tunneling 25-5
maximums 25-5
manual configuration 4-15
system name TLV 27-2
system prompt, default setting 4-14
TACACS+ 45-1
accounting, defined 3-16
authentication, defined 3-16
authorization, defined 3-16
accounting 3-21
authentication key 3-18
authorization 3-21
login authentication 3-19
default configuration 3-18
displaying the configuration 3-22
identifying the server 3-18
limiting the services to the user 3-21
operation of 3-17
overview 3-15
tracking services accessed by user 3-21
802.1Q 25-3
Layer 2 protocol 25-13
TCAM programming and ACLs 49-7
for Sup II-Plust thru V-10GE 49-6
TCAM programming and ACLs for Sup 6-E 49-9
checking cable connectivity 7-4
enabling and disabling test 7-4
guidelines 7-4
accessing CLI 2-2
disconnecting user sessions 7-8
executing 7-6
monitoring user sessions 7-7
telnet command 7-7
templates, Ethernet OAM 60-44
Terminal Access Controller Access Control System Plus
configuration files in base directory 3-5
configuring for autoconfiguration 3-4
limiting access by servers 58-15
threshold monitoring, IP SLAs 63-6
time exceeded messages 7-10
timestamps in log messages 56-7
time zones 4-12
host presence detection 41-8
defined 1-6, 27-2
LLDP-MED 27-2
media not supported (note) 13-5, 13-10
Topology change notification processing
Topology change notification processing 24-4
description 37-4
trace command 7-10
traceroute mac command 7-12
traceroute mac ip command 7-12
configuring 55-3
types 55-3
by Boolean expression 55-4
by threshold percentage 55-6
by threshold weight 55-5
tracking interface line-protocol state 55-2
tracking IP routing state 55-2
tracking objects 55-1
tracking process 55-1
track state, tracking IP SLAs 55-9
blocking flooded 50-2
using ACLs (figure) 49-4
using VLAN maps (figure) 49-5
traffic marking procedure flowchart 37-20
traffic shaping 37-9
translational bridge numbers (defaults) 13-5
configuring MAC address notification 4-24
configuring MAC move notification 4-26
configuring MAC threshold notification 4-28
configuring managers 58-11
defined 58-3
enabling 4-24, 4-26, 4-28, 58-11
notification types 58-11
overview 58-1, 58-4
with CiscoWorks 58-4
with system message logging 56-1
with traceroute 7-9
troubleshooting high CPU due to ACLs 49-6
configure port security 44-17
configuring PVLAN 39-19 to 39-21
802.1Q restrictions 15-4
configuring 15-5
configuring access VLANs 15-5
configuring allowed VLANs 15-5
default interface configuration 15-5
enabling to non-DTP device 15-3
specifying native VLAN 15-5
understanding 15-3
trustpoint 62-3
defined 25-1
802.1Q, configuring 25-6
described 25-2
incompatibilities with other features 25-5
configuring probe message interval per-interface 28-8
default configuration 28-4
disabling on fiber-optic interfaces 28-7
disabling on non-fiber-optic interfaces 28-7
displaying link status 28-8
enabling globally 28-5
enabling per-interface 28-6
modes of operation 28-3
resetting disabled LAN interfaces 28-8
use case 28-2
UDLD, overview 28-1
UDP jitter, configuring 63-9
UDP jitter operation, IP SLAs 63-8
unauthorized ports with 802.1X 41-5
configuring 50-1
and adding static addresses 4-31
and broadcast MAC addresses 4-30
and CPU packets 4-30
and multicast addresses 4-30
and router MAC addresses 4-30
configuration guidelines 4-30
described 4-30
unicast MAC address filtering, configuring
configuring unicast MAC address filtering 49-13
Unicast RPF (Unicast Reverse Path Forwarding)
applying 32-5
caution 32-5
requirement 32-2
tables 32-7
configuring 32-9
(examples) ?? to 32-12
BOOTP 32-8
DHCP 32-8
enterprise network (figure) 32-6
prerequisites 32-9
routing table requirements 32-7
tasks 32-9
verifying 32-10
deploying 32-5
description 1-19, 32-2
disabling 32-11
enterprise network (figure) 32-6
FIB 32-2
implementing 32-4
packets, dropping (figure) 32-4
prerequisites 32-9
basic 32-8
routing asymmetry 32-7
routing asymmetry (figure) 32-8
routing table requirements 32-7
applying 32-5
attacks, mitigating 32-5
deploying 32-5
tunneling 32-5
source addresses, validating 32-3
(figure) 32-3, 32-4
failure 32-3
traffic filtering 32-5
tunneling 32-5
failure 32-3, 32-4
packets, dropping 32-3
source addresses 32-3
verifying 32-10
blocking 50-2
Unidirectional Controlled Port, configuring 802.1X 41-60
enabling 29-2
example of setting 29-2
overview 29-1
UniDirectional Link Detection Protocol
Universal PoE, configuring 11-16
daemon configuration 56-10
facilities supported 56-12
message logging configuration 56-11
and MST 18-23
enabling 21-15
MST and 18-23
overview 21-11
usage examples, Wireshark 53-17
configuring, 802.1X-based 17-8
configuring, MAC address-based 17-9
User-defined triggers and built-in macros, configuring mapping 17-9
user EXEC mode 2-5
disconnecting 7-8
monitoring 7-7
Layer 4 port operations 49-10
virtual configuration register 67-3
virtual ports, MKA 40-3
Virtual Switch System(VSS), displaying EtherChannel to 22-16
VLAN blocking, REP 20-13
vlan command 13-6
vlan dot1q tag native command 25-4
service provider 25-9
VLAN ID, discovering 4-37
REP 20-4
VLAN load balancing, triggering 20-6
VLAN load balancing on flex links 19-2
configuration guidelines 19-6
1-to-1 25-8
1-to-1, configuring 25-11
configuration guidelines 25-10
configuring 25-11
configuring on a trunk port 25-11
default 25-9
described 1-2, 25-7
selective QinQ 25-8
selective Q-in-Q, configuring 25-12
traditional QinQ 25-8
traditional Q-in-Q, configuring 25-12
types of 25-8
applying to a VLAN 49-21
configuration example 49-22
configuration guidelines 49-18
configuring 49-17
creating and deleting entries 49-19
defined 1-35
denying access example 49-23
denying packets 49-19
displaying 49-24
order of entries 49-18
permitting packets 49-19
router ACLs and 49-25
using (figure) 49-5
using in your network 49-22
VLAN maps, PACL and Router ACLs 49-32
allowed on trunk 15-5
configuration guidelines 13-3
configuring 13-5
configuring as Layer 3 interfaces 30-7
customer numbering in service-provider networks 25-3
default configuration 13-4
description 1-9
extended range 13-3
IDs (default) 13-5
interface assignment 13-7
limiting source traffic with RSPAN 54-23
monitoring with RSPAN 54-21
name (default) 13-5
normal range 13-3
overview 13-1
reserved range 13-3
overview 15-3
VLAN User Distribution, configuring 802.1X 41-61
configuration file example 13-32
configuring dynamic access ports on client 13-25
configuring retry interval 13-27
database configuration file 13-32
example 13-29
reconfirming 13-26
reconfirming assignments 13-26
reconfirming membership interval 13-26
server overview 13-21
administering and monitoring 13-28
configure reconfirmation interval 13-26
dynamic ports 13-25
entering IP VMPS address 13-24
reconfirmation interval 13-27
reconfirm VLAM membership 13-26
default configuration 13-24
dynamic VLAN membership overview 13-23
troubleshooting dynamic port VLAN membership 13-29
fall-back VLAN 13-23
illegal VMPS client requests 13-23
overview 13-21
multiple 13-22
open 13-22
secure 13-22
configuring 38-1
configuring 38-1
configuring VVID 38-3
voice traffic 11-2, 38-5
IP phone data traffic, described 38-2
IP phone voice traffic, described 38-2
Voice VLAN, configure 802.1X 41-65
using 802.1X 41-22
configuring routing in 36-12
forwarding 36-3
in service provider networks 36-1
routes 36-2
defining 36-3
tables 36-1
ARP 36-6, 36-9
configuring 36-5
ftp 36-8
ping 36-6
SNMP 36-7
syslog 36-8
tftp 36-8
traceroute 36-8
uRPF 36-7
description 1-19
client, configuring 13-16
configuration guidelines 13-12
default configuration 13-13
disabling 13-16
Layer 2 protocol tunneling 25-14
monitoring 13-19
overview 13-8
configuring 13-15
server, configuring 13-16
statistics 13-19
transparent mode, configuring 13-16
enabling 13-15
description 13-9
description 13-8
VTP modes 13-9
overview 13-11
overview 13-9
VTY and Network Assistant 12-12
and 802.1X authentication 41-22
configuring 38-3
configuration examples 66-10
configuring on a router 66-2, 66-11
features 66-4
restrictions 66-5
service groups 66-6
authentication proxy web pages 43-4
description 1-37, 41-14, 43-1
web-based authentication, interactions with other features 43-4
Web Cache Communication Protocol
See WCCP 66-1
description 66-4
web scaling 66-1
weight thresholds in tracked lists 55-5
activating and deactivating, capture points, conceptual 53-5
attachment points 53-2
capture filter 53-3
capture points 53-2
core system filter 53-3
decoding and displaying packets 53-5
display filter 53-3
feature interactions 53-6
filters 53-2
storing captured packets to a.pcap filter 53-4
usage examples 53-17
Wireshark, about 53-1
Wireshark, activating and deactivating a capture point 53-10
Wireshark, defining/modifying/deleting a capture point 53-8
Wireshark, displaying information 53-13
default configuration 60-29
described 60-27
Ethernet Alarm Signal function (ETH-AIS)
ETH-RDI 60-28
multicast Ethernet loopback 60-31
multicast ETH-LB 60-29
terminology 60-27
Feedback