Cisco Systems 3130 Configuring Network Security with ACLs

CHAPTE R

34-1

Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide

OL-13270-01

34

Configuring Network Security with ACLs

This chapter describes how to configure network security on the switch by using access co ntrol lists

(ACLs), which in commands and tables are also referred to as access lists.Unless otherwise noted, the

term switch refers to a standalone switch and to a switch stack.

Note Information in this chapter about IP ACLs is specific to IP Version 4 (IPv4). For information about IPv6

ACLs, se e Chapter 35, “Configuring IPv6 ACLs.”

For complete syntax and usage information for the commands used in this chapter, see the command

reference for this release, see the “Configuring IP Servi ces” section in the “IP Addressing and Services”

chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command

Reference, Volume 1 of 3: Addressing and Services, Release 12.2.

This chapter consists of these sections:

•Understanding ACLs, page 34-1

•Configuring IPv4 ACLs, page 34-7

•Creating Named MAC Extended ACLs, page 34-27

•Configuring VLAN Maps, page 34-30

•Using VLAN Maps with Router ACLs, page 34-36

•Displaying IPv4 ACL Configuration, page34-39

Understanding ACLs

Packet filtering can help limit network traffic and restrict network use by certain users or devices. A CLs

filter traffic as it passes through a router or switch and permit or deny packets crossing specified

interfaces or VLANs. An ACL is a sequential collection of permit and deny conditions that apply to

packets. When a packet is received on an interface, the switch compares the fields in the packet against

any applied ACLs to verify that the packet has the required permissions to be for warde d, base d o n th e

criteria specified in the access lists. One by one, it tests packets against the conditions in an access list.

The first match decides whether the switch accepts or rejects the packets. Because the switch stops

testing after the first match, the order of conditions in the list is critical. If no conditions match, the

switch rejects the packet. If there are no restrictions, the switch forwards the packet; otherwise, the

switch drops the packet. The switch can use ACLs on all packets it forwards, including packets bridged

within a VLAN.

Contents

Main Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide Page CONTENTS Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Preface Audience Purpose Conventions Related Publications Obtaining Documentation and Submitting a Service Request Page Overview Features Page Deployment Features Performance Features Management Options Manageability Features Availability and Redundancy Features VLAN Features Security Features QoS and CoS Features Page Layer 3 Features Monitoring Features Default Settings After Initial Switch Configuration Page Network Configuration Examples Design Concepts for Using the Switch Page Page Small to Medium-Sized Network Where to Go Next Using the Command-Line Interface Understanding Command Modes Page Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Using Configuration Logging Using Command History Changing the Command History Buffer Size Recalling Commands Disabling the Command History Feature Using Editing Features Enabling and Disabling Editing Features Editing Commands through Keystrokes Editing Command Lines that Wrap Searching and Filtering Output of show and more Commands Accessing the CLI Accessing the CLI through a Console Connection or through Telnet Page Assigning the Switch IP Address and Default Gateway Understanding the Boot Process Assigning Switch Information Default Switch Information Understanding DHCP-Based Autoconfiguration DHCP Client Request Process Configuring DHCP-Based Autoconfiguration DHCP Server Configuration Guidelines Configuring the TFTP Server Configuring the DNS Configuring the Relay Device Obtaining Configuration Files Example Configuration Page Manually Assigning IP Information 3-11 Checking and Saving the Running Configuration Modifying the Startup Configuration Default Boot Configuration Automatically Downloading a Configuration File Specifying the Filename to Read and Write the System Configuration Booting Manually Booting a Specific Software Image Controlling Environment Variables Page Scheduling a Reload of the Software Image Configuring a Scheduled Reload Displaying Scheduled Reload Information Configuring Cisco IOS CNS Agents Understanding Cisco Configuration Engine Software Configuration Service Event Service NameSpace Mapper What You Should Know About the CNS IDs and Device Hostnames ConfigID DeviceID Hostname and DeviceID Using Hostname, DeviceID, and ConfigID Understanding Cisco IOS Agents Initial Configuration V Incremental (Partial) Configuration Synchronized Configuration Configuring Cisco IOS Agents Enabling Automated CNS Configuration Page Enabling the CNS Event Agent Enabling the Cisco IOS CNS Agent Enabling an Initial Configuration Page Page Page Enabling a Partial Configuration Displaying CNS Configuration Managing Switch Stacks Understanding Switch Stacks Page Switch Stack Membership 5-4 5-5 Stack Master Election and Re-Election Page Switch Stack Bridge ID and Router MAC Address Stack Member Numbers Stack Member Priority Values Switch Stack Offline Configuration Effects of Adding a Provisioned Switch to a Switch Stack Page Effects of Replacing a Provisioned Switch in a Switch Stack Effects of Removing a Provisioned Switch from a Switch Stack Hardware Compatibility and SDM Mismatch Mode in Switch Stacks Switch Stack Software Compatibility Recommendations Stack Protocol Version Compatibility Major Version Number Incompatibility Among Switches Minor Version Number Incompatibility Among Switches Understanding Auto-Upgrade and Auto-Advise 5-14 Auto-Upgrade and Auto-Advise Example Messages 5-15 Incompatible Software and Stack Member Image Upgrades Switch Stack Configuration Files Additional Considerations for System-Wide Configuration on Switch Stacks Switch Stack Management Connectivity Connectivity to the Switch Stack Through an IP Address Connectivity to the Switch Stack Through an SSH Session Connectivity to the Switch Stack Through Console Ports or Ethernet Management Ports Connectivity to Specific Stack Members Switch Stack Configuration Scenarios Page Configuring the Switch Stack Default Switch Stack Configuration Enabling Persistent MAC Address Page Assigning Stack Member Information Assigning a Stack Member Number Setting the Stack Member Priority Value Provisioning a New Member for a Switch Stack Accessing the CLI of a Specific Stack Member Displaying Switch Stack Information Page Administering the Switch Managing the System Time and Date Understanding the System Clock Understanding Network Time Protocol Configuring NTP Default NTP Configuration Configuring NTP Authentication Configuring NTP Associations Configuring NTP Broadcast Service Page Configuring NTP Access Restrictions Creating an Access Group and Assigning a Basic IP Access List Page Disabling NTP Services on a Specific Interface Configuring the Source IP Address for NTP Packets Displaying the NTP Configuration Configuring Time and Date Manually Setting the System Clock Displaying the Time and Date Configuration Configuring the Time Zone Configuring Summer Time (Daylight Saving Time) Configuring a System Name and Prompt Default System Name and Prompt Configuration Configuring a System Name Understanding DNS Default DNS Configuration Setting Up DNS Displaying the DNS Configuration Creating a Banner Default Banner Configuration Configuring a Message-of-the-Day Login Banner Configuring a Login Banner Managing the MAC Address Table Building the Address Table MAC Addresses and VLANs MAC Addresses and Switch Stacks Default MAC Address Table Configuration Changing the Address Aging Time Removing Dynamic Address Entries Configuring MAC Address Notification Traps Page Adding and Removing Static Address Entries Configuring Unicast MAC Address Filtering Page Displaying Address Table Entries Managing the ARP Table Page Configuring Switch-Based Authentication Preventing Unauthorized Access to Your Switch Protecting Access to Privileged EXEC Commands Default Password and Privilege Level Configuration Setting or Changing a Static Enable Password Protecting Enable and Enable Secret Passwords with Encryption Page Disabling Password Recovery Setting a Telnet Password for a Terminal Line Configuring Username and Password Pairs Configuring Multiple Privilege Levels Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Logging into and Exiting a Privilege Level Controlling Switch Access with TACACS+ Understanding TACACS+ Page TACACS+ Operation Configuring TACACS+ Default TACACS+ Configuration Identifying the TACACS+ Server Host and Setting the Authentication Key Configuring TACACS+ Login Authentication Page Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services Starting TACACS+ Accounting Displaying the TACACS+ Configuration Controlling Switch Access with RADIUS Understanding RADIUS RADIUS Operation Configuring RADIUS Default RADIUS Configuration Identifying the RADIUS Server Host Page Page Configuring RADIUS Login Authentication Page Defining AAA Server Groups Page Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Configuring Settings for All RADIUS Servers Configuring the Switch to Use Vendor-Specific RADIUS Attributes Configuring the Switch for Vendor-Proprietary RADIUS Server Communication Displaying the RADIUS Configuration Controlling Switch Access with Kerberos Understanding Kerberos Page Kerberos Operation Authenticating to a Boundary Switch Obtaining a TGT from a KDC Authenticating to Network Services Configuring Kerberos Configuring the Switch for Local Authentication and Authorization Configuring the Switch for Secure Shell Understanding SSH SSH Servers, Integrated Clients, and Supported Versions Limitations Configuring SSH Setting Up the Switch to Run SSH Configuring the SSH Server Displaying the SSH Configuration and Status Configuring the Switch for Secure Socket Layer HTTP Understanding Secure HTTP Servers and Clients Certificate Authority Trustpoints CipherSuites Configuring Secure HTTP Servers and Clients Default SSL Configuration SSL Configuration Guidelines Configuring a CA Trustpoint Configuring the Secure HTTP Server Page Configuring the Secure HTTP Client Displaying Secure HTTP Server and Client Status Configuring the Switch for Secure Copy Protocol Information About Secure Copy Page Configuring SDM Templates Understanding the SDM Templates Dual IPv4 and IPv6 SDM Templates SDM Templates and Switch Stacks Configuring the Switch SDM Template Default SDM Template SDM Template Configuration Guidelines Setting the SDM Template 8-6 This example shows how to configure the IPv4-and-IPv6 default template: Displaying the SDM Templates This is an example of output from the show sdm prefer routing command: 8-7 This is an example of output from the show sdm prefer dual-ipv4-and-ipv6 routing command: Page Configuring IEEE 802.1x Port-Based Authentication Understanding IEEE 802.1x Port-Based Authentication Device Roles Authentication Process 9-4 The switch re-authenticates a client when one of these situations occurs: Authentication Initiation and Message Exchange Page Ports in Authorized and Unauthorized States IEEE 802.1x Authentication and Switch Stacks IEEE 802.1x Host Mode IEEE 802.1x Accounting IEEE 802.1x Accounting Attribute-Value Pairs Using IEEE 802.1x Authentication with VLAN Assignment Page Using IEEE 802.1x Authentication with Per-User ACLs Using IEEE 802.1x Authentication with Guest VLAN Using IEEE 802.1x Authentication with Restricted VLAN Using IEEE 802.1x Authentication with Inaccessible Authentication Bypass Using IEEE 802.1x Authentication with Voice VLAN Ports Using IEEE 802.1x Authentication with Port Security Using IEEE 802.1x Authentication with Wake-on-LAN Using IEEE 802.1x Authentication with MAC Authentication Bypass Page Network Admission Control Layer 2 IEEE 802.1x Validation Using Multidomain Authentication Using Web Authentication Web Authentication with Automatic MAC Check Configuring IEEE 802.1x Authentication Default IEEE 802.1x Authentication Configuration IEEE 802.1x Authentication Configuration Guidelines IEEE 802.1x Authentication VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass MAC Authentication Bypass Configuring IEEE 802.1x Authentication Page Configuring the Switch-to-RADIUS-Server Communication Configuring the Host Mode Configuring Periodic Re-Authentication Manually Re-Authenticating a Client Connected to a Port Changing the Quiet Period Changing the Switch-to-Client Retransmission Time Setting the Switch-to-Client Frame-Retransmission Number Setting the Re-Authentication Number Configuring IEEE 802.1x Accounting Configuring a Guest VLAN Configuring a Restricted VLAN Page Configuring the Inaccessible Authentication Bypass Feature Page Configuring IEEE 802.1x Authentication with WoL Configuring MAC Authentication Bypass Configuring NAC Layer 2 IEEE 802.1x Validation Configuring Web Authentication Page Disabling IEEE 802.1x Authentication on the Port Resetting the IEEE 802.1x Authentication Configuration to the Default Values Displaying IEEE 802.1x Statistics and Status Page Configuring Interface Characteristics Understanding Interface Types Port-Based VLANs Switch Ports Access Ports Trunk Ports Tunnel Ports Routed Ports Switch Virtual Interfaces EtherChannel Port Groups 10-Gigabit Ethernet Interfaces Connecting Interfaces Using Interface Configuration Mode Procedures for Configuring Interfaces Configuring a Range of Interfaces Configuring and Using Interface Range Macros Page Using the Internal Ethernet Management Port Understanding the Internal Ethernet Management Port Page Supported Features on the Ethernet Management Port Layer 3 Routing Configuration Guidelines Monitoring the Ethernet Management Port TFTP and the Ethernet Management Port Configuring Ethernet Interfaces Default Ethernet Interface Configuration Page Configuring Interface Speed and Duplex Mode Speed and Duplex Configuration Guidelines Setting the Interface Speed and Duplex Parameters Configuring IEEE 802.3x Flow Control Configuring Auto-MDIX on an Interface Adding a Description for an Interface Configuring Layer 3 Interfaces Page Configuring the System MTU Page Monitoring and Maintaining the Interfaces Monitoring Interface Status Clearing and Resetting Interfaces and Counters Shutting Down and Restarting the Interface Page Configuring Smartports Macros Understanding Smartports Macros Configuring Smartports Macros Default Smartports Macro Configuration Smartports Macro Configuration Guidelines Creating Smartports Macros Applying Smartports Macros Applying Cisco-Default Smartports Macros Page Displaying Smartports Macros Configuring VLANs Understanding VLANs Supported VLANs VLAN Port Membership Modes Configuring Normal-Range VLANs Page Token Ring VLANs Normal-Range VLAN Configuration Guidelines VLAN Configuration Mode Options VLAN Configuration in config-vlan Mode VLAN Configuration in VLAN Database Configuration Mode Saving VLAN Configuration Default Ethernet VLAN Configuration Creating or Modifying an Ethernet VLAN Deleting a VLAN Assigning Static-Access Ports to a VLAN Configuring Extended-Range VLANs Default VLAN Configuration Extended-Range VLAN Configuration Guidelines Creating an Extended-Range VLAN Creating an Extended-Range VLAN with an Internal VLAN ID Displaying VLANs Configuring VLAN Trunks Trunking Overview 12-17 Figure 12-2 shows a network of switches that are connected by ISL trunks. Figure 12-3 shows a network of switches that are connected by IEEE 802.1Q trunks. Page Encapsulation Types IEEE 802.1Q Configuration Considerations Default Layer 2 Ethernet Interface VLAN Configuration Configuring an Ethernet Interface as a Trunk Port Interaction with Other Features Configuring a Trunk Port Defining the Allowed VLANs on a Trunk Changing the Pruning-Eligible List Configuring the Native VLAN for Untagged Traffic Configuring Trunk Ports for Load Sharing Load Sharing Using STP Port Priorities Page Load Sharing Using STP Path Cost Configuring VMPS Understanding VMPS Dynamic-Access Port VLAN Membership Default VMPS Client Configuration VMPS Configuration Guidelines Configuring the VMPS Client Entering the IP Address of the VMPS Configuring Dynamic-Access Ports on VMPS Clients Reconfirming VLAN Memberships Changing the Reconfirmation Interval Changing the Retry Count Monitoring the VMPS Troubleshooting Dynamic-Access Port VLAN Membership VMPS Configuration Example 12-35 Page Configuring VTP Understanding VTP The VTP Domain VTP Modes VTP Advertisements VTP Version 2 VTP Pruning Page VTP and Switch Stacks Configuring VTP Default VTP Configuration VTP Configuration Options VTP Configuration in Global Configuration Mode VTP Configuration in VLAN Database Configuration Mode VTP Configuration Guidelines Domain Names Passwords VTP Version Configuration Requirements Configuring a VTP Server Page Configuring a VTP Client Disabling VTP (VTP Transparent Mode) Enabling VTP Version 2 Enabling VTP Pruning Adding a VTP Client Switch to a VTP Domain Page Monitoring VTP Configuring Voice VLAN Understanding Voice VLAN Cisco IP Phone Voice Traffic Cisco IP Phone Data Traffic Configuring Voice VLAN Default Voice VLAN Configuration Voice VLAN Configuration Guidelines Configuring a Port Connected to a Cisco 7960 IP Phone Configuring Cisco IP Phone Voice Traffic Configuring the Priority of Incoming Data Frames Displaying Voice VLAN Page Configuring Private VLANs Understanding Private VLANs Page IP Addressing Scheme with Private VLANs Private VLANs across Multiple Switches Private-VLAN Interaction with Other Features Private VLANs and Unicast, Broadcast, and Multicast Traffic Private VLANs and SVIs Private VLANs and Switch Stacks Configuring Private VLANs Tasks for Configuring Private VLANs Default Private-VLAN Configuration Private-VLAN Configuration Guidelines Secondary and Primary VLAN Configuration Private-VLAN Port Configuration Limitations with Other Features Configuring and Associating VLANs in a Private VLAN Configuring a Layer 2 Interface as a Private-VLAN Host Port Page Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface Monitoring Private VLANs Page Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling Understanding IEEE 802.1Q Tunneling Page Page Configuring IEEE 802.1Q Tunneling Default IEEE 802.1Q Tunneling Configuration IEEE 802.1Q Tunneling Configuration Guidelines Native VLANs System MTU IEEE 802.1Q Tunneling and Other Features Configuring an IEEE 802.1Q Tunneling Port Understanding Layer 2 Protocol Tunneling Page 16-9 Configuring Layer 2 Protocol Tunneling Default Layer 2 Protocol Tunneling Configuration Layer 2 Protocol Tunneling Configuration Guidelines Configuring Layer 2 Protocol Tunneling Configuring Layer 2 Tunneling for EtherChannels Configuring the SP Edge Switch Page Configuring the Customer Switch 16-17 SP edge switch 2 configuration: Monitoring and Maintaining Tunneling Status Configuring STP Understanding Spanning-Tree Features STP Overview Spanning-Tree Topology and BPDUs Bridge ID, Switch Priority, and Extended System ID Spanning-Tree Interface States Blocking State Listening State Learning State Forwarding State Disabled State How a Switch or Port Becomes the Root Switch or Root Port Spanning Tree and Redundant Connectivity Spanning-Tree Address Management Accelerated Aging to Retain Connectivity Spanning-Tree Modes and Protocols Supported Spanning-Tree Instances Spanning-Tree Interoperability and Backward Compatibility STP and IEEE 802.1Q Trunks VLAN-Bridge Spanning Tree Spanning Tree and Switch Stacks Configuring Spanning-Tree Features Default Spanning-Tree Configuration Spanning-Tree Configuration Guidelines Page Changing the Spanning-Tree Mode. Disabling Spanning Tree Configuring the Root Switch Page Configuring a Secondary Root Switch Configuring Port Priority Page Configuring Path Cost Configuring the Switch Priority of a VLAN Configuring Spanning-Tree Timers Configuring the Hello Time Configuring the Forwarding-Delay Time for a VLAN Configuring the Maximum-Aging Time for a VLAN Configuring the Transmit Hold-Count Displaying the Spanning-Tree Status Configuring MSTP Understanding MSTP Multiple Spanning-Tree Regions IST, CIST, and CST Operations Within an MST Region Operations Between MST Regions IEEE 802.1s Terminology Hop Count Boundary Ports IEEE 802.1s Implementation Port Role Naming Change Interoperation Between Legacy and Standard Switches Detecting Unidirectional Link Failure MSTP and Switch Stacks Interoperability with IEEE 802.1D STP Understanding RSTP Port Roles and the Active Topology Rapid Convergence Synchronization of Port Roles Bridge Protocol Data Unit Format and Processing Processing Superior BPDU Information Processing Inferior BPDU Information Topology Changes Configuring MSTP Features Default MSTP Configuration MSTP Configuration Guidelines Specifying the MST Region Configuration and Enabling MSTP Configuring the Root Switch Page Configuring a Secondary Root Switch Configuring Port Priority Configuring Path Cost Configuring the Switch Priority Configuring the Hello Time Configuring the Forwarding-Delay Time Configuring the Maximum-Aging Time Configuring the Maximum-Hop Count Specifying the Link Type to Ensure Rapid Transitions Designating the Neighbor Type Restarting the Protocol Migration Process Displaying the MST Configuration and Status Configuring Optional Spanning-Tree Features Understanding Optional Spanning-Tree Features Understanding Port Fast Understanding BPDU Guard Understanding BPDU Filtering Understanding UplinkFast Page Understanding Cross-Stack UplinkFast How CSUF Works Events that Cause Fast Convergence Understanding BackboneFast Page Page Understanding EtherChannel Guard Understanding Root Guard Understanding Loop Guard Configuring Optional Spanning-Tree Features Default Optional Spanning-Tree Configuration Optional Spanning-Tree Configuration Guidelines Enabling Port Fast Enabling BPDU Guard Enabling BPDU Filtering Enabling UplinkFast for Use with Redundant Links Enabling Cross-Stack UplinkFast Enabling BackboneFast Enabling EtherChannel Guard Enabling Root Guard Enabling Loop Guard Displaying the Spanning-Tree Status Page Configuring Flex Links and the MAC Address-Table Move Update Feature Understanding Flex Links and the MAC Address-Table Move Update Flex Links VLAN Flex Link Load Balancing and Support MAC Address-Table Move Update 20-4 Page Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links Page Configuring VLAN Load Balancing on Flex Links Configuring the MAC Address-Table Move Update Feature Page Monitoring Flex Links and the MAC Address-Table Move Update Page Configuring DHCP Features and IP Source Guard Understanding DHCP Features DHCP Server DHCP Relay Agent DHCP Snooping Option-82 Data Insertion Page C ircuit ID Suboption Frame Format R emote ID Suboption Frame Format Cisco IOS DHCP Server Database C R DHCP Snooping Binding Database ircuit ID Suboption Frame Format (for user-configured string): Page DHCP Snooping and Switch Stacks Configuring DHCP Features Default DHCP Configuration DHCP Snooping Configuration Guidelines Configuring the DHCP Server DHCP Server and Switch Stacks Configuring the DHCP Relay Agent Specifying the Packet Forwarding Address Enabling DHCP Snooping and Option 82 Page Enabling DHCP Snooping on Private VLANs Enabling the Cisco IOS DHCP Server Database Enabling the DHCP Snooping Binding Database Agent Displaying DHCP Snooping Information Understanding IP Source Guard Source IP Address Filtering Source IP and MAC Address Filtering Configuring IP Source Guard Default IP Source Guard Configuration IP Source Guard Configuration Guidelines Enabling IP Source Guard Displaying IP Source Guard Information Page Configuring Dynamic ARP Inspection Understanding Dynamic ARP Inspection Page Interface Trust States and Network Security Rate Limiting of ARP Packets Relative Priority of ARP ACLs and DHCP Snooping Entries Logging of Dropped Packets Configuring Dynamic ARP Inspection Default Dynamic ARP Inspection Configuration Dynamic ARP Inspection Configuration Guidelines Configuring Dynamic ARP Inspection in DHCP Environments Configuring ARP ACLs for Non-DHCP Environments Page Page Limiting the Rate of Incoming ARP Packets Performing Validation Checks Configuring the Log Buffer Page Displaying Dynamic ARP Inspection Information Page Configuring IGMP Snooping and MVR Understanding IGMP Snooping IGMP Versions Joining a Multicast Group Page Leaving a Multicast Group Immediate Leave IGMP Configurable-Leave Timer IGMP Report Suppression IGMP Snooping and Switch Stacks Configuring IGMP Snooping Default IGMP Snooping Configuration Enabling or Disabling IGMP Snooping Setting the Snooping Method Configuring a Multicast Router Port Configuring a Blade Server Statically to Join a Group Enabling IGMP Immediate Leave Configuring the IGMP Leave Timer Configuring TCN-Related Commands Controlling the Multicast Flooding Time After a TCN Event Recovering from Flood Mode Disabling Multicast Flooding During a TCN Event Configuring the IGMP Snooping Querier Page Disabling IGMP Report Suppression Displaying IGMP Snooping Information Page Understanding Multicast VLAN Registration Using MVR in a Multicast Television Application Configuring MVR Default MVR Configuration MVR Configuration Guidelines and Limitations Configuring MVR Global Parameters Configuring MVR Interfaces Page Displaying MVR Information Configuring IGMP Filtering and Throttling Default IGMP Filtering and Throttling Configuration Configuring IGMP Profiles Applying IGMP Profiles Setting the Maximum Number of IGMP Groups Configuring the IGMP Throttling Action Displaying IGMP Filtering and Throttling Configuration Page Configuring IPv6 MLD Snooping Understanding MLD Snooping Page MLD Messages MLD Queries Multicast Client Aging Robustness Multicast Router Discovery MLD Reports MLD Done Messages and Immediate-Leave Topology Change Notification Processing MLD Snooping in Switch Stacks Configuring IPv6 MLD Snooping Default MLD Snooping Configuration MLD Snooping Configuration Guidelines Enabling or Disabling MLD Snooping Configuring a Static Multicast Group Configuring a Multicast Router Port Enabling MLD Immediate Leave Configuring MLD Snooping Queries Disabling MLD Listener Message Suppression Displaying MLD Snooping Information Page Configuring Port-Based Traffic Control Configuring Storm Control Understanding Storm Control Page Default Storm Control Configuration Configuring Storm Control and Threshold Levels Page Configuring Protected Ports Default Protected Port Configuration Protected Port Configuration Guidelines Configuring a Protected Port Configuring Port Blocking Default Port Blocking Configuration Blocking Flooded Traffic on an Interface Configuring Port Security Understanding Port Security Secure MAC Addresses Security Violations Default Port Security Configuration Port Security Configuration Guidelines Page Enabling and Configuring Port Security Page Page Page Enabling and Configuring Port Security Aging Port Security and Switch Stacks Port Security and Private VLANs Displaying Port-Based Traffic Control Settings Configuring CDP Understanding CDP CDP and Switch Stacks Configuring CDP Default CDP Configuration Configuring the CDP Characteristics Disabling and Enabling CDP Disabling and Enabling CDP on an Interface Monitoring and Maintaining CDP Page Configuring LLDP and LLDP-MED Understanding LLDP and LLDP-MED Understanding LLDP Understanding LLDP-MED Configuring LLDP and LLDP-MED Default LLDP Configuration Configuring LLDP Characteristics Disabling and Enabling LLDP Globally Disabling and Enabling LLDP on an Interface Configuring LLDP-MED TLVs Monitoring and Maintaining LLDP and LLDP-MED Page Configuring UDLD Understanding UDLD Modes of Operation Methods to Detect Unidirectional Links Configuring UDLD Default UDLD Configuration Enabling UDLD Globally Enabling UDLD on an Interface Resetting an Interface Disabled by UDLD Displaying UDLD Status Page Configuring SPAN and RSPAN Understanding SPAN and RSPAN Local SPAN Remote SPAN SPAN and RSPAN Concepts and Terminology SPAN Sessions Monitored Traffic Source Ports Source VLANs VLAN Filtering Destination Port RSPAN VLAN SPAN and RSPAN Interaction with Other Features SPAN and RSPAN and Switch Stacks Configuring SPAN and RSPAN Default SPAN and RSPAN Configuration Configuring Local SPAN SPAN Configuration Guidelines Creating a Local SPAN Session Page Creating a Local SPAN Session and Configuring Incoming Traffic Specifying VLANs to Filter Configuring RSPAN RSPAN Configuration Guidelines Configuring a VLAN as an RSPAN VLAN Creating an RSPAN Source Session Specifying VLANs to Filter Creating an RSPAN Destination Session Creating an RSPAN Destination Session and Configuring Incoming Traffic Page Page Page Configuring RMON Understanding RMON Configuring RMON Default RMON Configuration Configuring RMON Alarms and Events Page Collecting Group History Statistics on an Interface Collecting Group Ethernet Statistics on an Interface Displaying RMON Status Configuring System Message Logging Understanding System Message Logging Configuring System Message Logging System Log Message Format Page Default System Message Logging Configuration Disabling Message Logging Setting the Message Display Destination Device Synchronizing Log Messages Page Enabling and Disabling Time Stamps on Log Messages Enabling and Disabling Sequence Numbers in Log Messages Defining the Message Severity Level Limiting Syslog Messages Sent to the History Table and to SNMP Enabling the Configuration-Change Logger Configuring UNIX Syslog Servers Logging Messages to a UNIX Syslog Daemon Configuring the UNIX System Logging Facility Displaying the Logging Configuration Configuring SNMP Understanding SNMP SNMP Versions SNMP Manager Functions SNMP Agent Functions SNMP Community Strings Using SNMP to Access MIB Variables SNMP Notifications SNMP ifIndex MIB Object Values Configuring SNMP Default SNMP Configuration SNMP Configuration Guidelines Disabling the SNMP Agent Configuring Community Strings Configuring SNMP Groups and Users Page Configuring SNMP Notifications Page Page Page Setting the Agent Contact and Location Information Limiting TFTP Servers Used Through SNMP SNMP Examples Displaying SNMP Status Page Configuring Embedded Event Manager Understanding Embedded Event Manager 33-2 These sections contain this conceptual information: or IOSWdSysmon event detectors. Event Detectors Page Embedded Event Manager Actions Embedded Event Manager Policies Embedded Event Manager Environment Variables Configuring Embedded Event Manager Registering and Defining an Embedded Event Manager Applet Registering and Defining an Embedded Event Manager TCL Scrip t Displaying Embedded Event Manager Information Page Configuring Network Security with ACLs Understanding ACLs Supported ACLs Port ACLs Router ACLs VLAN Maps Handling Fragmented and Unfragmented Traffic ACLs and Switch Stacks Configuring IPv4 ACLs Creating Standard and Extended IPv4 ACLs Access List Numbers ACL Logging Creating a Numbered Standard ACL Creating a Numbered Extended ACL Page Page Page Resequencing ACEs in an ACL Creating Named Standard and Extended ACLs Page Using Time Ranges with ACLs Page Including Comments in ACLs Applying an IPv4 ACL to a Terminal Line Applying an IPv4 ACL to an Interface Page Hardware and Software Treatment of IP ACLs IPv4 ACL Configuration Examples Page Numbered ACLs Extended ACLs Named ACLs Time Range Applied to an IP ACL Commented IP ACL Entries ACL Logging Creating Named MAC Extended ACLs Page Applying a MAC ACL to a Layer 2 Interface Configuring VLAN Maps VLAN Map Configuration Guidelines Creating a VLAN Map Examples of ACLs and VLAN Maps Example 1 Example 2 Example 3 Example 4 Applying a VLAN Map to a VLAN Using VLAN Maps in Your Network Denying Access to a Server on Anothera VLAN Using VLAN Maps with Router ACLs VLAN Maps and Router ACL Configuration Guidelines Examples of Router ACLs and VLAN Maps Applied to VLANs ACLs and Switched Packets ACLs and Bridged Packets 34-38 ACLs and Routed Packets ACLs and Multicast Packets Displaying IPv4 ACL Configuration Page Configuring IPv6 ACLs Understanding IPv6 ACLs Supported ACL Features IPv6 ACL Limitations IPv6 ACLs and Switch Stacks Configuring IPv6 ACLs Default IPv6 ACL Configuration Interaction with Other Features and Switches Creating IPv6 ACLs Page Page Applying an IPv6 ACL to an Interface Displaying IPv6 ACLs Page Configuring QoS Understanding QoS Basic QoS Model Page Classification 36-6 Classification Based on QoS ACLs Classification Based on Class Maps and Policy Maps Policing and Marking Policing on Physical Ports Policing on SVIs Page Mapping Tables Queueing and Scheduling Overview Weighted Tail Drop SRR Shaping and Sharing Queueing and Scheduling on Ingress Queues WTD Thresholds Buffer and Bandwidth Allocation Priority Queueing 36-17 Queueing and Scheduling on Egress Queues Figure 36-9 shows the queueing and scheduling flowchart for egress ports. Buffer and Memory Allocation WTD Thresholds Shaped or Shared Mode Packet Modification Configuring Auto-QoS Generated Auto-QoS Configuration Page 36-23 The switch automatically maps DSCP values to an ingress queue and to a threshold ID. The switch automatically maps DSCP values to an egress queue and to a threshold ID. Table36-5 Generated Auto-QoS Configuration (continued) Description Automatically Generated Command Page Effects of Auto-QoS on the Configuration Auto-QoS Configuration Guidelines Enabling Auto-QoS for VoIP 36-27 Auto-QoS Configuration Example Page Displaying Auto-QoS Information Configuring Standard QoS Default Standard QoS Configuration Default Ingress Queue Configuration Default Egress Queue Configuration Default Mapping Table Configuration Standard QoS Configuration Guidelines QoS ACL Guidelines Applying QoS on Interfaces Policing Guidelines General QoS Guidelines Enabling QoS Globally Enabling VLAN-Based QoS on Physical Ports Configuring Classification Using Port Trust States Configuring the Trust State on Ports within the QoS Domain Page Configuring the CoS Value for an Interface Configuring a Trusted Boundary to Ensure Port Security Enabling DSCP Transparency Mode Configuring the DSCP Trust State on a Port Bordering Another QoS Domain Page Configuring a QoS Policy Classifying Traffic by Using ACLs Page Page Classifying Traffic by Using Class Maps Page Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps Page Page Page Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps Page Page Page Page Page Classifying, Policing, and Marking Traffic by Using Aggregate Policers Page Configuring DSCP Maps Configuring the CoS-to-DSCP Map Configuring the IP-Precedence-to-DSCP Map Configuring the Policed-DSCP Map Configuring the DSCP-to-CoS Map Configuring the DSCP-to-DSCP-Mutation Map Page Configuring Ingress Queue Characteristics Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds Allocating Buffer Space Between the Ingress Queues Allocating Bandwidth Between the Ingress Queues Configuring the Ingress Priority Queue Configuring Egress Queue Characteristics Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set Page Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID Page Configuring SRR Shaped Weights on Egress Queues Configuring SRR Shared Weights on Egress Queues Configuring the Egress Expedite Queue Limiting the Bandwidth on an Egress Interface Displaying Standard QoS Information Configuring EtherChannels and Link-State Tracking Understanding EtherChannels EtherChannel Overview 37-3 Port-Channel Interfaces Port Aggregation Protocol PAgP Modes PAgP Interaction with Other Features Link Aggregation Control Protocol LACP Modes LACP Interaction with Other Features EtherChannel On Mode Load-Balancing and Forwarding Methods Page EtherChannel and Switch Stacks Configuring EtherChannels Default EtherChannel Configuration EtherChannel Configuration Guidelines Configuring Layer 2 EtherChannels Page Configuring Layer 3 EtherChannels Creating Port-Channel Logical Interfaces Configuring the Physical Interfaces Page Configuring EtherChannel Load-Balancing Configuring the PAgP Learn Method and Priority Configuring LACP Hot-Standby Ports Configuring the LACP System Priority Configuring the LACP Port Priority Displaying EtherChannel, PAgP, and LACP Status Understanding Link-State Tracking Page Configuring Link-State Tracking Default Link-State Tracking Configuration Link-State Tracking Configuration Guidelines Configuring Link-State Tracking Displaying Link-State Tracking Status Configuring IP Unicast Routing Understanding IP Routing Types of Routing IP Routing and Switch Stacks Page Steps for Configuring Routing Configuring IP Addressing Default Addressing Configuration Assigning IP Addresses to Network Interfaces Use of Subnet Zero Classless Routing Configuring Address Resolution Methods Define a Static ARP Cache Set ARP Encapsulation Enable Proxy ARP Routing Assistance When IP Routing is Disabled Proxy ARP Default Gateway ICMP Router Discovery Protocol (IRDP) Configuring Broadcast Packet Handling Enabling Directed Broadcast-to-Physical Broadcast Translation Forwarding UDP Broadcast Packets and Protocols Establishing an IP Broadcast Address Flooding IP Broadcasts Monitoring and Maintaining IP Addressing Enabling IP Unicast Routing Configuring RIP Default RIP Configuration Configuring Basic RIP Parameters Page Configuring RIP Authentication Configuring Summary Addresses and Split Horizon Page Configuring Split Horizon Configuring OSPF Default OSPF Configuration Page OSPF Nonstop Forwarding OSPF NSF Awareness OSPF NSF Capability Configuring Basic OSPF Parameters Configuring OSPF Interfaces Configuring OSPF Area Parameters Configuring Other OSPF Parameters Page Page Changing LSA Group Pacing Configuring a Loopback Interface Monitoring OSPF Configuring EIGRP Page Default EIGRP Configuration EIGRP Nonstop Forwarding EIGRP NSF Awareness EIGRP NSF Capability Configuring Basic EIGRP Parameters Configuring EIGRP Interfaces Configuring EIGRP Route Authentication EIGRP Stub Routing Monitoring and Maintaining EIGRP Configuring BGP Page Default BGP Configuration Page Nonstop Forwarding Awareness Enabling BGP Routing Page Managing Routing Policy Changes Page Configuring BGP Decision Attributes Page Configuring BGP Filtering with Route Maps Configuring BGP Filtering by Neighbor Page Configuring Prefix Lists for BGP Filtering Configuring BGP Community Filtering Configuring BGP Neighbors and Peer Groups Page Configuring Aggregate Addresses Configuring Routing Domain Confederations Configuring BGP Route Reflectors Configuring Route Dampening Monitoring and Maintaining BGP Configuring Multi-VRF CE Understanding Multi-VRF CE Page Default Multi-VRF CE Configuration Multi-VRF CE Configuration Guidelines Configuring VRFs Configuring VRF-Aware Services User Interface for ARP User Interface for PING User Interface for SNMP User Interface for HSRP User Interface for uRPF User Interface for Syslog User Interface for Traceroute User Interface for FTP and TFTP Configuring Multicast VRFs Configuring a VPN Routing Session Configuring BGP PE to CE Routing Sessions Multi-VRF CE Configuration Example 38-77 Configuring Switch A On Switch A, enable routing and configure VRF. 38-78 Configure OSPF routing in VPN1 and VPN2. Configure BGP for CE to PE routing. Configuring Switch D Switch D belongs to VPN 1. Configure the connection to Switch A by using these commands. 38-79 Configuring Switch F Switch F belongs to VPN 2. Configure the connection to Switch A by u sing the se co mman ds. Configuring the PE Switch B Displaying Multi-VRF CE Status Configuring Unicast Reverse Path Forwarding Configuring Protocol-Independent Features Configuring Distributed Cisco Express Forwarding Configuring the Number of Equal-Cost Routing Paths Configuring Static Unicast Routes Specifying Default Routes and Networks Using Route Maps to Redistribute Routing Information Page Page Configuring Policy-Based Routing PBR Configuration Guidelines Enabling PBR Page Filtering Routing Information Setting Passive Interfaces Controlling Advertising and Processing in Routing Updates Filtering Sources of Routing Information Managing Authentication Keys Monitoring and Maintaining the IP Network Page Configuring IPv6 Unicast Routing Understanding IPv6 IPv6 Addresses Supported IPv6 Unicast Routing Features 128-Bit Wide Unicast Addresses DNS for IPv6 Path MTU Discovery for IPv6 Unicast ICMPv6 Neighbor Discovery IPv6 Applications Dual IPv4 and IPv6 Protocol Stacks EIGRP IPv6 Prefix Lists Router ID Passive Interfaces EIGRP IPv6 Commands Page Unsupported IPv6 Unicast Routing Features Limitations IPv6 and Switch Stacks SDM Templates Dual IPv4-and IPv6 SDM Templates Configuring IPv6 Default IPv6 Configuration Configuring IPv6 Addressing and Enabling IPv6 Routing Page Configuring IPv4 and IPv6 Protocol Stacks Page Configuring IPv6 ICMP Rate Limiting Configuring CEF and dCEF for IPv6 Configuring Static Routing for IPv6 Page Configuring RIP for IPv6 Page Configuring OSPF for IPv6 Page Displaying IPv6 39-25 This is an example of the output from the show ipv6 cef privileged EXEC command: This is an example of the output from the show ipv6 protocols privileged EXEC command : This is an example of the output from the show ipv6 rip privileged EXEC command: 39-26 This is an example of the output from the show ipv6 neighbor privileged EXEC command: This is an example of the output from the show ipv6 static privileged EXEC command: This is an example of the output from the show ipv6 route privileged EXEC command: This is an example of the output from the show ipv6 traffic privileged EXEC command. 39-27 Page Configuring HSRP Understanding HSRP Page Multiple HSRP HSRP and Switch Stacks Configuring HSRP Default HSRP Configuration HSRP Configuration Guidelines Enabling HSRP Page Configuring HSRP Priority Page Configuring MHSRP Configuring HSRP Authentication and Timers Page Enabling HSRP Support for ICMP Redirect Messages Configuring HSRP Groups and Clustering Displaying HSRP Configurations 40-12 Configuring Cisco IOS IP SLAs Operations Understanding Cisco IOS IP SLAs Page Using Cisco IOS IP SLAs to Measure Network Performance IP SLAs Responder and IP SLAs Control Protocol Response Time Computation for IP SLAs IP SLAs Operation Scheduling IP SLAs Operation Threshold Monitoring Configuring IP SLAs Operations Page Configuring the IP SLAs Responder Analyzing IP Service Levels by Using the UDP Jitter Operation Page Page Analyzing IP Service Levels by Using the ICMP Echo Operation Page 41-13 Command Purpose Step8 show ip sla configuration startup-config (Optional) Save your entries in the configuration file. [operation-number] (Optional) Display configuration values including all defaults for all IP SLAs Monitoring IP SLAs Operations Configuring Enhanced Object Tracking Understanding Enhanced Object Tracking Configuring Enhanced Object Tracking Features Tracking Interface Line-Protocol or IP Routing State Configuring a Tracked List Configuring a Tracked List with a Boolean Expression Configuring a Tracked List with a Weight Threshold Configuring a Tracked List with a Percentage Threshold Page Configuring HSRP Object Tracking Configuring Other Tracking Characteristics Configuring IP SLAs Object Tracking Monitoring Enhanced Object Tracking Page Page Configuring Web Cache Services By Using WCCP Understanding WCCP WCCP Message Exchange WCCP Negotiation MD5 Security Packet Redirection and Service Groups WCCP and Switch Stacks Unsupported WCCP Features Configuring WCCP Default WCCP Configuration WCCP Configuration Guidelines Enabling the Web Cache Service Page Page Monitoring and Maintaining WCCP Page Configuring IP Multicast Routing Understanding Ciscos Implementation of IP Multicast Routing Understanding IGMP IGMP Version 1 IGMP Version 2 Understanding PIM PIM Versions PIM Modes PIM DM PIM-SM PIM Stub Routing IGMP Helper Auto-RP Bootstrap Router Multicast Forwarding and Reverse Path Check Page Understanding DVMRP Understanding CGMP Multicast Routing and Switch Stacks Configuring IP Multicast Routing Default Multicast Routing Configuration Multicast Routing Configuration Guidelines PIMv1 and PIMv2 Interoperability Auto-RP and BSR Configuration Guidelines Configuring Basic Multicast Routing Page Configuring PIM Stub Routing PIM Stub Routing Configuration Guidelines Enabling PIM Stub Routing Configuring a Rendezvous Point Manually Assigning an RP to Multicast Groups Page Configuring Auto-RP Setting up Auto-RP in a New Internetwork Adding Auto-RP to an Existing Sparse-Mode Cloud Page Preventing Join Messages to False RPs Filtering Incoming RP Announcement Messages Page Configuring PIMv2 BSR Defining the PIM Domain Border Defining the IP Multicast Boundary Configuring Candidate BSRs Configuring Candidate RPs Using Auto-RP and a BSR Monitoring the RP Mapping Information Troubleshooting PIMv1 and PIMv2 Interoperability Problems Configuring Advanced PIM Features Understanding PIM Shared Tree and Source Tree Page Delaying the Use of PIM Shortest-Path Tree Modifying the PIM Router-Query Message Interval Configuring Optional IGMP Features Default IGMP Configuration Configuring the Switch as a Member of a Group Controlling Access to IP Multicast Groups Changing the IGMP Version Modifying the IGMP Host-Query Message Interval Changing the IGMP Query Timeout for IGMPv2 Changing the Maximum Query Response Time for IGMPv2 Configuring the Switch as a Statically Connected Member Configuring Optional Multicast Routing Features Enabling CGMP Server Support Configuring sdr Listener Support Enabling sdr Listener Support Limiting How Long an sdr Cache Entry Exists Configuring an IP Multicast Boundary Configuring Basic DVMRP Interoperability Features Configuring DVMRP Interoperability Page Configuring a DVMRP Tunnel Advertising Network 0.0.0.0 to DVMRP Neighbors Responding to mrinfo Requests Configuring Advanced DVMRP Interoperability Features Enabling DVMRP Unicast Routing Rejecting a DVMRP Nonpruning Neighbor Page Controlling Route Exchanges Limiting the Number of DVMRP Routes Advertised Changing the DVMRP Route Threshold Configuring a DVMRP Summary Address Page Disabling DVMRP Autosummarization Adding a Metric Offset to the DVMRP Route Monitoring and Maintaining IP Multicast Routing Clearing Caches, Tables, and Databases Displaying System and Network Statistics Monitoring IP Multicast Routing Page Configuring MSDP Understanding MSDP MSDP Operation MSDP Benefits Configuring MSDP Default MSDP Configuration Configuring a Default MSDP Peer Page Caching Source-Active State Page Requesting Source Information from an MSDP Peer Controlling Source Information that Your Switch Originates Redistributing Sources Page Filtering Source-Active Request Messages Controlling Source Information that Your Switch Forwards Using a Filter Page Using TTL to Limit the Multicast Data Sent in SA Messages Controlling Source Information that Your Switch Receives Page Configuring an MSDP Mesh Group Shutting Down an MSDP Peer Including a Bordering PIM Dense-Mode Region in MSDP Configuring an Originating Address other than the RP Address Monitoring and Maintaining MSDP Page Configuring Fallback Bridging Understanding Fallback Bridging Fallback Bridging Overview Page Fallback Bridging and Switch Stacks Configuring Fallback Bridging Default Fallback Bridging Configuration Fallback Bridging Configuration Guidelines Creating a Bridge Group Page Adjusting Spanning-Tree Parameters Changing the VLAN-Bridge Spanning-Tree Priority Changing the Interface Priority Assigning a Path Cost Adjusting BPDU Intervals Adjusting the Interval between Hello BPDUs Changing the Forward-Delay Interval Changing the Maximum-Idle Interval Disabling the Spanning Tree on an Interface Monitoring and Maintaining Fallback Bridging Page Troubleshooting Recovering from a Software Failure Recovering from a Lost or Forgotten Password Page Procedure with Password Recovery Enabled Procedure with Password Recovery Disabled Page Preventing Switch Stack Problems Preventing Autonegotiation Mismatches SFP Module Security and Identification Monitoring SFP Module Status Monitoring Temperature Using Ping Understanding Ping Executing Ping Using Layer 2 Traceroute Understanding Layer 2 Traceroute Usage Guidelines Displaying the Physical Path Using IP Traceroute Understanding IP Traceroute Executing IP Traceroute Using TDR Understanding TDR Running TDR and Displaying the Results Using Debug Commands Enabling Debugging on a Specific Feature Enabling All-System Diagnostics Redirecting Debug and Error Message Output Using the show platform forward Command 47-19 Using the crashinfo Files Basic crashinfo Files Extended crashinfo Files Using On-Board Failure Logging Understanding OBFL Configuring OBFL Displaying OBFL Information Page Page Configuring Online Diagnostics Understanding Online Diagnostics Configuring Online Diagnostics Scheduling Online Diagnostics Configuring Health-Monitoring Diagnostics Page Running Online Diagnostic Tests Starting Online Diagnostic Tests Displaying Online Diagnostic Tests and Test Results A Supported MIBs MIB List Page Page Using FTP to Access the MIB Files B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information about Files on a File System Changing Directories and Displaying the Working Directory Creating and Removing Directories Copying Files Deleting Files Creating, Displaying, and Extracting Files Page Page Working with Configuration Files Guidelines for Creating and Using Configuration Files Configuration File Types and Location Creating a Configuration File By Using a Text Editor Copying Configuration Files By Using TFTP Preparing to Download or Upload a Configuration File By Using TFTP Downloading the Configuration File By Using TFTP Uploading the Configuration File By Using TFTP Copying Configuration Files By Using FTP Preparing to Download or Upload a Configuration File By Using FTP Downloading a Configuration File By Using FTP Uploading a Configuration File By Using FTP Copying Configuration Files By Using RCP Preparing to Download or Upload a Configuration File By Using RCP Downloading a Configuration File By Using RCP Uploading a Configuration File By Using RCP Clearing Configuration Information Clearing the Startup Configuration File Deleting a Stored Configuration File Replacing and Rolling Back Configurations Understanding Configuration Replacement and Rollback Archiving a Configuration Replacing a Configuration Rolling Back a Configuration Configuring the Configuration Archive Performing a Configuration Replacement or Rollback Operation Working with Software Images Image Location on the Switch File Format of Images on a Server or Cisco.com Copying Image Files By Using TFTP Preparing to Download or Upload an Image File By Using TFTP Downloading an Image File By Using TFTP Page Uploading an Image File By Using TFTP Copying Image Files By Using FTP Preparing to Download or Upload an Image File By Using FTP Downloading an Image File By Using FTP Page Uploading an Image File By Using FTP Copying Image Files By Using RCP Preparing to Download or Upload an Image File By Using RCP Downloading an Image File By Using RCP Page Uploading an Image File By Using RCP Copying an Image File from One Stack Member to Another Page C Unsupported Commands in Cisco IOS Release 12.2(40)EX1 Access Control Lists Unsupported Route-Map Configuration Commands Archive Commands ARP Commands Boot Loader Commands Debug Commands Embedded Event Manager Unsupported Commands in Applet Configuration Mode Fallback Bridging Page HSRP IGMP Snooping Commands Interface Commands IP Multicast Routing IP Unicast Routing Unsupported Privileged EXEC or User EXEC Commands Unsupported BGP Router Configuration Commands Unsupported VPN Configuration Commands Unsupported Route Map Commands MAC Address Commands Miscellaneous MSDP NetFlow Commands Network Address Translation (NAT) Commands QoS RADIUS SNMP Spanning Tree VLAN VTP Page INDEX Numerics A Page Page B C Page Page D Page Page Page Page E F Page G H I Page Page Page Page Page J K L M Page Page Page Page N O P Page Page Page Page Q Page R Page Page S Page Page Page Page Page Page T Page Page U V Page Page W X