Section |
Page |
Catalyst 2960 Switch SoftwareConfiguration Guide |
1 |
Contents |
3 |
Preface |
29 |
Audience |
29 |
Purpose |
29 |
Conventions |
30 |
Related Publications |
30 |
Obtaining Documentation, Obtaining Support, and Security Guidelines |
32 |
Overview |
33 |
Features |
33 |
Ease-of-Deployment and Ease-of-Use Features |
33 |
Performance Features |
34 |
Management Options |
35 |
Manageability Features |
36 |
Availability and Redundancy Features |
38 |
VLAN Features |
39 |
Security Features |
39 |
QoS and CoS Features |
41 |
Monitoring Features |
42 |
Default Settings After Initial Switch Configuration |
42 |
Network Configuration Examples |
44 |
Design Concepts for Using the Switch |
44 |
Small to Medium-Sized Network Using Catalyst 2960 Switches |
48 |
Long-Distance, High-Bandwidth Transport Configuration |
49 |
Where to Go Next |
50 |
Using the Command-Line Interface |
51 |
Understanding Command Modes |
51 |
Understanding the Help System |
53 |
Understanding Abbreviated Commands |
54 |
Understanding no and default Forms of Commands |
54 |
Understanding CLI Error Messages |
55 |
Using Configuration Logging |
55 |
Using Command History |
56 |
Changing the Command History Buffer Size |
56 |
Recalling Commands |
56 |
Disabling the Command History Feature |
57 |
Using Editing Features |
57 |
Enabling and Disabling Editing Features |
57 |
Editing Commands through Keystrokes |
57 |
Editing Command Lines that Wrap |
59 |
Searching and Filtering Output of show and more Commands |
60 |
Accessing the CLI |
60 |
Accessing the CLI through a Console Connection or through Telnet |
60 |
Assigning the Switch IP Address and Default Gateway |
61 |
Understanding the Boot Process |
61 |
Assigning Switch Information |
62 |
Default Switch Information |
63 |
Understanding DHCP-Based Autoconfiguration |
63 |
DHCP Client Request Process |
64 |
Configuring DHCP-Based Autoconfiguration |
65 |
DHCP Server Configuration Guidelines |
65 |
Configuring the TFTP Server |
66 |
Configuring the DNS |
66 |
Configuring the Relay Device |
66 |
Obtaining Configuration Files |
67 |
Example Configuration |
68 |
Manually Assigning IP Information |
70 |
Checking and Saving the Running Configuration |
70 |
Modifying the Startup Configuration |
71 |
Default Boot Configuration |
72 |
Automatically Downloading a Configuration File |
72 |
Specifying the Filename to Read and Write the System Configuration |
72 |
Booting Manually |
73 |
Booting a Specific Software Image |
74 |
Controlling Environment Variables |
74 |
Scheduling a Reload of the Software Image |
76 |
Configuring a Scheduled Reload |
76 |
Displaying Scheduled Reload Information |
77 |
Configuring Cisco IOS CNS Agents |
79 |
Understanding Cisco Configuration Engine Software |
79 |
Configuration Service |
80 |
Event Service |
81 |
NameSpace Mapper |
81 |
What You Should Know About the CNS IDs and Device Hostnames |
81 |
ConfigID |
81 |
DeviceID |
82 |
Hostname and DeviceID |
82 |
Using Hostname, DeviceID, and ConfigID |
82 |
Understanding Cisco IOS Agents |
83 |
Initial Configuration |
83 |
Incremental (Partial) Configuration |
84 |
Synchronized Configuration |
84 |
Configuring Cisco IOS Agents |
84 |
Enabling Automated CNS Configuration |
84 |
Enabling the CNS Event Agent |
86 |
Enabling the Cisco IOS CNS Agent |
87 |
Enabling an Initial Configuration |
87 |
Enabling a Partial Configuration |
89 |
Displaying CNS Configuration |
90 |
Clustering Switches |
91 |
Understanding Switch Clusters |
91 |
Cluster Command Switch Characteristics |
93 |
Standby Cluster Command Switch Characteristics |
93 |
Candidate Switch and Cluster Member Switch Characteristics |
93 |
Planning a Switch Cluster |
94 |
Automatic Discovery of Cluster Candidates and Members |
94 |
Discovery Through CDP Hops |
95 |
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices |
96 |
Discovery Through Different VLANs |
96 |
Discovery Through Different Management VLANs |
97 |
Discovery of Newly Installed Switches |
98 |
HSRP and Standby Cluster Command Switches |
99 |
Virtual IP Addresses |
100 |
Other Considerations for Cluster Standby Groups |
100 |
Automatic Recovery of Cluster Configuration |
101 |
IP Addresses |
102 |
Hostnames |
102 |
Passwords |
103 |
SNMP Community Strings |
103 |
TACACS+ and RADIUS |
104 |
LRE Profiles |
104 |
Using the CLI to Manage Switch Clusters |
104 |
Catalyst1900 and Catalyst2820 CLI Considerations |
104 |
Using SNMP to Manage Switch Clusters |
105 |
Administering the Switch |
107 |
Managing the System Time and Date |
107 |
Understanding the System Clock |
107 |
Understanding Network Time Protocol |
108 |
Configuring NTP |
109 |
Default NTP Configuration |
110 |
Configuring NTP Authentication |
110 |
Configuring NTP Associations |
111 |
Configuring NTP Broadcast Service |
112 |
Configuring NTP Access Restrictions |
114 |
Configuring the Source IP Address for NTP Packets |
116 |
Displaying the NTP Configuration |
117 |
Configuring Time and Date Manually |
117 |
Setting the System Clock |
117 |
Displaying the Time and Date Configuration |
118 |
Configuring the Time Zone |
118 |
Configuring Summer Time (Daylight Saving Time) |
119 |
Configuring a System Name and Prompt |
120 |
Default System Name and Prompt Configuration |
121 |
Configuring a System Name |
121 |
Understanding DNS |
121 |
Default DNS Configuration |
122 |
Setting Up DNS |
122 |
Displaying the DNS Configuration |
123 |
Creating a Banner |
123 |
Default Banner Configuration |
123 |
Configuring a Message-of-the-Day Login Banner |
124 |
Configuring a Login Banner |
125 |
Managing the MAC Address Table |
125 |
Building the Address Table |
126 |
MAC Addresses and VLANs |
126 |
Default MAC Address Table Configuration |
127 |
Changing the Address Aging Time |
127 |
Removing Dynamic Address Entries |
128 |
Configuring MAC Address Notification Traps |
128 |
Adding and Removing Static Address Entries |
130 |
Configuring Unicast MAC Address Filtering |
131 |
Displaying Address Table Entries |
132 |
Managing the ARP Table |
132 |
Configuring SDM Templates |
133 |
Understanding the SDM Templates |
133 |
Configuring the Switch SDM Template |
134 |
Default SDM Template |
134 |
SDM Template Configuration Guidelines |
134 |
Setting the SDM Template |
134 |
.Displaying the SDM Templates |
135 |
Configuring Switch-Based Authentication |
137 |
Preventing Unauthorized Access to Your Switch |
137 |
Protecting Access to Privileged EXEC Commands |
138 |
Default Password and Privilege Level Configuration |
138 |
Setting or Changing a Static Enable Password |
139 |
Protecting Enable and Enable Secret Passwords with Encryption |
139 |
Disabling Password Recovery |
141 |
Setting a Telnet Password for a Terminal Line |
142 |
Configuring Username and Password Pairs |
142 |
Configuring Multiple Privilege Levels |
143 |
Setting the Privilege Level for a Command |
144 |
Changing the Default Privilege Level for Lines |
145 |
Logging into and Exiting a Privilege Level |
145 |
Controlling Switch Access with TACACS+ |
146 |
Understanding TACACS+ |
146 |
TACACS+ Operation |
148 |
Configuring TACACS+ |
148 |
Default TACACS+ Configuration |
149 |
Identifying the TACACS+ Server Host and Setting the Authentication Key |
149 |
Configuring TACACS+ Login Authentication |
150 |
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services |
152 |
Starting TACACS+ Accounting |
153 |
Displaying the TACACS+ Configuration |
153 |
Controlling Switch Access with RADIUS |
153 |
Understanding RADIUS |
154 |
RADIUS Operation |
155 |
Configuring RADIUS |
155 |
Default RADIUS Configuration |
156 |
Identifying the RADIUS Server Host |
156 |
Configuring RADIUS Login Authentication |
159 |
Defining AAA Server Groups |
161 |
Configuring RADIUS Authorization for User Privileged Access and Network Services |
163 |
Starting RADIUS Accounting |
164 |
Configuring Settings for All RADIUS Servers |
165 |
Configuring the Switch to Use Vendor-Specific RADIUS Attributes |
165 |
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication |
167 |
Displaying the RADIUS Configuration |
167 |
Configuring the Switch for Local Authentication and Authorization |
168 |
Configuring the Switch for Secure Shell |
169 |
Understanding SSH |
169 |
SSH Servers, Integrated Clients, and Supported Versions |
169 |
Limitations |
170 |
Configuring SSH |
170 |
Configuration Guidelines |
170 |
Setting Up the Switch to Run SSH |
171 |
Configuring the SSH Server |
172 |
Displaying the SSH Configuration and Status |
173 |
Configuring the Switch for Secure Socket Layer HTTP |
173 |
Understanding Secure HTTP Servers and Clients |
173 |
Certificate Authority Trustpoints |
174 |
CipherSuites |
175 |
Configuring Secure HTTP Servers and Clients |
176 |
Default SSL Configuration |
176 |
SSL Configuration Guidelines |
176 |
Configuring a CA Trustpoint |
176 |
Configuring the Secure HTTP Server |
177 |
Configuring the Secure HTTP Client |
179 |
Displaying Secure HTTP Server and Client Status |
179 |
Configuring the Switch for Secure Copy Protocol |
179 |
Information About Secure Copy |
180 |
Configuring IEEE 802.1x Port-Based Authentication |
181 |
Understanding IEEE 802.1x Port-Based Authentication |
181 |
Device Roles |
182 |
Authentication Process |
183 |
Authentication Initiation and Message Exchange |
185 |
Ports in Authorized and Unauthorized States |
187 |
IEEE 802.1x Host Mode |
187 |
IEEE 802.1x Accounting |
188 |
IEEE 802.1x Accounting Attribute-Value Pairs |
188 |
Using IEEE 802.1x Authentication with VLAN Assignment |
189 |
Using IEEE 802.1x Authentication with Guest VLAN |
191 |
Using IEEE 802.1x Authentication with Restricted VLAN |
192 |
Using IEEE 802.1x Authentication with Inaccessible Authentication Bypass |
193 |
Using IEEE 802.1x Authentication with Voice VLAN Ports |
194 |
Using IEEE 802.1x Authentication with Port Security |
194 |
Using IEEE 802.1x Authentication with Wake-on-LAN |
195 |
Using IEEE 802.1x Authentication with MAC Authentication Bypass |
196 |
Using Network Admission Control Layer 2 IEEE 802.1x Validation |
197 |
Using Web Authentication |
197 |
Web Authentication with Automatic MAC Check |
198 |
Configuring IEEE 802.1x Authentication |
198 |
Default IEEE 802.1x Authentication Configuration |
199 |
IEEE 802.1x Authentication Configuration Guidelines |
200 |
IEEE 802.1x Authentication |
200 |
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass |
201 |
MAC Authentication Bypass |
202 |
Upgrading from a Previous Software Release |
202 |
Configuring IEEE 802.1x Authentication |
202 |
Configuring the Switch-to-RADIUS-Server Communication |
204 |
Configuring the Host Mode |
205 |
Configuring Periodic Re-Authentication |
205 |
Manually Re-Authenticating a Client Connected to a Port |
206 |
Changing the Quiet Period |
206 |
Changing the Switch-to-Client Retransmission Time |
207 |
Setting the Switch-to-Client Frame-Retransmission Number |
208 |
Setting the Re-Authentication Number |
208 |
Configuring IEEE 802.1x Accounting |
209 |
Configuring a Guest VLAN |
210 |
Configuring a Restricted VLAN |
211 |
Configuring the Inaccessible Authentication Bypass Feature |
213 |
Configuring IEEE 802.1x Authentication with WoL |
215 |
Configuring MAC Authentication Bypass |
216 |
Configuring NAC Layer 2 IEEE 802.1x Validation |
217 |
Configuring Web Authentication |
218 |
Disabling IEEE 802.1x Authentication on the Port |
220 |
Resetting the IEEE 802.1x Authentication Configuration to the Default Values |
221 |
Displaying IEEE 802.1x Statistics and Status |
221 |
Configuring Interface Characteristics |
223 |
Understanding Interface Types |
223 |
Port-Based VLANs |
224 |
Switch Ports |
224 |
Access Ports |
224 |
Trunk Ports |
225 |
EtherChannel Port Groups |
225 |
Dual-Purpose Uplink Ports |
226 |
Connecting Interfaces |
226 |
Using Interface Configuration Mode |
226 |
Procedures for Configuring Interfaces |
227 |
Configuring a Range of Interfaces |
228 |
Configuring and Using Interface Range Macros |
229 |
Configuring Ethernet Interfaces |
231 |
Default Ethernet Interface Configuration |
231 |
Setting the Type of a Dual-Purpose Uplink Port |
232 |
Configuring Interface Speed and Duplex Mode |
234 |
Speed and Duplex Configuration Guidelines |
234 |
Setting the Interface Speed and Duplex Parameters |
235 |
Configuring IEEE 802.3x Flow Control |
236 |
Configuring Auto-MDIX on an Interface |
237 |
Adding a Description for an Interface |
238 |
Configuring the System MTU |
238 |
Monitoring and Maintaining the Interfaces |
240 |
Monitoring Interface Status |
240 |
Clearing and Resetting Interfaces and Counters |
241 |
Shutting Down and Restarting the Interface |
241 |
Configuring Smartports Macros |
243 |
Understanding Smartports Macros |
243 |
Configuring Smartports Macros |
244 |
Default Smartports Macro Configuration |
244 |
Smartports Macro Configuration Guidelines |
244 |
Creating Smartports Macros |
246 |
Applying Smartports Macros |
247 |
Applying Cisco-Default Smartports Macros |
248 |
Displaying Smartports Macros |
250 |
Configuring VLANs |
251 |
Understanding VLANs |
251 |
Supported VLANs |
252 |
VLAN Port Membership Modes |
253 |
Configuring Normal-Range VLANs |
254 |
Token Ring VLANs |
255 |
Normal-Range VLAN Configuration Guidelines |
255 |
VLAN Configuration Mode Options |
256 |
VLAN Configuration in config-vlan Mode |
256 |
VLAN Configuration in VLAN Database Configuration Mode |
256 |
Saving VLAN Configuration |
256 |
Default Ethernet VLAN Configuration |
257 |
Creating or Modifying an Ethernet VLAN |
258 |
Deleting a VLAN |
259 |
Assigning Static-Access Ports to a VLAN |
260 |
Configuring Extended-Range VLANs |
261 |
Default VLAN Configuration |
261 |
Extended-Range VLAN Configuration Guidelines |
262 |
Creating an Extended-Range VLAN |
262 |
Displaying VLANs |
263 |
Configuring VLAN Trunks |
264 |
Trunking Overview |
264 |
IEEE 802.1Q Configuration Considerations |
265 |
Default Layer 2 Ethernet Interface VLAN Configuration |
266 |
Configuring an Ethernet Interface as a Trunk Port |
266 |
Interaction with Other Features |
266 |
Configuring a Trunk Port |
267 |
Defining the Allowed VLANs on a Trunk |
268 |
Changing the Pruning-Eligible List |
269 |
Configuring the Native VLAN for Untagged Traffic |
269 |
Configuring Trunk Ports for Load Sharing |
270 |
Load Sharing Using STP Port Priorities |
270 |
Load Sharing Using STP Path Cost |
272 |
Configuring VMPS |
273 |
Understanding VMPS |
274 |
Dynamic-Access Port VLAN Membership |
274 |
Default VMPS Client Configuration |
275 |
VMPS Configuration Guidelines |
275 |
Configuring the VMPS Client |
275 |
Entering the IP Address of the VMPS |
276 |
Configuring Dynamic-Access Ports on VMPS Clients |
276 |
Reconfirming VLAN Memberships |
277 |
Changing the Reconfirmation Interval |
277 |
Changing the Retry Count |
278 |
Monitoring the VMPS |
278 |
Troubleshooting Dynamic-Access Port VLAN Membership |
279 |
VMPS Configuration Example |
279 |
Configuring VTP |
281 |
Understanding VTP |
281 |
The VTP Domain |
282 |
VTP Modes |
283 |
VTP Advertisements |
283 |
VTP Version 2 |
284 |
VTP Pruning |
284 |
Configuring VTP |
286 |
Default VTP Configuration |
286 |
VTP Configuration Options |
287 |
VTP Configuration in Global Configuration Mode |
287 |
VTP Configuration in VLAN Database Configuration Mode |
287 |
VTP Configuration Guidelines |
288 |
Domain Names |
288 |
Passwords |
288 |
VTP Version |
288 |
Configuration Requirements |
289 |
Configuring a VTP Server |
289 |
Configuring a VTP Client |
291 |
Disabling VTP (VTP Transparent Mode) |
292 |
Enabling VTP Version 2 |
293 |
Enabling VTP Pruning |
294 |
Adding a VTP Client Switch to a VTP Domain |
294 |
Monitoring VTP |
296 |
Configuring Voice VLAN |
297 |
Understanding Voice VLAN |
297 |
Cisco IP Phone Voice Traffic |
298 |
Cisco IP Phone Data Traffic |
298 |
Configuring Voice VLAN |
299 |
Default Voice VLAN Configuration |
299 |
Voice VLAN Configuration Guidelines |
299 |
Configuring a Port Connected to a Cisco7960 IP Phone |
300 |
Configuring Cisco IP Phone Voice Traffic |
300 |
Configuring the Priority of Incoming Data Frames |
302 |
Displaying Voice VLAN |
302 |
Configuring STP |
303 |
Understanding Spanning-Tree Features |
303 |
STP Overview |
304 |
Spanning-Tree Topology and BPDUs |
305 |
Bridge ID, Switch Priority, and Extended System ID |
306 |
Spanning-Tree Interface States |
306 |
Blocking State |
308 |
Listening State |
308 |
Learning State |
308 |
Forwarding State |
308 |
Disabled State |
309 |
How a Switch or Port Becomes the Root Switch or Root Port |
309 |
Spanning Tree and Redundant Connectivity |
310 |
Spanning-Tree Address Management |
310 |
Accelerated Aging to Retain Connectivity |
310 |
Spanning-Tree Modes and Protocols |
311 |
Supported Spanning-Tree Instances |
311 |
Spanning-Tree Interoperability and Backward Compatibility |
312 |
STP and IEEE 802.1Q Trunks |
312 |
Configuring Spanning-Tree Features |
312 |
Default Spanning-Tree Configuration |
313 |
Spanning-Tree Configuration Guidelines |
314 |
Changing the Spanning-Tree Mode. |
315 |
Disabling Spanning Tree |
316 |
Configuring the Root Switch |
316 |
Configuring a Secondary Root Switch |
318 |
Configuring Port Priority |
318 |
Configuring Path Cost |
320 |
Configuring the Switch Priority of a VLAN |
321 |
Configuring Spanning-Tree Timers |
322 |
Configuring the Hello Time |
322 |
Configuring the Forwarding-Delay Time for a VLAN |
323 |
Configuring the Maximum-Aging Time for a VLAN |
323 |
Configuring the Transmit Hold-Count |
324 |
Displaying the Spanning-Tree Status |
324 |
Configuring MSTP |
325 |
Understanding MSTP |
326 |
Multiple Spanning-Tree Regions |
326 |
IST, CIST, and CST |
327 |
Operations Within an MST Region |
327 |
Operations Between MST Regions |
328 |
IEEE 802.1s Terminology |
329 |
Hop Count |
329 |
Boundary Ports |
330 |
IEEE 802.1s Implementation |
330 |
Port Role Naming Change |
331 |
Interoperation Between Legacy and Standard Switches |
331 |
Detecting Unidirectional Link Failure |
332 |
Interoperability with IEEE 802.1D STP |
332 |
Understanding RSTP |
332 |
Port Roles and the Active Topology |
333 |
Rapid Convergence |
334 |
Synchronization of Port Roles |
335 |
Bridge Protocol Data Unit Format and Processing |
336 |
Processing Superior BPDU Information |
337 |
Processing Inferior BPDU Information |
337 |
Topology Changes |
337 |
Configuring MSTP Features |
338 |
Default MSTP Configuration |
338 |
MSTP Configuration Guidelines |
339 |
Specifying the MST Region Configuration and Enabling MSTP |
340 |
Configuring the Root Switch |
341 |
Configuring a Secondary Root Switch |
342 |
Configuring Port Priority |
343 |
Configuring Path Cost |
344 |
Configuring the Switch Priority |
345 |
Configuring the Hello Time |
346 |
Configuring the Forwarding-Delay Time |
347 |
Configuring the Maximum-Aging Time |
347 |
Configuring the Maximum-Hop Count |
348 |
Specifying the Link Type to Ensure Rapid Transitions |
348 |
Designating the Neighbor Type |
349 |
Restarting the Protocol Migration Process |
349 |
Displaying the MST Configuration and Status |
350 |
Configuring Optional Spanning-Tree Features |
351 |
Understanding Optional Spanning-Tree Features |
351 |
Understanding Port Fast |
352 |
Understanding BPDU Guard |
352 |
Understanding BPDU Filtering |
353 |
Understanding UplinkFast |
353 |
Understanding BackboneFast |
355 |
Understanding EtherChannel Guard |
357 |
Understanding Root Guard |
358 |
Understanding Loop Guard |
359 |
Configuring Optional Spanning-Tree Features |
359 |
Default Optional Spanning-Tree Configuration |
359 |
Optional Spanning-Tree Configuration Guidelines |
360 |
Enabling Port Fast |
360 |
Enabling BPDU Guard |
361 |
Enabling BPDU Filtering |
362 |
Enabling UplinkFast for Use with Redundant Links |
363 |
Enabling BackboneFast |
363 |
Enabling EtherChannel Guard |
364 |
Enabling Root Guard |
365 |
Enabling Loop Guard |
365 |
Displaying the Spanning-Tree Status |
366 |
Configuring IGMP Snooping and MVR |
367 |
Understanding IGMP Snooping |
367 |
IGMP Versions |
368 |
Joining a Multicast Group |
369 |
Leaving a Multicast Group |
371 |
Immediate Leave |
371 |
IGMP Configurable-Leave Timer |
371 |
IGMP Report Suppression |
372 |
Configuring IGMP Snooping |
372 |
Default IGMP Snooping Configuration |
372 |
Enabling or Disabling IGMP Snooping |
373 |
Setting the Snooping Method |
374 |
Configuring a Multicast Router Port |
375 |
Configuring a Host Statically to Join a Group |
376 |
Enabling IGMP Immediate Leave |
376 |
Configuring the IGMP Leave Timer |
377 |
Configuring TCN-Related Commands |
378 |
Controlling the Multicast Flooding Time After a TCN Event |
378 |
Recovering from Flood Mode |
378 |
Disabling Multicast Flooding During a TCN Event |
379 |
Configuring the IGMP Snooping Querier |
380 |
Disabling IGMP Report Suppression |
381 |
Displaying IGMP Snooping Information |
381 |
Understanding Multicast VLAN Registration |
383 |
Using MVR in a Multicast Television Application |
384 |
Configuring MVR |
385 |
Default MVR Configuration |
385 |
MVR Configuration Guidelines and Limitations |
386 |
Configuring MVR Global Parameters |
386 |
Configuring MVR Interfaces |
387 |
Displaying MVR Information |
389 |
Configuring IGMP Filtering and Throttling |
389 |
Default IGMP Filtering and Throttling Configuration |
390 |
Configuring IGMP Profiles |
390 |
Applying IGMP Profiles |
391 |
Setting the Maximum Number of IGMP Groups |
392 |
Configuring the IGMP Throttling Action |
393 |
Displaying IGMP Filtering and Throttling Configuration |
394 |
Configuring Port-Based Traffic Control |
395 |
Configuring Storm Control |
395 |
Understanding Storm Control |
395 |
Default Storm Control Configuration |
397 |
Configuring Storm Control and Threshold Levels |
397 |
Configuring Protected Ports |
399 |
Default Protected Port Configuration |
400 |
Protected Port Configuration Guidelines |
400 |
Configuring a Protected Port |
400 |
Configuring Port Blocking |
401 |
Default Port Blocking Configuration |
401 |
Blocking Flooded Traffic on an Interface |
401 |
Configuring Port Security |
402 |
Understanding Port Security |
402 |
Secure MAC Addresses |
402 |
Security Violations |
403 |
Default Port Security Configuration |
404 |
Port Security Configuration Guidelines |
404 |
Enabling and Configuring Port Security |
405 |
Enabling and Configuring Port Security Aging |
410 |
Displaying Port-Based Traffic Control Settings |
411 |
Configuring CDP |
413 |
Understanding CDP |
413 |
Configuring CDP |
414 |
Default CDP Configuration |
414 |
Configuring the CDP Characteristics |
414 |
Disabling and Enabling CDP |
415 |
Disabling and Enabling CDP on an Interface |
416 |
Monitoring and Maintaining CDP |
416 |
Configuring LLDP and LLDP-MED |
419 |
Understanding LLDP and LLDP-MED |
419 |
Understanding LLDP |
419 |
Understanding LLDP-MED |
420 |
Configuring LLDP and LLDP-MED |
421 |
Default LLDP Configuration |
421 |
Configuring LLDP Characteristics |
422 |
Disabling and Enabling LLDP Globally |
423 |
Disabling and Enabling LLDP on an Interface |
423 |
Configuring LLDP-MED TLVs |
424 |
Monitoring and Maintaining LLDP and LLDP-MED |
425 |
Configuring UDLD |
427 |
Understanding UDLD |
427 |
Modes of Operation |
427 |
Methods to Detect Unidirectional Links |
428 |
Configuring UDLD |
430 |
Default UDLD Configuration |
430 |
Configuration Guidelines |
430 |
Enabling UDLD Globally |
431 |
Enabling UDLD on an Interface |
431 |
Resetting an Interface Disabled by UDLD |
432 |
Displaying UDLD Status |
432 |
Configuring SPAN and RSPAN |
433 |
Understanding SPAN and RSPAN |
433 |
Local SPAN |
434 |
Remote SPAN |
434 |
SPAN and RSPAN Concepts and Terminology |
435 |
SPAN Sessions |
435 |
Monitored Traffic |
436 |
Source Ports |
437 |
Source VLANs |
438 |
VLAN Filtering |
438 |
Destination Port |
438 |
RSPAN VLAN |
439 |
SPAN and RSPAN Interaction with Other Features |
440 |
Configuring SPAN and RSPAN |
441 |
Default SPAN and RSPAN Configuration |
441 |
Configuring Local SPAN |
441 |
SPAN Configuration Guidelines |
442 |
Creating a Local SPAN Session |
442 |
Creating a Local SPAN Session and Configuring Incoming Traffic |
445 |
Specifying VLANs to Filter |
446 |
Configuring RSPAN |
447 |
RSPAN Configuration Guidelines |
448 |
Configuring a VLAN as an RSPAN VLAN |
448 |
Creating an RSPAN Source Session |
449 |
Creating an RSPAN Destination Session |
451 |
Creating an RSPAN Destination Session and Configuring Incoming Traffic |
452 |
Specifying VLANs to Filter |
453 |
Displaying SPAN and RSPAN Status |
454 |
Configuring RMON |
455 |
Understanding RMON |
455 |
Configuring RMON |
456 |
Default RMON Configuration |
457 |
Configuring RMON Alarms and Events |
457 |
Collecting Group History Statistics on an Interface |
459 |
Collecting Group Ethernet Statistics on an Interface |
459 |
Displaying RMON Status |
460 |
Configuring System Message Logging |
461 |
Understanding System Message Logging |
461 |
Configuring System Message Logging |
462 |
System Log Message Format |
462 |
Default System Message Logging Configuration |
463 |
Disabling Message Logging |
464 |
Setting the Message Display Destination Device |
465 |
Synchronizing Log Messages |
466 |
Enabling and Disabling Time Stamps on Log Messages |
467 |
Enabling and Disabling Sequence Numbers in Log Messages |
468 |
Defining the Message Severity Level |
468 |
Limiting Syslog Messages Sent to the History Table and to SNMP |
470 |
Enabling the Configuration-Change Logger |
470 |
Configuring UNIX Syslog Servers |
472 |
Logging Messages to a UNIX Syslog Daemon |
472 |
Configuring the UNIX System Logging Facility |
472 |
Displaying the Logging Configuration |
473 |
Configuring SNMP |
475 |
Understanding SNMP |
475 |
SNMP Versions |
476 |
SNMP Manager Functions |
477 |
SNMP Agent Functions |
478 |
SNMP Community Strings |
478 |
Using SNMP to Access MIB Variables |
478 |
SNMP Notifications |
479 |
SNMP ifIndex MIB Object Values |
480 |
Configuring SNMP |
480 |
Default SNMP Configuration |
481 |
SNMP Configuration Guidelines |
481 |
Disabling the SNMP Agent |
482 |
Configuring Community Strings |
482 |
Configuring SNMP Groups and Users |
484 |
Configuring SNMP Notifications |
486 |
Setting the Agent Contact and Location Information |
489 |
Limiting TFTP Servers Used Through SNMP |
490 |
SNMP Examples |
491 |
Displaying SNMP Status |
492 |
Configuring Cisco IOS IP SLAs Operations |
493 |
Understanding Cisco IOS IP SLAs |
493 |
Using Cisco IOS IP SLAs to Measure Network Performance |
494 |
IP SLAs Responder and IP SLAs Control Protocol |
495 |
Response Time Computation for IP SLAs |
496 |
Configuring IP SLAs Operations |
497 |
Default Configuration |
497 |
Configuration Guidelines |
497 |
Configuring the IP SLAs Responder |
498 |
Monitoring IP SLAs Operations |
499 |
Configuring QoS |
501 |
Understanding QoS |
501 |
Basic QoS Model |
503 |
Classification |
505 |
Classification Based on QoS ACLs |
507 |
Classification Based on Class Maps and Policy Maps |
507 |
Policing and Marking |
508 |
Policing on Physical Ports |
509 |
Mapping Tables |
511 |
Queueing and Scheduling Overview |
512 |
Weighted Tail Drop |
512 |
SRR Shaping and Sharing |
513 |
Queueing and Scheduling on Ingress Queues |
514 |
Queueing and Scheduling on Egress Queues |
516 |
Packet Modification |
518 |
Configuring Auto-QoS |
519 |
Generated Auto-QoS Configuration |
520 |
Effects of Auto-QoS on the Configuration |
524 |
Auto-QoS Configuration Guidelines |
525 |
Enabling Auto-QoS for VoIP |
525 |
Auto-QoS Configuration Example |
527 |
Displaying Auto-QoS Information |
529 |
Configuring Standard QoS |
529 |
Default Standard QoS Configuration |
530 |
Default Ingress Queue Configuration |
530 |
Default Egress Queue Configuration |
531 |
Default Mapping Table Configuration |
532 |
Standard QoS Configuration Guidelines |
532 |
QoS ACL Guidelines |
532 |
Policing Guidelines |
532 |
General QoS Guidelines |
533 |
Enabling QoS Globally |
533 |
Configuring Classification Using Port Trust States |
534 |
Configuring the Trust State on Ports within the QoS Domain |
534 |
Configuring the CoS Value for an Interface |
536 |
Configuring a Trusted Boundary to Ensure Port Security |
536 |
Enabling DSCP Transparency Mode |
538 |
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain |
538 |
Configuring a QoS Policy |
540 |
Classifying Traffic by Using ACLs |
541 |
Classifying Traffic by Using Class Maps |
544 |
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps |
546 |
Classifying, Policing, and Marking Traffic by Using Aggregate Policers |
549 |
Configuring DSCP Maps |
551 |
Configuring the CoS-to-DSCP Map |
552 |
Configuring the IP-Precedence-to-DSCP Map |
553 |
Configuring the Policed-DSCP Map |
554 |
Configuring the DSCP-to-CoS Map |
555 |
Configuring the DSCP-to-DSCP-Mutation Map |
556 |
Configuring Ingress Queue Characteristics |
557 |
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds |
558 |
Allocating Buffer Space Between the Ingress Queues |
559 |
Allocating Bandwidth Between the Ingress Queues |
560 |
Configuring the Ingress Priority Queue |
561 |
Configuring Egress Queue Characteristics |
562 |
Configuration Guidelines |
562 |
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set |
562 |
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID |
565 |
Configuring SRR Shaped Weights on Egress Queues |
566 |
Configuring SRR Shared Weights on Egress Queues |
567 |
Configuring the Egress Expedite Queue |
568 |
Limiting the Bandwidth on an Egress Interface |
568 |
Displaying Standard QoS Information |
569 |
Configuring IPv6 Host Functions |
571 |
Understanding IPv6 |
571 |
IPv6 Addresses |
572 |
Supported IPv6 Unicast Routing Features |
573 |
128-Bit Wide Unicast Addresses |
573 |
DNS for IPv6 |
574 |
ICMPv6 |
574 |
Neighbor Discovery |
574 |
IPv6 Stateless Autoconfiguration and Duplicate Address Detection |
574 |
IPv6 Applications |
575 |
Dual IPv4 and IPv6 Protocol Stacks |
575 |
SDM Templates |
576 |
Dual IPv4-and-IPv6 SDM Templates |
577 |
Configuring IPv6 |
577 |
Default IPv6 Configuration |
578 |
Configuring IPv6 ICMP Rate Limiting |
578 |
Configuring Static Routes for IPv6 |
579 |
Displaying IPv6 |
581 |
Configuring IPv6 MLD Snooping |
585 |
Understanding MLD Snooping |
585 |
MLD Messages |
586 |
MLD Queries |
587 |
Multicast Client Aging Robustness |
587 |
Multicast Router Discovery |
587 |
MLD Reports |
588 |
MLD Done Messages and Immediate-Leave |
588 |
Topology Change Notification Processing |
589 |
Configuring IPv6 MLD Snooping |
589 |
Default MLD Snooping Configuration |
589 |
MLD Snooping Configuration Guidelines |
590 |
Enabling or Disabling MLD Snooping |
590 |
Configuring a Static Multicast Group |
592 |
Configuring a Multicast Router Port |
592 |
Enabling MLD Immediate Leave |
593 |
Configuring MLD Snooping Queries |
594 |
Disabling MLD Listener Message Suppression |
595 |
Displaying MLD Snooping Information |
595 |
Configuring EtherChannels and Link-State Tracking |
597 |
Understanding EtherChannels |
597 |
EtherChannel Overview |
598 |
Port-Channel Interfaces |
599 |
Port Aggregation Protocol |
600 |
PAgP Modes |
600 |
PAgP Interaction with Other Features |
601 |
Link Aggregation Control Protocol |
601 |
LACP Modes |
601 |
LACP Interaction with Other Features |
602 |
EtherChannel On Mode |
602 |
Load Balancing and Forwarding Methods |
602 |
Configuring EtherChannels |
604 |
Default EtherChannel Configuration |
605 |
EtherChannel Configuration Guidelines |
605 |
Configuring Layer2 EtherChannels |
606 |
Configuring EtherChannel Load Balancing |
608 |
Configuring the PAgP Learn Method and Priority |
609 |
Configuring LACP Hot-Standby Ports |
610 |
Configuring the LACP System Priority |
611 |
Configuring the LACP Port Priority |
611 |
Displaying EtherChannel, PAgP, and LACP Status |
612 |
Understanding Link-State Tracking |
613 |
Configuring Link-State Tracking |
615 |
Default Link-State Tracking Configuration |
616 |
Link-State Tracking Configuration Guidelines |
616 |
Configuring Link-State Tracking |
616 |
Displaying Link-State Tracking Status |
617 |
Troubleshooting |
619 |
Recovering from a Software Failure |
620 |
Recovering from a Lost or Forgotten Password |
621 |
Procedure with Password Recovery Enabled |
622 |
Procedure with Password Recovery Disabled |
624 |
Recovering from a Command Switch Failure |
625 |
Replacing a Failed Command Switch with a Cluster Member |
626 |
Replacing a Failed Command Switch with Another Switch |
628 |
Recovering from Lost Cluster Member Connectivity |
629 |
Preventing Autonegotiation Mismatches |
629 |
SFP Module Security and Identification |
630 |
Monitoring SFP Module Status |
630 |
Using Ping |
630 |
Understanding Ping |
631 |
Executing Ping |
631 |
Using Layer 2 Traceroute |
632 |
Understanding Layer 2 Traceroute |
632 |
Usage Guidelines |
632 |
Displaying the Physical Path |
633 |
Using IP Traceroute |
633 |
Understanding IP Traceroute |
633 |
Executing IP Traceroute |
634 |
Using TDR |
635 |
Understanding TDR |
635 |
Running TDR and Displaying the Results |
636 |
Using Debug Commands |
636 |
Enabling Debugging on a Specific Feature |
636 |
Enabling All-System Diagnostics |
637 |
Redirecting Debug and Error Message Output |
637 |
Using the show platform forward Command |
638 |
Using the crashinfo Files |
639 |
Basic crashinfo Files |
639 |
Extended crashinfo Files |
640 |
Supported MIBs |
641 |
MIB List |
641 |
Using FTP to Access the MIB Files |
643 |
Working with the Cisco IOS File System, Configuration Files, and Software Images |
645 |
Working with the Flash File System |
645 |
Displaying Available File Systems |
646 |
Setting the Default File System |
647 |
Displaying Information about Files on a File System |
647 |
Changing Directories and Displaying the Working Directory |
648 |
Creating and Removing Directories |
648 |
Copying Files |
649 |
Deleting Files |
649 |
Creating, Displaying, and Extracting tar Files |
650 |
Creating a tar File |
650 |
Displaying the Contents of a tar File |
651 |
Extracting a tar File |
651 |
Displaying the Contents of a File |
652 |
Working with Configuration Files |
652 |
Guidelines for Creating and Using Configuration Files |
653 |
Configuration File Types and Location |
654 |
Creating a Configuration File By Using a Text Editor |
654 |
Copying Configuration Files By Using TFTP |
654 |
Preparing to Download or Upload a Configuration File B y Using TFTP |
654 |
Downloading the Configuration File By Using TFTP |
655 |
Uploading the Configuration File By Using TFTP |
656 |
Copying Configuration Files By Using FTP |
656 |
Preparing to Download or Upload a Configuration File By Using FTP |
657 |
Downloading a Configuration File By Using FTP |
657 |
Uploading a Configuration File By Using FTP |
658 |
Copying Configuration Files By Using RCP |
659 |
Preparing to Download or Upload a Configuration File By Using RCP |
660 |
Downloading a Configuration File By Using RCP |
661 |
Uploading a Configuration File By Using RCP |
662 |
Clearing Configuration Information |
663 |
Clearing the Startup Configuration File |
663 |
Deleting a Stored Configuration File |
663 |
Replacing and Rolling Back Configurations |
663 |
Understanding Configuration Replacement and Rollback |
663 |
Configuration Guidelines |
665 |
Configuring the Configuration Archive |
665 |
Performing a Configuration Replacement or Rollback Operation |
666 |
Working with Software Images |
667 |
Image Location on the Switch |
668 |
tar File Format of Images on a Server or Cisco.com |
668 |
Copying Image Files By Using TFTP |
669 |
Preparing to Download or Upload an Image File By Using TFTP |
670 |
Downloading an Image File By Using TFTP |
671 |
Uploading an Image File By Using TFTP |
672 |
Copying Image Files By Using FTP |
673 |
Preparing to Download or Upload an Image File By Using FTP |
673 |
Downloading an Image File By Using FTP |
674 |
Uploading an Image File By Using FTP |
676 |
Copying Image Files By Using RCP |
677 |
Preparing to Download or Upload an Image File By Using RCP |
677 |
Downloading an Image File By Using RCP |
679 |
Uploading an Image File By Using RCP |
681 |
Recommendations for Upgrading a Catalyst2950Switch to a Catalyst 2960 Switch |
683 |
Configuration Compatibility Issues |
683 |
Feature Behavior Incompatibilities |
687 |
Unsupported Commands in CiscoIOSRelease12.2(40)SE |
689 |
Access Control Lists |
689 |
Unsupported Privileged EXEC Commands |
689 |
Unsupported Global Configuration Commands |
689 |
Unsupported Route-Map Configuration Commands |
689 |
Boot Loader Commands |
690 |
Unsupported User EXEC Commands |
690 |
Unsupported Global Configuration Commands |
690 |
Embedded Event Manager |
690 |
Unsupported Privileged EXEC Commands |
690 |
Unsupported Global Configuration Commands |
690 |
Unsupported Commands in Applet Configuration Mode |
690 |
Debug Commands |
690 |
Unsupported Privileged EXEC Commands |
690 |
|IGMP Snooping Commands |
691 |
Unsupported Global Configuration Commands |
691 |
Interface Commands |
691 |
Unsupported Privileged EXEC Commands |
691 |
Unsupported Global Configuration Commands |
691 |
Unsupported Interface Configuration Commands |
691 |
MAC Address Commands |
691 |
Unsupported Privileged EXEC Commands |
691 |
Unsupported Global Configuration Commands |
692 |
Miscellaneous |
692 |
Unsupported Privileged EXEC Commands |
692 |
Unsupported Global Configuration Commands |
692 |
Network Address Translation (NAT) Commands |
692 |
Unsupported Privileged EXEC Commands |
692 |
QoS |
693 |
Unsupported Global Configuration Command |
693 |
Unsupported Interface Configuration Commands |
693 |
Unsupported Policy-Map Configuration Command |
693 |
RADIUS |
693 |
Unsupported Global Configuration Commands |
693 |
SNMP |
693 |
Unsupported Global Configuration Commands |
693 |
Spanning Tree |
694 |
Unsupported Global Configuration Command |
694 |
Unsupported Interface Configuration Command |
694 |
VLAN |
694 |
Unsupported Global Configuration Command |
694 |
Unsupported vlan-config Command |
694 |
Unsupported User EXEC Commands |
694 |
VTP |
694 |
Unsupported Privileged EXEC Commands |
694 |