Manuals / Brands / Computer Equipment / Switch / Cisco Systems / Computer Equipment / Switch

Cisco Systems 2950 Handling Fragmented and Unfragmented Traffic

1 710

Download 710 pages, 8.17 Mb

29-3

Catalyst2950 and Catalyst2955 Switch Software Configuration Guide

78-11380-10

Chapter29 Configuring Network Securi ty with ACLs Understanding ACLs

Figure29-1 Using ACLs to Control Traffic to a Network

Handling Fragmented and Unfragmented Traffic

IP packets can be fragmented as they cross the network. When this happens, only the fragment

containing the beginning of the packet contains the Layer 4 information, such as TCP or UDP po rt

numbers, Internet Control Message Protocol (ICMP) type and code, an d so on. A ll o ther frag me nts a re

missing this information.

Some ACEs do not check Layer 4 information and therefore can be applied to all pa cket fragments. ACEs

that do test Layer 4 information cannot be applied in the standard manner to most of the fragments in a

fragmented IP packet. When the fragment contains no Layer 4 information and the ACE tests some

Layer 4 information, the matching rules are modified:

•Permit ACEs that check the Layer 3 information in the fragment (including protocol type, such as

TCP, UDP, and so on) are considered to match the fragment regardless of what the missing Layer 4

information might have been.

•Deny ACEs that check Layer 4 information never match a fragment unless the fragment contains

Layer 4 information.

Consider access list 102, configured with these commands, applied to three fragmented packets:

Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp

Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet

Switch (config)# access-list 102 deny tcp any any

Note In the first and second ACEs in the examples, the eq keyword after the destination address means to test

for the TCP-destination-port well-known numbers equaling Simple Mail Transfer Protocol (SM TP) and

Telnet, respectively.

Host A

Host B

101365

Research &

Development

network

= ACL denying traffic from Host B

and permitting traffic from Host A

= Packet

Human

Resources

network

Contents

Main Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide Page CONTENTS Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Preface Audience Purpose Conventions Related Publications Obtaining Documentation Cisco.com Ordering Documentation Documentation Feedback Obtaining Technical Assistance Cisco Technical Support Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Overview Features Page Page Page Page Page Page Management Options Management Interface Options Advantages of Using CMS and Clustering Switches Network Configuration Examples Design Concepts for Using the Switch Page Page Small to Medium-Sized Network Configuration Collapsed Backbone and Switch Cluster Configuration Hotel Network Configuration Page 1-17 Service-Provider Central-Office Configuration Large Campus Configuration Multidwelling Network Using Catalyst 2950 Switches Page Long-Distance, High-Bandwidth Transport Configuration Where to Go Next Using the Command-Line Interface Cisco IOS Command Modes Page Getting Help Abbreviating Commands Using no and default Forms of Commands Understanding CLI Messages Using Command History Changing the Command History Buffer Size Recalling Commands Disabling the Command History Feature Using Editing Features Enabling and Disabling Editing Features Editing Commands through Keystrokes Editing Command Lines that Wrap Searching and Filtering Output of show and more Commands Accessing the CLI Accessing the CLI from a Browser Configuring Catalyst 2955 Switch Alarms Understanding Catalyst 2955 Switch Alarms Global Status Monitoring Alarms FCS Error Hysteresis Threshold Port Status Monitoring Alarms Triggering Alarm Options Configuring Catalyst 2955 Switch Alarms Default Catalyst 2955 Switch Alarm Configuration Configuring the Power Supply Alarm Setting the Power Mode Setting the Power Supply Alarm Options Configuring the Switch Temperature Alarms Setting a Secondary Temperature Threshold for the Switch Associating the Temperature Alarms to a Relay Configuring the FCS Bit Error Rate Alarm Setting the FCS Error Threshold Setting the FCS Error Hysteresis Threshold Configuring Alarm Profiles Creating or Modifying an Alarm Profile Attaching an Alarm Profile to a Specific Port Enabling SNMP Traps Displaying Catalyst 2955 Switch Alarms Status Page Getting Started with CMS Understanding CMS Front Panel View Topology View CMS Menu Bar, Toolbar, and Feature Bar Page Page Online Help Configuration Modes Guide Mode Expert Mode Wizards Privilege Levels Access to Older Switches in a Cluster Configuring CMS CMS Requirements Minimum Hardware Configuration Operating System and Browser Support CMS Plug-In Cross-Platform Considerations HTTP Access to CMS Specifying an HTTP Port (Nondefault Configuration Only) Configuring an Authentication Method (Nondefault Configuration Only) Displaying CMS Launching CMS Page Front Panel View 1 2 3 4 12 Topology View 1 432 CMS Icons Where to Go Next Page Assigning the Switch IP Address and Default Gateway Understanding the Boot Process Assigning Switch Information Default Switch Information Understanding DHCP-Based Autoconfiguration DHCP Client Request Process Configuring DHCP-Based Autoconfiguration DHCP Server Configuration Guidelines Configuring the TFTP Server Configuring the DNS Configuring the Relay Device Obtaining Configuration Files Example Configuration Manually Assigning IP Information Checking and Saving the Running Configuration Modifying the Startup Configuration Default Boot Configuration Automatically Downloading a Configuration File Specifying the Filename to Read and Write the System Configuration Booting Manually Booting a Specific Software Image Controlling Environment Variables Page Scheduling a Reload of the Software Image Configuring a Scheduled Reload Displaying Scheduled Reload Information Page Configuring IE2100 CNS Agents Understanding IE2100 Series Configuration Registrar Software CNS Configuration Service CNS Event Service NameSpace Mapper What You Should Know About ConfigID, DeviceID, and Host Name ConfigID DeviceID Host Name and DeviceID Using Host Name, DeviceID, and ConfigID Understanding CNS Embedded Agents Initial Configuration V Incremental (Partial) Configuration Synchronized Configuration Configuring CNS Embedded Agents Enabling Automated CNS Configuration Page Enabling the CNS Event Agent Enabling the CNS Configuration Agent Enabling an Initial Configuration Page Page Enabling a Partial Configuration Displaying CNS Configuration Page Clustering Switches Understanding Switch Clusters Command Switch Characteristics Standby Command Switch Characteristics Candidate Switch and Member Switch Characteristics Planning a Switch Cluster Automatic Discovery of Cluster Candidates and Members Discovery through CDP Hops Discovery through Non-CDP-Capable and Noncluster-Capable Devices Discovery through the Same Management VLAN Discovery through Different Management VLANs Discovery of Newly Installed Switches HSRP and Standby Command Switches Virtual IP Addresses Other Considerations for Cluster Standby Groups Page Automatic Recovery of Cluster Configuration IP Addresses Host Names Passwords SNMP Community Strings TACACS+ and RADIUS Access Modes in CMS Management VLAN LRE Profiles Availability of Switch-Specific Features in Switch Clusters Creating a Switch Cluster Enabling a Command Switch Adding Member Switches 7-20 Creating a Cluster Standby Group Verifying a Switch Cluster Using the CLI to Manage Switch Clusters Catalyst 1900 and Catalyst 2820 CLI Considerations Using SNMP to Manage Switch Clusters 7-25 Trap Page Administering the Switch Managing the System Time and Date Understanding the System Clock Understanding Network Time Protocol Configuring NTP Default NTP Configuration Configuring NTP Authentication Page Configuring NTP Associations Configuring NTP Broadcast Service Configuring NTP Access Restrictions Creating an Access Group and Assigning a Basic IP Access List Disabling NTP Services on a Specific Interface Configuring the Source IP Address for NTP Packets Displaying the NTP Configuration Configuring Time and Date Manually Setting the System Clock Displaying the Time and Date Configuration Configuring the Time Zone Configuring Summer Time (Daylight Saving Time) Page Configuring a System Name and Prompt Default System Name and Prompt Configuration Configuring a System Name Configuring a System Prompt Understanding DNS Default DNS Configuration Setting Up DNS Displaying the DNS Configuration Creating a Banner Default Banner Configuration Configuring a Message-of-the-Day Login Banner Configuring a Login Banner Managing the MAC Address Table Building the Address Table MAC Addresses and VLANs Default MAC Address Table Configuration Changing the Address Aging Time Removing Dynamic Address Entries Configuring MAC Address Notification Traps Page Adding and Removing Static Address Entries Configuring Unicast MAC Address Filtering Displaying Address Table Entries Managing the ARP Table Configuring Switch-Based Authentication Preventing Unauthorized Access to Your Switch Protecting Access to Privileged EXEC Commands Default Password and Privilege Level Configuration Setting or Changing a Static Enable Password Protecting Enable and Enable Secret Passwords with Encryption Disabling Password Recovery Setting a Telnet Password for a Terminal Line Configuring Username and Password Pairs Configuring Multiple Privilege Levels Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Logging into and Exiting a Privilege Level Controlling Switch Access with TACACS+ Understanding TACACS+ Page TACACS+ Operation Configuring TACACS+ Default TACACS+ Configuration Identifying the TACACS+ Server Host and Setting the Authentication Key Configuring TACACS+ Login Authentication Page Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services Starting TACACS+ Accounting Displaying the TACACS+ Configuration Controlling Switch Access with RADIUS Understanding RADIUS RADIUS Operation Configuring RADIUS Default RADIUS Configuration Identifying the RADIUS Server Host Page Configuring RADIUS Login Authentication Page Defining AAA Server Groups Page Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Configuring Settings for All RADIUS Servers Configuring the Switch to Use Vendor-Specific RADIUS Attributes Configuring the Switch for Vendor-Proprietary RADIUS Server Communication Displaying the RADIUS Configuration Configuring the Switch for Local Authentication and Authorization Configuring the Switch for Secure Shell Understanding SSH SSH Servers, Integrated Clients, and Supported Versions Limitations Configuring SSH Configuration Guidelines Cryptographic Software Image Guidelines Setting Up the Switch to Run SSH Configuring the SSH Server Displaying the SSH Configuration and Status Page Configuring 802.1x Port-Based Authentication Understanding 802.1x Port-Based Authentication Device Roles Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States 802.1x Accounting Supported Topologies Using 802.1x with Port Security Using 802.1x with Voice VLAN Ports Using 802.1x with VLAN Assignment Using 802.1x with Guest VLAN Configuring 802.1x Authentication Default 802.1x Configuration 802.1x Configuration Guidelines Upgrading from a Previous Software Release Enabling 802.1x Authentication Page Configuring the Switch-to-RADIUS-Server Communication Enabling Periodic Re-Authentication Manually Re-Authenticating a Client Connected to a Port Changing the Quiet Period Changing the Switch-to-Client Retransmission Time Setting the Switch-to-Client Frame-Retransmission Number Configuring the Host Mode Configuring a Guest VLAN Resetting the 802.1x Configuration to the Default Values Configuring 802.1x Authentication Configuring 802.1x Accounting Displaying 802.1x Statistics and Status Page Configuring Interface Characteristics Understanding Interface Types Access Ports Trunk Ports Port-Based VLANs EtherChannel Port Groups Connecting Interfaces Using the Interface Command Procedures for Configuring Interfaces Configuring a Range of Interfaces Page Configuring and Using Interface-Range Macros Configuring Ethernet Interfaces Default Ethernet Interface Configuration Configuring Interface Speed and Duplex Mode Configuration Guidelines Page Setting the Interface Speed and Duplex Parameters on a Non-LRE Switch Port Setting the Interface Speed and Duplex Parameters on an LRE Switch Port Configuring Media Types for Gigabit Ethernet Interfaces on LRE Switches Configuring IEEE 802.3z Flow Control on Gigabit Ethernet Ports Adding a Description for an Interface Monitoring and Maintaining the Interfaces Monitoring Interface and Controller Status Clearing and Resetting Interfaces and Counters Shutting Down and Restarting the Interface Page Configuring Smartports Macros Understanding Smartports Macros Configuring Smartports Macros Default Smartports Macro Configuration Smartports Macro Configuration Guidelines Creating Smartports Macros Applying Smartports Macros Applying Cisco-Default Smartports Macros Page Displaying Smartports Macros Configuring LRE Understanding LRE Features Ports on the Catalyst 2950 LRE Switches LRE Links and LRE Profiles LRE Profiles Page Page LRE Sequences CPE Ethernet Links LRE Link Monitor LRE Message Logging Process Configuring LRE Ports Default LRE Configuration Environmental Guidelines for LRE Links Guidelines for Using LRE Profiles CPE Ethernet Link Guidelines Guidelines for Configuring Cisco 575 LRE CPEs and 576 LRE 997 CPEs Guidelines for Configuring Cisco 585 LRE CPEs Assigning a Global Profile to All LRE Ports Assigning a Profile to a Specific LRE Port Assigning a Global Sequence to All LRE Ports Assigning a Sequence to a Specific LRE Port Using Rate Selection to Automatically Assign Profiles Precedence Profile Locking Link Qualification and SNR Margins Page Page Configuring LRE Link Persistence Configuring LRE Link Monitor Configuring LRE Interleave Configuring Upstream Power Back-Off Configuring CPE Toggle Configuring Syslog Export Upgrading LRE Switch Firmware Configuring for an LRE Upgrade Performing an LRE Upgrade Global Configuration of LRE Upgrades Controller Configuration of LRE Upgrades LRE Upgrade Details LRE Upgrade Example Displaying LRE Status Page Configuring STP Understanding Spanning-Tree Features STP Overview Spanning-Tree Topology and BPDUs Bridge ID, Switch Priority, and Extended System ID Spanning-Tree Interface States Page Blocking State Listening State Learning State Forwarding State Disabled State How a Switch or Port Becomes the Root Switch or Root Port Spanning Tree and Redundant Connectivity Spanning-Tree Address Management Accelerated Aging to Retain Connectivity Spanning-Tree Modes and Protocols Supported Spanning-Tree Instances Spanning-Tree Interoperability and Backward Compatibility STP and IEEE 802.1Q Trunks Configuring Spanning-Tree Features Default Spanning-Tree Configuration Spanning-Tree Configuration Guidelines Changing the Spanning-Tree Mode Disabling Spanning Tree Configuring the Root Switch Page Configuring a Secondary Root Switch Configuring the Port Priority Page Configuring the Path Cost Configuring the Switch Priority of a VLAN Configuring Spanning-Tree Timers Configuring the Hello Time Configuring the Forwarding-Delay Time for a VLAN Configuring the Maximum-Aging Time for a VLAN Configuring Spanning Tree for Use in a Cascaded Stack Displaying the Spanning-Tree Status Configuring MSTP Understanding MSTP Multiple Spanning-Tree Regions IST, CIST, and CST Operations Within an MST Region Operations Between MST Regions Hop Count Boundary Ports Interoperability with 802.1D STP Understanding RSTP Port Roles and the Active Topology Rapid Convergence Synchronization of Port Roles Bridge Protocol Data Unit Format and Processing Processing Superior BPDU Information Processing Inferior BPDU Information Topology Changes Configuring MSTP Features Default MSTP Configuration MSTP Configuration Guidelines Specifying the MST Region Configuration and Enabling MSTP Configuring the Root Switch Page Configuring a Secondary Root Switch Configuring the Port Priority Configuring the Path Cost Configuring the Switch Priority Configuring the Hello Time Configuring the Forwarding-Delay Time Configuring the Maximum-Aging Time Configuring the Maximum-Hop Count Specifying the Link Type to Ensure Rapid Transitions Restarting the Protocol Migration Process Displaying the MST Configuration and Status Page Configuring Optional Spanning-Tree Features Understanding Optional Spanning-Tree Features Understanding Port Fast Understanding BPDU Guard Understanding BPDU Filtering Understanding UplinkFast Page Understanding Cross-Stack UplinkFast How CSUF Works Page Events that Cause Fast Convergence Limitations 16-8 Catalyst2950 and Catalyst2955 Switch Software Configuration Guide 78-11380-10 2 34 5 6 78 9 10 910 910 910 Connecting the Stack Ports stack to form a redundant link. Figure16-6 GigaStack GBIC Module Connections and Spanning-Tree Convergence Catalyst 3500 XL Catalyst 2950G-12 Understanding BackboneFast Page Understanding EtherChannel Guard Understanding Root Guard Understanding Loop Guard Configuring Optional Spanning-Tree Features Default Optional Spanning-Tree Configuration Optional Spanning-Tree Configuration Guidelines Enabling Port Fast Enabling BPDU Guard Enabling BPDU Filtering Enabling UplinkFast for Use with Redundant Links Enabling Cross-Stack UplinkFast Enabling BackboneFast Enabling EtherChannel Guard Enabling Root Guard Enabling Loop Guard Displaying the Spanning-Tree Status Configuring VLANs Understanding VLANs Supported VLANs VLAN Port Membership Modes Configuring Normal-Range VLANs Token Ring VLANs Normal-Range VLAN Configuration Guidelines VLAN Configuration Mode Options VLAN Configuration in config-vlan Mode VLAN Configuration in VLAN Configuration Mode Saving VLAN Configuration Default Ethernet VLAN Configuration Creating or Modifying an Ethernet VLAN Page Deleting a VLAN Assigning Static-Access Ports to a VLAN Configuring Extended-Range VLANs Default VLAN Configuration Extended-Range VLAN Configuration Guidelines Creating an Extended-Range VLAN Displaying VLANs Configuring VLAN Trunks Trunking Overview 802.1Q Configuration Considerations Default Layer 2 Ethernet Interface VLAN Configuration Configuring an Ethernet Interface as a Trunk Port Interaction with Other Features Configuring a Trunk Port Defining the Allowed VLANs on a Trunk Changing the Pruning-Eligible List Configuring the Native VLAN for Untagged Traffic Load Sharing Using STP Load Sharing Using STP Port Priorities Page Load Sharing Using STP Path Cost Configuring VMPS Understanding VMPS Dynamic Port VLAN Membership VMPS Database Configuration File Default VMPS Client Configuration VMPS Configuration Guidelines Configuring the VMPS Client Entering the IP Address of the VMPS Configuring Dynamic Access Ports on VMPS Clients Reconfirming VLAN Memberships Changing the Reconfirmation Interval Changing the Retry Count Monitoring the VMPS Troubleshooting Dynamic Port VLAN Membership VMPS Configuration Example 17-32 Configuring VTP Understanding VTP The VTP Domain VTP Modes VTP Advertisements VTP Version 2 VTP Pruning Page Configuring VTP Default VTP Configuration VTP Configuration Options VTP Configuration in Global Configuration Mode VTP Configuration in VLAN Configuration Mode VTP Configuration Guidelines Domain Names Passwords Upgrading from Previous Software Releases VTP Version Configuring a VTP Server Page Configuring a VTP Client Disabling VTP (VTP Transparent Mode) Enabling VTP Version 2 Enabling VTP Pruning Adding a VTP Client Switch to a VTP Domain Page Monitoring VTP Configuring Voice VLAN Understanding Voice VLAN Configuring Voice VLAN Default Voice VLAN Configuration Voice VLAN Configuration Guidelines Configuring a Port to Connect to a Cisco 7960 IP Phone Configuring Ports to Carry Voice Traffic in 802.1Q Frames Configuring Ports to Carry Voice Traffic in 802.1p Priority-Tagged Frames Overriding the CoS Priority of Incoming Data Frames Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames Displaying Voice VLAN Configuring DHCP Features Understanding DHCP Features DHCP Server DHCP Relay Agent DHCP Snooping Option-82 Data Insertion Page Configuring DHCP Features Default DHCP Configuration Circuit ID Suboption Frame Format Remote ID Suboption Frame Format DHCP Snooping Configuration Guidelines Configuring the DHCP Server Enabling DHCP Snooping and Option 82 Displaying DHCP Information Displaying a Binding Table Displaying the DHCP Snooping Configuration Configuring IGMP Snooping and MVR Understanding IGMP Snooping IGMP Versions Joining a Multicast Group Leaving a Multicast Group Immediate-Leave Processing IGMP Report Suppression Source-Only Networks Configuring IGMP Snooping Default IGMP Snooping Configuration Enabling or Disabling IGMP Snooping Setting the Snooping Method Configuring a Multicast Router Port Configuring a Host Statically to Join a Group Enabling IGMP Immediate-Leave Processing Disabling IGMP Report Suppression Disabling IP Multicast-Source-Only Learning Configuring the Aging Time Displaying IGMP Snooping Information Understanding Multicast VLAN Registration Using MVR in a Multicast Television Application Page Configuring MVR Default MVR Configuration MVR Configuration Guidelines and Limitations Configuring MVR Global Parameters Configuring MVR Interfaces Page Displaying MVR Information Configuring IGMP Filtering and Throttling Default IGMP Filtering and Throttling Configuration Configuring IGMP Profiles Page Applying IGMP Profiles Setting the Maximum Number of IGMP Groups Configuring the IGMP Throttling Action Page Displaying IGMP Filtering and Throttling Configuration Page Configuring Port-Based Traffic Control Configuring Storm Control Understanding Storm Control Default Storm Control Configuration Enabling Storm Control Page Disabling Storm Control Configuring Protected Ports Configuring Port Blocking Blocking Flooded Traffic on an Interface Resuming Normal Forwarding on a Port Configuring Port Security Understanding Port Security Secure MAC Addresses Security Violations Default Port Security Configuration Port Security Configuration Guidelines Enabling and Configuring Port Security Page Enabling and Configuring Port Security Aging Displaying Port-Based Traffic Control Settings Page Configuring UDLD Understanding UDLD Modes of Operation Methods to Detect Unidirectional Links Page Configuring UDLD Default UDLD Configuration Enabling UDLD Globally Enabling UDLD on an Interface Resetting an Interface Shut Down by UDLD Page Page Configuring CDP Understanding CDP Configuring CDP Default CDP Configuration Configuring the CDP Characteristics Disabling and Enabling CDP Disabling and Enabling CDP on an Interface Monitoring and Maintaining CDP Page Configuring SPAN and RSPAN Understanding SPAN and RSPAN Page SPAN and RSPAN Concepts and Terminology SPAN Session Traffic Types Source Port Destination Port Reflector Port SPAN Traffic SPAN and RSPAN Interaction with Other Features SPAN and RSPAN Session Limits Default SPAN and RSPAN Configuration Configuring SPAN SPAN Configuration Guidelines Creating a SPAN Session and Specifying Ports to Monitor Creating a SPAN Session and Enabling Ingress Traffic Page Removing Ports from a SPAN Session Configuring RSPAN RSPAN Configuration Guidelines Configuring a VLAN as an RSPAN VLAN Creating an RSPAN Source Session Page Creating an RSPAN Destination Session Removing Ports from an RSPAN Session Displaying SPAN and RSPAN Status Page Configuring RMON Understanding RMON Configuring RMON Default RMON Configuration Configuring RMON Alarms and Events Page Configuring RMON Collection on an Interface Displaying RMON Status Configuring System Message Logging Understanding System Message Logging Configuring System Message Logging System Log Message Format Default System Message Logging Configuration Disabling and Enabling Message Logging Setting the Message Display Destination Device Page Synchronizing Log Messages Enabling and Disabling Timestamps on Log Messages Enabling and Disabling Sequence Numbers in Log Messages Defining the Message Severity Level Page Limiting Syslog Messages Sent to the History Table and to SNMP Configuring UNIX Syslog Servers Logging Messages to a UNIX Syslog Daemon Configuring the UNIX System Logging Facility Page Page Page Configuring SNMP Understanding SNMP SNMP Versions SNMP Manager Functions SNMP Agent Functions SNMP Community Strings Using SNMP to Access MIB Variables SNMP Notifications Configuring SNMP Default SNMP Configuration SNMP Configuration Guidelines Disabling the SNMP Agent Configuring Community Strings Page Configuring SNMP Groups and Users Page Configuring SNMP Notifications Page Page Setting the Agent Contact and Location Information Limiting TFTP Servers Used Through SNMP SNMP Examples Displaying SNMP Status Configuring Understanding ACLs Handling Fragmented and Unfragmented Traffic Understanding Access Control Parameters Guidelines for Applying ACLs to Physical Interfaces Configuring ACLs Unsupported Features Creating Standard and Extended IP ACLs ACL Numbers Creating a Numbered Standard ACL Creating a Numbered Extended ACL Page Page Creating Named Standard and Extended ACLs Page Applying Time Ranges to ACLs Page Including Comments About Entries in ACLs Creating Named MAC Extended ACLs Creating MAC Access Groups Applying ACLs to Terminal Lines or Physical Interfaces Applying ACLs to a Terminal Line Applying ACLs to a Physical Interface Displaying ACL Information Displaying ACLs 29-22 This example shows all standard and extended ACLs: This example shows only IP standard and extended ACLs. Displaying Access Groups Note This feature is available only if your switch is running the EI . Examples for Compiling ACLs Page Numbered ACL Examples Extended ACL Examples Named ACL Example Commented IP ACL Entry Examples Page Configuring Understanding QoS Page Basic QoS Model Classification Classification Based on QoS ACLs Classification Based on Class Maps and Policy Maps Policing and Marking Mapping Tables Queueing and Scheduling How Class of Service Works Port Priority Port Scheduling Configuring Auto-QoS Generated Auto-QoS Configuration Page Page Effects of Auto-QoS on the Configuration Upgrading from a Previous Software Release Enabling Auto-QoS for VoIP Displaying Auto-QoS Information 30-16 Auto-QoS Configuration Example Page Configuring Standard QoS Default Standard QoS Configuration Page Configuring Classification Using Port Trust States Configuring the Trust State on Ports within the QoS Domain Page Page Configuring the CoS Value for an Interface Configuring Trusted Boundary Page Enabling Pass-Through Mode Configuring a QoS Policy Classifying Traffic by Using ACLs Page Page Classifying Traffic by Using Class Maps Classifying, Policing, and Marking Traffic by Using Policy Maps Page Page Configuring CoS Maps Configuring the CoS-to-DSCP Map Configuring the DSCP-to-CoS Map Configuring the Egress Queues Configuring CoS Priority Queues Configuring WRR Priority Enabling the Expedite Queue and Configuring WRR Priority Displaying Standard QoS Information Standard QoS Configuration Examples QoS Configuration for the Existing Wiring Closet QoS Configuration for the Intelligent Wiring Closet Page Configuring EtherChannels Understanding EtherChannels Understanding Port-Channel Interfaces Understanding the Port Aggregation Protocol and Link Aggregation Protocol PAgP and LACP Modes Exchanging PAgP Packets Exchanging LACP Packets Physical Learners and Aggregate-Port Learners PAgP and LACP Interaction with Other Features Understanding Load Balancing and Forwarding Methods Configuring EtherChannels Default EtherChannel Configuration EtherChannel Configuration Guidelines Configuring Layer 2 EtherChannels Page Configuring EtherChannel Load Balancing Configuring the PAgP Learn Method and Priority Configuring the LACP Port Priority Configuring Hot Standby Ports Configuring the LACP System Priority Displaying EtherChannel, PAgP, and LACP Status Troubleshooting Using Recovery Procedures Recovering from Corrupted Software Recovering from Lost or Forgotten Passwords on Non-LRE Catalyst 2950 Switches Page Recovering from Lost or Forgotten Passwords on Catalyst 2950 LRE Switches Password Recovery with Password Recovery Enabled Procedure with Password Recovery Disabled Page Recovering from Lost or Forgotten Passwords on Catalyst 2955 Switches Page Recovering from a Command Switch Failure Replacing a Failed Command Switch with a Cluster Member Replacing a Failed Command Switch with Another Switch Page Recovering from Lost Member Connectivity Preventing Autonegotiation Mismatches GBIC and SFP Module Security and Identification Diagnosing Connectivity Problems Using Ping Understanding Ping Executing Ping Using Layer 2 Traceroute Understanding Layer 2 Traceroute Usage Guidelines Displaying the Physical Path Diagnosing LRE Connection Problems Using Debug Commands Enabling Debugging on a Specific Feature Enabling All-System Diagnostics Redirecting Debug and Error Message Output Using the debug auto qos Command Using the show controllers Commands Using the crashinfo File Page APPENDIX A Supported MIBs MIB List Page Using FTP to Access the MIB Files Page APPENDIX B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information about Files on a File System Changing Directories and Displaying the Working Directory Creating and Removing Directories Copying Files Deleting Files Creating, Displaying, and Extracting tar Files Creating a tar File Displaying the Contents of a tar File Extracting a tar File Displaying the Contents of a File Working with Configuration Files Guidelines for Creating and Using Configuration Files Configuration File Types and Location Creating a Configuration File By Using a Text Editor Copying Configuration Files By Using TFTP Preparing to Download or Upload a Configuration File By Using TFTP Downloading the Configuration File By Using TFTP Uploading the Configuration File By Using TFTP Copying Configuration Files By Using FTP Preparing to Download or Upload a Configuration File By Using FTP Downloading a Configuration File By Using FTP Uploading a Configuration File By Using FTP Copying Configuration Files By Using RCP Preparing to Download or Upload a Configuration File By Using RCP Downloading a Configuration File By Using RCP Uploading a Configuration File By Using RCP Clearing Configuration Information Clearing the Startup Configuration File Deleting a Stored Configuration File Working with Software Images Image Location on the Switch tar File Format of Images on a Server or Cisco.com Copying Image Files By Using TFTP Preparing to Download or Upload an Image File By Using TFTP Downloading an Image File By Using TFTP Uploading an Image File By Using TFTP Copying Image Files By Using FTP Preparing to Download or Upload an Image File By Using FTP Downloading an Image File By Using FTP Page Uploading an Image File By Using FTP Copying Image Files By Using RCP Preparing to Download or Upload an Image File By Using RCP Downloading an Image File By Using RCP Page Uploading an Image File By Using RCP Page INDEX Numerics A Page B C Page Page Page D Page E F G H I Page J L M Page Page N O P Page Q Page R Page S Page Page Page T Page U V Page W X