Section |
Page |
Catalyst 3560 Switch SoftwareConfigurationGuide |
1 |
Contents |
3 |
Preface |
33 |
Audience |
33 |
Purpose |
33 |
Conventions |
34 |
Related Publications |
35 |
Obtaining Documentation |
35 |
Cisco.com |
35 |
Documentation CD-ROM |
36 |
Ordering Documentation |
36 |
Documentation Feedback |
36 |
Obtaining Technical Assistance |
36 |
Cisco TAC Website |
37 |
Opening a TAC Case |
37 |
TAC Case Priority Definitions |
37 |
Obtaining Additional Publications and Information |
38 |
Overview |
39 |
Features |
39 |
Default Settings After Initial Switch Configuration |
47 |
Network Configuration Examples |
49 |
Design Concepts for Using the Switch |
49 |
Small to Medium-Sized Network Using Catalyst 3560 Switches |
51 |
Large Network Using Catalyst 3560 Switches |
52 |
Long-Distance, High-Bandwidth Transport Configuration |
54 |
Where to Go Next |
54 |
Using the Command-Line Interface |
55 |
Understanding Command Modes |
55 |
Understanding the Help System |
57 |
Understanding Abbreviated Commands |
57 |
Understanding no and default Forms of Commands |
58 |
Understanding CLI Error Messages |
58 |
Using Command History |
58 |
Changing the Command History Buffer Size |
59 |
Recalling Commands |
59 |
Disabling the Command History Feature |
59 |
Using Editing Features |
60 |
Enabling and Disabling Editing Features |
60 |
Editing Commands through Keystrokes |
60 |
Editing Command Lines that Wrap |
62 |
Searching and Filtering Output of show and more Commands |
62 |
Accessing the CLI |
63 |
Accessing the CLI through a Console Connection or through Telnet |
63 |
Accessing the CLI from a Browser |
63 |
Getting Started with CMS |
65 |
Understanding CMS |
65 |
Front Panel View |
66 |
Topology View |
66 |
CMS Menu Bar, Toolbar, and Feature Bar |
66 |
Online Help |
69 |
Configuration Modes |
69 |
Guide Mode |
69 |
Expert Mode |
70 |
Wizards |
70 |
Privilege Levels |
71 |
Access to Older Switches In a Cluster |
71 |
Configuring CMS |
72 |
CMS Requirements |
72 |
Minimum Hardware Configuration |
72 |
Operating System and Browser Support |
73 |
CMS Plug-In Requirements |
73 |
Cross-Platform Considerations |
74 |
HTTP Access to CMS |
74 |
Specifying an HTTP Port (Nondefault Configuration Only) |
74 |
Configuring an Authentication Method (Nondefault Configuration Only) |
74 |
Displaying CMS |
75 |
Launching CMS |
75 |
Front Panel View |
78 |
Topology View |
79 |
CMS Icons |
80 |
Where to Go Next |
80 |
Assigning the Switch IP Address and Default Gateway |
81 |
Understanding the Boot Process |
81 |
Assigning Switch Information |
82 |
Default Switch Information |
83 |
Understanding DHCP-Based Autoconfiguration |
83 |
DHCP Client Request Process |
84 |
Configuring DHCP-Based Autoconfiguration |
84 |
Configuring the DHCP Server |
85 |
Configuring the TFTP Server |
85 |
Configuring the DNS |
86 |
Configuring the Relay Device |
86 |
Obtaining Configuration Files |
87 |
Example Configuration |
88 |
Manually Assigning IP Information |
89 |
Checking and Saving the Running Configuration |
90 |
Modifying the Startup Configuration |
91 |
Default Boot Configuration |
92 |
Automatically Downloading a Configuration File |
92 |
Specifying the Filename to Read and Write the System Configuration |
92 |
Booting Manually |
93 |
Booting a Specific Software Image |
93 |
Controlling Environment Variables |
94 |
Scheduling a Reload of the Software Image |
96 |
Configuring a Scheduled Reload |
96 |
Displaying Scheduled Reload Information |
97 |
Clustering Switches |
99 |
Understanding Switch Clusters |
100 |
Cluster Command Switch Characteristics |
101 |
Standby Cluster Command Switch Characteristics |
101 |
Candidate Switch and Cluster Member Switch Characteristics |
102 |
Planning a Switch Cluster |
102 |
Automatic Discovery of Cluster Candidates and Members |
103 |
Discovery Through CDP Hops |
103 |
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices |
104 |
Discovery Through Different VLANs |
105 |
Discovery Through Different Management VLANs |
105 |
Discovery Through Routed Ports |
106 |
Discovery of Newly Installed Switches |
107 |
HSRP and Standby Cluster Command Switches |
108 |
Virtual IP Addresses |
109 |
Other Considerations for Cluster Standby Groups |
109 |
Automatic Recovery of Cluster Configuration |
110 |
IP Addresses |
111 |
Host Names |
111 |
Passwords |
112 |
SNMP Community Strings |
112 |
TACACS+ and RADIUS |
112 |
Access Modes in CMS |
113 |
LRE Profiles |
113 |
Availability of Switch-Specific Features in Switch Clusters |
113 |
Creating a Switch Cluster |
114 |
Enabling a Cluster Command Switch |
114 |
Adding Cluster Member Switches |
115 |
Creating a Cluster Standby Group |
117 |
Verifying a Switch Cluster |
118 |
Using the CLI to Manage Switch Clusters |
119 |
Catalyst1900 and Catalyst2820 CLI Considerations |
120 |
Using SNMP to Manage Switch Clusters |
120 |
Administering the Switch |
123 |
Managing the System Time and Date |
123 |
Understanding the System Clock |
124 |
Understanding Network Time Protocol |
124 |
Configuring NTP |
126 |
Default NTP Configuration |
126 |
Configuring NTP Authentication |
127 |
Configuring NTP Associations |
128 |
Configuring NTP Broadcast Service |
129 |
Configuring NTP Access Restrictions |
130 |
Configuring the Source IP Address for NTP Packets |
132 |
Displaying the NTP Configuration |
133 |
Configuring Time and Date Manually |
133 |
Setting the System Clock |
133 |
Displaying the Time and Date Configuration |
134 |
Configuring the Time Zone |
134 |
Configuring Summer Time (Daylight Saving Time) |
135 |
Configuring a System Name and Prompt |
137 |
Default System Name and Prompt Configuration |
137 |
Configuring a System Name |
137 |
Configuring a System Prompt |
138 |
Understanding DNS |
138 |
Default DNS Configuration |
139 |
Setting Up DNS |
139 |
Displaying the DNS Configuration |
140 |
Creating a Banner |
140 |
Default Banner Configuration |
140 |
Configuring a Message-of-the-Day Login Banner |
141 |
Configuring a Login Banner |
142 |
Managing the MAC Address Table |
143 |
Building the Address Table |
143 |
MAC Addresses and VLANs |
144 |
Default MAC Address Table Configuration |
144 |
Changing the Address Aging Time |
144 |
Removing Dynamic Address Entries |
145 |
Configuring MAC Address Notification Traps |
145 |
Adding and Removing Static Address Entries |
147 |
Configuring Unicast MAC Address Filtering |
148 |
Displaying Address Table Entries |
150 |
Managing the ARP Table |
150 |
Configuring SDM Templates |
151 |
Understanding the SDM Templates |
151 |
Configuring the Switch SDM Template |
152 |
Default SDM Template |
152 |
SDM Template Configuration Guidelines |
152 |
Setting the SDM Template |
153 |
Displaying the SDM Templates |
154 |
Configuring Switch-Based Authentication |
155 |
Preventing Unauthorized Access to Your Switch |
155 |
Protecting Access to Privileged EXEC Commands |
156 |
Default Password and Privilege Level Configuration |
156 |
Setting or Changing a Static Enable Password |
157 |
Protecting Enable and Enable Secret Passwords with Encryption |
158 |
Disabling Password Recovery |
159 |
Setting a Telnet Password for a Terminal Line |
160 |
Configuring Username and Password Pairs |
161 |
Configuring Multiple Privilege Levels |
162 |
Setting the Privilege Level for a Command |
162 |
Changing the Default Privilege Level for Lines |
163 |
Logging into and Exiting a Privilege Level |
164 |
Controlling Switch Access with TACACS+ |
164 |
Understanding TACACS+ |
164 |
TACACS+ Operation |
166 |
Configuring TACACS+ |
167 |
Default TACACS+ Configuration |
167 |
Identifying the TACACS+ Server Host and Setting the Authentication Key |
167 |
Configuring TACACS+ Login Authentication |
168 |
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services |
170 |
Starting TACACS+ Accounting |
171 |
Displaying the TACACS+ Configuration |
171 |
Controlling Switch Access with RADIUS |
172 |
Understanding RADIUS |
172 |
RADIUS Operation |
173 |
Configuring RADIUS |
174 |
Default RADIUS Configuration |
174 |
Identifying the RADIUS Server Host |
175 |
Configuring RADIUS Login Authentication |
177 |
Defining AAA Server Groups |
179 |
Configuring RADIUS Authorization for User Privileged Access and Network Services |
181 |
Starting RADIUS Accounting |
182 |
Configuring Settings for All RADIUS Servers |
183 |
Configuring the Switch to Use Vendor-Specific RADIUS Attributes |
183 |
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication |
185 |
Displaying the RADIUS Configuration |
185 |
Controlling Switch Access with Kerberos |
186 |
Understanding Kerberos |
186 |
Kerberos Operation |
188 |
Authenticating to a Boundary Switch |
189 |
Obtaining a TGT from a KDC |
189 |
Authenticating to Network Services |
189 |
Configuring Kerberos |
190 |
Configuring the Switch for Local Authentication and Authorization |
190 |
Configuring the Switch for Secure Shell |
191 |
Understanding SSH |
192 |
SSH Servers, Integrated Clients, and Supported Versions |
192 |
Limitations |
192 |
Configuring SSH |
193 |
Configuration Guidelines |
193 |
Setting Up the Switch to Run SSH |
193 |
Configuring the SSH Server |
194 |
Displaying the SSH Configuration and Status |
195 |
Configuring 802.1X Port-Based Authentication |
197 |
Understanding 802.1X Port-Based Authentication |
197 |
Device Roles |
198 |
Authentication Initiation and Message Exchange |
199 |
Ports in Authorized and Unauthorized States |
200 |
Supported Topologies |
200 |
Using 802.1X with Port Security |
201 |
Using 802.1X with Voice VLAN Ports |
202 |
Using 802.1X with VLAN Assignment |
202 |
Using 802.1X with Guest VLAN |
204 |
Using 802.1X with Per-User ACLs |
204 |
Configuring 802.1X Authentication |
205 |
Default 802.1X Configuration |
206 |
802.1X Configuration Guidelines |
207 |
Configuring 802.1X Authentication |
207 |
Configuring the Switch-to-RADIUS-Server Communication |
209 |
Configuring Periodic Re-Authentication |
210 |
Manually Re-Authenticating a Client Connected to a Port |
210 |
Changing the Quiet Period |
211 |
Changing the Switch-to-Client Retransmission Time |
211 |
Setting the Switch-to-Client Frame-Retransmission Number |
212 |
Configuring the Host Mode |
213 |
Configuring a Guest VLAN |
214 |
Resetting the 802.1X Configuration to the Default Values |
214 |
Displaying 802.1X Statistics and Status |
215 |
Configuring Interface Characteristics |
217 |
Understanding Interface Types |
217 |
Port-Based VLANs |
218 |
Switch Ports |
218 |
Access Ports |
218 |
Trunk Ports |
219 |
Routed Ports |
219 |
Switch Virtual Interfaces |
220 |
EtherChannel Port Groups |
221 |
Connecting Interfaces |
221 |
Using Interface Configuration Mode |
222 |
Procedures for Configuring Interfaces |
223 |
Configuring a Range of Interfaces |
224 |
Configuring and Using Interface Range Macros |
225 |
Configuring Ethernet Interfaces |
227 |
Default Ethernet Interface Configuration |
227 |
Configuring Interface Speed and Duplex Mode |
228 |
Configuration Guidelines |
229 |
Setting the Interface Speed and Duplex Parameters |
229 |
Configuring IEEE 802.3X Flow Control |
230 |
Configuring Auto-MDIX on an Interface |
231 |
Configuring Power over Ethernet on an Interface |
232 |
Adding a Description for an Interface |
234 |
Configuring Layer 3 Interfaces |
235 |
Configuring the System MTU |
236 |
Monitoring and Maintaining the Interfaces |
238 |
Monitoring Interface Status |
238 |
Clearing and Resetting Interfaces and Counters |
239 |
Shutting Down and Restarting the Interface |
239 |
Configuring SmartPort Macros |
241 |
Understanding SmartPort Macros |
241 |
Configuring Smart-Port Macros |
242 |
Default SmartPort Macro Configuration |
242 |
SmartPort Macro Configuration Guidelines |
242 |
Creating and Applying SmartPort Macros |
243 |
Displaying SmartPort Macros |
244 |
Configuring VLANs |
245 |
Understanding VLANs |
245 |
Supported VLANs |
247 |
VLAN Port Membership Modes |
247 |
Configuring Normal-Range VLANs |
248 |
Token Ring VLANs |
249 |
Normal-Range VLAN Configuration Guidelines |
250 |
VLAN Configuration Mode Options |
250 |
VLAN Configuration in config-vlan Mode |
251 |
VLAN Configuration in VLAN Database Configuration Mode |
251 |
Saving VLAN Configuration |
251 |
Default Ethernet VLAN Configuration |
252 |
Creating or Modifying an Ethernet VLAN |
252 |
Deleting a VLAN |
254 |
Assigning Static-Access Ports to a VLAN |
255 |
Configuring Extended-Range VLANs |
256 |
Default VLAN Configuration |
256 |
Extended-Range VLAN Configuration Guidelines |
257 |
Creating an Extended-Range VLAN |
258 |
Creating an Extended-Range VLAN with an Internal VLAN ID |
259 |
Displaying VLANs |
260 |
Configuring VLAN Trunks |
260 |
Trunking Overview |
260 |
Encapsulation Types |
262 |
802.1Q Configuration Considerations |
262 |
Default Layer 2 Ethernet Interface VLAN Configuration |
263 |
Configuring an Ethernet Interface as a Trunk Port |
263 |
Interaction with Other Features |
264 |
Configuring a Trunk Port |
264 |
Defining the Allowed VLANs on a Trunk |
265 |
Changing the Pruning-Eligible List |
266 |
Configuring the Native VLAN for Untagged Traffic |
267 |
Configuring Trunk Ports for Load Sharing |
268 |
Load Sharing Using STP Port Priorities |
268 |
Load Sharing Using STP Path Cost |
270 |
Configuring VMPS |
271 |
Understanding VMPS |
271 |
Dynamic-Access Port VLAN Membership |
272 |
Default VMPS Client Configuration |
273 |
VMPS Configuration Guidelines |
273 |
Configuring the VMPS Client |
273 |
Entering the IP Address of the VMPS |
274 |
Configuring Dynamic-Access Ports on VMPS Clients |
274 |
Reconfirming VLAN Memberships |
275 |
Changing the Reconfirmation Interval |
275 |
Changing the Retry Count |
276 |
Monitoring the VMPS |
276 |
Troubleshooting Dynamic-Access Port VLAN Membership |
277 |
VMPS Configuration Example |
277 |
Configuring VTP |
279 |
Understanding VTP |
279 |
The VTP Domain |
280 |
VTP Modes |
281 |
VTP Advertisements |
281 |
VTP Version 2 |
282 |
VTP Pruning |
282 |
Configuring VTP |
284 |
Default VTP Configuration |
284 |
VTP Configuration Options |
285 |
VTP Configuration in Global Configuration Mode |
285 |
VTP Configuration in VLAN Database Configuration Mode |
285 |
VTP Configuration Guidelines |
286 |
Domain Names |
286 |
Passwords |
286 |
VTP Version |
287 |
Configuration Requirements |
287 |
Configuring a VTP Server |
287 |
Configuring a VTP Client |
289 |
Disabling VTP (VTP Transparent Mode) |
290 |
Enabling VTP Version 2 |
291 |
Enabling VTP Pruning |
291 |
Adding a VTP Client Switch to a VTP Domain |
292 |
Monitoring VTP |
293 |
Configuring Voice VLAN |
295 |
Understanding Voice VLAN |
295 |
Cisco IP Phone Voice Traffic |
296 |
Cisco IP Phone Data Traffic |
296 |
Configuring Voice VLAN |
297 |
Default Voice VLAN Configuration |
297 |
Voice VLAN Configuration Guidelines |
297 |
Configuring a Port Connected to a Cisco7960 IP Phone |
298 |
Configuring IP Phone Voice Traffic |
298 |
Configuring the Priority of Incoming Data Frames |
299 |
Displaying Voice VLAN |
300 |
Configuring STP |
301 |
Understanding Spanning-Tree Features |
301 |
STP Overview |
302 |
Spanning-Tree Topology and BPDUs |
303 |
Bridge ID, Switch Priority, and Extended System ID |
304 |
Spanning-Tree Interface States |
304 |
Blocking State |
306 |
Listening State |
306 |
Learning State |
306 |
Forwarding State |
306 |
Disabled State |
307 |
How a Switch or Port Becomes the Root Switch or Root Port |
307 |
Spanning Tree and Redundant Connectivity |
308 |
Spanning-Tree Address Management |
308 |
Accelerated Aging to Retain Connectivity |
308 |
Spanning-Tree Modes and Protocols |
309 |
Supported Spanning-Tree Instances |
309 |
Spanning-Tree Interoperability and Backward Compatibility |
310 |
STP and IEEE 802.1Q Trunks |
310 |
VLAN-Bridge Spanning Tree |
311 |
Configuring Spanning-Tree Features |
311 |
Default Spanning-Tree Configuration |
311 |
Spanning-Tree Configuration Guidelines |
312 |
Changing the Spanning-Tree Mode |
313 |
Disabling Spanning Tree |
314 |
Configuring the Root Switch |
314 |
Configuring a Secondary Root Switch |
316 |
Configuring Port Priority |
317 |
Configuring Path Cost |
318 |
Configuring the Switch Priority of a VLAN |
319 |
Configuring Spanning-Tree Timers |
320 |
Configuring the Hello Time |
320 |
Configuring the Forwarding-Delay Time for a VLAN |
321 |
Configuring the Maximum-Aging Time for a VLAN |
321 |
Displaying the Spanning-Tree Status |
322 |
Configuring MSTP |
323 |
Understanding MSTP |
324 |
Multiple Spanning-Tree Regions |
324 |
IST, CIST, and CST |
325 |
Operations Within an MST Region |
325 |
Operations Between MST Regions |
326 |
Hop Count |
327 |
Boundary Ports |
327 |
Interoperability with 802.1D STP |
327 |
Understanding RSTP |
328 |
Port Roles and the Active Topology |
328 |
Rapid Convergence |
329 |
Synchronization of Port Roles |
330 |
Bridge Protocol Data Unit Format and Processing |
331 |
Processing Superior BPDU Information |
332 |
Processing Inferior BPDU Information |
332 |
Topology Changes |
332 |
Configuring MSTP Features |
333 |
Default MSTP Configuration |
334 |
MSTP Configuration Guidelines |
334 |
Specifying the MST Region Configuration and Enabling MSTP |
335 |
Configuring the Root Switch |
336 |
Configuring a Secondary Root Switch |
338 |
Configuring Port Priority |
339 |
Configuring Path Cost |
340 |
Configuring the Switch Priority |
341 |
Configuring the Hello Time |
341 |
Configuring the Forwarding-Delay Time |
342 |
Configuring the Maximum-Aging Time |
343 |
Configuring the Maximum-Hop Count |
343 |
Specifying the Link Type to Ensure Rapid Transitions |
344 |
Restarting the Protocol Migration Process |
344 |
Displaying the MST Configuration and Status |
345 |
Configuring Optional Spanning-Tree Features |
347 |
Understanding Optional Spanning-Tree Features |
347 |
Understanding Port Fast |
348 |
Understanding BPDU Guard |
349 |
Understanding BPDU Filtering |
349 |
Understanding UplinkFast |
350 |
Understanding BackboneFast |
351 |
Understanding Root Guard |
353 |
Understanding Loop Guard |
354 |
Configuring Optional Spanning-Tree Features |
355 |
Default Optional Spanning-Tree Configuration |
355 |
Optional Spanning-Tree Configuration Guidelines |
355 |
Enabling Port Fast |
356 |
Enabling BPDU Guard |
357 |
Enabling BPDU Filtering |
358 |
Enabling UplinkFast for Use with Redundant Links |
359 |
Enabling BackboneFast |
359 |
Enabling Root Guard |
360 |
Enabling Loop Guard |
361 |
Displaying the Spanning-Tree Status |
361 |
Configuring DHCP Features |
363 |
Understanding DHCP Features |
363 |
DHCP Snooping |
363 |
Option-82 Data Insertion |
364 |
Configuring DHCP Features |
365 |
Default DHCP Configuration |
365 |
DHCP Snooping Configuration Guidelines |
365 |
Enabling DHCP Snooping and Option 82 |
366 |
Displaying DHCP Information |
367 |
Displaying a Binding Table |
367 |
Displaying the DHCP Snooping Configuration |
368 |
Configuring IGMP Snooping and MVR |
369 |
Understanding IGMP Snooping |
370 |
IGMP Versions |
371 |
Joining a Multicast Group |
371 |
Leaving a Multicast Group |
373 |
Immediate-Leave Processing |
374 |
IGMP Report Suppression |
374 |
Configuring IGMP Snooping |
374 |
Default IGMP Snooping Configuration |
375 |
Enabling or Disabling IGMP Snooping |
375 |
Setting the Snooping Method |
376 |
Configuring a Multicast Router Port |
377 |
Configuring a Host Statically to Join a Group |
378 |
Enabling IGMP Immediate-Leave Processing |
378 |
Disabling IGMP Report Suppression |
379 |
Displaying IGMP Snooping Information |
380 |
Understanding Multicast VLAN Registration |
381 |
Using MVR in a Multicast Television Application |
382 |
Configuring MVR |
383 |
Default MVR Configuration |
384 |
MVR Configuration Guidelines and Limitations |
384 |
Configuring MVR Global Parameters |
385 |
Configuring MVR Interfaces |
386 |
Displaying MVR Information |
388 |
Configuring IGMP Filtering and Throttling |
388 |
Default IGMP Filtering and Throttling Configuration |
389 |
Configuring IGMP Profiles |
390 |
Applying IGMP Profiles |
391 |
Setting the Maximum Number of IGMP Groups |
392 |
Configuring the IGMP Throttling Action |
392 |
Displaying IGMP Filtering and Throttling Configuration |
394 |
Configuring Port-Based Traffic Control |
395 |
Configuring Storm Control |
395 |
Understanding Storm Control |
396 |
Default Storm Control Configuration |
397 |
Enabling Storm Control |
397 |
Configuring Protected Ports |
399 |
Default Protected Port Configuration |
399 |
Protected Port Configuration Guidelines |
399 |
Configuring a Protected Port |
399 |
Configuring Port Blocking |
400 |
Default Port Blocking Configuration |
400 |
Blocking Flooded Traffic on an Interface |
400 |
Configuring Port Security |
401 |
Understanding Port Security |
401 |
Secure MAC Addresses |
402 |
Security Violations |
403 |
Default Port Security Configuration |
404 |
Configuration Guidelines |
404 |
Enabling and Configuring Port Security |
405 |
Enabling and Configuring Port Security Aging |
408 |
Displaying Port-Based Traffic Control Settings |
409 |
Configuring CDP |
411 |
Understanding CDP |
411 |
Configuring CDP |
412 |
Default CDP Configuration |
412 |
Configuring the CDP Characteristics |
412 |
Disabling and Enabling CDP |
413 |
Disabling and Enabling CDP on an Interface |
414 |
Monitoring and Maintaining CDP |
415 |
Configuring UDLD |
417 |
Understanding UDLD |
417 |
Modes of Operation |
417 |
Methods to Detect Unidirectional Links |
418 |
Configuring UDLD |
420 |
Default UDLD Configuration |
420 |
Configuration Guidelines |
420 |
Enabling UDLD Globally |
421 |
Enabling UDLD on an Interface |
422 |
Resetting an Interface Disabled by UDLD |
422 |
Displaying UDLD Status |
423 |
Configuring SPAN and RSPAN |
425 |
Understanding SPAN and RSPAN |
425 |
Local SPAN |
426 |
Remote SPAN |
426 |
SPAN and RSPAN Concepts and Terminology |
427 |
SPAN Sessions |
427 |
Monitored Traffic |
428 |
Source Ports |
429 |
Source VLANs |
430 |
VLAN Filtering |
430 |
Destination Port |
431 |
RSPAN VLAN |
432 |
SPAN and RSPAN Interaction with Other Features |
432 |
Configuring SPAN and RSPAN |
433 |
Default SPAN and RSPAN Configuration |
433 |
Configuring Local SPAN |
434 |
SPAN Configuration Guidelines |
434 |
Creating a Local SPAN Session |
435 |
Creating a Local SPAN Session and Configuring Ingress Traffic |
437 |
Specifying VLANs to Filter |
439 |
Configuring RSPAN |
440 |
RSPAN Configuration Guidelines |
440 |
Configuring a VLAN as an RSPAN VLAN |
441 |
Creating an RSPAN Source Session |
442 |
Creating an RSPAN Destination Session |
443 |
Creating an RSPAN Destination Session and Configuring Ingress Traffic |
444 |
Specifying VLANs to Filter |
446 |
Displaying SPAN and RSPAN Status |
447 |
Configuring RMON |
449 |
Understanding RMON |
449 |
Configuring RMON |
450 |
Default RMON Configuration |
451 |
Configuring RMON Alarms and Events |
451 |
Collecting Group History Statistics on an Interface |
453 |
Collecting Group Ethernet Statistics on an Interface |
454 |
Displaying RMON Status |
454 |
Configuring System Message Logging |
455 |
Understanding System Message Logging |
455 |
Configuring System Message Logging |
456 |
System Log Message Format |
456 |
Default System Message Logging Configuration |
457 |
Disabling Message Logging |
458 |
Setting the Message Display Destination Device |
458 |
Synchronizing Log Messages |
459 |
Enabling and Disabling Time Stamps on Log Messages |
461 |
Enabling and Disabling Sequence Numbers in Log Messages |
461 |
Defining the Message Severity Level |
462 |
Limiting Syslog Messages Sent to the History Table and to SNMP |
463 |
Configuring UNIX Syslog Servers |
464 |
Logging Messages to a UNIX Syslog Daemon |
464 |
Configuring the UNIX System Logging Facility |
465 |
Displaying the Logging Configuration |
466 |
Configuring SNMP |
467 |
Understanding SNMP |
467 |
SNMP Versions |
468 |
SNMP Manager Functions |
469 |
SNMP Agent Functions |
470 |
SNMP Community Strings |
470 |
Using SNMP to Access MIB Variables |
471 |
SNMP Notifications |
471 |
SNMP ifIndex MIB Object Values |
472 |
Configuring SNMP |
472 |
Default SNMP Configuration |
473 |
SNMP Configuration Guidelines |
473 |
Disabling the SNMP Agent |
474 |
Configuring Community Strings |
474 |
Configuring SNMP Groups and Users |
475 |
Configuring SNMP Notifications |
477 |
Setting the Agent Contact and Location Information |
480 |
Limiting TFTP Servers Used Through SNMP |
481 |
SNMP Examples |
481 |
Displaying SNMP Status |
482 |
Configuring Network Security with ACLs |
483 |
Understanding ACLs |
483 |
Supported ACLs |
484 |
Port ACLs |
485 |
Router ACLs |
486 |
VLAN Maps |
486 |
Handling Fragmented and Unfragmented Traffic |
487 |
Configuring IP ACLs |
488 |
Creating Standard and Extended IP ACLs |
489 |
Access List Numbers |
489 |
Creating a Numbered Standard ACL |
490 |
Creating a Numbered Extended ACL |
492 |
Creating Named Standard and Extended ACLs |
496 |
Using Time Ranges with ACLs |
498 |
Including Comments in ACLs |
500 |
Applying an IP ACL to a Terminal Line |
500 |
Applying an IP ACL to an Interface |
501 |
Hardware and Software Treatment of IP ACLs |
503 |
IP ACL Configuration Examples |
503 |
Numbered ACLs |
505 |
Extended ACLs |
505 |
Named ACLs |
506 |
Time Range Applied to an IP ACL |
506 |
Commented IP ACL Entries |
507 |
ACL Logging |
507 |
Creating Named MAC Extended ACLs |
508 |
Applying a MAC ACL to a Layer 2 Interface |
510 |
Configuring VLAN Maps |
511 |
VLAN Map Configuration Guidelines |
511 |
Creating a VLAN Map |
512 |
Examples of ACLs and VLAN Maps |
513 |
Applying a VLAN Map to a VLAN |
515 |
Using VLAN Maps in Your Network |
515 |
Wiring Closet Configuration |
515 |
Denying Access to a Server on Another VLAN |
517 |
Using VLAN Maps with Router ACLs |
518 |
Guidelines |
518 |
Examples of Router ACLs and VLAN Maps Applied to VLANs |
519 |
ACLs and Switched Packets |
519 |
ACLs and Bridged Packets |
520 |
ACLs and Routed Packets |
520 |
ACLs and Multicast Packets |
521 |
Displaying ACL Configuration |
522 |
Configuring QoS |
523 |
Understanding QoS |
523 |
Basic QoS Model |
525 |
Classification |
526 |
Classification Based on QoS ACLs |
529 |
Classification Based on Class Maps and Policy Maps |
529 |
Policing and Marking |
530 |
Mapping Tables |
532 |
Queueing and Scheduling Overview |
533 |
Weighted Tail Drop |
533 |
SRR Shaping and Sharing |
534 |
Queueing and Scheduling on Ingress Queues |
535 |
Queueing and Scheduling on Egress Queues |
537 |
Packet Modification |
539 |
Configuring Auto-QoS |
540 |
Generated Auto-QoS Configuration |
540 |
Effects of Auto-QoS on the Configuration |
544 |
Auto-QoS Configuration Guidelines |
544 |
Enabling Auto-QoS for VoIP |
545 |
Auto-QoS Configuration Example |
546 |
Displaying Auto-QoS Information |
548 |
Configuring Standard QoS |
548 |
Default Standard QoS Configuration |
549 |
Default Ingress Queue Configuration |
549 |
Default Egress Queue Configuration |
550 |
Default Mapping Table Configuration |
550 |
Standard QoS Configuration Guidelines |
551 |
Enabling QoS Globally |
552 |
Configuring Classification Using Port Trust States |
552 |
Configuring the Trust State on Ports within the QoS Domain |
553 |
Configuring the CoS Value for an Interface |
555 |
Configuring a Trusted Boundary to Ensure Port Security |
556 |
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain |
557 |
Configuring a QoS Policy |
558 |
Classifying Traffic by Using ACLs |
559 |
Classifying Traffic by Using Class Maps |
562 |
Classifying, Policing, and Marking Traffic by Using Policy Maps |
564 |
Classifying, Policing, and Marking Traffic by Using Aggregate Policers |
567 |
Configuring DSCP Maps |
569 |
Configuring the CoS-to-DSCP Map |
569 |
Configuring the IP-Precedence-to-DSCP Map |
570 |
Configuring the Policed-DSCP Map |
571 |
Configuring the DSCP-to-CoS Map |
572 |
Configuring the DSCP-to-DSCP-Mutation Map |
573 |
Configuring Ingress Queue Characteristics |
574 |
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds |
575 |
Allocating Buffer Space Between the Ingress Queues |
576 |
Allocating Bandwidth Between the Ingress Queues |
577 |
Configuring the Ingress Priority Queue |
578 |
Configuring Egress Queue Characteristics |
579 |
Configuration Guidelines |
579 |
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set |
579 |
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID |
581 |
Configuring SRR Shaped Weights on Egress Queues |
582 |
Configuring SRR Shared Weights on Egress Queues |
584 |
Configuring the Egress Expedite Queue |
585 |
Limiting the Bandwidth on an Egress Interface |
585 |
Displaying Standard QoS Information |
586 |
Configuring EtherChannels |
589 |
Understanding EtherChannels |
589 |
EtherChannel Overview |
590 |
Port-Channel Interfaces |
591 |
Port Aggregation Protocol |
592 |
PAgP Modes |
592 |
PAgP Interaction with Other Features |
593 |
Link Aggregation Control Protocol |
593 |
LACP Modes |
594 |
LACP Interaction with Other Features |
594 |
Load Balancing and Forwarding Methods |
594 |
Configuring EtherChannels |
596 |
Default EtherChannel Configuration |
597 |
EtherChannel Configuration Guidelines |
597 |
Configuring Layer2 EtherChannels |
598 |
Configuring Layer3 EtherChannels |
600 |
Creating Port-Channel Logical Interfaces |
600 |
Configuring the Physical Interfaces |
601 |
Configuring EtherChannel Load Balancing |
603 |
Configuring the PAgP Learn Method and Priority |
604 |
Configuring LACP Hot-Standby Ports |
605 |
Configuring the LACP System Priority |
606 |
Configuring the LACP Port Priority |
607 |
Displaying EtherChannel, PAgP, and LACP Status |
608 |
Configuring IP Unicast Routing |
609 |
Understanding IP Routing |
610 |
Types of Routing |
610 |
Steps for Configuring Routing |
611 |
Configuring IP Addressing |
612 |
Default Addressing Configuration |
612 |
Assigning IP Addresses to Network Interfaces |
613 |
Use of Subnet Zero |
614 |
Classless Routing |
614 |
Configuring Address Resolution Methods |
616 |
Define a Static ARP Cache |
617 |
Set ARP Encapsulation |
618 |
Enable Proxy ARP |
618 |
Routing Assistance When IP Routing is Disabled |
619 |
Proxy ARP |
619 |
Default Gateway |
619 |
ICMP Router Discovery Protocol (IRDP) |
620 |
Configuring Broadcast Packet Handling |
621 |
Enabling Directed Broadcast-to-Physical Broadcast Translation |
621 |
Forwarding UDP Broadcast Packets and Protocols |
622 |
Establishing an IP Broadcast Address |
623 |
Flooding IP Broadcasts |
624 |
Monitoring and Maintaining IP Addressing |
625 |
Enabling IP Unicast Routing |
626 |
Configuring RIP |
627 |
Default RIP Configuration |
627 |
Configuring Basic RIP Parameters |
628 |
Configuring RIP Authentication |
629 |
Configuring Summary Addresses and Split Horizon |
630 |
Configuring IGRP |
631 |
Default IGRP Configuration |
632 |
Understanding Load Balancing and Traffic Distribution Control |
633 |
Configuring Basic IGRP Parameters |
634 |
Configuring Split Horizon |
635 |
Configuring OSPF |
636 |
Default OSPF Configuration |
637 |
Configuring Basic OSPF Parameters |
638 |
Configuring OSPF Interfaces |
639 |
Configuring OSPF Area Parameters |
640 |
Configuring Other OSPF Parameters |
641 |
Changing LSA Group Pacing |
643 |
Configuring a Loopback Interface |
643 |
Monitoring OSPF |
644 |
Configuring EIGRP |
645 |
Default EIGRP Configuration |
646 |
Configuring Basic EIGRP Parameters |
647 |
Configuring EIGRP Interfaces |
648 |
Configuring EIGRP Route Authentication |
649 |
Monitoring and Maintaining EIGRP |
650 |
Configuring BGP |
651 |
Default BGP Configuration |
653 |
Enabling BGP Routing |
655 |
Managing Routing Policy Changes |
657 |
Configuring BGP Decision Attributes |
658 |
Configuring BGP Filtering with Route Maps |
660 |
Configuring BGP Filtering by Neighbor |
661 |
Configuring Prefix Lists for BGP Filtering |
662 |
Configuring BGP Community Filtering |
663 |
Configuring BGP Neighbors and Peer Groups |
665 |
Configuring Aggregate Addresses |
667 |
Configuring Routing Domain Confederations |
667 |
Configuring BGP Route Reflectors |
668 |
Configuring Route Dampening |
669 |
Monitoring and Maintaining BGP |
670 |
Configuring Protocol-Independent Features |
671 |
Configuring Cisco Express Forwarding |
671 |
Configuring the Number of Equal-Cost Routing Paths |
672 |
Configuring Static Unicast Routes |
673 |
Specifying Default Routes and Networks |
674 |
Using Route Maps to Redistribute Routing Information |
675 |
Configuring Policy-Based Routing |
679 |
PBR Configuration Guidelines |
680 |
Enabling PBR |
680 |
Filtering Routing Information |
682 |
Setting Passive Interfaces |
682 |
Controlling Advertising and Processing in Routing Updates |
683 |
Filtering Sources of Routing Information |
683 |
Managing Authentication Keys |
684 |
Monitoring and Maintaining the IP Network |
685 |
Configuring HSRP |
687 |
Understanding HSRP |
687 |
Configuring HSRP |
689 |
Default HSRP Configuration |
690 |
HSRP Configuration Guidelines |
690 |
Enabling HSRP |
691 |
Configuring HSRP Group Attributes |
692 |
Configuring HSRP Priority |
692 |
Configuring HSRP Authentication and Timers |
694 |
Configuring HSRP Groups and Clustering |
695 |
Displaying HSRP Configurations |
696 |
Configuring IP Multicast Routing |
697 |
Understanding Cisco’s Implementation of IP Multicast Routing |
698 |
Understanding IGMP |
698 |
IGMP Version 1 |
699 |
IGMP Version 2 |
699 |
Understanding PIM |
699 |
PIM Versions |
700 |
PIM Modes |
700 |
Auto-RP |
701 |
Bootstrap Router |
701 |
Multicast Forwarding and Reverse Path Check |
702 |
Understanding DVMRP |
703 |
Understanding CGMP |
703 |
Configuring IP Multicast Routing |
704 |
Default Multicast Routing Configuration |
704 |
Multicast Routing Configuration Guidelines |
704 |
PIMv1 and PIMv2 Interoperability |
704 |
Auto-RP and BSR Configuration Guidelines |
705 |
Configuring Basic Multicast Routing |
706 |
Configuring a Rendezvous Point |
707 |
Manually Assigning an RP to Multicast Groups |
707 |
Configuring Auto-RP |
709 |
Configuring PIMv2 BSR |
713 |
Using Auto-RP and a BSR |
717 |
Monitoring the RP Mapping Information |
718 |
Troubleshooting PIMv1 and PIMv2 Interoperability Problems |
718 |
Configuring Advanced PIM Features |
718 |
Understanding PIM Shared Tree and Source Tree |
718 |
Delaying the Use of PIM Shortest-Path Tree |
720 |
Modifying the PIM Router-Query Message Interval |
721 |
Configuring Optional IGMP Features |
722 |
Default IGMP Configuration |
722 |
Configuring the Switch as a Member of a Group |
722 |
Controlling Access to IP Multicast Groups |
723 |
Changing the IGMP Version |
724 |
Modifying the IGMP Host-Query Message Interval |
725 |
Changing the IGMP Query Timeout for IGMPv2 |
726 |
Changing the Maximum Query Response Time for IGMPv2 |
726 |
Configuring the Switch as a Statically Connected Member |
727 |
Configuring Optional Multicast Routing Features |
727 |
Enabling CGMP Server Support |
728 |
Configuring sdr Listener Support |
729 |
Enabling sdr Listener Support |
729 |
Limiting How Long an sdr Cache Entry Exists |
730 |
Configuring an IP Multicast Boundary |
730 |
Configuring Basic DVMRP Interoperability Features |
732 |
Configuring DVMRP Interoperability |
732 |
Configuring a DVMRP Tunnel |
734 |
Advertising Network 0.0.0.0 to DVMRP Neighbors |
736 |
Responding to mrinfo Requests |
737 |
Configuring Advanced DVMRP Interoperability Features |
737 |
Enabling DVMRP Unicast Routing |
738 |
Rejecting a DVMRP Nonpruning Neighbor |
738 |
Controlling Route Exchanges |
741 |
Limiting the Number of DVMRP Routes Advertised |
741 |
Changing the DVMRP Route Threshold |
741 |
Configuring a DVMRP Summary Address |
742 |
Disabling DVMRP Autosummarization |
744 |
Adding a Metric Offset to the DVMRP Route |
744 |
Monitoring and Maintaining IP Multicast Routing |
745 |
Clearing Caches, Tables, and Databases |
746 |
Displaying System and Network Statistics |
746 |
Monitoring IP Multicast Routing |
747 |
Configuring MSDP |
749 |
Understanding MSDP |
749 |
MSDP Operation |
750 |
MSDP Benefits |
751 |
Configuring MSDP |
752 |
Default MSDP Configuration |
752 |
Configuring a Default MSDP Peer |
752 |
Caching Source-Active State |
754 |
Requesting Source Information from an MSDP Peer |
756 |
Controlling Source Information that Your Switch Originates |
757 |
Redistributing Sources |
757 |
Filtering Source-Active Request Messages |
759 |
Controlling Source Information that Your Switch Forwards |
760 |
Using a Filter |
760 |
Using TTL to Limit the Multicast Data Sent in SA Messages |
762 |
Controlling Source Information that Your Switch Receives |
762 |
Configuring an MSDP Mesh Group |
764 |
Shutting Down an MSDP Peer |
764 |
Including a Bordering PIM Dense-Mode Region in MSDP |
765 |
Configuring an Originating Address other than the RP Address |
766 |
Monitoring and Maintaining MSDP |
767 |
Configuring Fallback Bridging |
769 |
Understanding Fallback Bridging |
769 |
Configuring Fallback Bridging |
770 |
Default Fallback Bridging Configuration |
771 |
Fallback Bridging Configuration Guidelines |
771 |
Creating a Bridge Group |
771 |
Adjusting Spanning-Tree Parameters |
773 |
Changing the VLAN-Bridge Spanning-Tree Priority |
774 |
Changing the Interface Priority |
774 |
Assigning a Path Cost |
775 |
Adjusting BPDU Intervals |
776 |
Disabling the Spanning Tree on an Interface |
778 |
Monitoring and Maintaining Fallback Bridging |
778 |
Troubleshooting |
779 |
Recovering from Corrupted Software By Using the XMODEM Protocol |
780 |
Recovering from a Lost or Forgotten Password |
782 |
Procedure with Password Recovery Enabled |
783 |
Procedure with Password Recovery Disabled |
784 |
Recovering from a Command Switch Failure |
786 |
Replacing a Failed Command Switch with a Cluster Member |
786 |
Replacing a Failed Command Switch with Another Switch |
788 |
Recovering from Lost Cluster Member Connectivity |
789 |
Preventing Autonegotiation Mismatches |
790 |
Troubleshooting Power over Ethernet Switch Ports |
790 |
SFP Module Security and Identification |
790 |
Using Ping |
791 |
Understanding Ping |
791 |
Executing Ping |
791 |
Using Layer 2 Traceroute |
792 |
Understanding Layer 2 Traceroute |
792 |
Usage Guidelines |
793 |
Displaying the Physical Path |
794 |
Using IP Traceroute |
794 |
Understanding IP Traceroute |
794 |
Executing IP Traceroute |
795 |
Using Debug Commands |
796 |
Enabling Debugging on a Specific Feature |
796 |
Enabling All-System Diagnostics |
797 |
Redirecting Debug and Error Message Output |
797 |
Using the show platform forward Command |
797 |
Using the crashinfo File |
800 |
Supported MIBs |
801 |
MIB List |
801 |
Using FTP to Access the MIB Files |
803 |
Working with the Cisco IOS File System, Configuration Files, and Software Images |
805 |
Working with the Flash File System |
805 |
Displaying Available File Systems |
806 |
Setting the Default File System |
807 |
Displaying Information about Files on a File System |
807 |
Changing Directories and Displaying the Working Directory |
807 |
Creating and Removing Directories |
808 |
Copying Files |
808 |
Deleting Files |
809 |
Creating, Displaying, and Extracting tar Files |
809 |
Creating a tar File |
810 |
Displaying the Contents of a tar File |
810 |
Extracting a tar File |
811 |
Displaying the Contents of a File |
812 |
Working with Configuration Files |
812 |
Guidelines for Creating and Using Configuration Files |
813 |
Configuration File Types and Location |
813 |
Creating a Configuration File By Using a Text Editor |
814 |
Copying Configuration Files By Using TFTP |
814 |
Preparing to Download or Upload a Configuration File By Using TFTP |
814 |
Downloading the Configuration File By Using TFTP |
815 |
Uploading the Configuration File By Using TFTP |
815 |
Copying Configuration Files By Using FTP |
816 |
Preparing to Download or Upload a Configuration File By Using FTP |
817 |
Downloading a Configuration File By Using FTP |
817 |
Uploading a Configuration File By Using FTP |
819 |
Copying Configuration Files By Using RCP |
820 |
Preparing to Download or Upload a Configuration File By Using RCP |
820 |
Downloading a Configuration File By Using RCP |
821 |
Uploading a Configuration File By Using RCP |
822 |
Clearing Configuration Information |
823 |
Clearing the Startup Configuration File |
823 |
Deleting a Stored Configuration File |
823 |
Working with Software Images |
824 |
Image Location on the Switch |
824 |
tar File Format of Images on a Server or Cisco.com |
825 |
Copying Image Files By Using TFTP |
826 |
Preparing to Download or Upload an Image File By Using TFTP |
826 |
Downloading an Image File By Using TFTP |
827 |
Uploading an Image File By Using TFTP |
828 |
Copying Image Files By Using FTP |
829 |
Preparing to Download or Upload an Image File By Using FTP |
829 |
Downloading an Image File By Using FTP |
830 |
Uploading an Image File By Using FTP |
832 |
Copying Image Files By Using RCP |
833 |
Preparing to Download or Upload an Image File By Using RCP |
833 |
Downloading an Image File By Using RCP |
835 |
Uploading an Image File By Using RCP |
837 |
Unsupported Commands in CiscoIOSRelease12.1(19)EA1 |
839 |
Access Control Lists |
839 |
Unsupported Privileged EXEC Commands |
839 |
Unsupported Global Configuration Commands |
839 |
ARP Commands |
840 |
Unsupported Global Configuration Commands |
840 |
Unsupported Interface Configuration Commands |
840 |
Unsupported Debug Commands |
840 |
FallBack Bridging |
840 |
Unsupported Privileged EXEC Commands |
840 |
Unsupported Global Configuration Commands |
840 |
Unsupported Interface Configuration Commands |
841 |
HSRP |
842 |
Unsupported Global Configuration Commands |
842 |
Unsupported Interface Configuration Commands |
842 |
IGMP Snooping Commands |
842 |
Unsupported Global Configuration Commands |
842 |
Interface Commands |
842 |
Unsupported Privileged EXEC Commands |
842 |
Unsupported Global Configuration Commands |
842 |
Unsupported Interface Configuration Commands |
843 |
IP Multicast Routing |
843 |
Unsupported Privileged EXEC Commands |
843 |
Unsupported Global Configuration Commands |
843 |
Unsupported Interface Configuration Commands |
844 |
IP Unicast Routing |
844 |
Unsupported Privileged EXEC or User EXEC Commands |
844 |
Unsupported Global Configuration Commands |
845 |
Unsupported Interface Configuration Commands |
845 |
Unsupported BGP Router Configuration Commands |
846 |
Unsupported VPN Configuration Commands |
846 |
Unsupported Route Map Commands |
846 |
MSDP |
847 |
Unsupported Privileged EXEC Commands |
847 |
Unsupported Global Configuration Commands |
847 |
Network Address Translation (NAT) Commands |
847 |
Unsupported User EXEC Commands |
847 |
Unsupported Global Configuration Commands |
847 |
Unsupported Interface Configuration Commands |
847 |
RADIUS |
848 |
Unsupported Global Configuration Commands |
848 |
SNMP |
848 |
Unsupported Global Configuration Commands |
848 |
Spanning Tree |
848 |
Unsupported Global Configuration Commands |
848 |
Unsupported Interface Configuration Commands |
848 |
VLAN |
848 |
Unsupported vlan-config Commands |
848 |
Unsupported User EXEC Commands |
849 |
VTP |
849 |
Unsupported Privileged EXEC Commands |
849 |
Miscellaneous |
849 |
Unsupported Global Configuration Commands |
849 |