Section |
Page |
Cisco ME 3400 EthernetAccessSwitch SoftwareConfigurationGuide |
1 |
Contents |
3 |
Preface |
33 |
Audience |
33 |
Purpose |
33 |
Conventions |
33 |
Related Publications |
34 |
Obtaining Documentation |
35 |
Cisco.com |
35 |
Product Documentation DVD |
35 |
Ordering Documentation |
35 |
Documentation Feedback |
36 |
Cisco Product Security Overview |
36 |
Reporting Security Problems in Cisco Products |
37 |
Obtaining Technical Assistance |
37 |
Cisco Technical Support & Documentation Website |
37 |
Submitting a Service Request |
38 |
Definitions of Service Request Severity |
38 |
Obtaining Additional Publications and Information |
39 |
Overview |
41 |
Features |
41 |
Performance Features |
42 |
Management Options |
43 |
Manageability Features |
43 |
Availability Features |
44 |
VLAN Features |
45 |
Security Features |
45 |
Subscriber Security |
45 |
Switch Security |
45 |
Network Security |
46 |
Quality of Service and Class of Service Features |
46 |
Layer 2 Virtual Private Network Services |
47 |
Layer3 Features |
47 |
Layer 3 VPN Services |
48 |
Monitoring Features |
48 |
Default Settings After Initial Switch Configuration |
48 |
Network Configuration Examples |
51 |
Multidwelling or Ethernet-to-the-Subscriber Network |
51 |
Layer 2 VPN Application |
53 |
Multi-VRF CE Application |
54 |
Where to Go Next |
55 |
Using the Command-Line Interface |
57 |
Understanding Command Modes |
57 |
Understanding the Help System |
59 |
Understanding Abbreviated Commands |
59 |
Understanding no and default Forms of Commands |
60 |
Understanding CLI Error Messages |
60 |
Using Command History |
60 |
Changing the Command History Buffer Size |
61 |
Recalling Commands |
61 |
Disabling the Command History Feature |
61 |
Using Editing Features |
62 |
Enabling and Disabling Editing Features |
62 |
Editing Commands through Keystrokes |
62 |
Editing Command Lines that Wrap |
64 |
Searching and Filtering Output of show and more Commands |
64 |
Accessing the CLI |
65 |
Accessing the CLI through a Console Connection or through Telnet |
65 |
Assigning the Switch IP Address and Default Gateway |
67 |
Understanding the Boot Process |
67 |
Assigning Switch Information |
68 |
Default Switch Information |
69 |
Understanding DHCP-Based Autoconfiguration |
69 |
DHCP Client Request Process |
69 |
Configuring DHCP-Based Autoconfiguration |
71 |
DHCP Server Configuration Guidelines |
71 |
Configuring the TFTP Server |
71 |
Configuring the DNS |
72 |
Configuring the Relay Device |
72 |
Obtaining Configuration Files |
73 |
Example Configuration |
74 |
Manually Assigning IP Information |
75 |
Checking and Saving the Running Configuration |
76 |
Modifying the Startup Configuration |
78 |
Default Boot Configuration |
79 |
Automatically Downloading a Configuration File |
79 |
Specifying the Filename to Read and Write the System Configuration |
79 |
Booting Manually |
80 |
Booting a Specific Software Image |
80 |
Controlling Environment Variables |
81 |
Scheduling a Reload of the Software Image |
82 |
Configuring a Scheduled Reload |
83 |
Displaying Scheduled Reload Information |
84 |
Configuring Cisco IOS CNS Agents |
85 |
Understanding Cisco Configuration Engine Software |
85 |
Configuration Service |
86 |
Event Service |
87 |
NameSpace Mapper |
87 |
What You Should Know About the CNS IDs and Device Hostnames |
87 |
ConfigID |
87 |
DeviceID |
88 |
Hostname and DeviceID |
88 |
Using Hostname, DeviceID, and ConfigID |
88 |
Understanding Cisco IOS Agents |
89 |
Initial Configuration |
89 |
Incremental (Partial) Configuration |
90 |
Synchronized Configuration |
90 |
Configuring Cisco IOS Agents |
90 |
Enabling Automated CNS Configuration |
90 |
Enabling the CNS Event Agent |
92 |
Enabling the Cisco IOS CNS Agent |
93 |
Enabling an Initial Configuration |
93 |
Enabling a Partial Configuration |
95 |
Displaying CNS Configuration |
96 |
Administering the Switch |
98 |
Managing the System Time and Date |
98 |
Understanding the System Clock |
99 |
Understanding Network Time Protocol |
99 |
Configuring NTP |
101 |
Default NTP Configuration |
101 |
Configuring NTP Authentication |
102 |
Configuring NTP Associations |
103 |
Configuring NTP Broadcast Service |
104 |
Configuring NTP Access Restrictions |
105 |
Configuring the Source IP Address for NTP Packets |
107 |
Displaying the NTP Configuration |
108 |
Configuring Time and Date Manually |
108 |
Setting the System Clock |
108 |
Displaying the Time and Date Configuration |
109 |
Configuring the Time Zone |
109 |
Configuring Summer Time (Daylight Saving Time) |
110 |
Configuring a System Name and Prompt |
111 |
Default System Name and Prompt Configuration |
112 |
Configuring a System Name |
112 |
Understanding DNS |
112 |
Default DNS Configuration |
113 |
Setting Up DNS |
113 |
Displaying the DNS Configuration |
114 |
Creating a Banner |
114 |
Default Banner Configuration |
114 |
Configuring a Message-of-the-Day Login Banner |
115 |
Configuring a Login Banner |
116 |
Managing the MAC Address Table |
116 |
Building the Address Table |
117 |
MAC Addresses and VLANs |
117 |
Default MAC Address Table Configuration |
118 |
Changing the Address Aging Time |
118 |
Removing Dynamic Address Entries |
119 |
Configuring MAC Address Notification Traps |
119 |
Adding and Removing Static Address Entries |
121 |
Configuring Unicast MAC Address Filtering |
122 |
Disabling MAC Address Learning on a VLAN |
123 |
Displaying Address Table Entries |
125 |
Managing the ARP Table |
125 |
Configuring SDM Templates |
126 |
Understanding the SDM Templates |
126 |
Configuring the Switch SDM Template |
127 |
Default SDM Template |
127 |
SDM Template Configuration Guidelines |
127 |
Setting the SDM Template |
128 |
Displaying the SDM Templates |
129 |
Configuring Switch-Based Authentication |
130 |
Preventing Unauthorized Access to Your Switch |
130 |
Protecting Access to Privileged EXEC Commands |
131 |
Default Password and Privilege Level Configuration |
131 |
Setting or Changing a Static Enable Password |
132 |
Protecting Enable and Enable Secret Passwords with Encryption |
133 |
Disabling Password Recovery |
134 |
Setting a Telnet Password for a Terminal Line |
135 |
Configuring Username and Password Pairs |
136 |
Configuring Multiple Privilege Levels |
137 |
Setting the Privilege Level for a Command |
137 |
Changing the Default Privilege Level for Lines |
138 |
Logging into and Exiting a Privilege Level |
139 |
Controlling Switch Access with TACACS+ |
139 |
Understanding TACACS+ |
139 |
TACACS+ Operation |
141 |
Configuring TACACS+ |
142 |
Default TACACS+ Configuration |
142 |
Identifying the TACACS+ Server Host and Setting the Authentication Key |
142 |
Configuring TACACS+ Login Authentication |
143 |
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services |
145 |
Starting TACACS+ Accounting |
146 |
Displaying the TACACS+ Configuration |
146 |
Controlling Switch Access with RADIUS |
147 |
Understanding RADIUS |
147 |
RADIUS Operation |
148 |
Configuring RADIUS |
149 |
Default RADIUS Configuration |
149 |
Identifying the RADIUS Server Host |
149 |
Configuring RADIUS Login Authentication |
152 |
Defining AAA Server Groups |
154 |
Configuring RADIUS Authorization for User Privileged Access and Network Services |
156 |
Starting RADIUS Accounting |
157 |
Configuring Settings for All RADIUS Servers |
158 |
Configuring the Switch to Use Vendor-Specific RADIUS Attributes |
158 |
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication |
160 |
Displaying the RADIUS Configuration |
160 |
Controlling Switch Access with Kerberos |
161 |
Understanding Kerberos |
161 |
Kerberos Operation |
163 |
Authenticating to a Boundary Switch |
164 |
Obtaining a TGT from a KDC |
164 |
Authenticating to Network Services |
164 |
Configuring Kerberos |
165 |
Configuring the Switch for Local Authentication and Authorization |
165 |
Configuring the Switch for Secure Shell |
166 |
Understanding SSH |
167 |
SSH Servers, Integrated Clients, and Supported Versions |
167 |
Limitations |
167 |
Configuring SSH |
168 |
Configuration Guidelines |
168 |
Setting Up the Switch to Run SSH |
168 |
Configuring the SSH Server |
169 |
Displaying the SSH Configuration and Status |
170 |
Configuring IEEE 802.1x Port-Based Authentication |
172 |
Understanding IEEE 802.1x Port-Based Authentication |
172 |
Device Roles |
173 |
Authentication Initiation and Message Exchange |
174 |
Ports in Authorized and Unauthorized States |
175 |
IEEE 802.1x Accounting |
176 |
IEEE 802.1x Accounting Attribute-Value Pairs |
176 |
IEEE 802.1x Host Mode |
177 |
Using IEEE 802.1x with Port Security |
178 |
Using IEEE 802.1x with VLAN Assignment |
179 |
Configuring IEEE 802.1x Authentication |
180 |
Default IEEE 802.1x Configuration |
180 |
IEEE 802.1x Configuration Guidelines |
181 |
Configuring IEEE 802.1x Authentication |
182 |
Configuring the Switch-to-RADIUS-Server Communication |
183 |
Configuring Periodic Re-Authentication |
184 |
Manually Re-Authenticating a Client Connected to a Port |
185 |
Changing the Quiet Period |
185 |
Changing the Switch-to-Client Retransmission Time |
186 |
Setting the Switch-to-Client Frame-Retransmission Number |
186 |
Setting the Re-Authentication Number |
187 |
Configuring the Host Mode |
188 |
Resetting the IEEE 802.1x Configuration to the Default Values |
188 |
Configuring IEEE 802.1x Accounting |
189 |
Displaying IEEE 802.1x Statistics and Status |
190 |
Configuring Interface Characteristics |
192 |
Understanding Interface Types |
192 |
Port-Based VLANs |
193 |
Switch Ports |
193 |
UNI and NNI Ports |
194 |
Access Ports |
194 |
Trunk Ports |
195 |
Tunnel Ports |
195 |
Routed Ports |
195 |
Switch Virtual Interfaces |
196 |
EtherChannel Port Groups |
197 |
Connecting Interfaces |
197 |
Using Interface Configuration Mode |
198 |
Procedures for Configuring Interfaces |
198 |
Configuring a Range of Interfaces |
199 |
Configuring and Using Interface Range Macros |
201 |
Configuring Ethernet Interfaces |
202 |
Default Ethernet Interface Configuration |
203 |
Configuring User Network and Network Node Interfaces |
204 |
Configuring Interface Speed and Duplex Mode |
205 |
Speed and Duplex Configuration Guidelines |
206 |
Setting the Interface Speed and Duplex Parameters |
206 |
Configuring IEEE 802.3x Flow Control |
208 |
Configuring Auto-MDIX on an Interface |
209 |
Adding a Description for an Interface |
210 |
Configuring Layer 3 Interfaces |
211 |
Configuring the System MTU |
212 |
Monitoring and Maintaining the Interfaces |
213 |
Monitoring Interface Status |
214 |
Clearing and Resetting Interfaces and Counters |
215 |
Shutting Down and Restarting the Interface |
215 |
Configuring Command Macros |
216 |
Understanding Command Macros |
216 |
Configuring Command Macros |
217 |
Default Command Macro Configuration |
217 |
Command Macro Configuration Guidelines |
217 |
Creating Command Macros |
218 |
Applying Command Macros |
219 |
Displaying Command Macros |
220 |
Configuring VLANs |
222 |
Understanding VLANs |
222 |
Supported VLANs |
224 |
Normal-Range VLANs |
224 |
Extended-Range VLANs |
225 |
VLAN Port Membership Modes |
225 |
UNI VLANs |
226 |
Creating and Modifying VLANs |
227 |
Default Ethernet VLAN Configuration |
228 |
VLAN Configuration Guidelines |
229 |
Creating or Modifying an Ethernet VLAN |
230 |
Assigning Static-Access Ports to a VLAN |
231 |
Creating an Extended-Range VLAN with an Internal VLAN ID |
232 |
Configuring UNI VLANs |
233 |
Configuration Guidelines |
233 |
Configuring UNI VLANs |
234 |
Displaying VLANs |
235 |
Configuring VLAN Trunks |
235 |
Trunking Overview |
235 |
IEEE 802.1Q Configuration Considerations |
236 |
Default Layer 2 Ethernet Interface VLAN Configuration |
237 |
Configuring an Ethernet Interface as a Trunk Port |
237 |
Interaction with Other Features |
237 |
Configuring a Trunk Port |
238 |
Defining the Allowed VLANs on a Trunk |
238 |
Configuring the Native VLAN for Untagged Traffic |
240 |
Configuring Trunk Ports for Load Sharing |
240 |
Load Sharing Using STP Port Priorities |
241 |
Load Sharing Using STP Path Cost |
242 |
Configuring VMPS |
244 |
Understanding VMPS |
244 |
Dynamic-Access Port VLAN Membership |
245 |
Default VMPS Client Configuration |
245 |
VMPS Configuration Guidelines |
246 |
Configuring the VMPS Client |
246 |
Entering the IP Address of the VMPS |
246 |
Configuring Dynamic-Access Ports on VMPS Clients |
247 |
Reconfirming VLAN Memberships |
247 |
Changing the Reconfirmation Interval |
248 |
Changing the Retry Count |
248 |
Monitoring the VMPS |
248 |
Troubleshooting Dynamic-Access Port VLAN Membership |
249 |
VMPS Configuration Example |
249 |
Configuring Private VLANs |
252 |
Understanding Private VLANs |
252 |
Types of Private VLANs and Private-VLAN Ports |
253 |
IP Addressing Scheme with Private VLANs |
255 |
Private VLANs across Multiple Switches |
255 |
Private VLANs and Unicast, Broadcast, and Multicast Traffic |
256 |
Private VLANs and SVIs |
256 |
Configuring Private VLANs |
256 |
Tasks for Configuring Private VLANs |
257 |
Default Private-VLAN Configuration |
257 |
Private-VLAN Configuration Guidelines |
257 |
Secondary and Primary VLAN Configuration |
258 |
Private-VLAN Port Configuration |
259 |
Limitations with Other Features |
260 |
Configuring and Associating VLANs in a Private VLAN |
261 |
Configuring a Layer 2 Interface as a Private-VLAN Host Port |
263 |
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port |
264 |
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface |
265 |
Monitoring Private VLANs |
266 |
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling |
268 |
Understanding IEEE 802.1Q Tunneling |
268 |
Configuring IEEE 802.1Q Tunneling |
271 |
Default IEEE 802.1Q Tunneling Configuration |
271 |
IEEE 802.1Q Tunneling Configuration Guidelines |
271 |
Native VLANs |
271 |
System MTU |
272 |
IEEE 802.1Q Tunneling and Other Features |
273 |
Configuring an IEEE 802.1Q Tunneling Port |
273 |
Understanding Layer 2 Protocol Tunneling |
275 |
Configuring Layer 2 Protocol Tunneling |
277 |
Default Layer 2 Protocol Tunneling Configuration |
278 |
Layer 2 Protocol Tunneling Configuration Guidelines |
278 |
Configuring Layer 2 Protocol Tunneling |
279 |
Configuring Layer 2 Tunneling for EtherChannels |
281 |
Configuring the SP Edge Switch |
281 |
Configuring the Customer Switch |
282 |
Monitoring and Maintaining Tunneling Status |
285 |
Configuring STP |
286 |
Understanding Spanning-Tree Features |
286 |
STP Overview |
287 |
Spanning-Tree Topology and BPDUs |
288 |
Bridge ID, Switch Priority, and Extended System ID |
289 |
Spanning-Tree Interface States |
289 |
Blocking State |
291 |
Listening State |
291 |
Learning State |
291 |
Forwarding State |
292 |
Disabled State |
292 |
How a Switch or Port Becomes the Root Switch or Root Port |
292 |
Spanning Tree and Redundant Connectivity |
293 |
Spanning-Tree Address Management |
293 |
Accelerated Aging to Retain Connectivity |
294 |
Spanning-Tree Modes and Protocols |
294 |
Supported Spanning-Tree Instances |
295 |
Spanning-Tree Interoperability and Backward Compatibility |
295 |
STP and IEEE 802.1Q Trunks |
295 |
Configuring Spanning-Tree Features |
296 |
Default Spanning-Tree Configuration |
296 |
Spanning-Tree Configuration Guidelines |
297 |
Changing the Spanning-Tree Mode. |
298 |
Disabling Spanning Tree |
299 |
Configuring the Root Switch |
299 |
Configuring a Secondary Root Switch |
301 |
Configuring Port Priority |
301 |
Configuring Path Cost |
303 |
Configuring the Switch Priority of a VLAN |
304 |
Configuring Spanning-Tree Timers |
305 |
Configuring the Hello Time |
305 |
Configuring the Forwarding-Delay Time for a VLAN |
306 |
Configuring the Maximum-Aging Time for a VLAN |
306 |
Displaying the Spanning-Tree Status |
307 |
Configuring MSTP |
308 |
Understanding MSTP |
309 |
Multiple Spanning-Tree Regions |
309 |
IST, CIST, and CST |
309 |
Operations Within an MST Region |
310 |
Operations Between MST Regions |
310 |
Hop Count |
311 |
Boundary Ports |
312 |
Interoperability with IEEE 802.1D STP |
312 |
Understanding RSTP |
313 |
Port Roles and the Active Topology |
313 |
Rapid Convergence |
314 |
Synchronization of Port Roles |
315 |
Bridge Protocol Data Unit Format and Processing |
316 |
Processing Superior BPDU Information |
317 |
Processing Inferior BPDU Information |
317 |
Topology Changes |
317 |
Configuring MSTP Features |
318 |
Default MSTP Configuration |
319 |
MSTP Configuration Guidelines |
319 |
Specifying the MST Region Configuration and Enabling MSTP |
320 |
Configuring the Root Switch |
321 |
Configuring a Secondary Root Switch |
323 |
Configuring Port Priority |
324 |
Configuring Path Cost |
325 |
Configuring the Switch Priority |
326 |
Configuring the Hello Time |
326 |
Configuring the Forwarding-Delay Time |
327 |
Configuring the Maximum-Aging Time |
328 |
Configuring the Maximum-Hop Count |
328 |
Specifying the Link Type to Ensure Rapid Transitions |
329 |
Restarting the Protocol Migration Process |
329 |
Displaying the MST Configuration and Status |
330 |
Configuring Optional Spanning-Tree Features |
332 |
Understanding Optional Spanning-Tree Features |
332 |
Understanding Port Fast |
333 |
Understanding BPDU Guard |
333 |
Understanding BPDU Filtering |
334 |
Understanding EtherChannel Guard |
334 |
Understanding Root Guard |
334 |
Understanding Loop Guard |
335 |
Configuring Optional Spanning-Tree Features |
336 |
Default Optional Spanning-Tree Configuration |
336 |
Optional Spanning-Tree Configuration Guidelines |
336 |
Enabling Port Fast |
336 |
Enabling BPDU Guard |
337 |
Enabling BPDU Filtering |
338 |
Enabling EtherChannel Guard |
339 |
Enabling Root Guard |
340 |
Enabling Loop Guard |
340 |
Displaying the Spanning-Tree Status |
341 |
Configuring Flex Links |
342 |
Understanding Flex Links |
342 |
Configuring Flex Links |
343 |
Default Flex Link Configuration |
343 |
Flex Link Configuration Guidelines |
343 |
Configuring Flex Links |
344 |
Monitoring Flex Links |
345 |
Configuring DHCP Features and IP Source Guard |
346 |
Understanding DHCP Features |
346 |
DHCP Server |
347 |
DHCP Relay Agent |
347 |
DHCP Snooping |
347 |
Option-82 Data Insertion |
348 |
DHCP Snooping Binding Database |
350 |
Configuring DHCP Features |
351 |
Default DHCP Configuration |
352 |
DHCP Snooping Configuration Guidelines |
352 |
Configuring the DHCP Relay Agent |
353 |
Specifying the Packet Forwarding Address |
354 |
Enabling DHCP Snooping and Option 82 |
355 |
Enabling DHCP Snooping on Private VLANs |
356 |
Enabling the DHCP Snooping Binding Database Agent |
357 |
Displaying DHCP Snooping Information |
358 |
Understanding IP Source Guard |
358 |
Source IP Address Filtering |
359 |
Source IP and MAC Address Filtering |
359 |
Configuring IP Source Guard |
359 |
Default IP Source Guard Configuration |
359 |
IP Source Guard Configuration Guidelines |
360 |
Enabling IP Source Guard |
360 |
Displaying IP Source Guard Information |
361 |
Configuring Dynamic ARP Inspection |
362 |
Understanding Dynamic ARP Inspection |
362 |
Interface Trust States and Network Security |
364 |
Rate Limiting of ARP Packets |
365 |
Relative Priority of ARP ACLs and DHCP Snooping Entries |
365 |
Logging of Dropped Packets |
365 |
Configuring Dynamic ARP Inspection |
366 |
Default Dynamic ARP Inspection Configuration |
366 |
Dynamic ARP Inspection Configuration Guidelines |
367 |
Configuring Dynamic ARP Inspection in DHCP Environments |
368 |
Configuring ARP ACLs for Non-DHCP Environments |
369 |
Limiting the Rate of Incoming ARP Packets |
371 |
Performing Validation Checks |
373 |
Configuring the Log Buffer |
374 |
Displaying Dynamic ARP Inspection Information |
375 |
Configuring IGMP Snooping and MVR |
378 |
Understanding IGMP Snooping |
378 |
IGMP Versions |
379 |
Joining a Multicast Group |
380 |
Leaving a Multicast Group |
382 |
Immediate Leave |
382 |
IGMP Configurable-Leave Timer |
382 |
IGMP Report Suppression |
383 |
Configuring IGMP Snooping |
383 |
Default IGMP Snooping Configuration |
383 |
Enabling or Disabling IGMP Snooping |
384 |
Configuring a Multicast Router Port |
385 |
Configuring a Host Statically to Join a Group |
385 |
Enabling IGMP Immediate Leave |
386 |
Configuring the IGMP Leave Timer |
387 |
Configuring TCN-Related Commands |
388 |
Controlling the Multicast Flooding Time After a TCN Event |
388 |
Recovering from Flood Mode |
388 |
Disabling Multicast Flooding During a TCN Event |
389 |
Configuring the IGMP Snooping Querier |
390 |
Disabling IGMP Report Suppression |
391 |
Displaying IGMP Snooping Information |
392 |
Understanding Multicast VLAN Registration |
393 |
Using MVR in a Multicast Television Application |
393 |
Configuring MVR |
395 |
Default MVR Configuration |
395 |
MVR Configuration Guidelines and Limitations |
396 |
Configuring MVR Global Parameters |
396 |
Configuring MVR Interfaces |
397 |
Displaying MVR Information |
399 |
Configuring IGMP Filtering and Throttling |
399 |
Default IGMP Filtering and Throttling Configuration |
400 |
Configuring IGMP Profiles |
400 |
Applying IGMP Profiles |
402 |
Setting the Maximum Number of IGMP Groups |
402 |
Configuring the IGMP Throttling Action |
403 |
Displaying IGMP Filtering and Throttling Configuration |
405 |
Configuring Port-Based Traffic Control |
406 |
Configuring Storm Control |
406 |
Understanding Storm Control |
406 |
Default Storm Control Configuration |
408 |
Configuring Storm Control and Threshold Levels |
408 |
Configuring Protected Ports |
410 |
Default Protected Port Configuration |
410 |
Protected Port Configuration Guidelines |
411 |
Configuring a Protected Port |
411 |
Configuring Port Blocking |
412 |
Default Port Blocking Configuration |
412 |
Blocking Flooded Traffic on an Interface |
412 |
Configuring Port Security |
413 |
Understanding Port Security |
413 |
Secure MAC Addresses |
413 |
Security Violations |
414 |
Default Port Security Configuration |
415 |
Port Security Configuration Guidelines |
415 |
Enabling and Configuring Port Security |
416 |
Enabling and Configuring Port Security Aging |
420 |
Displaying Port-Based Traffic Control Settings |
422 |
Configuring CDP |
424 |
Understanding CDP |
424 |
Configuring CDP |
425 |
Default CDP Configuration |
425 |
Configuring the CDP Characteristics |
425 |
Disabling and Enabling CDP |
426 |
Disabling and Enabling CDP on an Interface |
427 |
Monitoring and Maintaining CDP |
428 |
Configuring UDLD |
430 |
Understanding UDLD |
430 |
Modes of Operation |
430 |
Methods to Detect Unidirectional Links |
431 |
Configuring UDLD |
433 |
Default UDLD Configuration |
433 |
Configuration Guidelines |
433 |
Enabling UDLD Globally |
434 |
Enabling UDLD on an Interface |
434 |
Resetting an Interface Disabled by UDLD |
435 |
Displaying UDLD Status |
435 |
Configuring SPAN and RSPAN |
436 |
Understanding SPAN and RSPAN |
436 |
Local SPAN |
437 |
Remote SPAN |
437 |
SPAN and RSPAN Concepts and Terminology |
438 |
SPAN Sessions |
438 |
Monitored Traffic |
439 |
Source Ports |
440 |
Source VLANs |
441 |
VLAN Filtering |
441 |
Destination Port |
442 |
RSPAN VLAN |
443 |
SPAN and RSPAN Interaction with Other Features |
443 |
Configuring SPAN and RSPAN |
444 |
Default SPAN and RSPAN Configuration |
445 |
Configuring Local SPAN |
445 |
SPAN Configuration Guidelines |
445 |
Creating a Local SPAN Session |
446 |
Creating a Local SPAN Session and Configuring Ingress Traffic |
448 |
Specifying VLANs to Filter |
450 |
Configuring RSPAN |
451 |
RSPAN Configuration Guidelines |
451 |
Configuring a VLAN as an RSPAN VLAN |
452 |
Creating an RSPAN Source Session |
452 |
Creating an RSPAN Destination Session |
454 |
Creating an RSPAN Destination Session and Configuring Ingress Traffic |
455 |
Specifying VLANs to Filter |
456 |
Displaying SPAN and RSPAN Status |
457 |
Configuring RMON |
458 |
Understanding RMON |
458 |
Configuring RMON |
459 |
Default RMON Configuration |
460 |
Configuring RMON Alarms and Events |
460 |
Collecting Group History Statistics on an Interface |
462 |
Collecting Group Ethernet Statistics on an Interface |
463 |
Displaying RMON Status |
463 |
Configuring System Message Logging |
464 |
Understanding System Message Logging |
464 |
Configuring System Message Logging |
465 |
System Log Message Format |
465 |
Default System Message Logging Configuration |
466 |
Disabling Message Logging |
466 |
Setting the Message Display Destination Device |
467 |
Synchronizing Log Messages |
468 |
Enabling and Disabling Time Stamps on Log Messages |
470 |
Enabling and Disabling Sequence Numbers in Log Messages |
470 |
Defining the Message Severity Level |
471 |
Limiting Syslog Messages Sent to the History Table and to SNMP |
472 |
Configuring UNIX Syslog Servers |
473 |
Logging Messages to a UNIX Syslog Daemon |
473 |
Configuring the UNIX System Logging Facility |
474 |
Displaying the Logging Configuration |
475 |
Configuring SNMP |
476 |
Understanding SNMP |
476 |
SNMP Versions |
477 |
SNMP Manager Functions |
478 |
SNMP Agent Functions |
479 |
SNMP Community Strings |
479 |
Using SNMP to Access MIB Variables |
479 |
SNMP Notifications |
480 |
SNMP ifIndex MIB Object Values |
480 |
Configuring SNMP |
481 |
Default SNMP Configuration |
481 |
SNMP Configuration Guidelines |
481 |
Disabling the SNMP Agent |
482 |
Configuring Community Strings |
483 |
Configuring SNMP Groups and Users |
484 |
Configuring SNMP Notifications |
486 |
Setting the Agent Contact and Location Information |
489 |
Limiting TFTP Servers Used Through SNMP |
490 |
SNMP Examples |
490 |
Displaying SNMP Status |
491 |
Configuring Network Security with ACLs |
492 |
Understanding ACLs |
492 |
Supported ACLs |
493 |
Port ACLs |
494 |
Router ACLs |
495 |
VLAN Maps |
496 |
Handling Fragmented and Unfragmented Traffic |
496 |
Configuring IPv4 ACLs |
497 |
Creating Standard and Extended IPv4 ACLs |
498 |
IPv4 Access List Numbers |
499 |
ACL Logging |
499 |
Creating a Numbered Standard ACL |
500 |
Creating a Numbered Extended ACL |
501 |
Resequencing ACEs in an ACL |
505 |
Creating Named Standard and Extended ACLs |
505 |
Using Time Ranges with ACLs |
507 |
Including Comments in ACLs |
509 |
Applying an IPv4 ACL to a Terminal Line |
509 |
Applying an IPv4 ACL to an Interface |
510 |
Hardware and Software Treatment of IP ACLs |
512 |
IPv4 ACL Configuration Examples |
512 |
Numbered ACLs |
514 |
Extended ACLs |
514 |
Named ACLs |
514 |
Time Range Applied to an IP ACL |
515 |
Commented IP ACL Entries |
515 |
ACL Logging |
516 |
Creating Named MAC Extended ACLs |
517 |
Applying a MAC ACL to a Layer 2 Interface |
519 |
Configuring VLAN Maps |
520 |
VLAN Map Configuration Guidelines |
521 |
Creating a VLAN Map |
522 |
Examples of ACLs and VLAN Maps |
522 |
Applying a VLAN Map to a VLAN |
524 |
Using VLAN Maps in Your Network |
525 |
Wiring Closet Configuration |
525 |
Denying Access to a Server on Another VLAN |
526 |
Using VLAN Maps with Router ACLs |
527 |
VLAN Maps and Router ACL Configuration Guidelines |
527 |
Examples of Router ACLs and VLAN Maps Applied to VLANs |
528 |
ACLs and Switched Packets |
528 |
ACLs and Routed Packets |
529 |
ACLs and Multicast Packets |
530 |
Displaying IPv4 ACL Configuration |
530 |
Configuring Control-Plane Security |
532 |
Understanding Control-Plane Security |
532 |
Configuring Control-Plane Security |
535 |
Monitoring Control-Plane Security |
536 |
Configuring QoS |
538 |
Understanding QoS |
538 |
Modular QoS CLI |
540 |
Input and Output Policies |
541 |
Input Policy Maps |
541 |
Output Policy Maps |
542 |
Classification |
542 |
Class Maps |
543 |
The match Command |
544 |
Classification Based on Layer 2 CoS |
544 |
Classification Based on IP Precedence |
545 |
Classification Based on IP DSCP |
545 |
Classification Comparisons |
546 |
Classification Based on QoS ACLs |
547 |
Classification Based on QoS Groups |
547 |
Table Maps |
548 |
Policing |
549 |
Individual Policing |
550 |
Aggregate Policing |
551 |
Unconditional Priority Policing |
552 |
Marking |
553 |
Congestion Management and Scheduling |
555 |
Traffic Shaping |
556 |
Class-Based Weighted Fair Queuing |
558 |
Priority Queuing |
559 |
Congestion Avoidance and Queuing |
561 |
Configuring QoS |
563 |
Default QoS Configuration |
564 |
QoS Configuration Guidelines |
564 |
Using ACLs to Classify Traffic |
564 |
Creating IP Standard ACLs |
565 |
Creating IP Extended ACLs |
566 |
Creating Layer 2 MAC ACLs |
567 |
Using Class Maps to Define a Traffic Class |
568 |
Configuring Table Maps |
570 |
Attaching a Traffic Policy to an Interface |
572 |
Configuring Input Policy Maps |
572 |
Configuring Input Policy Maps with Individual Policing |
573 |
Configuring Input Policy Maps with Aggregate Policing |
576 |
Configuring Input Policy Maps with Marking |
578 |
Configuring Output Policy Maps |
580 |
Configuring Output Policy Maps with Class-Based-Weighted-Queuing |
581 |
Configuring Output Policy Maps with Class-Based Shaping |
583 |
Configuring Output Policy Maps with Port Shaping |
584 |
Configuring Output Policy Maps with Class-Based Priority Queuing |
585 |
Configuring Output Policy Maps with Weighted Tail Drop |
590 |
Displaying QoS Information |
592 |
QoS Statistics |
592 |
Configuration Examples for Policy Maps |
593 |
QoS Configuration for Customer A |
593 |
QoS Configuration for Customer B |
595 |
Modifying Output Policies and Adding or Deleting Classification Criteria |
596 |
Modifying Output Policies and Changing Queuing or Scheduling Parameters |
597 |
Modifying Output Policies and Adding or Deleting Configured Actions |
597 |
Modifying Output Policies and Adding or Deleting a Class |
598 |
Configuring EtherChannels |
602 |
Understanding EtherChannels |
602 |
EtherChannel Overview |
603 |
Port-Channel Interfaces |
604 |
Port Aggregation Protocol |
605 |
PAgP Modes |
606 |
PAgP Interaction with Other Features |
606 |
Link Aggregation Control Protocol |
607 |
LACP Modes |
607 |
LACP Interaction with Other Features |
607 |
EtherChannel On Mode |
608 |
Load Balancing and Forwarding Methods |
608 |
Configuring EtherChannels |
610 |
Default EtherChannel Configuration |
610 |
EtherChannel Configuration Guidelines |
611 |
Configuring Layer2 EtherChannels |
612 |
Configuring Layer3 EtherChannels |
614 |
Creating Port-Channel Logical Interfaces |
614 |
Configuring the Physical Interfaces |
615 |
Configuring EtherChannel Load Balancing |
617 |
Configuring the PAgP Learn Method and Priority |
618 |
Configuring LACP Hot-Standby Ports |
619 |
Configuring the LACP System Priority |
620 |
Configuring the LACP Port Priority |
621 |
Displaying EtherChannel, PAgP, and LACP Status |
622 |
Configuring IP Unicast Routing |
624 |
Understanding IP Routing |
625 |
Types of Routing |
625 |
Steps for Configuring Routing |
626 |
Configuring IP Addressing |
627 |
Default Addressing Configuration |
627 |
Assigning IP Addresses to Network Interfaces |
628 |
Use of Subnet Zero |
629 |
Classless Routing |
629 |
Configuring Address Resolution Methods |
630 |
Define a Static ARP Cache |
631 |
Set ARP Encapsulation |
632 |
Enable Proxy ARP |
633 |
Routing Assistance When IP Routing is Disabled |
633 |
Proxy ARP |
633 |
Default Gateway |
634 |
ICMP Router Discovery Protocol (IRDP) |
634 |
Configuring Broadcast Packet Handling |
635 |
Enabling Directed Broadcast-to-Physical Broadcast Translation |
636 |
Forwarding UDP Broadcast Packets and Protocols |
637 |
Establishing an IP Broadcast Address |
638 |
Flooding IP Broadcasts |
638 |
Monitoring and Maintaining IP Addressing |
640 |
Enabling IPv4 Unicast Routing |
640 |
Configuring RIP |
641 |
Default RIP Configuration |
642 |
Configuring Basic RIP Parameters |
642 |
Configuring RIP Authentication |
644 |
Configuring Summary Addresses and Split Horizon |
644 |
Configuring Split Horizon |
646 |
Configuring OSPF |
646 |
Default OSPF Configuration |
647 |
Configuring Basic OSPF Parameters |
649 |
Configuring OSPF Interfaces |
649 |
Configuring OSPF Area Parameters |
650 |
Configuring Other OSPF Parameters |
652 |
Changing LSA Group Pacing |
653 |
Configuring a Loopback Interface |
654 |
Monitoring OSPF |
654 |
Configuring EIGRP |
655 |
Default EIGRP Configuration |
657 |
Configuring Basic EIGRP Parameters |
658 |
Configuring EIGRP Interfaces |
659 |
Configuring EIGRP Route Authentication |
660 |
Monitoring and Maintaining EIGRP |
661 |
Configuring BGP |
661 |
Default BGP Configuration |
663 |
Enabling BGP Routing |
665 |
Managing Routing Policy Changes |
668 |
Configuring BGP Decision Attributes |
669 |
Configuring BGP Filtering with Route Maps |
671 |
Configuring BGP Filtering by Neighbor |
672 |
Configuring Prefix Lists for BGP Filtering |
673 |
Configuring BGP Community Filtering |
674 |
Configuring BGP Neighbors and Peer Groups |
675 |
Configuring Aggregate Addresses |
677 |
Configuring Routing Domain Confederations |
678 |
Configuring BGP Route Reflectors |
679 |
Configuring Route Dampening |
680 |
Monitoring and Maintaining BGP |
681 |
Configuring Multi-VRF CE |
682 |
Understanding Multi-VRF CE |
682 |
Default Multi-VRF CE Configuration |
684 |
Multi-VRF CE Configuration Guidelines |
684 |
Configuring VRFs |
685 |
Configuring a VPN Routing Session |
686 |
Configuring BGP PE to CE Routing Sessions |
687 |
Multi-VRF CE Configuration Example |
687 |
Displaying Multi-VRF CE Status |
691 |
Configuring Protocol-Independent Features |
692 |
Configuring Cisco Express Forwarding |
692 |
Configuring the Number of Equal-Cost Routing Paths |
693 |
Configuring Static Unicast Routes |
694 |
Specifying Default Routes and Networks |
695 |
Using Route Maps to Redistribute Routing Information |
696 |
Configuring Policy-Based Routing |
699 |
PBR Configuration Guidelines |
700 |
Enabling PBR |
701 |
Filtering Routing Information |
702 |
Setting Passive Interfaces |
702 |
Controlling Advertising and Processing in Routing Updates |
703 |
Filtering Sources of Routing Information |
704 |
Managing Authentication Keys |
705 |
Monitoring and Maintaining the IP Network |
706 |
Configuring HSRP |
708 |
Understanding HSRP |
708 |
Multiple HSRP |
710 |
Configuring HSRP |
711 |
Default HSRP Configuration |
711 |
HSRP Configuration Guidelines |
712 |
Enabling HSRP |
712 |
Configuring HSRP Priority |
713 |
Configuring MHSRP |
716 |
Configuring HSRP Authentication and Timers |
716 |
Enabling HSRP Support for ICMP Redirect Messages |
718 |
Displaying HSRP Configurations |
718 |
Configuring IP Multicast Routing |
720 |
Understanding Cisco’s Implementation of IP Multicast Routing |
721 |
Understanding IGMP |
721 |
IGMP Version 1 |
722 |
IGMP Version 2 |
722 |
Understanding PIM |
722 |
PIM Versions |
722 |
PIM Modes |
723 |
Auto-RP |
723 |
Bootstrap Router |
724 |
Multicast Forwarding and Reverse Path Check |
724 |
Configuring IP Multicast Routing |
726 |
Default Multicast Routing Configuration |
726 |
Multicast Routing Configuration Guidelines |
726 |
PIMv1 and PIMv2 Interoperability |
727 |
Auto-RP and BSR Configuration Guidelines |
727 |
Configuring Basic Multicast Routing |
728 |
Configuring a Rendezvous Point |
729 |
Manually Assigning an RP to Multicast Groups |
730 |
Configuring Auto-RP |
731 |
Configuring PIMv2 BSR |
735 |
Using Auto-RP and a BSR |
739 |
Monitoring the RP Mapping Information |
740 |
Troubleshooting PIMv1 and PIMv2 Interoperability Problems |
740 |
Configuring Advanced PIM Features |
740 |
Understanding PIM Shared Tree and Source Tree |
740 |
Delaying the Use of PIM Shortest-Path Tree |
742 |
Modifying the PIM Router-Query Message Interval |
743 |
Configuring Optional IGMP Features |
744 |
Default IGMP Configuration |
744 |
Configuring the Switch as a Member of a Group |
744 |
Controlling Access to IP Multicast Groups |
745 |
Changing the IGMP Version |
746 |
Modifying the IGMP Host-Query Message Interval |
747 |
Changing the IGMP Query Timeout for IGMPv2 |
748 |
Changing the Maximum Query Response Time for IGMPv2 |
748 |
Configuring the Switch as a Statically Connected Member |
749 |
Configuring Optional Multicast Routing Features |
750 |
Configuring sdr Listener Support |
750 |
Enabling sdr Listener Support |
750 |
Limiting How Long an sdr Cache Entry Exists |
751 |
Configuring an IP Multicast Boundary |
751 |
Monitoring and Maintaining IP Multicast Routing |
753 |
Clearing Caches, Tables, and Databases |
753 |
Displaying System and Network Statistics |
753 |
Monitoring IP Multicast Routing |
754 |
Configuring MSDP |
756 |
Understanding MSDP |
756 |
MSDP Operation |
757 |
MSDP Benefits |
758 |
Configuring MSDP |
759 |
Default MSDP Configuration |
759 |
Configuring a Default MSDP Peer |
759 |
Caching Source-Active State |
761 |
Requesting Source Information from an MSDP Peer |
763 |
Controlling Source Information that Your Switch Originates |
763 |
Redistributing Sources |
764 |
Filtering Source-Active Request Messages |
766 |
Controlling Source Information that Your Switch Forwards |
767 |
Using a Filter |
767 |
Using TTL to Limit the Multicast Data Sent in SA Messages |
769 |
Controlling Source Information that Your Switch Receives |
769 |
Configuring an MSDP Mesh Group |
771 |
Shutting Down an MSDP Peer |
771 |
Including a Bordering PIM Dense-Mode Region in MSDP |
772 |
Configuring an Originating Address other than the RP Address |
773 |
Monitoring and Maintaining MSDP |
774 |
Troubleshooting |
776 |
Recovering from Corrupted Software By Using the XmodemProtocol |
777 |
Recovering from a Lost or Forgotten Password |
778 |
Procedure with Password Recovery Enabled |
780 |
Procedure with Password Recovery Disabled |
782 |
Preventing Autonegotiation Mismatches |
783 |
SFP Module Security and Identification |
784 |
Monitoring SFP Module Status |
784 |
Monitoring Temperature |
784 |
Using Ping |
785 |
Understanding Ping |
785 |
Using Ping |
785 |
All Software Versions |
786 |
Metro IP Access Image |
786 |
Ping Responses |
787 |
Summary |
788 |
Using Layer 2 Traceroute |
788 |
Understanding Layer 2 Traceroute |
788 |
Layer 2 Traceroute Usage Guidelines |
789 |
Displaying the Physical Path |
790 |
Using IP Traceroute |
790 |
Understanding IP Traceroute |
790 |
Executing IP Traceroute |
791 |
Using TDR |
792 |
Understanding TDR |
792 |
Running TDR and Displaying the Results |
792 |
Using Debug Commands |
793 |
Enabling Debugging on a Specific Feature |
793 |
Enabling All-System Diagnostics |
794 |
Redirecting Debug and Error Message Output |
794 |
Using the show platform forward Command |
794 |
Using the crashinfo File |
797 |
Supported MIBs |
798 |
MIB List |
798 |
Using FTP to Access the MIB Files |
800 |
Working with the Cisco IOS File System, Configuration Files, and Software Images |
802 |
Working with the Flash File System |
802 |
Displaying Available File Systems |
803 |
Setting the Default File System |
804 |
Displaying Information about Files on a File System |
804 |
Changing Directories and Displaying the Working Directory |
804 |
Creating and Removing Directories |
805 |
Copying Files |
805 |
Deleting Files |
806 |
Creating, Displaying, and Extracting tar Files |
806 |
Creating a tar File |
807 |
Displaying the Contents of a tar File |
807 |
Extracting a tar File |
808 |
Displaying the Contents of a File |
808 |
Working with Configuration Files |
809 |
Guidelines for Creating and Using Configuration Files |
809 |
Configuration File Types and Location |
810 |
Creating a Configuration File By Using a Text Editor |
810 |
Copying Configuration Files By Using TFTP |
811 |
Preparing to Download or Upload a Configuration File By Using TFTP |
811 |
Downloading the Configuration File By Using TFTP |
811 |
Uploading the Configuration File By Using TFTP |
812 |
Copying Configuration Files By Using FTP |
812 |
Preparing to Download or Upload a Configuration File By Using FTP |
813 |
Downloading a Configuration File By Using FTP |
814 |
Uploading a Configuration File By Using FTP |
815 |
Copying Configuration Files By Using RCP |
816 |
Preparing to Download or Upload a Configuration File By Using RCP |
816 |
Downloading a Configuration File By Using RCP |
817 |
Uploading a Configuration File By Using RCP |
818 |
Clearing Configuration Information |
819 |
Clearing the Startup Configuration File |
819 |
Deleting a Stored Configuration File |
819 |
Working with Software Images |
819 |
Image Location on the Switch |
820 |
tar File Format of Images on a Server or Cisco.com |
820 |
Copying Image Files By Using TFTP |
821 |
Preparing to Download or Upload an Image File By Using TFTP |
822 |
Downloading an Image File By Using TFTP |
822 |
Uploading an Image File By Using TFTP |
824 |
Copying Image Files By Using FTP |
824 |
Preparing to Download or Upload an Image File By Using FTP |
825 |
Downloading an Image File By Using FTP |
826 |
Uploading an Image File By Using FTP |
828 |
Copying Image Files By Using RCP |
829 |
Preparing to Download or Upload an Image File By Using RCP |
829 |
Downloading an Image File By Using RCP |
830 |
Uploading an Image File By Using RCP |
832 |
Unsupported Commands in CiscoIOSRelease12.2(25)EX |
834 |
Access Control Lists |
834 |
Unsupported Privileged EXEC Commands |
834 |
Unsupported Global Configuration Commands |
834 |
ARP Commands |
834 |
Unsupported Global Configuration Commands |
834 |
Unsupported Interface Configuration Commands |
835 |
Unsupported Debug Commands |
835 |
HSRP |
835 |
Unsupported Global Configuration Commands |
835 |
Unsupported Interface Configuration Commands |
835 |
IGMP Snooping Commands |
835 |
Unsupported Global Configuration Commands |
835 |
Interface Commands |
836 |
Unsupported Privileged EXEC Commands |
836 |
Unsupported Global Configuration Commands |
836 |
Unsupported Interface Configuration Commands |
836 |
IP Multicast Routing |
836 |
Unsupported Privileged EXEC Commands |
836 |
Unsupported Global Configuration Commands |
837 |
Unsupported Interface Configuration Commands |
837 |
IP Unicast Routing |
837 |
Unsupported Privileged EXEC or User EXEC Commands |
837 |
Unsupported Global Configuration Commands |
838 |
Unsupported Interface Configuration Commands |
838 |
Unsupported BGP Router Configuration Commands |
839 |
Unsupported VPN Configuration Commands |
839 |
Unsupported Route Map Commands |
839 |
MAC Address Commands |
840 |
Unsupported Privileged EXEC Commands |
840 |
Unsupported Global Configuration Commands |
840 |
Miscellaneous |
840 |
Unsupported Global Configuration Commands |
840 |
Unsupported Privileged EXEC Commands |
841 |
Unsupported show platform Commands |
841 |
MSDP |
841 |
Unsupported Privileged EXEC Commands |
841 |
Unsupported Global Configuration Commands |
841 |
NetFlow Commands |
841 |
Unsupported Global Configuration Commands |
841 |
QoS |
842 |
Unsupported Global Configuration Commands |
842 |
Unsupported Interface Configuration Commands |
842 |
RADIUS |
842 |
Unsupported Global Configuration Commands |
842 |
SNMP |
842 |
Unsupported Global Configuration Commands |
842 |
Spanning Tree |
842 |
Unsupported Global Configuration Command |
842 |
Unsupported Interface Configuration Command |
842 |
VLAN |
843 |
Unsupported Global Configuration Commands |
843 |
Unsupported User EXEC Commands |
843 |