Section |
Page |
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide |
1 |
Contents |
3 |
Preface |
29 |
Audience |
29 |
Purpose |
29 |
Conventions |
30 |
Related Publications |
30 |
Obtaining Documentation |
31 |
Cisco.com |
31 |
Product Documentation DVD |
31 |
Ordering Documentation |
32 |
Documentation Feedback |
32 |
Cisco Product Security Overview |
32 |
Reporting Security Problems in Cisco Products |
33 |
Obtaining Technical Assistance |
33 |
Cisco Technical Support & Documentation Website |
34 |
Submitting a Service Request |
34 |
Definitions of Service Request Severity |
35 |
Obtaining Additional Publications and Information |
35 |
Overview |
37 |
Features |
37 |
Ease-of-Deployment and Ease-of-Use Features |
38 |
Performance Features |
38 |
Management Options |
39 |
Manageability Features |
39 |
Availability and Redundancy Features |
40 |
VLAN Features |
41 |
Security Features |
41 |
QoS and CoS Features |
43 |
Monitoring Features |
44 |
Default Settings After Initial Switch Configuration |
44 |
Design Concepts for Using the Switch |
46 |
Where to Go Next |
49 |
Using the Command-Line Interface |
51 |
Understanding Command Modes |
51 |
Understanding the Help System |
53 |
Understanding Abbreviated Commands |
54 |
Understanding no and default Forms of Commands |
54 |
Understanding CLI Error Messages |
55 |
Using Configuration Logging |
55 |
Using Command History |
56 |
Changing the Command History Buffer Size |
56 |
Recalling Commands |
56 |
Disabling the Command History Feature |
57 |
Using Editing Features |
57 |
Enabling and Disabling Editing Features |
57 |
Editing Commands through Keystrokes |
57 |
Editing Command Lines that Wrap |
59 |
Searching and Filtering Output of show and more Commands |
60 |
Accessing the CLI |
60 |
Accessing the CLI through a Console Connection or through Telnet |
60 |
Assigning the Switch IP Address and Default Gateway |
63 |
Understanding the Boot Process |
63 |
Assigning Switch Information |
64 |
Default Switch Information |
65 |
Understanding DHCP-Based Autoconfiguration |
65 |
DHCP Client Request Process |
66 |
Configuring DHCP-Based Autoconfiguration |
67 |
DHCP Server Configuration Guidelines |
67 |
Configuring the TFTP Server |
68 |
Configuring the DNS |
68 |
Configuring the Relay Device |
68 |
Obtaining Configuration Files |
69 |
Example Configuration |
70 |
Manually Assigning IP Information |
72 |
Checking and Saving the Running Configuration |
72 |
Modifying the Startup Configuration |
75 |
Default Boot Configuration |
76 |
Automatically Downloading a Configuration File |
76 |
Specifying the Filename to Read and Write the System Configuration |
76 |
Booting Manually |
77 |
Booting a Specific Software Image |
78 |
Controlling Environment Variables |
78 |
Scheduling a Reload of the Software Image |
80 |
Configuring a Scheduled Reload |
80 |
Displaying Scheduled Reload Information |
81 |
Configuring Cisco IOS CNS Agents |
83 |
Understanding Cisco Configuration Engine Software |
83 |
Configuration Service |
84 |
Event Service |
85 |
NameSpace Mapper |
85 |
What You Should Know About the CNS IDs and Device Hostnames |
85 |
ConfigID |
85 |
DeviceID |
86 |
Hostname and DeviceID |
86 |
Using Hostname, DeviceID, and ConfigID |
86 |
Understanding Cisco IOS Agents |
87 |
Initial Configuration |
87 |
Incremental (Partial) Configuration |
88 |
Synchronized Configuration |
88 |
Configuring Cisco IOS Agents |
88 |
Enabling Automated CNS Configuration |
88 |
Enabling the CNS Event Agent |
90 |
Enabling the Cisco IOS CNS Agent |
91 |
Enabling an Initial Configuration |
91 |
Enabling a Partial Configuration |
93 |
Displaying CNS Configuration |
94 |
Administering the Switch |
95 |
Managing the System Time and Date |
95 |
Understanding the System Clock |
95 |
Understanding Network Time Protocol |
96 |
Configuring NTP |
97 |
Default NTP Configuration |
98 |
Configuring NTP Authentication |
98 |
Configuring NTP Associations |
99 |
Configuring NTP Broadcast Service |
100 |
Configuring NTP Access Restrictions |
102 |
Configuring the Source IP Address for NTP Packets |
104 |
Displaying the NTP Configuration |
105 |
Configuring Time and Date Manually |
105 |
Setting the System Clock |
105 |
Displaying the Time and Date Configuration |
106 |
Configuring the Time Zone |
106 |
Configuring Summer Time (Daylight Saving Time) |
107 |
Configuring a System Name and Prompt |
108 |
Default System Name and Prompt Configuration |
109 |
Configuring a System Name |
109 |
Understanding DNS |
109 |
Default DNS Configuration |
110 |
Setting Up DNS |
110 |
Displaying the DNS Configuration |
111 |
Creating a Banner |
111 |
Default Banner Configuration |
111 |
Configuring a Message-of-the-Day Login Banner |
112 |
Configuring a Login Banner |
113 |
Managing the MAC Address Table |
113 |
Building the Address Table |
114 |
MAC Addresses and VLANs |
114 |
Default MAC Address Table Configuration |
115 |
Changing the Address Aging Time |
115 |
Removing Dynamic Address Entries |
116 |
Configuring MAC Address Notification Traps |
116 |
Adding and Removing Static Address Entries |
118 |
Configuring Unicast MAC Address Filtering |
119 |
Displaying Address Table Entries |
120 |
Managing the ARP Table |
120 |
Configuring Switch-Based Authentication |
121 |
Preventing Unauthorized Access to Your Switch |
121 |
Protecting Access to Privileged EXEC Commands |
122 |
Default Password and Privilege Level Configuration |
122 |
Setting or Changing a Static Enable Password |
123 |
Protecting Enable and Enable Secret Passwords with Encryption |
123 |
Disabling Password Recovery |
125 |
Setting a Telnet Password for a Terminal Line |
126 |
Configuring Username and Password Pairs |
126 |
Configuring Multiple Privilege Levels |
127 |
Setting the Privilege Level for a Command |
128 |
Changing the Default Privilege Level for Lines |
129 |
Logging into and Exiting a Privilege Level |
129 |
Controlling Switch Access with TACACS+ |
130 |
Understanding TACACS+ |
130 |
TACACS+ Operation |
132 |
Configuring TACACS+ |
132 |
Default TACACS+ Configuration |
133 |
Identifying the TACACS+ Server Host and Setting the Authentication Key |
133 |
Configuring TACACS+ Login Authentication |
134 |
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services |
136 |
Starting TACACS+ Accounting |
137 |
Displaying the TACACS+ Configuration |
137 |
Controlling Switch Access with RADIUS |
137 |
Understanding RADIUS |
138 |
RADIUS Operation |
139 |
Configuring RADIUS |
140 |
Default RADIUS Configuration |
140 |
Identifying the RADIUS Server Host |
140 |
Configuring RADIUS Login Authentication |
143 |
Defining AAA Server Groups |
145 |
Configuring RADIUS Authorization for User Privileged Access and Network Services |
147 |
Starting RADIUS Accounting |
148 |
Configuring Settings for All RADIUS Servers |
149 |
Configuring the Switch to Use Vendor-Specific RADIUS Attributes |
149 |
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication |
151 |
Displaying the RADIUS Configuration |
151 |
Controlling Switch Access with Kerberos |
152 |
Understanding Kerberos |
152 |
Kerberos Operation |
154 |
Authenticating to a Boundary Switch |
154 |
Obtaining a TGT from a KDC |
155 |
Authenticating to Network Services |
155 |
Configuring Kerberos |
155 |
Configuring the Switch for Local Authentication and Authorization |
156 |
Configuring the Switch for Secure Shell |
157 |
Understanding SSH |
158 |
SSH Servers, Integrated Clients, and Supported Versions |
158 |
Limitations |
159 |
Configuring SSH |
159 |
Configuration Guidelines |
159 |
Setting Up the Switch to Run SSH |
159 |
Configuring the SSH Server |
161 |
Displaying the SSH Configuration and Status |
161 |
Configuring the Switch for Secure Socket Layer HTTP |
162 |
Understanding Secure HTTP Servers and Clients |
162 |
Certificate Authority Trustpoints |
162 |
CipherSuites |
164 |
Configuring Secure HTTP Servers and Clients |
164 |
Default SSL Configuration |
164 |
SSL Configuration Guidelines |
165 |
Configuring a CA Trustpoint |
165 |
Configuring the Secure HTTP Server |
166 |
Configuring the Secure HTTP Client |
167 |
Displaying Secure HTTP Server and Client Status |
168 |
Configuring the Switch for Secure Copy Protocol |
168 |
Information About Secure Copy |
169 |
Configuring IEEE 802.1x Port-Based Authentication |
171 |
Understanding IEEE 802.1x Port-Based Authentication |
171 |
Device Roles |
172 |
Authentication Process |
173 |
Authentication Initiation and Message Exchange |
175 |
Ports in Authorized and Unauthorized States |
177 |
IEEE 802.1x Host Mode |
178 |
IEEE 802.1x Accounting |
179 |
IEEE 802.1x Accounting Attribute-Value Pairs |
179 |
Using IEEE 802.1x Authentication with VLAN Assignment |
180 |
Using IEEE 802.1x Authentication with Per-User ACLs |
181 |
Using IEEE 802.1x Authentication with Guest VLAN |
182 |
Using IEEE 802.1x Authentication with Restricted VLAN |
183 |
Using IEEE 802.1x Authentication with Inaccessible Authentication Bypass |
184 |
Using IEEE 802.1x Authentication with Voice VLAN Ports |
185 |
Using IEEE 802.1x Authentication with Port Security |
185 |
Using IEEE 802.1x Authentication with Wake-on-LAN |
186 |
Using IEEE 802.1x Authentication with MAC Authentication Bypass |
187 |
Configuring IEEE 802.1x Authentication |
188 |
Default IEEE 802.1x Authentication Configuration |
189 |
IEEE 802.1x Authentication Configuration Guidelines |
190 |
IEEE 802.1x Authentication |
190 |
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass |
191 |
MAC Authentication Bypass |
192 |
Configuring IEEE 802.1x Authentication |
192 |
Configuring the Switch-to-RADIUS-Server Communication |
193 |
Configuring the Host Mode |
195 |
Configuring Periodic Re-Authentication |
195 |
Manually Re-Authenticating a Client Connected to a Port |
196 |
Changing the Quiet Period |
196 |
Changing the Switch-to-Client Retransmission Time |
197 |
Setting the Switch-to-Client Frame-Retransmission Number |
198 |
Setting the Re-Authentication Number |
199 |
Configuring IEEE 802.1x Accounting |
199 |
Configuring a Guest VLAN |
200 |
Configuring a Restricted VLAN |
201 |
Configuring the Inaccessible Authentication Bypass Feature |
203 |
Configuring IEEE 802.1x Authentication with WoL |
205 |
Configuring MAC Authentication Bypass |
206 |
Configuring IEEE 802.1x Authentication Using a RADIUS Server |
207 |
Disabling IEEE 802.1x Authentication on the Port |
208 |
Resetting the IEEE 802.1x Authentication Configuration to the Default Values |
208 |
Displaying IEEE 802.1x Statistics and Status |
209 |
Configuring Interface Characteristics |
211 |
Understanding Interface Types |
211 |
Port-Based VLANs |
212 |
Switch Ports |
212 |
Internal Gigabit Ethernet Ports |
212 |
Access Ports |
213 |
Trunk Ports |
213 |
EtherChannel Port Groups |
214 |
Dual-Purpose Uplink Ports |
214 |
Connecting Interfaces |
215 |
Management-Only Interface |
215 |
Using Interface Configuration Mode |
216 |
Procedures for Configuring Interfaces |
216 |
Configuring a Range of Interfaces |
217 |
Configuring and Using Interface Range Macros |
218 |
Configuring Ethernet Interfaces |
220 |
Default Ethernet Interface Configuration |
220 |
Configuring Interface Speed and Duplex Mode |
221 |
Speed and Duplex Configuration Guidelines |
221 |
Setting the Type of a Dual-Purpose Uplink Port |
222 |
Setting the Interface Speed and Duplex Parameters |
224 |
Configuring IEEE 802.3x Flow Control |
225 |
Configuring Auto-MDIX on an Interface |
226 |
Adding a Description for an Interface |
227 |
Configuring the System MTU |
228 |
Monitoring and Maintaining the Interfaces |
229 |
Monitoring Interface Status |
229 |
Clearing and Resetting Interfaces and Counters |
230 |
Shutting Down and Restarting the Interface |
230 |
Configuring Smartports Macros |
231 |
Understanding Smartports Macros |
231 |
Configuring Smartports Macros |
232 |
Default Smartports Macro Configuration |
232 |
Smartports Macro Configuration Guidelines |
233 |
Creating Smartports Macros |
234 |
Applying Smartports Macros |
235 |
Applying Cisco-Default Smartports Macros |
236 |
Displaying Smartports Macros |
238 |
Configuring VLANs |
239 |
Understanding VLANs |
239 |
Supported VLANs |
240 |
VLAN Port Membership Modes |
241 |
Configuring Normal-Range VLANs |
242 |
Token Ring VLANs |
243 |
Normal-Range VLAN Configuration Guidelines |
243 |
VLAN Configuration Mode Options |
244 |
VLAN Configuration in config-vlan Mode |
244 |
VLAN Configuration in VLAN Database Configuration Mode |
244 |
Saving VLAN Configuration |
244 |
Default Ethernet VLAN Configuration |
245 |
Creating or Modifying an Ethernet VLAN |
246 |
Deleting a VLAN |
247 |
Assigning Static-Access Ports to a VLAN |
248 |
Configuring Extended-Range VLANs |
249 |
Default VLAN Configuration |
249 |
Extended-Range VLAN Configuration Guidelines |
250 |
Creating an Extended-Range VLAN |
250 |
Displaying VLANs |
251 |
Configuring VLAN Trunks |
252 |
Trunking Overview |
252 |
Encapsulation Types |
254 |
IEEE 802.1Q Configuration Considerations |
254 |
Default Layer 2 Ethernet Interface VLAN Configuration |
255 |
Configuring an Ethernet Interface as a Trunk Port |
255 |
Interaction with Other Features |
255 |
Configuring a Trunk Port |
256 |
Defining the Allowed VLANs on a Trunk |
257 |
Changing the Pruning-Eligible List |
258 |
Configuring the Native VLAN for Untagged Traffic |
259 |
Configuring Trunk Ports for Load Sharing |
259 |
Load Sharing Using STP Port Priorities |
260 |
Load Sharing Using STP Path Cost |
261 |
Configuring VMPS |
263 |
Understanding VMPS |
263 |
Dynamic-Access Port VLAN Membership |
264 |
Default VMPS Client Configuration |
264 |
VMPS Configuration Guidelines |
264 |
Configuring the VMPS Client |
265 |
Entering the IP Address of the VMPS |
265 |
Configuring Dynamic-Access Ports on VMPS Clients |
265 |
Reconfirming VLAN Memberships |
266 |
Changing the Reconfirmation Interval |
266 |
Changing the Retry Count |
267 |
Monitoring the VMPS |
267 |
Troubleshooting Dynamic-Access Port VLAN Membership |
268 |
VMPS Configuration Example |
268 |
Configuring VTP |
271 |
Understanding VTP |
271 |
The VTP Domain |
272 |
VTP Modes |
273 |
VTP Advertisements |
273 |
VTP Version 2 |
274 |
VTP Pruning |
274 |
Configuring VTP |
276 |
Default VTP Configuration |
276 |
VTP Configuration Options |
277 |
VTP Configuration in Global Configuration Mode |
277 |
VTP Configuration in VLAN Database Configuration Mode |
277 |
VTP Configuration Guidelines |
278 |
Domain Names |
278 |
Passwords |
278 |
VTP Version |
278 |
Configuration Requirements |
279 |
Configuring a VTP Server |
279 |
Configuring a VTP Client |
281 |
Disabling VTP (VTP Transparent Mode) |
282 |
Enabling VTP Version 2 |
283 |
Enabling VTP Pruning |
284 |
Adding a VTP Client Switch to a VTP Domain |
284 |
Monitoring VTP |
286 |
Configuring Voice VLAN |
287 |
Understanding Voice VLAN |
287 |
Cisco IP Phone Voice Traffic |
288 |
Cisco IP Phone Data Traffic |
288 |
Configuring Voice VLAN |
289 |
Default Voice VLAN Configuration |
289 |
Voice VLAN Configuration Guidelines |
289 |
Configuring a Port Connected to a Cisco7960 IP Phone |
290 |
Configuring Cisco IP Phone Voice Traffic |
290 |
Configuring the Priority of Incoming Data Frames |
292 |
Displaying Voice VLAN |
292 |
Configuring STP |
293 |
Understanding Spanning-Tree Features |
293 |
STP Overview |
294 |
Spanning-Tree Topology and BPDUs |
295 |
Bridge ID, Switch Priority, and Extended System ID |
296 |
Spanning-Tree Interface States |
296 |
Blocking State |
298 |
Listening State |
298 |
Learning State |
298 |
Forwarding State |
298 |
Disabled State |
299 |
How a Switch or Port Becomes the Root Switch or Root Port |
299 |
Spanning Tree and Redundant Connectivity |
300 |
Spanning-Tree Address Management |
300 |
Accelerated Aging to Retain Connectivity |
300 |
Spanning-Tree Modes and Protocols |
301 |
Supported Spanning-Tree Instances |
301 |
Spanning-Tree Interoperability and Backward Compatibility |
302 |
STP and IEEE 802.1Q Trunks |
302 |
Configuring Spanning-Tree Features |
302 |
Default Spanning-Tree Configuration |
303 |
Spanning-Tree Configuration Guidelines |
304 |
Changing the Spanning-Tree Mode. |
305 |
Disabling Spanning Tree |
306 |
Configuring the Root Switch |
306 |
Configuring a Secondary Root Switch |
308 |
Configuring Port Priority |
308 |
Configuring Path Cost |
310 |
Configuring the Switch Priority of a VLAN |
311 |
Configuring Spanning-Tree Timers |
312 |
Configuring the Hello Time |
312 |
Configuring the Forwarding-Delay Time for a VLAN |
313 |
Configuring the Maximum-Aging Time for a VLAN |
313 |
Configuring the Transmit Hold-Count |
314 |
Displaying the Spanning-Tree Status |
314 |
Configuring MSTP |
315 |
Understanding MSTP |
316 |
Multiple Spanning-Tree Regions |
316 |
IST, CIST, and CST |
317 |
Operations Within an MST Region |
317 |
Operations Between MST Regions |
318 |
IEEE 802.1s Terminology |
319 |
Hop Count |
319 |
Boundary Ports |
320 |
IEEE 802.1s Implementation |
320 |
Port Role Naming Change |
321 |
Interoperation Between Legacy and Standard Switches |
321 |
Detecting Unidirectional Link Failure |
322 |
Interoperability with IEEE 802.1D STP |
322 |
Understanding RSTP |
322 |
Port Roles and the Active Topology |
323 |
Rapid Convergence |
324 |
Synchronization of Port Roles |
325 |
Bridge Protocol Data Unit Format and Processing |
326 |
Processing Superior BPDU Information |
327 |
Processing Inferior BPDU Information |
327 |
Topology Changes |
327 |
Configuring MSTP Features |
328 |
Default MSTP Configuration |
328 |
MSTP Configuration Guidelines |
329 |
Specifying the MST Region Configuration and Enabling MSTP |
330 |
Configuring the Root Switch |
331 |
Configuring a Secondary Root Switch |
332 |
Configuring Port Priority |
333 |
Configuring Path Cost |
334 |
Configuring the Switch Priority |
335 |
Configuring the Hello Time |
336 |
Configuring the Forwarding-Delay Time |
337 |
Configuring the Maximum-Aging Time |
337 |
Configuring the Maximum-Hop Count |
338 |
Specifying the Link Type to Ensure Rapid Transitions |
338 |
Designating the Neighbor Type |
339 |
Restarting the Protocol Migration Process |
339 |
Displaying the MST Configuration and Status |
340 |
Configuring Optional Spanning-Tree Features |
341 |
Understanding Optional Spanning-Tree Features |
341 |
Understanding Port Fast |
342 |
Understanding BPDU Guard |
342 |
Understanding BPDU Filtering |
343 |
Understanding UplinkFast |
343 |
Understanding BackboneFast |
345 |
Understanding EtherChannel Guard |
347 |
Understanding Root Guard |
348 |
Understanding Loop Guard |
349 |
Configuring Optional Spanning-Tree Features |
349 |
Default Optional Spanning-Tree Configuration |
349 |
Optional Spanning-Tree Configuration Guidelines |
350 |
Enabling Port Fast |
350 |
Enabling BPDU Guard |
351 |
Enabling BPDU Filtering |
352 |
Enabling UplinkFast for Use with Redundant Links |
353 |
Enabling BackboneFast |
353 |
Enabling EtherChannel Guard |
354 |
Enabling Root Guard |
355 |
Enabling Loop Guard |
355 |
Displaying the Spanning-Tree Status |
356 |
Configuring Flex Links and the MAC Address-Table Move Update Feature |
357 |
Understanding Flex Links and the MAC Address-Table MoveUpdate |
357 |
Flex Links |
357 |
MAC Address-Table Move Update |
358 |
Configuring Flex Links and MAC Address-Table Move Update |
360 |
Configuration Guidelines |
360 |
Default Configuration |
360 |
Configuring Flex Links and MAC Address-Table Move Update |
361 |
Configuring Flex Links |
361 |
Configuring the MAC Address-Table Move Update Feature |
362 |
Monitoring Flex Links and the MAC Address-Table MoveUpdate |
364 |
Configuring DHCP Features |
365 |
Understanding DHCP Features |
365 |
DHCP Server |
366 |
DHCP Relay Agent |
366 |
DHCP Snooping |
366 |
Option-82 Data Insertion |
367 |
Configuring DHCP Features |
370 |
Default DHCP Configuration |
370 |
DHCP Snooping Configuration Guidelines |
371 |
Configuring the DHCP Relay Agent |
372 |
Enabling DHCP Snooping and Option 82 |
372 |
Enabling the Cisco IOS DHCP Server Database |
374 |
Displaying DHCP Snooping Information |
374 |
Configuring IGMP Snooping and MVR |
375 |
Understanding IGMP Snooping |
375 |
IGMP Versions |
376 |
Joining a Multicast Group |
377 |
Leaving a Multicast Group |
379 |
Immediate Leave |
379 |
IGMP Configurable-Leave Timer |
379 |
IGMP Report Suppression |
380 |
Configuring IGMP Snooping |
380 |
Default IGMP Snooping Configuration |
380 |
Enabling or Disabling IGMP Snooping |
381 |
Setting the Snooping Method |
382 |
Configuring a Multicast Router Port |
383 |
Configuring a Blade Server Statically to Join a Group |
383 |
Enabling IGMP Immediate Leave |
384 |
Configuring the IGMP Leave Timer |
385 |
Configuring TCN-Related Commands |
385 |
Controlling the Multicast Flooding Time After a TCN Event |
386 |
Recovering from Flood Mode |
386 |
Disabling Multicast Flooding During a TCN Event |
387 |
Configuring the IGMP Snooping Querier |
387 |
Disabling IGMP Report Suppression |
389 |
Displaying IGMP Snooping Information |
389 |
Understanding Multicast VLAN Registration |
391 |
Using MVR in a Multicast Television Application |
392 |
Configuring MVR |
393 |
Default MVR Configuration |
393 |
MVR Configuration Guidelines and Limitations |
394 |
Configuring MVR Global Parameters |
394 |
Configuring MVR Interfaces |
395 |
Displaying MVR Information |
397 |
Configuring IGMP Filtering and Throttling |
397 |
Default IGMP Filtering and Throttling Configuration |
398 |
Configuring IGMP Profiles |
398 |
Applying IGMP Profiles |
399 |
Setting the Maximum Number of IGMP Groups |
400 |
Configuring the IGMP Throttling Action |
401 |
Displaying IGMP Filtering and Throttling Configuration |
402 |
Configuring Port-Based Traffic Control |
403 |
Configuring Storm Control |
403 |
Understanding Storm Control |
403 |
Default Storm Control Configuration |
405 |
Configuring Storm Control and Threshold Levels |
405 |
Configuring Protected Ports |
407 |
Default Protected Port Configuration |
408 |
Protected Port Configuration Guidelines |
408 |
Configuring a Protected Port |
408 |
Configuring Port Blocking |
408 |
Default Port Blocking Configuration |
409 |
Blocking Flooded Traffic on an Interface |
409 |
Configuring Port Security |
409 |
Understanding Port Security |
410 |
Secure MAC Addresses |
410 |
Security Violations |
411 |
Default Port Security Configuration |
412 |
Port Security Configuration Guidelines |
412 |
Enabling and Configuring Port Security |
413 |
Enabling and Configuring Port Security Aging |
417 |
Displaying Port-Based Traffic Control Settings |
418 |
Configuring CDP |
419 |
Understanding CDP |
419 |
Configuring CDP |
420 |
Default CDP Configuration |
420 |
Configuring the CDP Characteristics |
420 |
Disabling and Enabling CDP |
421 |
Disabling and Enabling CDP on an Interface |
422 |
Monitoring and Maintaining CDP |
422 |
Configuring UDLD |
425 |
Understanding UDLD |
425 |
Modes of Operation |
425 |
Methods to Detect Unidirectional Links |
426 |
Configuring UDLD |
427 |
Default UDLD Configuration |
428 |
Configuration Guidelines |
428 |
Enabling UDLD Globally |
429 |
Enabling UDLD on an Interface |
429 |
Resetting an Interface Disabled by UDLD |
430 |
Displaying UDLD Status |
430 |
Configuring SPAN and RSPAN |
431 |
Understanding SPAN and RSPAN |
431 |
Local SPAN |
432 |
Remote SPAN |
432 |
SPAN and RSPAN Concepts and Terminology |
433 |
SPAN Sessions |
433 |
Monitored Traffic |
434 |
Source Ports |
435 |
Source VLANs |
436 |
VLAN Filtering |
436 |
Destination Port |
436 |
RSPAN VLAN |
437 |
SPAN and RSPAN Interaction with Other Features |
438 |
Configuring SPAN and RSPAN |
439 |
Default SPAN and RSPAN Configuration |
439 |
Configuring Local SPAN |
439 |
SPAN Configuration Guidelines |
440 |
Creating a Local SPAN Session |
440 |
Creating a Local SPAN Session and Configuring Incoming Traffic |
443 |
Specifying VLANs to Filter |
444 |
Configuring RSPAN |
445 |
RSPAN Configuration Guidelines |
445 |
Configuring a VLAN as an RSPAN VLAN |
446 |
Creating an RSPAN Source Session |
447 |
Creating an RSPAN Destination Session |
449 |
Creating an RSPAN Destination Session and Configuring Incoming Traffic |
450 |
Specifying VLANs to Filter |
452 |
Displaying SPAN and RSPAN Status |
453 |
Configuring RMON |
455 |
Understanding RMON |
455 |
Configuring RMON |
456 |
Default RMON Configuration |
457 |
Configuring RMON Alarms and Events |
457 |
Collecting Group History Statistics on an Interface |
459 |
Collecting Group Ethernet Statistics on an Interface |
459 |
Displaying RMON Status |
460 |
Configuring System Message Logging |
461 |
Understanding System Message Logging |
461 |
Configuring System Message Logging |
462 |
System Log Message Format |
462 |
Default System Message Logging Configuration |
463 |
Disabling Message Logging |
463 |
Setting the Message Display Destination Device |
464 |
Synchronizing Log Messages |
465 |
Enabling and Disabling Time Stamps on Log Messages |
467 |
Enabling and Disabling Sequence Numbers in Log Messages |
467 |
Defining the Message Severity Level |
468 |
Limiting Syslog Messages Sent to the History Table and to SNMP |
469 |
Configuring UNIX Syslog Servers |
470 |
Logging Messages to a UNIX Syslog Daemon |
470 |
Configuring the UNIX System Logging Facility |
471 |
Displaying the Logging Configuration |
472 |
Configuring SNMP |
473 |
Understanding SNMP |
473 |
SNMP Versions |
474 |
SNMP Manager Functions |
475 |
SNMP Agent Functions |
476 |
SNMP Community Strings |
476 |
Using SNMP to Access MIB Variables |
476 |
SNMP Notifications |
477 |
SNMP ifIndex MIB Object Values |
477 |
Configuring SNMP |
478 |
Default SNMP Configuration |
478 |
SNMP Configuration Guidelines |
478 |
Disabling the SNMP Agent |
479 |
Configuring Community Strings |
480 |
Configuring SNMP Groups and Users |
481 |
Configuring SNMP Notifications |
483 |
Setting the Agent Contact and Location Information |
486 |
Limiting TFTP Servers Used Through SNMP |
487 |
SNMP Examples |
487 |
Displaying SNMP Status |
488 |
Configuring Network Security with ACLs |
489 |
Understanding ACLs |
489 |
Supported ACLs |
490 |
Port ACLs |
491 |
VLAN Maps |
492 |
Handling Fragmented and Unfragmented Traffic |
492 |
Configuring IPv4 ACLs |
493 |
Creating Standard and Extended IPv4 ACLs |
494 |
Access List Numbers |
495 |
Creating a Numbered Standard ACL |
496 |
Creating a Numbered Extended ACL |
497 |
Resequencing ACEs in an ACL |
501 |
Creating Named Standard and Extended ACLs |
501 |
Using Time Ranges with ACLs |
503 |
Including Comments in ACLs |
505 |
Applying an IPv4 ACL to a Terminal Line |
505 |
Applying an IPv4 ACL to an Interface |
506 |
Hardware and Software Treatment of IP ACLs |
507 |
IPv4 ACL Configuration Examples |
507 |
Numbered ACLs |
507 |
Extended ACLs |
507 |
Named ACLs |
508 |
Time Range Applied to an IP ACL |
508 |
Commented IP ACL Entries |
508 |
Creating Named MAC Extended ACLs |
509 |
Applying a MAC ACL to a Layer 2 Interface |
510 |
Configuring VLAN Maps |
511 |
VLAN Map Configuration Guidelines |
512 |
Creating a VLAN Map |
513 |
Examples of ACLs and VLAN Maps |
513 |
Applying a VLAN Map to a VLAN |
515 |
Using VLAN Maps in Your Network |
516 |
Wiring Closet Configuration |
516 |
Denying Access to a Server on a VLAN |
517 |
Displaying IPv4 ACL Configuration |
518 |
Configuring QoS |
519 |
Understanding QoS |
519 |
Basic QoS Model |
521 |
Classification |
523 |
Classification Based on QoS ACLs |
525 |
Classification Based on Class Maps and Policy Maps |
525 |
Policing and Marking |
526 |
Policing on Physical Ports |
527 |
Policing on SVIs |
528 |
Mapping Tables |
530 |
Queueing and Scheduling Overview |
531 |
Weighted Tail Drop |
531 |
SRR Shaping and Sharing |
532 |
Queueing and Scheduling on Ingress Queues |
533 |
Queueing and Scheduling on Egress Queues |
535 |
Packet Modification |
537 |
Configuring Auto-QoS |
538 |
Generated Auto-QoS Configuration |
539 |
Effects of Auto-QoS on the Configuration |
543 |
Auto-QoS Configuration Guidelines |
543 |
Enabling Auto-QoS for VoIP |
544 |
Auto-QoS Configuration Example |
545 |
Displaying Auto-QoS Information |
547 |
Configuring Standard QoS |
547 |
Default Standard QoS Configuration |
548 |
Default Ingress Queue Configuration |
548 |
Default Egress Queue Configuration |
549 |
Default Mapping Table Configuration |
550 |
Standard QoS Configuration Guidelines |
550 |
QoS ACL Guidelines |
550 |
Applying QoS on Interfaces |
550 |
Policing Guidelines |
551 |
General QoS Guidelines |
551 |
Enabling QoS Globally |
552 |
Enabling VLAN-Based QoS on Physical Ports |
552 |
Configuring Classification Using Port Trust States |
553 |
Configuring the Trust State on Ports within the QoS Domain |
553 |
Configuring the CoS Value for an Interface |
555 |
Configuring a Trusted Boundary to Ensure Port Security |
555 |
Enabling DSCP Transparency Mode |
557 |
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain |
557 |
Configuring a QoS Policy |
559 |
Classifying Traffic by Using ACLs |
560 |
Classifying Traffic by Using Class Maps |
563 |
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps |
565 |
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps |
569 |
Classifying, Policing, and Marking Traffic by Using Aggregate Policers |
575 |
Configuring DSCP Maps |
577 |
Configuring the CoS-to-DSCP Map |
577 |
Configuring the IP-Precedence-to-DSCP Map |
578 |
Configuring the Policed-DSCP Map |
579 |
Configuring the DSCP-to-CoS Map |
580 |
Configuring the DSCP-to-DSCP-Mutation Map |
581 |
Configuring Ingress Queue Characteristics |
583 |
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds |
584 |
Allocating Buffer Space Between the Ingress Queues |
585 |
Allocating Bandwidth Between the Ingress Queues |
585 |
Configuring the Ingress Priority Queue |
586 |
Configuring Egress Queue Characteristics |
587 |
Configuration Guidelines |
588 |
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set |
588 |
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID |
590 |
Configuring SRR Shaped Weights on Egress Queues |
592 |
Configuring SRR Shared Weights on Egress Queues |
593 |
Configuring the Egress Expedite Queue |
594 |
Limiting the Bandwidth on an Egress Interface |
594 |
Displaying Standard QoS Information |
595 |
Configuring EtherChannels and Layer 2 Trunk Failover |
597 |
Understanding EtherChannels |
597 |
EtherChannel Overview |
598 |
Port-Channel Interfaces |
599 |
Port Aggregation Protocol |
600 |
PAgP Modes |
600 |
PAgP Interaction with Other Features |
601 |
Link Aggregation Control Protocol |
601 |
LACP Modes |
601 |
LACP Interaction with Other Features |
602 |
EtherChannel On Mode |
602 |
Load Balancing and Forwarding Methods |
602 |
Configuring EtherChannels |
604 |
Default EtherChannel Configuration |
605 |
EtherChannel Configuration Guidelines |
605 |
Configuring Layer2 EtherChannels |
606 |
Configuring EtherChannel Load Balancing |
608 |
Configuring the PAgP Learn Method and Priority |
609 |
Configuring LACP Hot-Standby Ports |
610 |
Configuring the LACP System Priority |
611 |
Configuring the LACP Port Priority |
612 |
Displaying EtherChannel, PAgP, and LACP Status |
613 |
Understanding Layer 2 Trunk Failover |
613 |
Configuring Layer 2 Trunk Failover |
614 |
Default Layer 2 Trunk Failover Configuration |
614 |
Layer 2 Trunk Failover Configuration Guidelines |
615 |
Configuring Layer 2 Trunk Failover |
615 |
Displaying Layer 2 Trunk Failover Status |
616 |
Troubleshooting |
617 |
Recovering from a Software Failure |
618 |
Recovering from a Lost or Forgotten Password |
619 |
Procedure with Password Recovery Enabled |
620 |
Procedure with Password Recovery Disabled |
622 |
Preventing Autonegotiation Mismatches |
623 |
SFP Module Security and Identification |
624 |
Monitoring SFP Module Status |
624 |
Monitoring Temperature |
625 |
Using Ping |
625 |
Understanding Ping |
625 |
Executing Ping |
625 |
Using Layer 2 Traceroute |
626 |
Understanding Layer 2 Traceroute |
626 |
Usage Guidelines |
627 |
Displaying the Physical Path |
628 |
Using IP Traceroute |
628 |
Understanding IP Traceroute |
628 |
Executing IP Traceroute |
629 |
Using TDR |
630 |
Understanding TDR |
630 |
Running TDR and Displaying the Results |
630 |
Using Debug Commands |
630 |
Enabling Debugging on a Specific Feature |
631 |
Enabling All-System Diagnostics |
631 |
Redirecting Debug and Error Message Output |
632 |
Using the show platform forward Command |
632 |
Using the crashinfo Files |
634 |
Basic crashinfo Files |
634 |
Extended crashinfo Files |
634 |
Supported MIBs |
635 |
MIB List |
635 |
Using FTP to Access the MIB Files |
637 |
Working with the Cisco IOS File System, Configuration Files, and Software Images |
639 |
Working with the Flash File System |
639 |
Displaying Available File Systems |
640 |
Setting the Default File System |
641 |
Displaying Information about Files on a File System |
641 |
Changing Directories and Displaying the Working Directory |
641 |
Creating and Removing Directories |
642 |
Copying Files |
642 |
Deleting Files |
643 |
Creating, Displaying, and Extracting tar Files |
643 |
Creating a tar File |
644 |
Displaying the Contents of a tar File |
644 |
Extracting a tar File |
646 |
Displaying the Contents of a File |
646 |
Working with Configuration Files |
646 |
Guidelines for Creating and Using Configuration Files |
647 |
Configuration File Types and Location |
648 |
Creating a Configuration File By Using a Text Editor |
648 |
Copying Configuration Files By Using TFTP |
648 |
Preparing to Download or Upload a Configuration File By Using TFTP |
649 |
Downloading the Configuration File By Using TFTP |
649 |
Uploading the Configuration File By Using TFTP |
650 |
Copying Configuration Files By Using FTP |
650 |
Preparing to Download or Upload a Configuration File By Using FTP |
651 |
Downloading a Configuration File By Using FTP |
651 |
Uploading a Configuration File By Using FTP |
652 |
Copying Configuration Files By Using RCP |
653 |
Preparing to Download or Upload a Configuration File By Using RCP |
654 |
Downloading a Configuration File By Using RCP |
655 |
Uploading a Configuration File By Using RCP |
656 |
Clearing Configuration Information |
656 |
Clearing the Startup Configuration File |
657 |
Deleting a Stored Configuration File |
657 |
Working with Software Images |
657 |
Image Location on the Switch |
658 |
tar File Format of Images on a Server or Cisco.com |
658 |
Copying Image Files By Using TFTP |
659 |
Preparing to Download or Upload an Image File By Using TFTP |
659 |
Downloading an Image File By Using TFTP |
660 |
Uploading an Image File By Using TFTP |
662 |
Copying Image Files By Using FTP |
662 |
Preparing to Download or Upload an Image File By Using FTP |
663 |
Downloading an Image File By Using FTP |
664 |
Uploading an Image File By Using FTP |
665 |
Copying Image Files By Using RCP |
666 |
Preparing to Download or Upload an Image File By Using RCP |
667 |
Downloading an Image File By Using RCP |
668 |
Uploading an Image File By Using RCP |
670 |
Unsupported Commands in CiscoIOSRelease12.2(25)SEF |
673 |
Access Control Lists |
673 |
Unsupported Privileged EXEC Commands |
673 |
Unsupported Global Configuration Commands |
673 |
Unsupported Route-Map Configuration Commands |
673 |
IGMP Snooping Commands |
674 |
Unsupported Global Configuration Commands |
674 |
Interface Commands |
674 |
Unsupported Privileged EXEC Commands |
674 |
Unsupported Global Configuration Commands |
674 |
Unsupported Interface Configuration Commands |
674 |
MAC Address Commands |
674 |
Unsupported Privileged EXEC Commands |
674 |
Unsupported Global Configuration Commands |
675 |
Miscellaneous |
675 |
Unsupported Privileged EXEC Commands |
675 |
Unsupported Global Configuration Commands |
675 |
Network Address Translation (NAT) Commands |
675 |
Unsupported Privileged EXEC Commands |
675 |
QoS |
675 |
Unsupported Global Configuration Commands |
675 |
Unsupported Interface Configuration Commands |
676 |
Unsupported Policy-Map Configuration Commands |
676 |
RADIUS |
676 |
Unsupported Global Configuration Commands |
676 |
SNMP |
676 |
Unsupported Global Configuration Commands |
676 |
Spanning Tree |
676 |
Unsupported Global Configuration Command |
676 |
Unsupported Interface Configuration Command |
676 |
VLAN |
677 |
Unsupported Global Configuration Commands |
677 |
Unsupported vlan-config Command |
677 |
Unsupported User EXEC Commands |
677 |
VTP |
677 |
Unsupported Privileged EXEC Commands |
677 |