Manuals / Brands / Computer Equipment / Switch / Cisco Systems / Computer Equipment / Switch

Cisco Systems 2960 Default Port Security Configuration, Port Security Configuration Guidelines

1 680

Download 680 pages, 7.98 Mb

21-10

Catalyst 2960 Switch SoftwareConfiguration Guide

78-16881-01

Chapter21 Configuring Port-Based Traffic Control

Configuring Port Security

Default Port Security Configuration

Table21-2 shows the default port security configuration for an interface.

Port Security Configuration Guidelines

Follow these guidelines when configuring port security:

•Port security can only be configured on static access ports or trunk ports. A secure port cannot be a

dynamic access port.

•A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

•A secure port cannot belong to a Fast EtherChannel or a Gigabit EtherChannel port group.

Note Voice VLAN is only supported on access ports and not on trunk ports, even though the

configuration is allowed.

•When you enable port security on an interface that is also configured with a voice VLAN, you must

set the maximum allowed secure addresses on the port to two plus the maximum number of secure

addresses allowed on the access VLAN. When the port is connected to a Cisco IP Phone, the IP

phone requires up to two MAC addresses. The IP phone address is learned on the voice VLAN and

might also be learned on the access VLAN. Connecting a PC to the IP phone requires additional

MAC addresses.

•When you enter a maximum secure address value for an interface, and the new value is greater than

the previous value, the new value overwrites the previously configured value. If the new value is less

than the previous value and the number of configured secure addresses on the interface exceeds the

new value, the command is rejected.

•The switch does not support port security aging of sticky secure MAC addresses.

Table21-2 Default Port Security Configuration

Feature Default Setting

Port security Disabled on a port.

Sticky address learning Disabled.

Maximum number of secure

MAC addresses per port

1.

Violation mode Shutdown. The port shuts down when the maximum number of

secure MAC addresses is exceeded.

Port security aging Disabled. Aging time is 0.

Static aging is disabled.

Type is absolute.

Contents

Main Catalyst 2960 Switch Software Configuration Guide Page CONTENTS Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Preface Audience Purpose Conventions Related Publications Obtaining Documentation Cisco.com Product Documentation DVD Ordering Documentation Documentation Feedback Cisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical Assistance Cisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request Severity Obtaining Additional Publications and Information Page Overview Features Ease-of-Use and Ease-of-Deployment Features Performance Features Management Options Manageability Features Availability Features VLAN Features Security Features QoS and CoS Features Monitoring Features Default Settings After Initial Switch Configuration Page Page Network Configuration Examples Design Concepts for Using the Switch Page Page Small to Medium-Sized Network Using Catalyst 2960 Switches Long-Distance, High-Bandwidth Transport Configuration 1-16 Where to Go Next Before configuring the switch, review these sections for startup information: Using the Command-Line Interface Understanding Command Modes Page Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Using Command History Changing the Command History Buffer Size Recalling Commands Disabling the Command History Feature Using Editing Features Enabling and Disabling Editing Features Editing Commands through Keystrokes Editing Command Lines that Wrap Searching and Filtering Output of show and more Commands Accessing the CLI Accessing the CLI through a Console Connection or through Telnet Assigning the Switch IP Address and Default Gateway Understanding the Boot Process Assigning Switch Information Default Switch Information Understanding DHCP-Based Autoconfiguration DHCP Client Request Process Configuring DHCP-Based Autoconfiguration DHCP Server Configuration Guidelines Configuring the TFTP Server Configuring the DNS Configuring the Relay Device Obtaining Configuration Files Example Configuration Manually Assigning IP Information Checking and Saving the Running Configuration Modifying the Startup Configuration Default Boot Configuration Automatically Downloading a Configuration File Specifying the Filename to Read and Write the System Configuration Booting Manually Booting a Specific Software Image Controlling Environment Variables Scheduling a Reload of the Software Image Configuring a Scheduled Reload Displaying Scheduled Reload Information Page Configuring IE2100 CNS Agents Understanding IE2100 Series Configuration Registrar Software CNS Configuration Service CNS Event Service NameSpace Mapper What You Should Know About ConfigID, DeviceID, and Hostname ConfigID DeviceID Hostname and DeviceID Using Hostname, DeviceID, and ConfigID Understanding CNS Embedded Agents Initial Configuration V Incremental (Partial) Configuration Synchronized Configuration Configuring CNS Embedded Agents Enabling Automated CNS Configuration Page Enabling the CNS Event Agent Enabling the CNS Configuration Agent Enabling an Initial Configuration Page Page Enabling a Partial Configuration Displaying CNS Configuration Page Clustering Switches Understanding Switch Clusters Clustering Overview Cluster Command Switch Characteristics Standby Cluster Command Switch Characteristics Candidate Switch and Cluster Member Switch Characteristics Using the CLI to Manage Switch Clusters Catalyst 1900 and Catalyst 2820 CLI Considerations Using SNMP to Manage Switch Clusters Page Page Administering the Switch Managing the System Time and Date Understanding the System Clock Understanding Network Time Protocol Page Configuring NTP Default NTP Configuration Configuring NTP Authentication Configuring NTP Associations Configuring NTP Broadcast Service Configuring NTP Access Restrictions Creating an Access Group and Assigning a Basic IP Access List Disabling NTP Services on a Specific Interface Configuring the Source IP Address for NTP Packets Displaying the NTP Configuration Configuring Time and Date Manually Setting the System Clock Displaying the Time and Date Configuration Configuring the Time Zone Configuring Summer Time (Daylight Saving Time) Configuring a System Name and Prompt Default System Name and Prompt Configuration Configuring a System Name Understanding DNS Default DNS Configuration Setting Up DNS Displaying the DNS Configuration Creating a Banner Default Banner Configuration Configuring a Message-of-the-Day Login Banner Configuring a Login Banner Managing the MAC Address Table Building the Address Table MAC Addresses and VLANs Default MAC Address Table Configuration Changing the Address Aging Time Removing Dynamic Address Entries Configuring MAC Address Notification Traps Page Adding and Removing Static Address Entries Configuring Unicast MAC Address Filtering Displaying Address Table Entries Managing the ARP Table Configuring SDM Templates Understanding the SDM Templates Configuring the Switch SDM Template Default SDM Template SDM Template Configuration Guidelines Setting the SDM Template Displaying the SDM Templates Page Configuring Switch-Based Authentication Preventing Unauthorized Access to Your Switch Protecting Access to Privileged EXEC Commands Default Password and Privilege Level Configuration Setting or Changing a Static Enable Password Protecting Enable and Enable Secret Passwords with Encryption Page Disabling Password Recovery Setting a Telnet Password for a Terminal Line Configuring Username and Password Pairs Configuring Multiple Privilege Levels Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Logging into and Exiting a Privilege Level Controlling Switch Access with TACACS+ Understanding TACACS+ Page TACACS+ Operation Configuring TACACS+ Default TACACS+ Configuration Identifying the TACACS+ Server Host and Setting the Authentication Key Configuring TACACS+ Login Authentication Page Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services Starting TACACS+ Accounting Displaying the TACACS+ Configuration Controlling Switch Access with RADIUS Understanding RADIUS RADIUS Operation Configuring RADIUS Default RADIUS Configuration Identifying the RADIUS Server Host Page Page Configuring RADIUS Login Authentication Page Defining AAA Server Groups Page Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Configuring Settings for All RADIUS Servers Configuring the Switch to Use Vendor-Specific RADIUS Attributes Configuring the Switch for Vendor-Proprietary RADIUS Server Communication Displaying the RADIUS Configuration Authorization Configuring the Switch for Secure Shell Understanding SSH SSH Servers, Integrated Clients, and Supported Versions Limitations Configuring SSH Configuration Guidelines Setting Up the Switch to Run SSH Configuring the SSH Server Displaying the SSH Configuration and Status Configuring the Switch for Secure Socket Layer HTTP Understanding Secure HTTP Servers and Clients Certificate Authority Trustpoints Page CipherSuites Configuring Secure HTTP Servers and Clients Default SSL Configuration SSL Configuration Guidelines Configuring a CA Trustpoint Configuring the Secure HTTP Server Configuring the Secure HTTP Client Displaying Secure HTTP Server and Client Status Page Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Port-Based Authentication Device Roles Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States IEEE 802.1x Accounting IEEE 802.1x Accounting Attribute-Value Pairs IEEE 802.1x Host Mode Using IEEE 802.1x with Port Security Using IEEE 802.1x with Voice VLAN Ports Using IEEE 802.1x with VLAN Assignment Page Using IEEE 802.1x with Guest VLAN Default IEEE 802.1x Configuration IEEE 802.1x Configuration Guidelines Configuring IEEE 802.1x Authentication Page Configuring the Switch-to-RADIUS-Server Communication Configuring Periodic Re-Authentication Manually Re-Authenticating a Client Connected to a Port Changing the Quiet Period Changing the Switch-to-Client Retransmission Time Setting the Switch-to-Client Frame-Retransmission Number Setting the Re-Authentication Number Configuring the Host Mode Configuring a Guest VLAN Resetting the IEEE 802.1x Configuration to the Default Values Configuring IEEE 802.1x Accounting Displaying IEEE 802.1x Statistics and Status Configuring Interface Characteristics Understanding Interface Types Port-Based VLANs Switch Ports Access Ports Trunk Ports EtherChannel Port Groups Dual-Purpose Uplink Ports Connecting Interfaces Using Interface Configuration Mode Procedures for Configuring Interfaces Configuring a Range of Interfaces Configuring and Using Interface Range Macros Page Configuring Ethernet Interfaces Default Ethernet Interface Configuration Configuring Interface Speed and Duplex Mode Speed and Duplex Configuration Guidelines Setting the Type of a Dual-Purpose Uplink Port Page Setting the Interface Speed and Duplex Parameters Configuring IEEE 802.3x Flow Control Configuring Auto-MDIX on an Interface Adding a Description for an Interface Configuring the System MTU Page Monitoring and Maintaining the Interfaces Monitoring Interface Status Clearing and Resetting Interfaces and Counters Shutting Down and Restarting the Interface Page Configuring Smartports Macros Understanding Smartports Macros Configuring Smartports Macros Default Smartports Macro Configuration Smartports Macro Configuration Guidelines Creating Smartports Macros Applying Smartports Macros Applying Cisco-Default Smartports Macros Page Displaying Smartports Macros Configuring VLANs Understanding VLANs Supported VLANs VLAN Port Membership Modes Configuring Normal-Range VLANs Token Ring VLANs Normal-Range VLAN Configuration Guidelines VLAN Configuration Mode Options VLAN Configuration in config-vlan Mode VLAN Configuration in VLAN Database Configuration Mode Saving VLAN Configuration Default Ethernet VLAN Configuration Creating or Modifying an Ethernet VLAN Deleting a VLAN Assigning Static-Access Ports to a VLAN Configuring Extended-Range VLANs Default VLAN Configuration Extended-Range VLAN Configuration Guidelines Creating an Extended-Range VLAN Displaying VLANs Configuring VLAN Trunks Trunking Overview IEEE 802.1Q Configuration Considerations Default Layer 2 Ethernet Interface VLAN Configuration Configuring an Ethernet Interface as a Trunk Port Interaction with Other Features Configuring a Trunk Port Defining the Allowed VLANs on a Trunk Changing the Pruning-Eligible List Configuring the Native VLAN for Untagged Traffic Configuring Trunk Ports for Load Sharing Load Sharing Using STP Port Priorities Page Load Sharing Using STP Path Cost Configuring VMPS Understanding VMPS Dynamic-Access Port VLAN Membership Default VMPS Client Configuration VMPS Configuration Guidelines Configuring the VMPS Client Entering the IP Address of the VMPS Configuring Dynamic-Access Ports on VMPS Clients Reconfirming VLAN Memberships Changing the Reconfirmation Interval Changing the Retry Count Monitoring the VMPS Troubleshooting Dynamic-Access Port VLAN Membership VMPS Configuration Example 12-30 Configuring VTP Understanding VTP The VTP Domain VTP Modes VTP Advertisements VTP Version 2 VTP Pruning Page Configuring VTP Default VTP Configuration VTP Configuration Options VTP Configuration in Global Configuration Mode VTP Configuration in VLAN Database Configuration Mode VTP Configuration Guidelines Domain Names Passwords VTP Version Configuration Requirements Configuring a VTP Server Page Configuring a VTP Client Disabling VTP (VTP Transparent Mode) Enabling VTP Version 2 Enabling VTP Pruning Adding a VTP Client Switch to a VTP Domain Page Monitoring VTP Configuring Voice VLAN Understanding Voice VLAN Cisco IP Phone Voice Traffic Cisco IP Phone Data Traffic Configuring Voice VLAN Default Voice VLAN Configuration Voice VLAN Configuration Guidelines Configuring a Port Connected to a Cisco 7960 IP Phone Configuring IP Phone Voice Traffic Configuring the Priority of Incoming Data Frames Displaying Voice VLAN Configuring STP Understanding Spanning-Tree Features STP Overview Spanning-Tree Topology and BPDUs Bridge ID, Switch Priority, and Extended System ID Spanning-Tree Interface States Page Blocking State Listening State Learning State Forwarding State Disabled State How a Switch or Port Becomes the Root Switch or Root Port Spanning Tree and Redundant Connectivity Spanning-Tree Address Management Accelerated Aging to Retain Connectivity Spanning-Tree Modes and Protocols Supported Spanning-Tree Instances Spanning-Tree Interoperability and Backward Compatibility STP and IEEE 802.1Q Trunks Configuring Spanning-Tree Features Default Spanning-Tree Configuration Spanning-Tree Configuration Guidelines Changing the Spanning-Tree Mode. Disabling Spanning Tree Configuring the Root Switch Configuring a Secondary Root Switch Configuring Port Priority Configuring Path Cost Page Configuring the Switch Priority of a VLAN Configuring Spanning-Tree Timers Configuring the Hello Time Configuring the Forwarding-Delay Time for a VLAN Configuring the Maximum-Aging Time for a VLAN Displaying the Spanning-Tree Status Configuring MSTP Understanding MSTP Multiple Spanning-Tree Regions IST, CIST, and CST Operations Within an MST Region Operations Between MST Regions Hop Count Boundary Ports Interoperability with IEEE 802.1D STP Understanding RSTP Port Roles and the Active Topology Rapid Convergence Synchronization of Port Roles Bridge Protocol Data Unit Format and Processing Processing Superior BPDU Information Processing Inferior BPDU Information Topology Changes Configuring MSTP Features Default MSTP Configuration MSTP Configuration Guidelines Specifying the MST Region Configuration and Enabling MSTP Configuring the Root Switch Configuring a Secondary Root Switch Configuring Port Priority Configuring Path Cost Configuring the Switch Priority Configuring the Hello Time Configuring the Forwarding-Delay Time Configuring the Maximum-Aging Time Configuring the Maximum-Hop Count Specifying the Link Type to Ensure Rapid Transitions Restarting the Protocol Migration Process Displaying the MST Configuration and Status Configuring Optional Spanning-Tree Features Understanding Optional Spanning-Tree Features Understanding Port Fast Understanding BPDU Guard Understanding BPDU Filtering Understanding UplinkFast Understanding BackboneFast Understanding EtherChannel Guard Understanding Root Guard Understanding Loop Guard Configuring Optional Spanning-Tree Features Default Optional Spanning-Tree Configuration Optional Spanning-Tree Configuration Guidelines Enabling Port Fast Enabling BPDU Guard Enabling BPDU Filtering Enabling UplinkFast for Use with Redundant Links Enabling BackboneFast Enabling EtherChannel Guard Enabling Root Guard Enabling Loop Guard Displaying the Spanning-Tree Status Configuring Flex Links Understanding Flex Links Configuring Flex Links Default Flex Link Configuration Flex Link Configuration Guidelines Configuring Flex Links Monitoring Flex Links Page Configuring DHCP Features Understanding DHCP Features DHCP Server DHCP Relay Agent DHCP Snooping Option-82 Data Insertion Page DHCP Snooping Binding Database Circuit ID Suboption Frame Format Remote ID Suboption Frame Format Configuring DHCP Features Default DHCP Configuration DHCP Snooping Configuration Guidelines Configuring the DHCP Relay Agent Enabling DHCP Snooping and Option 82 Enabling the DHCP Snooping Binding Database Agent Displaying DHCP Snooping Information Page Configuring IGMP Snooping and MVR Understanding IGMP Snooping IGMP Versions Joining a Multicast Group Leaving a Multicast Group Immediate Leave IGMP Configurable-Leave Timer IGMP Report Suppression Configuring IGMP Snooping Default IGMP Snooping Configuration Enabling or Disabling IGMP Snooping Setting the Snooping Method Configuring a Multicast Router Port Configuring a Host Statically to Join a Group Enabling IGMP Immediate Leave Configuring the IGMP Leave Timer Configuring TCN-Related Commands Controlling the Multicast Flooding Time After a TCN Event Recovering from Flood Mode Disabling Multicast Flooding During a TCN Event Configuring the IGMP Snooping Querier Disabling IGMP Report Suppression Displaying IGMP Snooping Information Page Understanding Multicast VLAN Registration Using MVR in a Multicast Television Application Page Configuring MVR Default MVR Configuration MVR Configuration Guidelines and Limitations Configuring MVR Global Parameters Configuring MVR Interfaces Displaying MVR Information Configuring IGMP Filtering and Throttling Default IGMP Filtering and Throttling Configuration Configuring IGMP Profiles Applying IGMP Profiles Setting the Maximum Number of IGMP Groups Configuring the IGMP Throttling Action Page Displaying IGMP Filtering and Throttling Configuration Page Configuring Port-Based Traffic Control Configuring Storm Control Understanding Storm Control Page Default Storm Control Configuration Configuring Storm Control and Threshold Levels Page Configuring Protected Ports Default Protected Port Configuration Protected Port Configuration Guidelines Configuring a Protected Port Configuring Port Blocking Default Port Blocking Configuration Blocking Flooded Traffic on an Interface Configuring Port Security Understanding Port Security Secure MAC Addresses Security Violations Default Port Security Configuration Port Security Configuration Guidelines Enabling and Configuring Port Security Page Page Page Enabling and Configuring Port Security Aging Displaying Port-Based Traffic Control Settings Configuring CDP Understanding CDP Configuring CDP Default CDP Configuration Configuring the CDP Characteristics Disabling and Enabling CDP Disabling and Enabling CDP on an Interface Monitoring and Maintaining CDP Page Configuring SPAN and RSPAN Understanding SPAN and RSPAN Local SPAN Remote SPAN SPAN and RSPAN Concepts and Terminology SPAN Sessions Monitored Traffic Source Ports Source VLANs VLAN Filtering Destination Port Page RSPAN VLAN SPAN and RSPAN Interaction with Other Features Configuring SPAN and RSPAN Default SPAN and RSPAN Configuration Configuring Local SPAN SPAN Configuration Guidelines Creating a Local SPAN Session Page Page Creating a Local SPAN Session and Configuring Incoming Traffic Page Specifying VLANs to Filter Configuring RSPAN RSPAN Configuration Guidelines Configuring a VLAN as an RSPAN VLAN Creating an RSPAN Source Session Creating an RSPAN Destination Session Creating an RSPAN Destination Session and Configuring Incoming Traffic Page Specifying VLANs to Filter Displaying SPAN and RSPAN Status Page Configuring UDLD Understanding UDLD Modes of Operation Methods to Detect Unidirectional Links Page Configuring UDLD Default UDLD Configuration Configuration Guidelines Enabling UDLD Globally Enabling UDLD on an Interface Resetting an Interface Disabled by UDLD Displaying UDLD Status Configuring RMON Understanding RMON Configuring RMON Default RMON Configuration Configuring RMON Alarms and Events Page Collecting Group History Statistics on an Interface Collecting Group Ethernet Statistics on an Interface Displaying RMON Status Configuring System Message Logging Understanding System Message Logging Configuring System Message Logging System Log Message Format Default System Message Logging Configuration Disabling Message Logging Setting the Message Display Destination Device Synchronizing Log Messages Page Enabling and Disabling Time Stamps on Log Messages Enabling and Disabling Sequence Numbers in Log Messages Defining the Message Severity Level Limiting Syslog Messages Sent to the History Table and to SNMP Configuring UNIX Syslog Servers Logging Messages to a UNIX Syslog Daemon Configuring the UNIX System Logging Facility Displaying the Logging Configuration Configuring SNMP Understanding SNMP SNMP Versions SNMP Manager Functions SNMP Agent Functions SNMP Community Strings Using SNMP to Access MIB Variables SNMP Notifications SNMP ifIndex MIB Object Values Configuring SNMP Default SNMP Configuration SNMP Configuration Guidelines Disabling the SNMP Agent Configuring Community Strings Configuring SNMP Groups and Users Page Configuring SNMP Notifications Page Page Setting the Agent Contact and Location Information Limiting TFTP Servers Used Through SNMP SNMP Examples Displaying SNMP Status Configuring Network Security with ACLs Understanding ACLs Port ACLs Handling Fragmented and Unfragmented Traffic Configuring IPv4 ACLs Creating Standard and Extended IPv4 ACLs Access List Numbers Creating a Numbered Standard ACL Creating a Numbered Extended ACL Page Page Page Resequencing ACEs in an ACL Creating Named Standard and Extended ACLs Page Using Time Ranges with ACLs Including Comments in ACLs Applying an IPv4 ACL to a Terminal Line Applying an IPv4 ACL to an Interface Hardware and Software Treatment of IP ACLs IPv4 ACL Configuration Examples Numbered ACLs Extended ACLs Named ACLs Time Range Applied to an IP ACL Commented IP ACL Entries Creating Named MAC Extended ACLs Applying a MAC ACL to a Layer 2 Interface Displaying IPv4 ACL Configuration Configuring QoS Understanding QoS Page Basic QoS Model Page Classification 29-6 Classification Based on QoS ACLs Classification Based on Class Maps and Policy Maps Policing and Marking Policing on Physical Ports Mapping Tables Queueing and Scheduling Overview Weighted Tail Drop SRR Shaping and Sharing Queueing and Scheduling on Ingress Queues WTD Thresholds Buffer and Bandwidth Allocation Priority Queueing Queueing and Scheduling on Egress Queues Page Buffer and Memory Allocation WTD Thresholds Shaped or Shared Mode Packet Modification Configuring Auto-QoS Generated Auto-QoS Configuration Page Page 29-22 The switch automatically maps DSCP values to an ingress queue and to a threshold ID. The switch automatically maps DSCP values to an egress queue and to a threshold ID. Table29-5 Generated Auto-QoS Configuration (continued) Description Automatically Generated Command Page Effects of Auto-QoS on the Configuration Auto-QoS Configuration Guidelines Enabling Auto-QoS for VoIP 29-26 Auto-QoS Configuration Example Page Displaying Auto-QoS Information Configuring Standard QoS Default Standard QoS Configuration Default Ingress Queue Configuration Default Egress Queue Configuration Default Mapping Table Configuration Standard QoS Configuration Guidelines QoS ACL Guidelines Policing Guidelines General QoS Guidelines Enabling QoS Globally Configuring Classification Using Port Trust States Configuring the Trust State on Ports within the QoS Domain Configuring the CoS Value for an Interface Configuring a Trusted Boundary to Ensure Port Security Enabling DSCP Transparency Mode Configuring the DSCP Trust State on a Port Bordering Another QoS Domain Page Configuring a QoS Policy Classifying Traffic by Using ACLs Page Page Classifying Traffic by Using Class Maps Page Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps Page Page Classifying, Policing, and Marking Traffic by Using Aggregate Policers Page Page Configuring DSCP Maps Configuring the CoS-to-DSCP Map Configuring the IP-Precedence-to-DSCP Map Configuring the Policed-DSCP Map Configuring the DSCP-to-CoS Map Configuring the DSCP-to-DSCP-Mutation Map Page Configuring Ingress Queue Characteristics Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds Page Allocating Buffer Space Between the Ingress Queues Allocating Bandwidth Between the Ingress Queues Configuring the Ingress Priority Queue Configuring Egress Queue Characteristics Configuration Guidelines Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set Page Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID Page Configuring SRR Shaped Weights on Egress Queues Configuring SRR Shared Weights on Egress Queues Configuring the Egress Expedite Queue Limiting the Bandwidth on an Egress Interface Displaying Standard QoS Information Page Configuring EtherChannels Understanding EtherChannels EtherChannel Overview Port-Channel Interfaces Port Aggregation Protocol PAgP Modes PAgP Interaction with Other Features Link Aggregation Control Protocol LACP Modes LACP Interaction with Other Features EtherChannel On Mode Load Balancing and Forwarding Methods Page Configuring EtherChannels Default EtherChannel Configuration EtherChannel Configuration Guidelines Configuring Layer 2 EtherChannels Page Configuring EtherChannel Load Balancing Configuring the PAgP Learn Method and Priority Configuring LACP Hot-Standby Ports Configuring the LACP System Priority Configuring the LACP Port Priority Displaying EtherChannel, PAgP, and LACP Status Page Page Troubleshooting Recovering from a Software Failure Recovering from a Lost or Forgotten Password Procedure with Password Recovery Enabled Page Procedure with Password Recovery Disabled Recovering from a Command Switch Failure Replacing a Failed Command Switch with a Cluster Member Replacing a Failed Command Switch with Another Switch Page Recovering from Lost Cluster Member Connectivity Preventing Autonegotiation Mismatches SFP Module Security and Identification Monitoring SFP Module Status Using Ping Understanding Ping Executing Ping Using Layer 2 Traceroute Understanding Layer 2 Traceroute Usage Guidelines Displaying the Physical Path Using IP Traceroute Understanding IP Traceroute Executing IP Traceroute Using TDR Understanding TDR Running TDR and Displaying the Results Using Debug Commands Enabling Debugging on a Specific Feature Enabling All-System Diagnostics Redirecting Debug and Error Message Output Using the show platform forward Command 31-20 Using the crashinfo File Page A Supported MIBs MIB List Page Using FTP to Access the MIB Files Page B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information about Files on a File System Changing Directories and Displaying the Working Directory Creating and Removing Directories Copying Files Deleting Files Creating, Displaying, and Extracting tar Files Creating a tar File Displaying the Contents of a tar File Extracting a tar File Displaying the Contents of a File Working with Configuration Files Guidelines for Creating and Using Configuration Files Configuration File Types and Location Creating a Configuration File By Using a Text Editor Copying Configuration Files By Using TFTP Preparing to Download or Upload a Configuration File By Using TFTP Downloading the Configuration File By Using TFTP Uploading the Configuration File By Using TFTP Copying Configuration Files By Using FTP Preparing to Download or Upload a Configuration File By Using FTP Downloading a Configuration File By Using FTP Uploading a Configuration File By Using FTP Copying Configuration Files By Using RCP Preparing to Download or Upload a Configuration File By Using RCP Downloading a Configuration File By Using RCP Uploading a Configuration File By Using RCP Clearing Configuration Information Clearing the Startup Configuration File Deleting a Stored Configuration File Working with Software Images Image Location on the Switch tar File Format of Images on a Server or Cisco.com Copying Image Files By Using TFTP Preparing to Download or Upload an Image File By Using TFTP Downloading an Image File By Using TFTP Page Uploading an Image File By Using TFTP Copying Image Files By Using FTP Preparing to Download or Upload an Image File By Using FTP Downloading an Image File By Using FTP Page Uploading an Image File By Using FTP Copying Image Files By Using RCP Preparing to Download or Upload an Image File By Using RCP Page Downloading an Image File By Using RCP Uploading an Image File By Using RCP Page Page C Recommendations for Upgrading a Catalyst 2950 Switch to a Catalyst 2960 Switch Configuration Compatibility Issues Page Page Page Feature Behavior Incompatibilities Page D Unsupported Commands in Cisco IOS Release 12.2(25)FX Access Control Lists Debug Commands IGMP Snooping Commands Interface Commands Unsupported Interface Configuration Commands MAC Address Commands Miscellaneous Network Address Translation (NAT) Commands QoS RADIUS SNMP Spanning Tree VLAN VTP Page INDEX A Page B C Page Page D Page Page E F G H I Page J L M Page N O P Page Page Q Page R Page S Page Page Page Page T U V Page W X