Main
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Organization
Page
Page
Conventions
Related Documentation
Hardware Documents
Software Documentation
Cisco IOS Documentation
Commands in Task Tables
Notices
OpenSSL/Open SSL Project
License Issues
Page
Obtaining Documentation and Submitting a Service Request
Page
Product Overview
Layer 2 Software Features
802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
Auto SmartPort Macros
Cisco Discovery Protocol
Cisco Group Management Protocol (CGMP) server
EtherChannel Bundles
Ethernet CFM
Ethernet OAM Protocol
Flex Links and MAC Address-Table Move Update
Internet Group Management Protocol (IGMP) Snooping
IPv6 Multicast Listen Discovery (MLD) and Multicast Listen Discovery snooping
Jumbo Frames
Link Aggregation Control Protocol
Link Layer Discovery Protocol
Link State Tracking
Location Service
Multiple Spanning Tree
Per-VLAN Rapid Spanning Tree
Quality of Service
Resilient Ethernet Protocol
SmartPort Macros
Spanning Tree Protocol
Stateful Switchover
SVI Autostate
User-Based Rate Limiting
Unidirectional Ethernet
Unidirectional Link Detection
VLANs
Virtual Switch System Client
Y.1731 (AIS and RDI)
Layer 3 Software Features
Cisco Express Forwarding
EIGRP Stub Routing
Enhanced Object Tracking
GLBP
HSRP
SSO Aware HSRP
IP Routing Protocols
BGP
BGP Route-Map Continue
EIGRP
IS-IS
OSPF
RIP
In Service Software Upgrade
IPv6
Multicast Services
Page
NSF with SSO
OSPF for Routed Access
Policy-Based Routing
Unidirectional Link Routing
VRF-lite
Management Features
Cisco Call Home
Cisco Energy Wise
Cisco IOS IP Service Level Agreements
Cisco Network Assistant
Dynamic Host Control Protocol
Embedded CiscoView
Embedded Event Manager
Ethernet Management Port
FAT File Management System on Supervisor Engine 6-E and 6L-E
Forced 10/100 Autonegotiation
Intelligent Power Management
MAC Address Notification
NetFlow-lite
Secure Shell
Simple Network Management Protocol
SPAN and RSPAN
Web Content Coordination Protocol
Security Features
802.1X Identity-Based Network Security
Cisco TrustSec SGT Exchange Protocol (SXP) IPv4
Dynamic ARP Inspection
Dynamic Host Configuration Protocol Snooping
Flood Blocking
Hardware-Based Control Plane Policing
IP Source Guard for Static Hosts
IP Source Guard
Local Authentication, RADIUS, and TACACS+ Authentication
Network Admission Control
Network Security with ACLs
Port Security
PPPoE Intermediate Agent
Storm Control
uRPF Strict Mode
Utilities
Layer 2 Traceroute
Time Domain Reflectometry
Debugging Features
Web-based Authentication
Command-Line Interfaces
Accessing the Switch CLI
Accessing the CLI Using the EIA/TIA-232 Console Interface
Accessing the CLI Through Telnet
Performing Command-Line Processing
Performing History Substitution
About Cisco IOS Command Modes
Getting a List of Commands and Syntax
Virtual Console for Standby Supervisor Engine
ROMMON Command-Line Interface
Archiving Crashfiles Information
Displaying a Crash Dump
2-9
2-10
2-11
151A3B48: 1586D760 10C7FE38 10C7F17C 1586FF98 10C7FE38 10C7F17C
2-12
2-13
2-14
2-15
2-16
2-17
2-18
2-19
Page
Configuring the Switch for the First Time
Default Switch Configuration
Configuring DHCP-Based Autoconfiguration
About DHCP-Based Autoconfiguration
DHCP Client Request Process
Configuring the DHCP Server
Configuring the TFTP Server
Configuring the DNS Server
Configuring the Relay Device
Obtaining Configuration Files
Example Configuration
Configuring the Switch
Using Configuration Mode to Configure Your Switch
Verifying the Running Configuration Settings
3-10
Saving the Running Configuration Settings to Your Start-Up File
Reviewing the Configuration in NVRAM
!
Configuring a Default Gateway
Configuring a Static Route
Page
Controlling Access to Privileged EXEC Commands
Setting or Changing a Static enable Password
Using the enable password and enable secret Commands
Setting or Changing a Privileged Password
Controlling Switch Access with TACACS+
Understanding TACACS+
Page
TACACS+ Operation
Configuring TACACS+
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key
Configuring TACACS+ Login Authentication
Page
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Displaying the TACACS+ Configuration
Encrypting Passwords
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Changing the Default Privilege Level for Lines
Logging In to a Privilege Level
Exiting a Privilege Level
Displaying the Password, Access Level, and Privilege Level Configuration
Recovering a Lost Enable Password
Modifying the Supervisor Engine Startup Configuration
Understanding the Supervisor Engine Boot Configuration
Understanding the ROM Monitor
Configuring the Software Configuration Register
Modifying the Boot Field and Using the boot Command
Modifying the Boot Field
Verifying the Configuration Register Setting
Specifying the Startup System Image
Flash Memory Features
Security Precautions
Configuring Flash Memory
Controlling Environment Variables
Resetting a Switch to Factory Default Settings
Page
Page
Administering the Switch
Managing the System Time and Date
System Clock
Understanding Network Time Protocol
Configuring NTP
Default NTP Configuration
Configuring NTP Authentication
Page
Configuring NTP Associations
Configuring NTP Broadcast Service
Configuring NTP Access Restrictions
Creating an Access Group and Assigning a Basic IP Access List
Disabling NTP Services on a Specific Interface
Configuring the Source IP Address for NTP Packets
Displaying the NTP Configuration
Configuring Time and Date Manually
Setting the System Clock
Displaying the Time and Date Configuration
Configuring the Time Zone
Configuring Summer Time (Daylight Saving Time)
Configuring a System Name and Prompt
Configuring a System Name
Understanding DNS
Default DNS Configuration
Setting Up DNS
Displaying the DNS Configuration
Creating a Banner
Default Banner Configuration
Configuring a Message-of-the-Day Login Banner
Configuring a Login Banner
Managing the MAC Address Table
Building the Address Table
MAC Addresses and VLANs
Default MAC Address Table Configuration
Changing the Address Aging Time
Removing Dynamic Address Entries
Configuring MAC Change Notification Traps
Page
4-24
Configuring MAC Move Notification Traps
Page
Configuring MAC Threshold Notification Traps
Adding and Removing Static Address Entries
Configuring Unicast MAC Address Filtering
Page
Disabling MAC Address Learning on a VLAN
Configuring Disable MAC Address Learning
Deployment Scenarios
Metro (Point to Point Links)
4-32
Network Load Balancers
Layer 2 Firewall or Cache
Feature Compatibility
Feature Incompatibility
Partial Feature Incompatibility
Displaying Address Table Entries
Managing the ARP Table
Configuring Embedded CiscoView Support
Understanding Embedded CiscoView
Installing and Configuring Embedded CiscoView
4-37
The following example shows how to install and configure Embedded CiscoView on your switch:
4-38
Displaying Embedded CiscoView Information
Page
Configuring the Cisco IOS In-Service Software Upgrade Process
Prerequisites to Performing ISSU
About ISSU
Stateful Switchover Overview
Page
NSF Overview
ISSU Process Overview
5-7
5-8
supervisor engines when they are running two different versions of Cisco IOS image.
5-9
Page
Performing an ISSU Upgrade: 2 Methods
Changeversion Process
Changeversion: Quick Option
Scheduled Changeversion: in and at Options
Changeversion Deployment Scenario
Aborting an In-Progress Changeversion Procedure
Guidelines for Performing ISSU
Versioning Capability in Cisco IOS Software to Support ISSU
Compatibility Matrix
SNMP Support for ISSU
Compatibility Verification Using Cisco Feature Navigator
Performing the ISSU Process
Verifying the ISSU Software Installation
Verifying Redundancy Mode Before Beginning the ISSU Process
5-17
Verifying the ISSU State Before Beginning the ISSU Process
Loading New Cisco IOS Software on the Standby Supervisor Engine
Page
5-20
The following example shows how the forced option places the system in RPR mode:
Switching to the Standby Supervisor Engine
5-22
engine is running the old version of software and is in the standby hot state.
Stopping the ISSU Rollback Timer (Optional)
Loading New Cisco IOS Software on the New Standby Supervisor Engine
5-25
Using changeversion to Automate an ISSU Upgrade
Page
5-28
Note Standby reloads with target image.
5-29
Note Switchover occurs.
Look at the console of "new" ACTIVE supervisor engine.
Note The new" STANDBY reloads with target image; changeversion is successful upon SSO
terminal state is reached.
5-30
5-31
Aborting a Software Upgrade During ISSU
traffic might be disrupted.
Configuring the Rollback Timer to Safeguard Against Upgrade Issues
Page
Displaying ISSU Compatibility Matrix Information
5-35
5-36
Page
Page
Page
Page
Configuring Interfaces
About Interface Configuration
Using the interface Command
6-3
Configuring a Range of Interfaces
Page
Using the Ethernet Management Port
Understanding the Ethernet Management Port
Fa1 Interface and mgmtVrf
Ping
TraceRoute
Telnet
TFTP
FTP
Supported Features on the Ethernet Management Port
Configuring the Ethernet Management Port
Defining and Using Interface-Range Macros
Deploying SFP+ in X2 Ports
Deploying 10-Gigabit Ethernet and Gigabit Ethernet SFP Ports on Supervisor Engine V-10GE
Port Numbering TwinGig Convertors
Limitations on Using a TwinGig Convertor
Selecting X2/TwinGig Convertor Mode
Page
Invoking Shared-Backplane Uplink Mode on Supervisor Engine 6-E
Digital Optical Monitoring Transceiver Support
Configuring Optional Interface Features
Configuring Ethernet Interface Speed and Duplex Mode
Speed and Duplex Mode Configuration Guidelines
Setting the Interface Speed
Setting the Interface Duplex Mode
Displaying the Interface Speed and Duplex Mode Configuration
Adding a Description for an Interface
Configuring Flow Control
Page
6-22
Configuring Jumbo Frame Support
Ports and Modules That Support Jumbo Frames
Jumbo Frame Support
Maximum Transmission Units
Jumbo Frame Support Overview
Ethernet Ports
VLAN Interfaces
Configuring MTU Sizes
Interacting with Baby Giants
Configuring the Port Debounce Timer
Configuring Auto-MDIX on a Port
Page
Displaying the Interface Auto-MDIX Configuration
Understanding Online Insertion and Removal
Monitoring and Maintaining the Interface
Monitoring Interface and Controller Status
Clearing and Resetting the Interface
Shutting Down and Restarting an Interface
Configuring Interface Link Status and Trunk Status Events
Configuring Link Status Event Notification for an Interface
Global Settings
Configuring a Switch Global Link Status Logging Event
6-34
Resetting the Interface to the Default Configuration
Page
Page
Checking Port Status and Connectivity
Checking Module Status
Checking Interfaces Status
Displaying MAC Addresses
Checking Cable Status Using Time Domain Reflectometer
Running the TDR Test
TDR Guidelines
Using Telnet
Changing the Logout Timer
Monitoring User Sessions
Using Ping
Understanding How Ping Works
Running Ping
Using IP Traceroute
Understanding How IP Traceroute Works
Running IP Traceroute
Using Layer 2 Traceroute
Layer 2 Traceroute Usage Guidelines
Running Layer 2 Traceroute
Configuring ICMP
Enabling ICMP Protocol Unreachable Messages
Enabling ICMP Redirect Messages
Enabling ICMP Mask Reply Messages
Page
Configuring Supervisor Engine Redundancy Using RPR and SSO
About Supervisor Engine Redundancy
RPR Operation
SSO Operation
About Supervisor Engine Redundancy Synchronization
RPR Supervisor Engine Configuration Synchronization
SSO Supervisor Engine Configuration Synchronization
Supervisor Engine Redundancy Guidelines and Restrictions
Page
Page
Configuring Supervisor Engine Redundancy
Configuring Redundancy
8-9
This example shows how to display redundancy facility state information:
Virtual Console for Standby Supervisor Engine
Synchronizing the Supervisor Engine Configurations
Page
Performing a Manual Switchover
Performing a Software Upgrade
Page
Manipulating Bootflash on the Redundant Supervisor Engine
Page
Configuring Cisco NSF with SSO Supervisor Engine Redundancy
About NSF with SSO Supervisor Engine Redundancy
About Cisco IOS NSF-Aware and NSF-Capable Support
Page
NSF with SSO Supervisor Engine Redundancy Overview
SSO Operation
NSF Operation
Cisco Express Forwarding
Routing Protocols
BGP Operation
OSPF Operation
IS-IS Operation
IETF IS-IS Configuration
Cisco IS-IS Configuration
EIGRP Operation
NSF Guidelines and Restrictions
Configuring NSF with SSO Supervisor Engine Redundancy
Configuring SSO
9-11
Configuring CEF NSF
Verifying CEF NSF
To verify that CEF is NSF-capable, enter the show cef state command:
Configuring BGP NSF
Verifying BGP NSF
Configuring OSPF NSF
Verifying OSPF NSF
Configuring IS-IS NSF
Verifying IS-IS NSF
9-16
Configuring EIGRP NSF
Verifying EIGRP NSF
Page
Environmental Monitoring and Power Management
About Environmental Monitoring
Using CLI Commands to Monitor your Environment
Displaying Environment Conditions
Conditions on Supervisor Engines II-Plus to V-10GE
Conditions on Supervisor Engine 6-E and Supervisor Engine 6L-E
Emergency Actions
System Alarms
Page
Power Management
Power Management for the Catalyst 4500 Series Switches
Supported Power Supplies
Power Management Modes for the Catalyst 4500 Switch
Selecting a Power Management Mode
Power Management Limitations in Catalyst 4500 Series Switches
Limitation 1
Limitation 2
Configuring Redundant Mode on a Catalyst 4500 Series Switch
Configuring Combined Mode on a Catalyst 4500 Series Switch
Available Power for Catalyst 4500 Series Switches Power Supplies
Special Considerations for the 4200 W AC and 6000 W AC Power Supplies
Page
Combined Mode Power Resiliency
Page
Special Considerations for the 1400 W DC Power Supply
Configuring the DC Input for a Power Supply
Special Considerations for the 1400 W DC SP Triple Input Power Supply
Insufficient Inline Power Handling for Supervisor Engine II-TS
10-20
Powering Down a Module
Power Management for the Catalyst 4948 Switches
Power Management Modes for the Catalyst 4948 Switch
IEEE 802.3az Energy Efficient Ethernet
Determining EEE Capability
Enabling EEE
Determining EEE Status
Page
Configuring Power over Ethernet
About Power over Ethernet
Hardware Requirements
Power Management Modes
Intelligent Power Management
Configuring Power Consumption for Powered Devices on an Interface
Displaying the Operational Status for an Interface
11-7
This example shows how to display the operational status for Fast Ethernet interface 4/1:
Displaying all PoE Detection and Removal Events
Displaying the PoE Consumed by a Module
11-9
11-10
11-11
PoE Policing and Monitoring
PoE Policing Modes
Configuring Power Policing on an Interface
Displaying Power Policing on an Interface
Configuring Errdisable Recovery
Enhanced Power PoE Support on the E-Series Chassis
Page
Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
About Network Assistant
Community Overview
Clustering Overview
Network Assistant-Related Parameters and Their Defaults
Network Assistant CLI Commands
Configuring Your Switch for Network Assistant
(Minimum) Required Configuration
(Additional) Configuration Required to Use Community
(Additional) Configuration Required to Use Clustering
Managing a Network Using Community
Candidate and Member Requirements
Automatic Discovery of Candidates and Members
Community Names
Hostnames
Passwords
Communication Protocols
Access Modes in Network Assistant
Community Information
Adding Devices
Converting a Cluster into a Community
Managing a Network Using Cluster
Understanding Switch Clusters
Cluster Command Switch Requirements
Network Assistant and VTY
Candidate Switch and Cluster Member Switch Requirements
Using the CLI to Manage Switch Clusters
Configuring Network Assistant in Community or Cluster Mode
Configuring Network Assistant on a Networked Switch in Community Mode
Page
12-15
This example shows how to configure Network Assistant on a networked switch in community mode:
Step 27 Step 28
12-16
12-17
Configuring Network Assistant in a Networked Switch in Cluster Mode
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6
Page
12-19
12-20
Configuring VLANs, VTP, and VMPS
VLANs
About VLANs
Page
VLAN Configuration Guidelines and Restrictions
VLAN Ranges
Configurable Normal-Range VLAN Parameters
VLAN Default Configuration
Configuring VLANs
Configuring VLANs in Global Configuration Mode
Assigning a Layer 2 LAN Interface to a VLAN
VLAN Trunking Protocol
About VTP
Understanding the VTP Domain
Understanding VTP Modes
Understanding VTP Advertisements
Understanding VTP Versions
VTP Version 2
VTP Version 3
Understanding VTP Pruning
VTP Configuration Guidelines and Restrictions
VTP Default Configuration
Configuring VTP
Configuring VTP Global Parameters
Configuring a VTP Password
Enabling VTP Pruning
Enabling the VTP Version Number
Configuring the VTP Mode
13-17
This example shows how to configure the switch as a VTP client:
This example shows how to disable VTP on the switch:
This example shows how to disable VTP on the switch and to disable VTP advertisement forwarding:
13-18
Starting a Takeover
Displaying VTP Statistics
Displaying VTP Devices in a Domain
VLAN Membership Policy Server
About VMPS
Understanding the VMPS Server
Security Modes for VMPS Server
Open Mode
Secure Mode
Multiple Mode
Fallback VLAN
Overview of VMPS Clients
Understanding Dynamic VLAN Membership
Default VMPS Client Configuration
Configuring a Switch as a VMPS Client
Configuring the IP Address of the VMPS Server
Configuring Dynamic Access Ports on a VMPS Client
Voice Ports
Reconfirming VLAN Memberships
Configuring Reconfirmation Interval
Configuring the Retry Interval
Administering and Monitoring the VMPS
Troubleshooting Dynamic Port VLAN Membership
Dynamic Port VLAN Membership Configuration Example
13-30
Page
VMPS Database Configuration File Example
13-33
Page
Configuring IP Unnumbered Interface
About IP Unnumbered Interface Support
IP Unnumbered Interface Support with DHCP Server and Relay Agent
DHCP Option 82
IP Unnumbered Interface with Connected Host Polling
IP Unnumbered Configuration Guidelines and Restrictions
Configuring IP Unnumbered Interface Support with DHCP Server
Configuring IP Unnumbered Interface Support on LAN and VLAN Interfaces
Configuring IP Unnumbered Interface Support on a Range of Ethernet VLANs
Configuring IP Unnumbered Interface Support with Connected Host Polling
Displaying IP Unnumbered Interface Settings
Troubleshooting IP Unnumbered Interface
Page
Configuring Layer 2 Ethernet Interfaces
About Layer 2 Ethernet Switching
Layer 2 Ethernet Switching
Switching Frames Between Segments
Building the MAC Address Table
VLAN Trunks
Encapsulation Types
Layer 2 Interface Modes
Default Layer 2 Ethernet Interface Configuration
Layer 2 Interface Configuration Guidelines and Restrictions
Configuring Ethernet Interfaces for Layer 2 Switching
Configuring an Ethernet Interface as a Layer 2 Trunk
Page
Configuring an Interface as a Layer 2 Access Port
15-9
This example shows how to configure the Fast Ethernet interface 5/6 as an access port in VLAN 200:
Step 2
To clear the Layer 2 configuration on an interface, perform this task:
Clearing Layer 2 Configuration
Step 8
Displays the switch port configuration of the interface.
Step 9
Step 1
Page
Configuring Auto SmartPort Macros
About Auto SmartPorts
Configuring Auto SmartPorts
Enabling Auto SmartPorts
Auto SmartPorts Default Configuration
Auto SmartPorts Configuration Guidelines
Page
Configuring Auto SmartPorts Built-in Macro Parameters
Configuring User-Defined Event Triggers
802.1X-Based Event Trigger
MAC Address-Based Event Trigger
Configuring Mapping Between User-Defined Triggers and Built-in Macros
Configuring Auto SmartPorts User-Defined Macros
Page
Page
Page
Displaying Auto SmartPorts
17-14
Configuring SmartPort Macros
About SmartPort Macros and Static SmartPort
Configuring SmartPort Macros
Passing Parameters Through the Macro
Macro Parameter Help
Default SmartPort Macro Configuration
cisco-global
cisco-desktop
16-5
cisco-phone
This is the example for the cisco-phone macro:
cisco-router
This is the example for the cisco-router macro:
cisco-switch
SmartPort Macro Configuration Guidelines
Page
Creating SmartPort Macros
Applying SmartPort Macros
cisco-global
16-11
cisco-desktop
Note This macro requires the $AVID keyword, which is the access VLAN of the port.
cisco-phone
Note This macro requires the $AVID and $VVID keywords, which are the access and voice VLANs of the
port.
cisco-switch
Note This macro requires the $NVID keyword, which is the native VLANs of the port.
16-13
cisco-router
Note This macro requires the $NVID keyword, which is the native VLANs of the port.
Displaying SmartPort Macros
Configuring Static SmartPort Macros
Default Static SmartPort Configuration
Static SmartPort Configuration Guidelines
Applying Static SmartPort Macros
Page
Configuring STP and MST
About STP
Understanding the Bridge ID
Bridge Priority Value
Extended System ID
STP MAC Address Allocation
Bridge Protocol Data Units
Election of the Root Bridge
STP Timers
Creating the STP Topology
STP Port States
MAC Address Allocation
STP and IEEE 802.1Q Trunks
Per-VLAN Rapid Spanning Tree
Default STP Configuration
Configuring STP
Enabling STP
Enabling the Extended System ID
Configuring the Root Bridge
18-11
You can set the switch as the root:
This configuration is the one after the switch becomes the root:
Configuring a Secondary Root Switch
Configuring STP Port Priority
18-14
Configuring STP Port Cost
Page
Configuring the Bridge Priority of a VLAN
Configuring the Hello Time
Configuring the Maximum Aging Time for a VLAN
Configuring the Forward-Delay Time for a VLAN
Disabling Spanning Tree Protocol
Enabling Per-VLAN Rapid Spanning Tree
Specifying the Link Type
Restarting Protocol Migration
About MST
IEEE 802.1s MST
IEEE 802.1w RSTP
RSTP Port Roles
RSTP Port States
MST-to-SST Interoperability
Common Spanning Tree
MST Instances
MST Configuration Parameters
MST Regions
MST Region Overview
Boundary Ports
IST Master
Edge Ports
Link Type
Message Age and Hop Count
MST-to-PVST+ Interoperability
MST Configuration Restrictions and Guidelines
Configuring MST
Enabling MST
Page
18-31
Configuring MST Instance Parameters
To configure MST instance parameters, perform this task:
This example shows how to configure MST instance parameters:
Step 1 Step 2
Step 3 Step 4
Configuring MST Instance Port Parameters
To configure MST instance port parameters, perform this task:
This example shows how to configure MST instance port parameters:
Step 1 Step 2 Step 3 Step 4
Restarting Protocol Migration
Displaying MST Configurations
18-34
The following examples show how to display spanning tree VLAN configurations in MST mode:
18-35
18-36
Configuring Flex Links and MAC Address-Table Move Update
About Flex Links
Flex Links
VLAN Flex Links Load Balancing and Support
Flex Links Failover Actions
MAC Address-Table Move Update
Configuring Flex Links
Configuring Flex Links
Page
Configuring VLAN Load Balancing on Flex Links
Page
Configuring MAC Address-Table Move Update
Configuring the MAC Address-Table Move Update Feature
Configuring a Switch to Send MAC Address-Table Move Updates
Page
Configuring a Switch to Receive MAC Address-Table Move Updates
Monitoring Flex Links and the MAC Address-Table Move Update
Configuring Resilient Ethernet Protocol
About REP
Page
Page
Link Integrity
Fast Convergence
VLAN Load Balancing
Page
Spanning Tree Interaction
REP Ports
Configuring REP
Default REP Configuration
REP Configuration Guidelines
Configuring the REP Administrative VLAN
Configuring REP Interfaces
Page
Page
Page
Setting Manual Preemption for VLAN Load Balancing
Configuring SNMP Traps for REP
Monitoring REP
Configuring Optional STP Features
About Root Guard
Enabling Root Guard
About Loop Guard
Page
Enabling Loop Guard
About EtherChannel Guard
Enabling EtherChannel Guard (Optional)
About PortFast
Enabling PortFast
About BPDU Guard
Enabling BPDU Guard
About PortFast BPDU Filtering
Enabling PortFast BPDU Filtering
About UplinkFast
Enabling UplinkFast
Page
About BackboneFast
Page
Enabling BackboneFast
21-17
This example shows how to display a summary of port states:
This example shows how to display the total lines of the spanning tree state section:
21-18
Configuring EtherChannel and Link State Tracking
About EtherChannel
Port Channel Interfaces
Configuring EtherChannels
EtherChannel Configuration Overview
Manual EtherChannel Configuration
PAgP EtherChannel Configuration
IEEE 802.3ad LACP EtherChannel Configuration
Load Balancing
EtherChannel Configuration Guidelines and Restrictions
Configuring EtherChannel
Configuring Layer 3 EtherChannels
Creating Port Channel Logical Interfaces
Configuring Physical Interfaces as Layer 3 EtherChannels
Page
22-9
This example shows how to display a one-line summary per channel group:
Configuring Layer 2 EtherChannels
22-11
The following two examples show how to verify the configuration of Fast Ethernet interface 5/6:
Configuring LACP Standalone or Independent Mode
Configuring the LACP System Priority and System ID
Configuring EtherChannel Load Balancing
Removing an Interface from an EtherChannel
Removing an EtherChannel
Displaying EtherChannel to a Virtual Switch System
Understanding VSS Client
Virtual Switch System
Dual-Active Scenarios
Dual-Active Detection Using Enhanced PAgP
22-17
Displaying EtherChannel Links to VSS
Understanding Link-State Tracking
Page
22-20
Configuring Link-State Tracking
Default Link-State Tracking Configuration
Link-State Tracking Configuration Guidelines
Configuring Link-State Tracking
Displaying Link-State Tracking Status
Configuring IGMP Snooping and Filtering
About IGMP Snooping
Page
Immediate-Leave Processing
IGMP Configurable-Leave Timer
IGMP Snooping Querier
Explicit Host Tracking
Configuring IGMP Snooping
Default IGMP Snooping Configuration
Enabling IGMP Snooping Globally
Enabling IGMP Snooping on a VLAN
Configuring Learning Methods
Configuring PIM/DVMRP Learning
Configuring CGMP Learning
Configuring a Static Connection to a Multicast Router
Enabling IGMP Immediate-Leave Processing
Configuring the IGMP Leave Timer
Configuring IGMP Snooping Querier
Configuring Explicit Host Tracking
Configuring a Host Statically
Suppressing Multicast Flooding
IGMP Snooping Interface Configuration
IGMP Snooping Switch Configuration
Displaying IGMP Snooping Information
Displaying Querier Information
Displaying IGMP Host Membership Information
Displaying Group Information
Displaying Multicast Router Interfaces
Displaying MAC Address Multicast Entries
Displaying IGMP Snooping Information on a VLAN Interface
23-19
This example shows how to display IGMP snooping information on VLAN 5:
Displaying IGMP Snooping Querier Information
To display IGMP Snooping Querier information, perform this task:
This example shows how to display Snooping Querier information:
Configuring IGMP Filtering
Default IGMP Filtering Configuration
Configuring IGMP Profiles
Applying IGMP Profiles
Setting the Maximum Number of IGMP Groups
Displaying IGMP Filtering Configuration
Configuring IPv6 MLD Snooping
About MLD Snooping
MLD Messages
MLD Queries
Multicast Client Aging
Multicast Router Discovery
MLD Reports
MLD Done Messages and Immediate-Leave
Topology Change Notification Processing
Configuring IPv6 MLD Snooping
Default MLD Snooping Configuration
MLD Snooping Configuration Guidelines
Enabling or Disabling MLD Snooping
Configuring a Static Multicast Group
Configuring a Multicast Router Port
Enabling MLD Immediate Leave
Configuring MLD Snooping Queries
Disabling MLD Listener Message Suppression
Displaying MLD Snooping Information
Page
Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
About 802.1Q Tunneling
Configuring 802.1Q Tunneling
802.1Q Tunneling Configuration Guidelines
Native VLANs
System MTU
802.1Q Tunneling and Other Features
Configuring an 802.1Q Tunneling Port
About VLAN Mapping
Deployment Example
Page
Mapping Customer VLANs to Service-Provider VLANs
Configuring VLAN Mapping
Default VLAN Mapping Configuration
VLAN Mapping Configuration Guidelines
Configuring VLAN Mapping
One-to-One Mapping
Traditional Q-in-Q on a Trunk Port
Selective Q-in-Q on a Trunk Port
About Layer 2 Protocol Tunneling
Page
Configuring Layer 2 Protocol Tunneling
Default Layer 2 Protocol Tunneling Configuration
Layer 2 Protocol Tunneling Configuration Guidelines
Configuring Layer 2 Tunneling
Page
Monitoring and Maintaining Tunneling Status
Page
Configuring CDP
About CDP
Configuring CDP
Enabling CDP Globally
Displaying the CDP Global Configuration
Enabling CDP on an Interface
Displaying the CDP Interface Configuration
Monitoring and Maintaining CDP
Page
Configuring LLDP, LLDP-MED, and Location Service
About LLDP, LLDP-MED, and Location Service
LLDP
LLDP-MED
Location Service
Configuring LLDP and LLDP-MED, and Location Service
Default LLDP Configuration
Configuring LLDP Characteristics
Disabling and Enabling LLDP Globally
Disabling and Enabling LLDP on an Interface
Configuring LLDP-MED TLVs
Configuring Network-Policy Profile
Configuring LLDP Power Negotiation
Configuring Location TLV and Location Service
Page
Monitoring and Maintaining LLDP, LLDP-MED, and Location Service
Page
Configuring UDLD
About UDLD
UDLD Topology
Fast UDLD Topology
Operation Modes
Default States for UDLD
Default UDLD Configuration
Configuring UDLD on the Switch
Fast UDLD Guidelines and Restrictions
Enabling UDLD Globally
Enabling UDLD on Individual Interfaces
Disabling UDLD on Individual Interfaces
Disabling UDLD on a Fiber-Optic Interface
Configuring a UDLD Probe Message Interval Globally
Configuring a Fast UDLD Probe Message Interval per Interface
Resetting Disabled LAN Interfaces
28-9
Displaying UDLD Link Status
To verify link status reported by UDLD, enter the following command:
To verify status for a particular link as reported by UDLD, enter the following command:
To verify link status reported by Fast UDLD, enter the following command:
28-10
To verify status for a particular link as reported by Fast UDLD, enter the following command:
Configuring Unidirectional Ethernet
About Unidirectional Ethernet
Configuring Unidirectional Ethernet
Page
Page
Configuring Layer 3 Interfaces
About Layer 3 Interfaces
Logical Layer 3 VLAN Interfaces
Physical Layer 3 Interfaces
Understanding SVI Autostate Exclude
Understanding Layer 3 Interface Counters
Page
Configuration Guidelines
Configuring Logical Layer 3 VLAN Interfaces
Configuring VLANs as Layer 3 Interfaces
Configuring SVI Autostate Exclude
Page
Configuring IP MTU Sizes
Configuring Layer 3 Interface Counters
Page
Configuring Physical Layer 3 Interfaces
Configuring EIGRP Stub Routing
About EIGRP Stub Routing
Configuring EIGRP Stub Routing
Dual-Homed Remote Topology
Page
X
EIGRP Stub Routing Configuration Tasks
Configuring EIGRP Stub Routing
Verifying EIGRP Stub Routing
Monitoring and Maintaining EIGRP
EIGRP Configuration Examples
Route Summarization Example
Route Authentication Example
Stub Routing Example
Page
Page
Configuring Cisco Express Forwarding
About CEF
CEF Features
Forwarding Information Base
Adjacency Tables
Adjacency Discovery
Adjacency Resolution
Adjacency Types That Require Special Handling
Catalyst 4500 Series Switch Implementation of CEF
Hardware and Software Switching
Hardware Switching
Software Switching
Load Balancing
Software Interfaces
CEF Configuration Restrictions
Configuring CEF
Enabling CEF
Configuring Load Balancing for CEF
Configuring Per-Destination Load Balancing
Configuring Load Sharing Hash Function
Viewing CEF Information
Monitoring and Maintaining CEF
Displaying IP Statistics
Page
Page
Configuring Unicast Reverse Path Forwarding
About Unicast Reverse Path Forwarding
How Unicast RPF Works
Page
Implementing Unicast RPF
Security Policy and Unicast RPF
Where to Use Unicast RPF
Enterprise Networks with a Single Connection to an ISP
Page
Routing Table Requirements
Where Not to Use Unicast RPF
Unicast RPF with BOOTP and DHCP
Restrictions
Limitation
Related Features and Technologies
Prerequisites to Configuring Unicast RPF
Unicast RPF Configuration Tasks
Configuring Unicast RPF
Verifying Unicast RPF
Monitoring and Maintaining Unicast RPF
Unicast RPF Configuration Example: Inbound and Outbound Filters
Configuring IP Multicast
About IP Multicast
IP Multicast Protocols
Internet Group Management Protocol
Protocol-Independent Multicast
PIM Dense Mode
PIM Sparse Mode
Bidirectional PIM Mode
Rendezvous Point (RP)
IGMP Snooping
IP Multicast Implementation on the Catalyst 4500 Series Switch
CEF, MFIB, and Layer 2 Forwarding
Page
IP Multicast Tables
Page
Hardware and Software Forwarding
Partial Routes
Software Routes
Non-Reverse Path Forwarding Traffic
Multicast Fast Drop
Multicast Forwarding Information Base
S/M, 224/4
Restrictions on Using Bidirectional PIM
Configuring IP Multicast Routing
Default Configuration in IP Multicast Routing
Enabling IP Multicast Routing
Enabling PIM on an Interface
Enabling Dense Mode
Enabling Sparse Mode
Enabling Sparse-Dense Mode
Enabling Bidirectional Mode
Enabling PIM-SSM Mapping
Configuring a Rendezvous Point
Configuring Auto-RP
Page
Page
Configuring a Single Static RP
Page
Load Splitting of IP Multicast Traffic
Monitoring and Maintaining IP Multicast Routing
Displaying System and Network Statistics
Displaying the Multicast Routing Table
33-24
Note Interface timers are not updated for hardware-forwarded packets. Entry timers are updated
33-25
The following is sample output from the show ip mroute command with the active keyword:
The following is sample output from the show ip mroute command with the count keyword:
Displaying IP MFIB
Displaying Bidirectional PIM Information
Displaying PIM Statistics
Clearing Tables and Databases
Configuration Examples
PIM Dense Mode Example
PIM Sparse Mode Example
Bidirectional PIM Mode Example
Sparse Mode with a Single Static RP Example
33-30
Sparse Mode with Auto-RP: Example
The following example configures sparse mode with Auto-RP:
Configuring ANCP Client
About ANCP Client
Enabling and Configuring ANCP Client
Identifying a Port with the ANCP Protocol
Example 1
Example 2
Identifying a Port with DHCP Option 82
ANCP Guidelines and Restrictions
Page
Configuring Policy-Based Routing
About Policy-Based Routing
About PBR
Understanding Route-Maps
PBR Route-Map Processing Logic
PBR Route-Map Processing Logic Example
PBR on Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4900M, and Catalyst 4948E
PBR Flow Switching
Using Policy-Based Routing
Policy-Based Routing Configuration Tasks
Enabling PBR
Page
Enabling Local PBR
Unsupported Commands
Policy-Based Routing Configuration Examples
Equal Access
35-9
set default interface null0 to set interface null0.
Differing Next Hops
Deny ACE
35-10
Configuring VRF-lite
About VRF-lite
Default VRF-lite Configuration
VRF-lite Configuration Guidelines
Configuring VRFs
Configuring VRF-Aware Services
Configuring the User Interface for ARP
Configuring the User Interface for PING
Configuring the User Interface for SNMP
Configuring the User Interface for uRPF
Configuring the User Interface for Syslog
Configuring the User Interface for Traceroute
Configuring the User Interface for FTP and TFTP
Configuring the User Interface for Telnet and SSH
Configuring the User Interface for NTP
Configuring Per-VRF for TACACS+ Servers
Page
Configuring Multicast VRFs
Configuring a VPN Routing Session
Configuring BGP PE to CE Routing Sessions
VRF-lite Configuration Example
36-14
Configuring Switch S8
On switch S8, enable routing and configure VRF.
36-15
Configure OSPF routing in VPN1 and VPN2:
Configure BGP for CE to PE routing:
Configuring Switch S20
Configure S20 to connect to CE:
36-16
Configuring Switch S11
Configure S11 to connect to CE:
Configuring the PE Switch S3
On switch S3 (the router), these commands configure only the connections to switch S8:
Displaying VRF-lite Status
Page
Configuring Quality of Service
About QoS
Prioritization
Page
QoS Terminology
Page
Basic QoS Model
Classification
Page
37-8
Software Configuration GuideRelease 15.0(2)SG OL-23818-01
Chapter 37 Configuring Quality of Service About QoS
Figure 37-3 Classification Flowchart
Classification Based on QoS ACLs
Classification Based on Class Maps and Policy Maps
Policing and Marking
Page
37-12
Software Configuration GuideRelease 15.0(2)SG OL-23818-01
Chapter 37 Configuring Quality of Service About QoS
Figure 37-4 Policing and Marking Flowchart
Internal DSCP Values
Internal DSCP Sources
Egress ToS and CoS Sources
Mapping Tables
Queueing and Scheduling
Active Queue Management
Sharing Link Bandwidth Among Transmit Queues
Strict Priority / Low Latency Queueing
Traffic Shaping
Packet Modification
Per-Port Per-VLAN QoS
QoS and Software Processed Packets
Configuring QoS on Supervisor Engines II-Plus, II+10GE, IV, V, V-10GE, 4924, 4948, and 4948-10GE
Default QoS Configuration
Page
Enabling QoS Globally
Enabling IP DSCP Rewrite
Configuring a Trusted Boundary to Ensure Port Security
Enabling Dynamic Buffer Limiting
Enabling DBL Globally
Selectively Enable DBL
Enabling DBL on Specific IP DSCP Values
Enabling DBL on Specific CoS Values
Creating Named Aggregate Policers
Page
Configuring a QoS Policy
Overview of QoS Policy Configuration
Configuring a Class Map (Optional)
Creating a Class Map
Configuring Filtering in a Class Map
Verifying Class-Map Configuration
Configuring a Policy Map
Creating a Policy Map
Configuring Policy-Map Class Actions
Page
Page
Page
Verifying Policy-Map Configuration
Attaching a Policy Map to an Interface
Configuring CoS Mutation
Configuring User-Based Rate-Limiting
Page
37-39
37-40
Example 5
Assume that there are two active flows on FastEthernet interface 6/1:
Note If you use the match flow ip source-address | destination-address command, these two flows are
consolidated into one flow because they have the same source and destination address.
Configuring Hierarchical Policers
Page
Enabling Per-Port Per-VLAN QoS
37-44
37-45
Enabling or Disabling QoS on an Interface
Configuring VLAN-Based QoS on Layer 2 Interfaces
Page
Configuring the Trust State of Interfaces
Configuring the CoS Value for an Interface
Configuring DSCP Values for an Interface
Configuring Transmit Queues
Mapping DSCP Values to Specific Transmit Queues
Allocating Bandwidth Among Transmit Queues
Configuring Traffic Shaping of Transmit Queues
Configuring a High Priority Transmit Queue
Configuring DSCP Maps
Configuring the CoS-to-DSCP Map
Configuring the Policed-DSCP Map
Configuring the DSCP-to-CoS Map
Page
Generated Auto-QoS Configuration
Effects of Auto-QoS on the Configuration
Enabling Auto-QoS for VoIP
Displaying Auto-QoS Information
Auto-QoS Configuration Example
37-61
Page
MQC-Based QoS Configuration
MQC-Based QoS on the Supervisor Engine 6-E and 6L-E
Input
Output
Platform-Supported Classification Criteria and QoS Features
Platform Hardware Capabilities
Prerequisites for Applying a QoS Service Policy
Restrictions for Applying a QoS Service Policy
Classification
Classification Statistics
Policing
Implementing Policing
Platform Restrictions
Marking Network Traffic
Information about Marking Network Traffic
Purpose of Marking Network Traffic
Benefits of Marking Network Traffic
Methods for Marking Traffic Attributes
Marking Action Drivers
Traffic Marking Procedure Flowchart
Restrictions for Marking Network Traffic
Multi-attribute Marking Support
Hardware Capabilities for Marking
Configuring the Policy-Map Marking Action
Configuring Table Map-Based Unconditional Marking
Configuring Policer Result-Based Conditional Marking
Marking Statistics
Shaping, Sharing (Bandwidth), Priority Queuing, Queue-Limiting and DBL
Shaping
Page
Sharing (Bandwidth)
Page
Priority Queuing
Page
Queue-limiting
Queue Memory
Service Policy Association
Queue Allocation Failure
Active Queue Management by Using Dynamic Buffer Limiting
Transmit Queue Statistics
Policy Associations
QoS Action Restrictions
QoS Policy Priorities
Qos Policy Merging
Software QoS
High Priority Packets
Low Priority Packets
Configuring CoS Mutation
Configuring System Queue Limit
Page
Page
Page
Configuring Voice Interfaces
About Voice Interfaces
Cisco IP Phone Voice Traffic
Cisco IP Phone Data Traffic
Configuring a Port to Connect to a Cisco 7960 IP Phone
Configuring Voice Ports for Voice and Data Traffic
Page
Overriding the CoS Priority of Incoming Frames
Configuring Power
Page
Configuring Private VLANs
About Private VLANs
Purpose of a PVLAN
PVLAN Terminology
Page
PVLANs across Multiple Switches
Standard Trunk Ports
Isolated PVLAN Trunk Ports
Promiscuous PVLAN Trunk Ports
PVLAN Modes Over Gigabit Etherchannel
Private-VLAN Interaction with Other Features
PVLANs and VLAN ACL/QoS
PVLANs and Unicast, Broadcast, and Multicast Traffic
PVLANs and SVIs
Per-Virtual Port Error-Disable on PVLANs
PVLAN Commands
Configuring PVLANs
Basic PVLAN Configuration Procedure
Default Private-VLAN Configuration
PVLAN Configuration Guidelines and Restrictions
Page
Page
Configuring a VLAN as a PVLAN
Associating a Secondary VLAN with a Primary VLAN
Configuring a Layer 2 Interface as a PVLAN Promiscuous Port
Configuring a Layer 2 Interface as a PVLAN Host Port
Configuring a Layer 2 Interface as an Isolated PVLAN Trunk Port
Page
Configuring a Layer 2 Interface as a Promiscuous PVLAN Trunk Port
Page
Permitting Routing of Secondary VLAN Ingress Traffic
Configuring PVLAN over EtherChannel
Configuring a Layer 2 EtherChannel
Configuring a Layer 2 Etherchannel as a PVLAN Promiscuous Port
Page
Configuring a Layer 2 EtherChannel as a PVLAN Host Port
Configuring a Layer 2 EtherChannel as an Isolated PVLAN Trunk Port
Configuring a Layer 2 Etherchannel as a Promiscuous PVLAN Trunk Port
Page
39-30
Configuring 802.1X Port-Based Authentication
About 802.1X Port-Based Authentication
Device Roles
802.1X and Network Access Control
Authentication Initiation and Message Exchange
Ports in Authorized and Unauthorized States
40-6
802.1X Host Mode
Single-Host Mode
Multiple-Hosts Mode
Multidomain Authentication Mode
Multiauthentication Mode
Pre-authentication Open Access
802.1X Violation Mode
Using MAC Move
Using MAC Replace
Using 802.1X with VLAN Assignment
Using 802.1X for Guest VLANs
Usage Guidelines for Using 802.1X Authentication with Guest VLANs
Usage Guidelines for Using 802.1X Authentication with Guest VLANs on Windows-XP Hosts
Using 802.1X with MAC Authentication Bypass
Feature Interaction
Using 802.1X with Web-Based Authentication
Using 802.1X with Inaccessible Authentication Bypass
Using 802.1X with Unidirectional Controlled Port
Unidirectional State
Bidirectional State
Using 802.1X with VLAN User Distribution
Deployment Example
Using 802.1X with Authentication Failed VLAN Assignment
Usage Guidelines for Using Authentication Failed VLAN Assignment
Using 802.1X with Port Security
Using 802.1X Authentication with ACL Assignments and Redirect URLs
Cisco Secure ACS and AV Pairs for URL-Redirect
ACLs
Using 802.1X with RADIUS-Provided Session Timeouts
Using 802.1X with Voice VLAN Ports
Using Multiple Domain Authentication and Multiple Authentication
Page
802.1X Supplicant and Authenticator Switches with Network Edge Access Topology
Deployment
SSw Supplicant to ASw-switch Authenticator for clients
ASw Authenticator
How 802.1X Fails on a Port
Supported Topologies
Configuring 802.1X Port-Based Authentication
Default 802.1X Configuration
802.1X Configuration Guidelines
Enabling 802.1X Authentication
Page
Page
40-31
The following example illustrates when a port is authorized:
Configuring Switch-to-RADIUS-Server Communication
Page
Configuring Multiple Domain Authentication and Multiple Authorization
Page
40-36
40-37
This example shows how to verify the dot1x MDA settings on interface FastEthernet3/1:
Note This example applies to Cisco IOS Release 12.2(50)SG and later releases.
Configuring 802.1X Authentication with ACL Assignments and Redirect URLs
Downloadable ACL
Configuring the Switch for Downloadable ACL
40-39
Debug Commands for DACL
The following command displays the contents of the downloadable ACL:
Cisco ACS Configuration for DACL
URL-Redirect
40-41
Configuring ACS
Note A default port ACL must be configured on the interface.
Configuring the Switch
To configure the switch for URL redirect, follow these steps:
Step 1 Configure the IP device tracking table.
Guideline for DACL and URL Redirect
Configuring a Downloadable Policy
Configuring 802.1X Authentication with Per-User ACL and Filter-ID ACL
Per-User ACL and Filter-ID ACL
40-45
Configuring the Switch
To configure the switch for per-user ACL and filter-ID ACL:
Step 1 Configure the IP device tracking table.
Step 2 Configure static ACL for the interface.
Per-User ACL Configuration in ACS
Filter-Id Configuration in ACS
Debug Commands for Per-User ACL and Filter-ID ACL
Page
Guidelines for Per-User ACL and Filter-ID ACL
Configuring a Per-User ACL and Filter-ID ACL
Configuring RADIUS-Provided Session Timeouts
40-52
Cisco IOS Release 12.2(46) or earlier
Configuring MAC Move
Configuring MAC Replace
Configuring Violation Action
Configuring 802.1X with Guest VLANs
Page
Page
Configuring 802.1X with MAC Authentication Bypass
Page
Configuring 802.1X with Inaccessible Authentication Bypass
Page
Page
40-63
Configuring 802.1X with Unidirectional Controlled Port
To configure unidirectional controlled port, perform this task:
Page
40-65
Configuring 802.1X with VLAN User Distribution
You will need to configure the switch and ACS to configure 802.1X with VLAN user distribution.
Configuring the Switch
To configure the switch, follow these steps:
Step 1 Create a VLAN group on the switch.
show commands
ACS Configuration
Configuring 802.1X with Authentication Failed
Page
Configuring 802.1X with Voice VLAN
Configuring 802.1X with VLAN Assignment
Cisco ACS Configuration for VLAN Assignment
Enabling Fallback Authentication
Page
Page
Page
40-77
40-78
Enabling Periodic Reauthentication
Page
Enabling Multiple Hosts
Changing the Quiet Period
Changing the Switch-to-Client Retransmission Time
Setting the Switch-to-Client Frame-Retransmission Number
Page
Configuring an Authenticator and a Supplicant Switch with NEAT
Configuring Switch as an Authenticator
Cisco AV Pair Configuration
Page
Page
Configuring Switch as a Supplicant
Configuring NEAT with ASP
Configuration Guidelines
Manually Reauthenticating a Client Connected to a Port
Initializing the 802.1X Authentication State
Removing 802.1X Client Information
Resetting the 802.1X Configuration to the Default Values
Controlling Switch Access with RADIUS
Understanding RADIUS
RADIUS Operation
RADIUS Change of Authorization
Overview
Change-of-Authorization Requests
RFC 5176 Compliance
Preconditions
CoA Request Response Code
Session Identification
CoA ACK Response Code
CoA NAK Response Code
CoA Request Commands
Session Reauthentication
Session Termination
CoA Disconnect-Request
CoA Request: Disable Host Port
CoA Request: Bounce-Port
Configuring RADIUS
Default RADIUS Configuration
Identifying the RADIUS Server Host
Page
Page
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Starting RADIUS Accounting
Configuring Settings for All RADIUS Servers
Configuring the Switch to Use Vendor-Specific RADIUS Attributes
Page
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication
Configuring CoA on the Switch
Monitoring and Troubleshooting CoA Functionality
Configuring RADIUS Server Load Balancing
Displaying the RADIUS Configuration
Displaying 802.1X Statistics and Status
Displaying Authentication Details
Determining the Authentication Methods Registered with the Auth Manager
Displaying the Auth Manager Summary for an Interface
Displaying the Summary of All Auth Manager Sessions on the Switch
40-115
Verifying the Auth Manager Session for an Interface
The Auth manage session can be verified by using the show authentication sessions command:
40-116
Displaying MAB Details
EPM Logging
40-118
Example 2
Configuring the PPPoE Intermediate Agent
RFCs
About PPPoE Intermediate Agent
Enabling PPPoE IA on a Switch
Configuring the Access Node Identifier for PPPoE IA on a Switch
Configuring the Identifier String, Option, and Delimiter for PPPoE IA on an Switch
Configuring the Generic Error Message for PPPoE IA on an Switch
Enabling PPPoE IA on an Interface
Configuring the PPPoE IA Trust Setting on an Interface
Configuring PPPoE IA Rate Limiting Setting on an Interface
Configuring PPPoE IA Vendor-tag Stripping on an Interface
Configuring PPPoE IA Circuit-ID and Remote-ID on an Interface
Enabling PPPoE IA for a Specific VLAN on an Interface
Configuring PPPoE IA Circuit-ID and Remote-ID for a VLAN on an Interface
Displaying Configuration Parameters
Page
41-8
Clearing Packet Counters
Debugging PPPoE Intermediate Agent
Troubleshooting Tips
Page
Configuring Web-Based Authentication
About Web-Based Authentication
Device Roles
Host Detection
Session Creation
Authentication Process
Customization of the Authentication Proxy Web Pages
Web-Based Authentication Interactions with Other Features
Port Security
Page
Configuring Web-Based Authentication
Default Web-Based Authentication Configuration
Web-Based Authentication Configuration Guidelines and Restrictions
Web-Based Authentication Configuration Task List
Configuring the Authentication Rule and Interfaces
Page
Configuring AAA Authentication
Configuring Switch-to-RADIUS-Server Communication
Page
Configuring the HTTP Server
Customizing the Authentication Proxy Web Pages
Page
Specifying a Redirection URL for Successful Login
Configuring the Web-Based Authentication Parameters
Removing Web-Based Authentication Cache Entries
Displaying Web-Based Authentication Status
Configuring Port Security
Port Security Commands
About Port Security
Secure MAC Addresses
Maximum Number of Secure MAC Addresses
Aging Secure MAC Addresses
Sticky Addresses on a Port
Violation Actions
Invalid Packet Handling
Configuring Port Security on Access Ports
Configuring Port Security on Access Ports
Page
Page
Examples of Port Security on Access Ports
43-11
Example 1: Setting Maximum Number of Secure Addresses
Example 2: Setting a Violation Mode
This example shows how to set the violation mode on the Fast Ethernet interface 3/12 to restrict.
Example 3: Setting the Aging Timer
43-12
Example 4: Setting the Aging Timer Type
Example 5: Configuring a Secure MAC Address
43-13
Example 6: Configuring Sticky Port Security
Example 7: Setting a Rate Limit for Bad Packets
Example 8: Clearing Dynamic Secure MAC Addresses
Configuring Port Security on PVLAN Ports
Configuring Port Security on an Isolated Private VLAN Host Port
X
Example of Port Security on an Isolated Private VLAN Host Port
Configuring Port Security on a Private VLAN Promiscuous Port
Example of Port Security on a Private VLAN Promiscuous Port
Configuring Port Security on Trunk Ports
Configuring Trunk Port Security
Page
Examples of Trunk Port Security
Example 1: Configuring a Maximum Limit of Secure MAC Addresses for All VLANs
43-20
Example 2: Configuring a Maximum Limit of Secure MAC Addresses for Specific VLANs
Example 3: Configuring Secure MAC Addresses in a VLAN Range
This example shows how to configure a secure MAC-address in a VLAN on interface g1/1:
Trunk Port Security Configuration Guidelines and Restrictions
Port Mode Changes
Configuring Port Security on Voice Ports
Configuring Port Security on Voice Ports
Page
Examples of Voice Port Security
Example 1: Configuring Maximum MAC Addresses for Voice and Data VLANs
43-26
Example 2: Configuring Sticky MAC Addresses for Voice and Data VLANs
Voice Port Security Configuration Guidelines and Restrictions
Displaying Port Security Settings
Examples of Security Settings
Example 1: Displaying Security Settings for the Entire Switch
43-29
Example 2: Displaying Security Settings for an Interface
This example shows how to display port security settings for Fast Ethernet interface 5/1:
Example 3: Displaying All Secure Addresses for the Entire Switch
This example shows how to display all secure MAC addresses configured on all switch interfaces:
43-30
Example 4: Displaying a Maximum Number of MAC Addresses on an Interface
Example 5: Displaying Security Settings on an Interface for a VLAN Range
Example 6: Displaying Secured MAC Addresses and Aging Information on an Interface
Example 7: Displaying Secured MAC Addresses for a VLAN Range on an Interface
Configuring Port Security with Other Features/Environments
DHCP and IP Source Guard
802.1X Authentication
Configuring Port Security in a Wireless Environment
Configuring Port Security over Layer 2 EtherChannel
Port Security Configuration Guidelines and Restrictions
Page
Configuring Control Plane Policing and Layer 2 Control Packet QoS
Configuring Control Plane Policing
About Control Plane Policing
General Guidelines for Control Plane Policing
Configuring CoPP for Control Plane Traffic
44-5
The following example shows how to police CDP packets:
Step 4
Step 5
Configuring CoPP for Data Plane and Management Plane Traffic
Page
Control Plane Policing Configuration Guidelines and Restrictions
All supervisor engines
Do not apply to Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, and Supervisor Engine 6L-E
44-9
Monitoring CoPP
44-10
To clear the counters on the control plane, enter the clear control-plane * command:
To display all the CoPP access list information, enter the show access-lists command:
Configuring Layer 2 Control Packet QoS
Understanding Layer 2 Control Packet QoS
Enabling Layer 2 Control Packet QoS
Disabling Layer 2 Control Packet QoS
Layer 2 Control Packet QoS Configuration Examples
Page
Layer 2 Control Packet QoS Guidelines and Restrictions
Policing IPv6 Control Traffic
44-18
The following example shows how to policy to interface gi2/2 in the input direction:
Configuring Dynamic ARP Inspection
About Dynamic ARP Inspection
ARP Cache Poisoning
Purpose of Dynamic ARP Inspection
Interface Trust State, Security Coverage and Network Configuration
Relative Priority of Static Bindings and DHCP Snooping Entries
Logging of Dropped Packets
Rate Limiting of ARP Packets
Port Channels Function
Configuring Dynamic ARP Inspection
Configuring Dynamic ARP Inspection in DHCP Environments
Page
DAI Configuration Example
Switch A
46-8
46-9
Switch B
46-10
Configuring ARP ACLs for Non-DHCP Environments
Page
46-13
Configuring the Log Buffer
Page
Limiting the Rate of Incoming ARP Packets
Page
46-18
46-19
Performing Validation Checks
Page
46-21
Page
Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
About DHCP Snooping
Trusted and Untrusted Sources
About the DHCP Snooping Database Agent
Page
Option 82 Data Insertion
Circuit ID Suboption Frame Format
Remote ID Suboption Frame Format
Configuring DHCP Snooping
Circuit ID Suboption Frame Format (for user-configured string):
Remote ID Suboption Frame Format (for user-configured string):
Default Configuration for DHCP Snooping
Enabling DHCP Snooping
Page
Enabling DHCP Snooping on the Aggregration Switch
Enabling DHCP Snooping and Option 82
Page
Enabling DHCP Snooping on Private VLAN
Configuring DHCP Snooping on Private VLAN
Configuring DHCP Snooping with an Ethernet Channel Group
Enabling the DHCP Snooping Database Agent
Limiting the Rate of Incoming DHCP Packets
Page
45-15
Configuration Examples for the Database Agent
The following examples show how to configuration commands in the previous procedure:
Example 1: Enabling the Database Agent
Page
Example 2: Reading Binding Entries from a TFTP File
45-18
Example 3: Adding Information to the DHCP Snooping Database
Step 3
To manually add a binding to the DHCP snooping database, perform this task:
Displaying DHCP Snooping Information
Step 1 Step 2
command.
Displaying a Binding Table
Displaying the DHCP Snooping Configuration
About IP Source Guard
Configuring IP Source Guard
Page
Configuring IP Source Guard on Private VLANs
Displaying IP Source Guard Information
Displaying IP Source Binding Information
Configuring IP Source Guard for Static Hosts
About IP Source Guard for Static Hosts
Configuring IPSG for Static Hosts on a Layer 2 Access Port
Page
45-27
The following example displays all active IP-to-MAC binding entries for all interfaces:
IPSG for Static Hosts on a PVLAN Host Port
45-29
Page
Configuring Network Security with ACLs
About ACLs
Supported Features That Use ACLs
Router ACLs
Port ACLs
Dynamic ACLs
VLAN Maps
Hardware and Software ACL Support
Page
TCAM Programming Algorithms
Changing the Programming Algorithm
Page
Resizing the TCAM Regions
Troubleshooting High CPU Due to ACLs
Selecting Mode of Capturing Control Packets
Guidelines and Restrictions
Selecting Control Packet Capture
TCAM Programming and ACLs for Supervisor Engine 6-E and Supervisor Engine 6L-E
Layer 4 Operators in ACLs
Restrictions for Layer 4 Operations
Configuration Guidelines for Layer 4 Operations
Layer 4 operation 6 stores gt 20 deny from ACL 102
Layer 4 operation 7 stores lt 9 deny from ACL 102
Layer 4 operation 8 stores range 11 13 deny from ACL 102
How ACL Processing Impacts CPU
Page
Configuring Unicast MAC Address Filtering
Configuring Named MAC Extended ACLs
Page
Configuring EtherType Matching
Configuring Named IPv6 ACLs
Applying IPv6 ACLs to a Layer 3 Interface
Configuring VLAN Maps
VLAN Map Configuration Guidelines
Creating and Deleting VLAN Maps
Examples of ACLs and VLAN Maps
Page
Page
Applying a VLAN Map to a VLAN
Using VLAN Maps in Your Network
Page
Denying Access to a Server on Another VLAN
Displaying VLAN Access Map Information
Using VLAN Maps with Router ACLs
Guidelines for Using Router ACLs and VLAN Maps on the Same VLAN
Examples of Router ACLs and VLAN Maps Applied to VLANs
ACLs and Switched Packets
ACLs and Routed Packets
Configuring PACLs
Creating a PACL
PACL Configuration Guidelines
Removing the Requirement for a Port ACL
Configuration Restrictions
Debugging Considerations
Webauth Fallback
Configuring IPv4, IPv6, and MAC ACLs on a Layer 2 Interface
Using PACL with Access-Group Mode
Configuring Access-group Mode on Layer 2 Interface
Applying ACLs to a Layer 2 Interface
Displaying an ACL Configuration on a Layer 2 Interface
Using PACL with VLAN Maps and Router ACLs
Page
Configuring RA Guard
Introduction
Deployment
Configuring RA Guard
Examples
Usage Guidelines
Page
Page
Support for IPv6
Finding Feature Information
About IPv6
IPv6 Addressing and Basic Connectivity
DHCP
Security
QoS
Management
Multicast
Static Routes
First-Hop Redundancy Protocols
Unicast Routing
RIP
OSPF
EIGRP
IS-IS
Multiprotocol BGP
Tunneling
IPv6 Default States
Page
Port Unicast and Multicast Flood Blocking
About Flood Blocking
Configuring Port Blocking
Blocking Flooded Traffic on an Interface
Resuming Normal Forwarding on a Port
Page
Configuring Storm Control
About Storm Control
Hardware-Based Storm Control Implementation
Software-Based Storm Control Implementation
Enabling Broadcast Storm Control
50-4
The following example shows how to enable storm control on interface:
show interface counters storm-control command includes any multicast packets that were dropped.
Enabling Multicast Storm Control
This section includes these topics:
Enabling Multicast Suppression on Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, and
Supervisor Engine 6L-E, page 50-5
Enabling Multicast Suppression on the WS-X4515, WS-X4014, and WS-X4013+ Supervisor
Enabling Multicast Suppression on the WS-X4515, WS-X4014, and WS-X4013+ Supervisor Engines
Enabling Multicast Suppression on All Other Supervisor Engines
Disabling Broadcast Storm Control
Disabling Multicast Storm Control
50-8
Displaying Storm Control
Note Use the show interface capabilities command to determine the mode in which storm control is
Note Use the show interfaces counters storm-control command to display a count of discarded packets.
The following example shows the output of the show storm-control command:
the value is N/A for ports that perform suppression in hardware.
Configuring SPAN and RSPAN
About SPAN and RSPAN
Page
SPAN and RSPAN Concepts and Terminology
SPAN Session
Traffic Types
Source Port
Destination Port
VLAN-Based SPAN
SPAN Traffic
SPAN and RSPAN Session Limits
Default SPAN and RSPAN Configuration
Configuring SPAN
SPAN Configuration Guidelines and Restrictions
Configuring SPAN Sources
Configuring SPAN Destinations
Monitoring Source VLANs on a Trunk Interface
Configuration Scenario
Verifying a SPAN Configuration
CPU Port Sniffing
Page
Encapsulation Configuration
Ingress Packets
Access List Filtering
ACL Configuration Guidelines
Configuring Access List Filtering
Packet Type Filtering
Configuration Example
Configuring RSPAN
RSPAN Configuration Guidelines
Creating an RSPAN Session
Page
Creating an RSPAN Destination Session
Creating an RSPAN Destination Session and Enabling Ingress Traffic
Removing Ports from an RSPAN Session
Specifying VLANs to Monitor
Specifying VLANs to Filter
Page
Displaying SPAN and RSPAN Status
Page
Configuring System Message Logging
About System Message Logging
Configuring System Message Logging
System Log Message Format
Default System Message Logging Configuration
Disabling Message Logging
Setting the Message Display Destination Device
Synchronizing Log Messages
Enabling and Disabling Timestamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages (Optional)
Defining the Message Severity Level (Optional)
Limiting Syslog Messages Sent to the History Table and to SNMP (Optional)
Configuring UNIX Syslog Servers
Logging Messages to a UNIX Syslog Daemon
Configuring the UNIX System Logging Facility
Displaying the Logging Configuration
Onboard Failure Logging (OBFL)
Prerequisites for OBFL
Restrictions for OBFL
Information About OBFL
Overview of OBFL
Information about Data Collected by OBFL
OBFL Data Overview
Temperature
Operational Uptime
53-5
Operational Uptime Example
Page
Interrupts
Message Logging
Default Settings for OBFL
Enabling OBFL
Configuration Examples for OBFL
Enabling OBFL Message Logging: Example
OBFL Message Log: Example
53-11
OBFL Component Uptime Report: Example
The following example shows how to display a summary report for component uptimes for module 2:
OBFL Report for a Specific Time: Example
53-12
53-13
53-14
53-15
Page
Configuring SNMP
About SNMP
SNMP Versions
SNMP Manager Functions
SNMP Agent Functions
SNMP Community Strings
Using SNMP to Access MIB Variables
SNMP Notifications
Configuring SNMP
Default SNMP Configuration
SNMP Configuration Guidelines
Disabling the SNMP Agent
Configuring Community Strings
Page
Configuring SNMP Groups and Users
Page
Configuring SNMP Notifications
Page
Page
Setting the Agent Contact and Location Information
Limiting TFTP Servers Used Through SNMP
SNMP Examples
Displaying SNMP Status
Page
Page
Configuring NetFlow-lite
About NetFlow Packet Sampling
Feature Interaction
System-wide Restrictions
Interface-level Restrictions
Monitor-level Restrictions
Configuring Information about the External Collector
Example
Configuring Sampling Parameters
Example
Activating Sampling on an Interface or VLAN
Page
Page
Display Commands
55-9
The following example shows how to display the total number of export packets sent:
Clear Commands
To clear statistics of a packet sampler at a monitor, use the following commands, as needed:
Clear the statistics of a packet sampler at a datasource
Page
Configuring NetFlow
About NetFlow Statistics Collection
NDE Versions
Information Derived from Hardware
Information Derived from Software
Assigning the Input and Output Interface and AS Numbers
Assigning the Inferred Fields
Assigning the Output Interface and Output-Related Inferred Fields
Assigning the Input Interface and Input-Related Inferred Fields
Feature Interaction of NetFlow Statistics with UBRL and Microflow Policing
VLAN Statistics
Configuring NetFlow Statistics Collection
Checking for Required Hardware
Enabling NetFlow Statistics Collection
Configuring Switched/Bridged IP Flows
Exporting NetFlow Statistics
Managing NetFlow Statistics Collection
Configuring an Aggregation Cache
Verifying Aggregation Cache Configuration and Data Export
Configuring a NetFlow Minimum Prefix Mask for Router-Based Aggregation
Configuring the Minimum Mask of a Prefix Aggregation Scheme
Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme
Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme
Monitoring and Maintaining Minimum Masks for Aggregation Schemes
Configuring NetFlow Aging Parameters
56-13
NetFlow Statistics Collection Configuration Example
NetFlow Configuration Examples
NetFlow Enabling Scheme Examples
NetFlow Aggregation Configuration Examples
Autonomous System Configuration
Destination Prefix Configuration
Prefix Configuration
Protocol Port Configuration
Source Prefix Configuration
NetFlow Minimum Prefix Mask Router-Based Aggregation Scheme Examples
Prefix Aggregation Scheme
Destination-Prefix Aggregation Scheme
Source-Prefix Aggregation Scheme
Configuring Ethernet OAM and CFM
About Ethernet CFM
Ethernet CFM and OAM Definitions
CFM Domain
Page
Maintenance Associations and Maintenance Points
CFM Messages
Crosscheck Function and Static Remote MEPs
SNMP Traps and Fault Alarms
Configuration Error List
IP SLAs Support for CFM
Configuring Ethernet CFM
Ethernet CFM Default Configuration
Ethernet CFM Configuration Guidelines
Configuring the CFM Domain
Page
Page
Configuring Ethernet CFM Crosscheck
Page
Configuring Static Remote MEP
Configuring a Port MEP
Page
Configuring SNMP Traps
Configuring Fault Alarms
Page
Configuring IP SLAs CFM Operation
Manually Configuring an IP SLAs CFM Probe or Jitter Operation
Page
Configuring an IP SLAs Operation with Endpoint Discovery
Page
Page
Configuring CFM on C-VLAN (Inner VLAN)
Page
Feature Support and Behavior
Platform Restrictions and Limitations
Understanding CFM ITU-T Y.1731 Fault Management
Y.1731 Terminology
Alarm Indication Signals
Ethernet Remote Defect Indication
Multicast Ethernet Loopback
Configuring Y.1731 Fault Management
Default Y.1731 Configuration
Configuring ETH-AIS
Page
Using Multicast Ethernet Loopback
Managing and Displaying Ethernet CFM Information
Page
About Ethernet OAM Protocol
OAM Features
OAM Messages
Enabling and Configuring Ethernet OAM
Ethernet OAM Default Configuration
Ethernet OAM Configuration Guidelines
Enabling Ethernet OAM on an Interface
Enabling Ethernet OAM Remote Loopback
Configuring Ethernet OAM Link Monitoring
Page
Page
Page
57-42
Configuring Ethernet OAM Remote Failure Indications
You can configure an error-disable action to occur on an interface when the following occur:
Page
Page
Configuring Ethernet OAM Templates
Page
Page
57-48
Displaying Ethernet OAM Protocol Information
57-50
Ethernet CFM and Ethernet OAM Interaction
Configuring Ethernet OAM Interaction with CFM
Configuring the OAM Manager
Enabling Ethernet OAM
Example: Configuring Ethernet OAM and CFM
Page
Configuring Y.1731 (AIS and RDI)
AIS and RDI Terminology
About Y.1731
Server MEP
Alarm Indication Signal
Ethernet Remote Defect Indication
Configuring Y.1731
Y.1731 Configuration Guidelines
Configuring AIS Parameters
Clearing MEP from the AIS Defect Condition
Clearing SMEP from the AIS Defect Condition
Displaying Y.1731 Information
58-7
Page
Configuring Call Home
About Call Home
Obtaining Smart Call Home
Configuring Call Home
Configuring Contact Information
Configuring Destination Profiles
Copying a Destination Profile
Subscribing to Alert Groups
Page
Configuring Periodic Notification
Configuring Message Severity Threshold
Configuring Syslog Pattern Matching
Configuring General E-Mail Options
Enabling Call Home
Testing Call Home Communications
Sending a Call Home Test Message Manually
Sending a Call Home Alert Group Message Manually
Sending a Request for an Analysis and Report
Sending the Output of a Command
Configuring and Enabling Smart Call Home
Displaying Call Home Configuration Information
59-15
Example 59-2 Configured Call Home Information in Detail
59-16
Example 59-3 Available Call Home Alert Groups
Example 59-4 E-Mail Server Status Information
Example 59-5 Information for All Destination Profiles (Predefined and User-Defined)
59-17
Example 59-6 Information for a User-Defined Destination Profile
Example 59-7 Call Home Statistics
Call Home Default Settings
Alert Group Trigger Events and Commands
Page
Page
Message Contents
Page
Page
Page
Syslog Alert Notification in Long-Text Format Example
59-26
59-27
59-28
Syslog Alert Notification in XML Format Example
59-29
59-30
59-31
Page
Configuring Cisco IOS IP SLA Operations
Cisco IP SLA Commands
About Cisco IOS IP SLA
Using Cisco IOS IP SLAs to Measure Network Performance
IP SLAs Responder and IP SLAs Control Protocol
Response Time Computation for IP SLAs
IP SLAs Operation Scheduling
IP SLAs Operation Threshold Monitoring
Configuring IP SLAs Operations
IP SLA Default Configuration
IP SLA Configuration Guidelines
Configuring the IP SLAs Responder
Analyzing IP Service Levels by Using the UDP Jitter Operation
Page
Analyzing IP Service Levels by Using the ICMP Echo Operation
Page
60-13
To display IP SLAs operations configuration and results, perform one of these tasks:
Monitoring IP SLAs Operations
Step 8
Step 9
Page
Configuring RMON
About RMON
61-2
The switch supports these RMON groups (defined in RFC 1757):
interface.
Gigabit Ethernet interfaces for a specified polling interval.
Configuring RMON
Default RMON Configuration
Configuring RMON Alarms and Events
Page
Configuring RMON Collection on an Interface
Displaying RMON Status
Performing Diagnostics
Configuring Online Diagnostics
Configuring On-Demand Online Diagnostics
Scheduling Online Diagnostics
Performing Diagnostics
Starting and Stopping Online Diagnostic Tests
Displaying Online Diagnostic Tests and Test Results
62-5
This example shows how to display the online diagnostic results for module 6:
This example shows how to display the online diagnostic results details for module 6:
___________________________________________________________________________
62-6
___________________________________________________________________________
Displaying Data Path Online Diagnostics Test Results
Line Card Online Diagnostics
Troubleshooting with Online Diagnostics
62-9
To troubleshoot a faulty line card, follow these steps:
Step 1 Enter the command show diagnostic result module 3.
Power-On Self-Test Diagnostics
Overview of Power-On Self-Test Diagnostics
POST Result Example
Page
62-13
62-14
The following example shows the output for a WS-X45-SUP6-E supervisor engine:
62-15
Power-On Self-Test Results for Supervisor Engine V-10GE
POST on the Active Supervisor Engine
POST Results on an Active Supervisor Engine Example
62-17
62-18
POST on a Standby Supervisor Engine
62-19
Display of the POST on a Standby Supervisor Engine Example
62-20
62-21
Contact Cisco Systems customer support team for more information.
on power-up.
Troubleshooting the Test Failures
the POST tests.
Page
ROM Monitor
Entering the ROM Monitor
ROM Monitor Commands
ROM Monitor Command Descriptions
Configuration Register
Changing the Configuration Register Manually
Changing the Configuration Register Using Prompts
Console Download
Error Reporting
Debug Commands
Exiting the ROM Monitor
Configuring WCCP Version 2 Services
About WCCP
Hardware Acceleration
Understanding WCCP Configuration
WCCP Features
HTTP and Non-HTTP Services Support
Multiple Routers Support
MD5 Security
Web Content Packet Return
Restrictions for WCCP
Configuring WCCP
Configuring a Service Group Using WCCP
Page
Specifying a Web Cache Service
Using Access Lists for a WCCP Service Group
Setting a Password for a Router and Cache Engines
Verifying and Monitoring WCCP Configuration Settings
WCCP Configuration Examples
Performing a General WCCP Configuration Example
Running a Web Cache Service Example
Running a Reverse Proxy Service Example
Running TCP-Promiscuous Service Example
Running Redirect Access-List Example
Using Access Lists Example
Setting a Password for a Switch and Content Engines Example
64-12
Verifying WCCP Settings Example
WCCP unicast mode
WCCP multicast mode
Page
Page
Configuring MIB Support
Determining MIB Support for Cisco IOS Releases
Using Cisco IOS MIB Tools
Downloading and Compiling MIBs
Guidelines for Working with MIBs
Downloading MIBs
Compiling MIBs
Enabling SNMP Support
Page
Page
APPENDIX
A
Acronyms and Abbreviations
Page
Page
Page
Page
Page
Page
Page
INDEX
Numerics
A
Page
Page
B
C
Page
Page
Page
D
Page
Page
E
F
G
H
I
Page
Page
Page
J
K
L
Page
M
Page
Page
N
O
P
Page
Page
Page
Q
R
Page
Page
S
Page
Page
Page
Page
T
Page
U
V
Page
Page
W
Y
