Main
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Purpose
Conventions
Related Publications
Obtaining Documentation and Submitting a Service Request
Page
Overview
Features
Deployment Features
Page
Performance Features
Management Options
Manageability Features
Page
Availability and Redundancy Features
VLAN Features
Security Features
Page
Page
QoS and CoS Features
Page
Layer 3 Features
Power over Ethernet Features
Monitoring Features
Default Settings After Initial Switch Configuration
Page
Page
Network Configuration Examples
Design Concepts for Using the Switch
Page
Page
Page
1-23
Page
1-25
Small to Medium-Sized Network Using Catalyst 3750-X and 3560-X Switches
Page
Large Network Using Catalyst 3750-X and 3560-X Switches
1-29
1-30
Multidwelling Network Using Catalyst 3750-X Switches
Long-Distance, High-Bandwidth Transport Configuration
Service Provider POP Mini-POP Gigabit MAN
Residential location
1-33
Where to Go Next
Before configuring the switch, review these sections for startup information:
Page
Using the Command-Line Interface
Understanding Command Modes
Page
Understanding the Help System
Understanding Abbreviated Commands
Understanding no and default Forms of Commands
Understanding CLI Error Messages
Using Configuration Logging
Using Command History
Changing the Command History Buffer Size
Recalling Commands
Disabling the Command History Feature
Using Editing Features
Enabling and Disabling Editing Features
Editing Commands through Keystrokes
Editing Command Lines that Wrap
Searching and Filtering Output of show and more Commands
Accessing the CLI
Accessing the CLI through a Console Connection or through Telnet
Assigning the Switch IP Address and Default Gateway
Understanding the Boot Process
Assigning Switch Information
Default Switch Information
Understanding DHCP-Based Autoconfiguration
DHCP Client Request Process
Understanding DHCP-based Autoconfiguration and Image Update
DHCP Autoconfiguration
DHCP Auto-Image Update
Limitations and Restrictions
Configuring DHCP-Based Autoconfiguration
DHCP Server Configuration Guidelines
Configuring the TFTP Server
Configuring the DNS
Configuring the Relay Device
Obtaining Configuration Files
Example Configuration
Configuring the DHCP Auto Configuration and Image Update Features
Configuring DHCP Autoconfiguration (Only Configuration File)
Configuring DHCP Auto-Image Update (Configuration File and Image)
Page
Configuring the Client
Manually Assigning IP Information
Checking and Saving the Running Configuration
Modifying the Startup Configuration
Default Boot Configuration
Automatically Downloading a Configuration File
Specifying the Filename to Read and Write the System Configuration
Booting Manually
Booting a Specific Software Image
Controlling Environment Variables
Page
Scheduling a Reload of the Software Image
Configuring a Scheduled Reload
Displaying Scheduled Reload Information
Page
Configuring Cisco IOS Configuration Engine
Understanding Cisco Configuration Engine Software
Configuration Service
Event Service
NameSpace Mapper
What You Should Know About the CNS IDs and Device Hostnames
ConfigID
DeviceID
Hostname and DeviceID
Using Hostname, DeviceID, and ConfigID
Understanding Cisco IOS Agents
Initial Configuration
V
Incremental (Partial) Configuration
Synchronized Configuration
Configuring Cisco IOS Agents
Enabling Automated CNS Configuration
Page
Enabling the CNS Event Agent
Enabling the Cisco IOS CNS Agent
Enabling an Initial Configuration
Page
Page
Page
Enabling a Partial Configuration
Displaying CNS Configuration
Managing Switch Stacks
Understanding Switch Stacks
Page
Switch Stack Membership
Stack Master Election and Re-Election
Page
Switch Stack Bridge ID and Router MAC Address
Stack Member Numbers
Stack Member Priority Values
Switch Stack Offline Configuration
Effects of Adding a Provisioned Switch to a Switch Stack
Effects of Replacing a Provisioned Switch in a Switch Stack
Effects of Removing a Provisioned Switch from a Switch Stack
Hardware Compatibility and SDM Mismatch Mode in Switch Stacks
Switch Stack Software Compatibility Recommendations
Stack Protocol Version Compatibility
Major Version Number Incompatibility Among Switches
Minor Version Number Incompatibility Among Switches
Understanding Auto-Upgrade and Auto-Advise
Auto-Upgrade and Auto-Advise Example Messages
5-14
Incompatible Software and Stack Member Image Upgrades
Switch Stack Configuration Files
Additional Considerations for System-Wide Configuration on Switch Stacks
Switch Stack Management Connectivity
Connectivity to the Switch Stack Through an IP Address
Connectivity to the Switch Stack Through an SSH Session
Connectivity to the Switch Stack Through Console Ports or Ethernet Management Ports
Connectivity to Specific Stack Members
Switch Stack Configuration Scenarios
Page
Configuring the Switch Stack
Default Switch Stack Configuration
Enabling Persistent MAC Address
Page
Assigning Stack Member Information
Assigning a Stack Member Number
Setting the Stack Member Priority Value
Provisioning a New Member for a Switch Stack
Page
Accessing the CLI of a Specific Stack Member
Displaying Switch Stack Information
Troubleshooting Stacks
Manually Disabling a Stack Port
Re-Enabling a Stack Port While Another Member Starts
Understanding the show switch stack-ports summary Output
Identifying Loopback Problems
Software Loopback
Software Loopback Example: No Connected Stack Cable
Software Loopback Examples: Connected Stack Cables
Hardware Loopback
Hardware Loopback Example: LINK OK event
5-31
On a Catalyst 3750-E or 3750-X switch:
Hardware Loop Example: LINK NOT OK Event
On a Catalyst 3750 switch:
5-32
On a Catalyst 3750-E or 3750-X switch:
Finding a Disconnected Stack Cable
If you disconnect the cable from Port 2 on Switch 1, these messages appear:
This is now the port status:
Fixing a Bad Connection Between Stack Ports
Page
Clustering Switches
Understanding Switch Clusters
Cluster Command Switch Characteristics
Standby Cluster Command Switch Characteristics
Candidate Switch and Cluster Member Switch Characteristics
Planning a Switch Cluster
Automatic Discovery of Cluster Candidates and Members
Discovery Through CDP Hops
Discovery Through Non-CDP-Capable and Noncluster-Capable Devices
Discovery Through Different VLANs
Discovery Through Different Management VLANs
Discovery Through Routed Ports
Discovery of Newly Installed Switches
HSRP and Standby Cluster Command Switches
Virtual IP Addresses
Other Considerations for Cluster Standby Groups
Automatic Recovery of Cluster Configuration
IP Addresses
Hostnames
Passwords
SNMP Community Strings
Switch Clusters and Switch Stacks
Page
TACACS+ and RADIUS
LRE Profiles
Using the CLI to Manage Switch Clusters
Catalyst 1900 and Catalyst 2820 CLI Considerations
Using SNMP to Manage Switch Clusters
6-18
Administering the Switch
Managing the System Time and Date
Understanding the System Clock
Understanding Network Time Protocol
Page
Configuring NTP
Default NTP Configuration
Configuring NTP Authentication
Configuring NTP Associations
Configuring NTP Broadcast Service
Page
Configuring NTP Access Restrictions
Creating an Access Group and Assigning a Basic IP Access List
Page
Disabling NTP Services on a Specific Interface
Configuring the Source IP Address for NTP Packets
Displaying the NTP Configuration
Configuring Time and Date Manually
Setting the System Clock
Displaying the Time and Date Configuration
Configuring the Time Zone
Configuring Summer Time (Daylight Saving Time)
Configuring a System Name and Prompt
Default System Name and Prompt Configuration
Configuring a System Name
Understanding DNS
Default DNS Configuration
Setting Up DNS
Displaying the DNS Configuration
Creating a Banner
Default Banner Configuration
Configuring a Message-of-the-Day Login Banner
Configuring a Login Banner
Managing the MAC Address Table
Building the Address Table
MAC Addresses and VLANs
MAC Addresses and Switch Stacks
Default MAC Address Table Configuration
Changing the Address Aging Time
Removing Dynamic Address Entries
Configuring MAC Address Change Notification Traps
Page
Configuring MAC Address Move Notification Traps
Configuring MAC Threshold Notification Traps
Page
Adding and Removing Static Address Entries
Configuring Unicast MAC Address Filtering
Disabling MAC Address Learning on a VLAN
Displaying Address Table Entries
Managing the ARP Table
Page
Configuring SDM Templates
Understanding the SDM Templates
Dual IPv4 and IPv6 SDM Templates
SDM Templates and Switch Stacks
Configuring the Switch SDM Template
Default SDM Template
SDM Template Configuration Guidelines
Setting the SDM Template
Displaying the SDM Templates
8-7
This is an example of output from the show sdm prefer dual-ipv4-and-ipv6 routing command:
Page
Configuring Catalyst 3750-X StackPower
Understanding StackPower
StackPower Modes
Power Priority
Load Shedding
Immediate Load Shedding Example
Page
Configuring Stack Power
Configuring Power Stack Parameters
Configuring Power Stack Switch Power Parameters
Configuring PoE Port Priority
Configuring Switch-Based Authentication
Preventing Unauthorized Access to Your Switch
Protecting Access to Privileged EXEC Commands
Default Password and Privilege Level Configuration
Setting or Changing a Static Enable Password
Protecting Enable and Enable Secret Passwords with Encryption
Page
Disabling Password Recovery
Setting a Telnet Password for a Terminal Line
Configuring Username and Password Pairs
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Changing the Default Privilege Level for Lines
Logging into and Exiting a Privilege Level
Controlling Switch Access with TACACS+
Understanding TACACS+
Page
TACACS+ Operation
Configuring TACACS+
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key
Configuring TACACS+ Login Authentication
Page
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Displaying the TACACS+ Configuration
Controlling Switch Access with RADIUS
Understanding RADIUS
RADIUS Operation
RADIUS Change of Authorization
Change-of-Authorization Requests
RFC 5176 Compliance
Preconditions
CoA Request Response Code
Session Identification
CoA ACK Response Code
CoA NAK Response Code
CoA Request Commands
Session Reauthentication
Session Reauthentication in a Switch Stack
Session Termination
CoA Disconnect-Request
CoA Request: Disable Host Port
CoA Request: Bounce-Port
Stacking Guidelines for Session Termination
Stacking Guidelines for CoA-Request Bounce-Port
Stacking Guidelines for CoA-Request Disable-Port
Configuring RADIUS
Default RADIUS Configuration
Identifying the RADIUS Server Host
Page
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Starting RADIUS Accounting
Configuring Settings for All RADIUS Servers
Configuring the Switch to Use Vendor-Specific RADIUS Attributes
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication
Configuring CoA on the Switch
Monitoring and Troubleshooting CoA Functionality
Configuring RADIUS Server Load Balancing
Displaying the RADIUS Configuration
Controlling Switch Access with Kerberos
Understanding Kerberos
Page
Kerberos Operation
Authenticating to a Boundary Switch
Obtaining a TGT from a KDC
Authenticating to Network Services
Configuring Kerberos
Configuring the Switch for Local Authentication and Authorization
Configuring the Switch for Secure Shell
Understanding SSH
SSH Servers, Integrated Clients, and Supported Versions
Limitations
Configuring SSH
Setting Up the Switch to Run SSH
Configuring the SSH Server
Displaying the SSH Configuration and Status
Configuring the Switch for Secure Socket Layer HTTP
Understanding Secure HTTP Servers and Clients
Certificate Authority Trustpoints
Page
CipherSuites
Configuring Secure HTTP Servers and Clients
Default SSL Configuration
SSL Configuration Guidelines
Configuring a CA Trustpoint
Configuring the Secure HTTP Server
Configuring the Secure HTTP Client
Displaying Secure HTTP Server and Client Status
Configuring the Switch for Secure Copy Protocol
Information About Secure Copy
Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Page
Device Roles
Authentication Process
11-5
The switch re-authenticates a client when one of these situations occurs:
Authentication Initiation and Message Exchange
Page
Authentication Manager
Port-Based Authentication Methods
Per-User ACLs and Filter-Ids
Authentication Manager CLI Commands
Ports in Authorized and Unauthorized States
802.1x Authentication and Switch Stacks
802.1x Host Mode
802.1x Multiple Authentication Mode
MAC Move
802.1x Accounting
802.1x Accounting Attribute-Value Pairs
802.1x Readiness Check
802.1x Authentication with VLAN Assignment
802.1x Authentication with Per-User ACLs
802.1x Authentication with Downloadable ACLs and Redirect URLs
Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs
VLAN ID-based MAC Authentication
802.1x Authentication with Guest VLAN
802.1x Authentication with Restricted VLAN
802.1x Authentication with Inaccessible Authentication Bypass
Support on Multiple-Authentication Ports
Authentication Results
Feature Interactions
802.1x User Distribution
802.1x User Distribution Configuration Guidelines
IEEE 802.1x Authentication with Voice VLAN Ports
IEEE 802.1x Authentication with Port Security
IEEE 802.1x Authentication with Wake-on-LAN
IEEE 802.1x Authentication with MAC Authentication Bypass
Network Admission Control Layer 2 IEEE 802.1x Validation
Flexible Authentication Ordering
Open1x Authentication
Multidomain Authentication
Page
802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT)
4
1
Guidelines
2 3 5
Voice Aware 802.1x Security
Common Session ID
Understanding Media Access Control Security and MACsec Key Agreement
MKA Policies
Virtual Ports
MACsec and Stacking
MACsec, MKA and 802.1x Host Modes
Single-Host Mode
Multiple-Host Mode
MKA Statistics
Configuring 802.1x Authentication
Default 802.1x Authentication Configuration
802.1x Authentication Configuration Guidelines
802.1x Authentication
VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass
MAC Authentication Bypass
Maximum Number of Allowed Devices Per Port
Configuring 802.1x Readiness Check
Configuring Voice Aware 802.1x Security
Page
Configuring 802.1x Violation Modes
Configuring 802.1x Authentication
Page
Configuring the Switch-to-RADIUS-Server Communication
Configuring the Host Mode
Configuring Periodic Re-Authentication
Manually Re-Authenticating a Client Connected to a Port
Changing the Quiet Period
Changing the Switch-to-Client Retransmission Time
Setting the Switch-to-Client Frame-Retransmission Number
Setting the Re-Authentication Number
Enabling MAC Move
Configuring 802.1x Accounting
Configuring a Guest VLAN
Configuring a Restricted VLAN
Configuring the Inaccessible Authentication Bypass Feature
Page
Page
Configuring 802.1x Authentication with WoL
Configuring MAC Authentication Bypass
Configuring 802.1x User Distribution
Configuring NAC Layer 2 IEEE 802.1x Validation
Configuring an Authenticator and a Supplicant Switch with NEAT
Page
Configuring NEAT with ASP
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
Configuring Downloadable ACLs
Configuring a Downloadable Policy
Configuring VLAN ID-based MAC Authentication
Configuring Flexible Authentication Ordering
Configuring Open1x
Configuring a Web Authentication Local Banner
Disabling 802.1x Authentication on the Port
Resetting the 802.1x Authentication Configuration to the Default Values
Configuring MKA and MACsec
Configuring an MKA Policy
Configuring MACsec on an Interface
Page
Displaying 802.1x Statistics and Status
Page
Configuring Web-Based Authentication
Understanding Web-Based Authentication
Device Roles
Host Detection
Session Creation
Authentication Process
Local Web Authentication Banner
Page
Web Authentication Customizable Web Pages
Guidelines
Web-based Authentication Interactions with Other Features
Port Security
LAN Port IP
Gateway IP
ACLs
Context-Based Access Control
802.1x Authentication
Configuring Web-Based Authentication
Default Web-Based Authentication Configuration
Web-Based Authentication Configuration Guidelines and Restrictions
Web-Based Authentication Configuration Task List
Configuring the Authentication Rule and Interfaces
Configuring AAA Authentication
Configuring Switch-to-RADIUS-Server Communication
Page
Configuring the HTTP Server
Customizing the Authentication Proxy Web Pages
Page
Specifying a Redirection URL for Successful Login
Configuring an AAA Fail Policy
Configuring the Web-Based Authentication Parameters
Configuring a Web Authentication Local Banner
Removing Web-Based Authentication Cache Entries
Displaying Web-Based Authentication Status
Page
Configuring Interface Characteristics
Interface Types
Port-Based VLANs
Switch Ports
Access Ports
Trunk Ports
Tunnel Ports
Routed Ports
Switch Virtual Interfaces
SVI Autostate Exclude
EtherChannel Port Groups
10-Gigabit Ethernet Interfaces
Power over Ethernet Ports
Supported Protocols and Standards
Powered-Device Detection and Initial Power Allocation
Power Management Modes
Power Monitoring and Power Policing
Maximum Power Allocation (Cutoff Power) on a PoE Port
Power Consumption Values
Connecting Interfaces
Using the Switch USB Ports
USB Mini-Type B Console Port
Console Port Change Logs
Configuring the Console Media Type
Configuring the USB Inactivity Timeout
USB Type A Port
Using Interface Configuration Mode
Procedures for Configuring Interfaces
Configuring a Range of Interfaces
Page
Configuring and Using Interface Range Macros
Using the Ethernet Management Port
Understanding the Ethernet Management Port
Page
Supported Features on the Ethernet Management Port
Configuring the Ethernet Management Port
TFTP and the Ethernet Management Port
Configuring Ethernet Interfaces
Default Ethernet Interface Configuration
Configuring Interface Speed and Duplex Mode
Speed and Duplex Configuration Guidelines
Setting the Interface Speed and Duplex Parameters
Configuring IEEE 802.3x Flow Control
Configuring Auto-MDIX on an Interface
Configuring a Power Management Mode on a PoE Port
Budgeting Power for Devices Connected to a PoE Port
Page
Configuring Power Policing
Adding a Description for an Interface
Configuring Layer 3 Interfaces
Page
Configuring SVI Autostate Exclude
Configuring the System MTU
Page
Page
Configuring the Cisco RPS 2300 in a Mixed Stack
Page
Configuring the Power Supplies
Monitoring and Maintaining the Interfaces
Monitoring Interface Status
Clearing and Resetting Interfaces and Counters
Shutting Down and Restarting the Interface
Page
Configuring Auto Smartports Macros
Understanding Auto Smartports and Static Smartports Macros
Auto Smartports and Cisco Medianet
Configuring Auto Smartports
Default Auto Smartports Configuration
Auto Smartports Configuration Guidelines
Enabling Auto Smartports
Configuring Auto Smartports Default Parameter Values
Configuring Auto Smartports MAC-Address Groups
Configuring Auto Smartports Macro Persistent
Configuring Auto Smartports Built-In Macro Options
Page
14-11
This example shows how to configure the remote macro with the setting for native VLAN 5.
file.
Creating User-Defined Event Triggers
Page
14-13
14-14
Configuring Auto Smartports User-Defined Macros
Page
Configuring Static Smartports Macros
Default Static Smartports Configuration
Static Smartports Configuration Guidelines
Applying Static Smartports Macros
Page
Displaying Auto Smartports and Static Smartports Macros
Configuring VLANs
Understanding VLANs
Supported VLANs
VLAN Port Membership Modes
Configuring Normal-Range VLANs
Token Ring VLANs
Normal-Range VLAN Configuration Guidelines
Configuring Normal-Range VLANs
Saving VLAN Configuration
Default Ethernet VLAN Configuration
Creating or Modifying an Ethernet VLAN
Deleting a VLAN
Assigning Static-Access Ports to a VLAN
Configuring Extended-Range VLANs
Default VLAN Configuration
Extended-Range VLAN Configuration Guidelines
Creating an Extended-Range VLAN
Page
Creating an Extended-Range VLAN with an Internal VLAN ID
Displaying VLANs
Configuring VLAN Trunks
Trunking Overview
Page
Encapsulation Types
IEEE 802.1Q Configuration Considerations
Default Layer 2 Ethernet Interface VLAN Configuration
Configuring an Ethernet Interface as a Trunk Port
Interaction with Other Features
Configuring a Trunk Port
Defining the Allowed VLANs on a Trunk
Changing the Pruning-Eligible List
Configuring the Native VLAN for Untagged Traffic
Configuring Trunk Ports for Load Sharing
Load Sharing Using STP Port Priorities
Page
Load Sharing Using STP Path Cost
Configuring VMPS
Understanding VMPS
Dynamic-Access Port VLAN Membership
Default VMPS Client Configuration
VMPS Configuration Guidelines
Configuring the VMPS Client
Entering the IP Address of the VMPS
Configuring Dynamic-Access Ports on VMPS Clients
Reconfirming VLAN Memberships
Changing the Reconfirmation Interval
Changing the Retry Count
Monitoring the VMPS
Troubleshooting Dynamic-Access Port VLAN Membership
VMPS Configuration Example
15-32
Configuring VTP
Understanding VTP
The VTP Domain
VTP Modes
VTP Advertisements
VTP Version 2
VTP Version 3
VTP Pruning
VTP and Switch Stacks
Configuring VTP
Default VTP Configuration
VTP Configuration Guidelines
Domain Names
Passwords
VTP Version
Configuration Requirements
Configuring VTP Mode
Page
Configuring a VTP Version 3 Password
Configuring a VTP Version 3 Primary Server
Enabling the VTP Version
Enabling VTP Pruning
Configuring VTP on a Per-Port Basis
Adding a VTP Client Switch to a VTP Domain
Monitoring VTP
Page
Configuring Voice VLAN
Understanding Voice VLAN
Cisco IP Phone Voice Traffic
Cisco IP Phone Data Traffic
Configuring Voice VLAN
Default Voice VLAN Configuration
Voice VLAN Configuration Guidelines
Configuring a Port Connected to a Cisco 7960 IP Phone
Configuring Cisco IP Phone Voice Traffic
Configuring the Priority of Incoming Data Frames
Displaying Voice VLAN
Page
Configuring Private VLANs
Understanding Private VLANs
Page
IP Addressing Scheme with Private VLANs
Private VLANs across Multiple Switches
Private-VLAN Interaction with Other Features
Private VLANs and Unicast, Broadcast, and Multicast Traffic
Private VLANs and SVIs
Private VLANs and Switch Stacks
Configuring Private VLANs
Tasks for Configuring Private VLANs
Default Private-VLAN Configuration
Private-VLAN Configuration Guidelines
Secondary and Primary VLAN Configuration
Page
Private-VLAN Port Configuration
Limitations with Other Features
Configuring and Associating VLANs in a Private VLAN
Page
Configuring a Layer 2 Interface as a Private-VLAN Host Port
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface
Monitoring Private VLANs
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
Understanding IEEE 802.1Q Tunneling
Page
Page
Configuring IEEE 802.1Q Tunneling
Default IEEE 802.1Q Tunneling Configuration
IEEE 802.1Q Tunneling Configuration Guidelines
Native VLANs
System MTU
IEEE 802.1Q Tunneling and Other Features
Configuring an IEEE 802.1Q Tunneling Port
Understanding Layer 2 Protocol Tunneling
19-9
Configuring Layer 2 Protocol Tunneling
Default Layer 2 Protocol Tunneling Configuration
Layer 2 Protocol Tunneling Configuration Guidelines
Configuring Layer 2 Protocol Tunneling
Configuring Layer 2 Tunneling for EtherChannels
Configuring the SP Edge Switch
Page
Configuring the Customer Switch
19-17
SP edge switch 2 configuration:
Monitoring and Maintaining Tunneling Status
Configuring STP
Understanding Spanning-Tree Features
STP Overview
Spanning-Tree Topology and BPDUs
Bridge ID, Switch Priority, and Extended System ID
Spanning-Tree Interface States
Blocking State
Listening State
Learning State
Forwarding State
Disabled State
How a Switch or Port Becomes the Root Switch or Root Port
Spanning Tree and Redundant Connectivity
Spanning-Tree Address Management
Accelerated Aging to Retain Connectivity
Spanning-Tree Modes and Protocols
Supported Spanning-Tree Instances
Spanning-Tree Interoperability and Backward Compatibility
STP and IEEE 802.1Q Trunks
VLAN-Bridge Spanning Tree
Spanning Tree and Switch Stacks
Configuring Spanning-Tree Features
Default Spanning-Tree Configuration
Spanning-Tree Configuration Guidelines
Changing the Spanning-Tree Mode.
Disabling Spanning Tree
Configuring the Root Switch
Page
Configuring a Secondary Root Switch
Configuring Port Priority
Page
Configuring Path Cost
Configuring the Switch Priority of a VLAN
Configuring Spanning-Tree Timers
Configuring the Hello Time
Configuring the Forwarding-Delay Time for a VLAN
Configuring the Maximum-Aging Time for a VLAN
Configuring the Transmit Hold-Count
Displaying the Spanning-Tree Status
Configuring MSTP
Understanding MSTP
Multiple Spanning-Tree Regions
IST, CIST, and CST
Operations Within an MST Region
Operations Between MST Regions
Page
IEEE 802.1s Terminology
Hop Count
Boundary Ports
IEEE 802.1s Implementation
Port Role Naming Change
Interoperation Between Legacy and Standard Switches
Detecting Unidirectional Link Failure
MSTP and Switch Stacks
Interoperability with IEEE 802.1D STP
Understanding RSTP
Port Roles and the Active Topology
Rapid Convergence
Synchronization of Port Roles
Bridge Protocol Data Unit Format and Processing
Processing Superior BPDU Information
Processing Inferior BPDU Information
Topology Changes
Configuring MSTP Features
Default MSTP Configuration
MSTP Configuration Guidelines
Specifying the MST Region Configuration and Enabling MSTP
Page
Configuring the Root Switch
Configuring a Secondary Root Switch
Configuring Port Priority
Configuring Path Cost
Configuring the Switch Priority
Configuring the Hello Time
Configuring the Forwarding-Delay Time
Configuring the Maximum-Aging Time
Configuring the Maximum-Hop Count
Specifying the Link Type to Ensure Rapid Transitions
Designating the Neighbor Type
Restarting the Protocol Migration Process
Displaying the MST Configuration and Status
Page
Configuring Optional Spanning-Tree Features
Understanding Optional Spanning-Tree Features
Understanding Port Fast
Understanding BPDU Guard
Understanding BPDU Filtering
Understanding UplinkFast
Page
Understanding Cross-Stack UplinkFast
How CSUF Works
Events that Cause Fast Convergence
Understanding BackboneFast
Page
Page
Understanding EtherChannel Guard
Understanding Root Guard
Understanding Loop Guard
Configuring Optional Spanning-Tree Features
Default Optional Spanning-Tree Configuration
Optional Spanning-Tree Configuration Guidelines
Enabling Port Fast
Enabling BPDU Guard
Enabling BPDU Filtering
Enabling UplinkFast for Use with Redundant Links
Enabling Cross-Stack UplinkFast
Enabling BackboneFast
Enabling EtherChannel Guard
Enabling Root Guard
Enabling Loop Guard
Displaying the Spanning-Tree Status
Page
Configuring Flex Links and the MAC Address-Table Move Update Feature
Understanding Flex Links and the MAC Address-Table Move Update
Flex Links
VLAN Flex Link Load Balancing and Support
Flex Link Multicast Fast Convergence
Learning the Other Flex Link Port as the mrouter Port
Generating IGMP Reports
Leaking IGMP Reports
Configuration Examples
Page
MAC Address-Table Move Update
Configuring Flex Links and MAC Address-Table Move Update
Configuring Flex Links
Page
Configuring VLAN Load Balancing on Flex Links
Page
Configuring the MAC Address-Table Move Update Feature
Page
Monitoring Flex Links and the MAC Address-Table Move Update
Configuring DHCP Features and IP Source Guard
Understanding DHCP Features
DHCP Server
DHCP Relay Agent
DHCP Snooping
Option-82 Data Insertion
Page
Circuit ID Suboption Frame Format
Remote ID Suboption Frame Format
Cisco IOS DHCP Server Database
DHCP Snooping Binding Database
Circuit ID Suboption Frame Format (for user-configured string):
Remote ID Suboption Frame Format (for user-configured string):
DHCP Snooping and Switch Stacks
Configuring DHCP Features
Default DHCP Configuration
DHCP Snooping Configuration Guidelines
Configuring the DHCP Server
DHCP Server and Switch Stacks
Configuring the DHCP Relay Agent
Specifying the Packet Forwarding Address
Enabling DHCP Snooping and Option 82
Page
Enabling DHCP Snooping on Private VLANs
Enabling the Cisco IOS DHCP Server Database
Enabling the DHCP Snooping Binding Database Agent
Displaying DHCP Snooping Information
Understanding IP Source Guard
Source IP Address Filtering
Source IP and MAC Address Filtering
IP Source Guard for Static Hosts
Configuring IP Source Guard
Default IP Source Guard Configuration
IP Source Guard Configuration Guidelines
Enabling IP Source Guard
Configuring IP Source Guard for Static Hosts
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port
Page
Page
24-23
This example displays all active IP or MAC binding entries for all interfaces:
This example displays the count of all IP device tracking host entries for all interfaces:
Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port
24-25
This example shows how to enable IPSG for static hosts with IP filters on a private VLAN host port:
The output shows that the five valid IP-MAC bindings are on both the primary and secondary VLAN.
Displaying IP Source Guard Information
Tab le 24-3 Commands for Displaying IP Source Guard Information
Understanding DHCP Server Port-Based Address Allocation
Configuring DHCP Server Port-Based Address Allocation
Default Port-Based Address Allocation Configuration
Port-Based Address Allocation Configuration Guidelines
Enabling DHCP Server Port-Based Address Allocation
Page
Displaying DHCP Server Port-Based Address Allocation
Page
Configuring Dynamic ARP Inspection
Understanding Dynamic ARP Inspection
Page
Interface Trust States and Network Security
Rate Limiting of ARP Packets
Relative Priority of ARP ACLs and DHCP Snooping Entries
Logging of Dropped Packets
Configuring Dynamic ARP Inspection
Default Dynamic ARP Inspection Configuration
Dynamic ARP Inspection Configuration Guidelines
Configuring Dynamic ARP Inspection in DHCP Environments
Configuring ARP ACLs for Non-DHCP Environments
Page
Limiting the Rate of Incoming ARP Packets
Page
Performing Validation Checks
Configuring the Log Buffer
Displaying Dynamic ARP Inspection Information
Page
Page
Configuring IGMP Snooping and MVR
Understanding IGMP Snooping
IGMP Versions
Joining a Multicast Group
Leaving a Multicast Group
Immediate Leave
IGMP Configurable-Leave Timer
IGMP Report Suppression
IGMP Snooping and Switch Stacks
Configuring IGMP Snooping
Default IGMP Snooping Configuration
Enabling or Disabling IGMP Snooping
Setting the Snooping Method
Configuring a Multicast Router Port
Configuring a Host Statically to Join a Group
Enabling IGMP Immediate Leave
Configuring the IGMP Leave Timer
Configuring TCN-Related Commands
Controlling the Multicast Flooding Time After a TCN Event
Recovering from Flood Mode
Disabling Multicast Flooding During a TCN Event
Configuring the IGMP Snooping Querier
Disabling IGMP Report Suppression
Displaying IGMP Snooping Information
Understanding Multicast VLAN Registration
Using MVR in a Multicast Television Application
Page
Configuring MVR
Default MVR Configuration
MVR Configuration Guidelines and Limitations
Configuring MVR Global Parameters
Configuring MVR Interfaces
Displaying MVR Information
Configuring IGMP Filtering and Throttling
Default IGMP Filtering and Throttling Configuration
Configuring IGMP Profiles
Applying IGMP Profiles
Setting the Maximum Number of IGMP Groups
Configuring the IGMP Throttling Action
Page
Displaying IGMP Filtering and Throttling Configuration
Configuring IPv6 MLD Snooping
Understanding MLD Snooping
Page
MLD Messages
MLD Queries
Multicast Client Aging Robustness
Multicast Router Discovery
MLD Reports
MLD Done Messages and Immediate-Leave
Topology Change Notification Processing
MLD Snooping in Switch Stacks
Configuring IPv6 MLD Snooping
Default MLD Snooping Configuration
MLD Snooping Configuration Guidelines
Enabling or Disabling MLD Snooping
Configuring a Static Multicast Group
Configuring a Multicast Router Port
Enabling MLD Immediate Leave
Configuring MLD Snooping Queries
Disabling MLD Listener Message Suppression
Displaying MLD Snooping Information
Configuring Port-Based Traffic Control
Configuring Storm Control
Understanding Storm Control
Page
Default Storm Control Configuration
Configuring Storm Control and Threshold Levels
Page
Configuring Small-Frame Arrival Rate
Configuring Protected Ports
Default Protected Port Configuration
Protected Port Configuration Guidelines
Configuring a Protected Port
Configuring Port Blocking
Default Port Blocking Configuration
Blocking Flooded Traffic on an Interface
Configuring Port Security
Understanding Port Security
Secure MAC Addresses
Security Violations
Default Port Security Configuration
Port Security Configuration Guidelines
Page
Enabling and Configuring Port Security
Page
Page
Page
Enabling and Configuring Port Security Aging
Port Security and Switch Stacks
Port Security and Private VLANs
Displaying Port-Based Traffic Control Settings
Page
Configuring CDP
Understanding CDP
CDP and Switch Stacks
Configuring CDP
Default CDP Configuration
Configuring the CDP Characteristics
Disabling and Enabling CDP
Disabling and Enabling CDP on an Interface
Monitoring and Maintaining CDP
Page
Configuring LLDP, LLDP-MED, and Wired Location Service
Understanding LLDP, LLDP-MED, and Wired Location Service
LLDP
LLDP-MED
Wired Location Service
Page
Configuring LLDP, LLDP-MED, and Wired Location Service
Default LLDP Configuration
Enabling LLDP
Configuring LLDP Characteristics
Configuring LLDP-MED TLVs
Configuring Network-Policy TLV
Configuring Location TLV and Wired Location Service
Page
Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service
Page
Configuring UDLD
Understanding UDLD
Modes of Operation
Methods to Detect Unidirectional Links
Page
Configuring UDLD
Default UDLD Configuration
Enabling UDLD Globally
Enabling UDLD on an Interface
Resetting an Interface Disabled by UDLD
Displaying UDLD Status
Page
Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
Local SPAN
Remote SPAN
SPAN and RSPAN Concepts and Terminology
SPAN Sessions
Page
Monitored Traffic
Source Ports
Source VLANs
VLAN Filtering
Destination Port
RSPAN VLAN
SPAN and RSPAN Interaction with Other Features
SPAN and RSPAN and Switch Stacks
Understanding Flow-Based SPAN
Configuring SPAN and RSPAN
Default SPAN and RSPAN Configuration
Configuring Local SPAN
SPAN Configuration Guidelines
Creating a Local SPAN Session
Page
Creating a Local SPAN Session and Configuring Incoming Traffic
Specifying VLANs to Filter
Configuring RSPAN
RSPAN Configuration Guidelines
Configuring a VLAN as an RSPAN VLAN
Creating an RSPAN Source Session
Specifying VLANs to Filter
Creating an RSPAN Destination Session
Creating an RSPAN Destination Session and Configuring Incoming Traffic
Page
Configuring FSPAN and FRSPAN
FSPAN and FRSPAN Configuration Guidelines
Configuring an FSPAN Session
Configuring an FRSPAN Session
Page
Displaying SPAN, RSPAN. FSPAN, and FRSPAN Status
Configuring RMON
Understanding RMON
Configuring RMON
Default RMON Configuration
Configuring RMON Alarms and Events
Page
Collecting Group History Statistics on an Interface
Collecting Group Ethernet Statistics on an Interface
Displaying RMON Status
Configuring System Message Logging
Understanding System Message Logging
Configuring System Message Logging
System Log Message Format
Page
Default System Message Logging Configuration
Disabling Message Logging
Setting the Message Display Destination Device
Synchronizing Log Messages
Page
Enabling and Disabling Time Stamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages
Defining the Message Severity Level
Limiting Syslog Messages Sent to the History Table and to SNMP
Enabling the Configuration-Change Logger
Configuring UNIX Syslog Servers
Logging Messages to a UNIX Syslog Daemon
Configuring the UNIX System Logging Facility
Displaying the Logging Configuration
Configuring SNMP
Understanding SNMP
SNMP Versions
SNMP Manager Functions
SNMP Agent Functions
SNMP Community Strings
Using SNMP to Access MIB Variables
SNMP Notifications
SNMP ifIndex MIB Object Values
Configuring SNMP
Default SNMP Configuration
SNMP Configuration Guidelines
Disabling the SNMP Agent
Configuring Community Strings
Configuring SNMP Groups and Users
Page
Page
Configuring SNMP Notifications
Page
Page
Page
Setting the CPU Threshold Notification Types and Values
Setting the Agent Contact and Location Information
Limiting TFTP Servers Used Through SNMP
SNMP Examples
Displaying SNMP Status
Page
Configuring Embedded Event Manager
Understanding Embedded Event Manager
Page
Event Detectors
Embedded Event Manager Actions
Embedded Event Manager Policies
Embedded Event Manager Environment Variables
EEM 3.2
Configuring Embedded Event Manager
Registering and Defining an Embedded Event Manager Applet
Registering and Defining an Embedded Event Manager TCL Script
Displaying Embedded Event Manager Information
Configuring Network Security with ACLs
Understanding ACLs
Supported ACLs
Port ACLs
Router ACLs
VLAN Maps
Handling Fragmented and Unfragmented Traffic
ACLs and Switch Stacks
Configuring IPv4 ACLs
Creating Standard and Extended IPv4 ACLs
Access List Numbers
ACL Logging
Creating a Numbered Standard ACL
Creating a Numbered Extended ACL
Page
Page
Page
Resequencing ACEs in an ACL
Creating Named Standard and Extended ACLs
Page
Using Time Ranges with ACLs
Page
Including Comments in ACLs
Applying an IPv4 ACL to a Terminal Line
Applying an IPv4 ACL to an Interface
Page
Hardware and Software Treatment of IP ACLs
Troubleshooting ACLs
IPv4 ACL Configuration Examples
ACLs in a Small Networked Office
Numbered ACLs
Extended ACLs
Named ACLs
Time Range Applied to an IP ACL
Commented IP ACL Entries
ACL Logging
Creating Named MAC Extended ACLs
Page
Applying a MAC ACL to a Layer 2 Interface
Configuring VLAN Maps
VLAN Map Configuration Guidelines
Creating a VLAN Map
Examples of ACLs and VLAN Maps
Example 1
Example 2
Example 3
Example 4
Applying a VLAN Map to a VLAN
Using VLAN Maps in Your Network
Wiring Closet Configuration
Denying Access to a Server on Another a VLAN
Using VLAN Maps with Router ACLs
VLAN Maps and Router ACL Configuration Guidelines
Examples of Router ACLs and VLAN Maps Applied to VLANs
ACLs and Switched Packets
ACLs and Bridged Packets
37-40
ACLs and Routed Packets
Figure 37-8 shows how ACLs are applied on routed packets. The ACLs are applied in this order:
ACLs and Multicast Packets
Displaying IPv4 ACL Configuration
Page
Configuring IPv6 ACLs
Understanding IPv6 ACLs
Supported ACL Features
IPv6 ACL Limitations
IPv6 ACLs and Switch Stacks
Configuring IPv6 ACLs
Default IPv6 ACL Configuration
Interaction with Other Features and Switches
Creating IPv6 ACLs
Page
Applying an IPv6 ACL to an Interface
Displaying IPv6 ACLs
Configuring QoS
Understanding QoS
Page
Basic QoS Model
Classification
Page
39-7
Classification Based on QoS ACLs
Classification Based on Class Maps and Policy Maps
Policing and Marking
Policing on Physical Ports
Policing on SVIs
Page
Mapping Tables
39-14
Queueing and Scheduling Overview
Weighted Tail Drop
SRR Shaping and Sharing
Queueing and Scheduling on Ingress Queues
Page
WTD Thresholds
Buffer and Bandwidth Allocation
Priority Queueing
39-19
Queueing and Scheduling on Egress Queues
Figure 39-11 and Figure 39-12 show the queueing and scheduling flowcharts for egress ports.
Page
Buffer and Memory Allocation
WTD Thresholds
Shaped or Shared Mode
Packet Modification
Configuring Auto-QoS
Generated Auto-QoS Configuration
Page
39-26
The switch automatically maps DSCP values to an ingress queue and to a threshold ID.
The switch automatically maps DSCP values to an egress queue and to a threshold ID.
Table 39-5 Generated Auto-QoS Configuration (continued)
Description Automatically Generated Command
Page
Effects of Auto-QoS on the Configuration
Auto-QoS Configuration Guidelines
Enabling Auto-QoS for VoIP
Auto-QoS Configuration Example
39-31
Page
Displaying Auto-QoS Information
Configuring Standard QoS
Default Standard QoS Configuration
Default Ingress Queue Configuration
Default Egress Queue Configuration
Default Mapping Table Configuration
Standard QoS Configuration Guidelines
QoS ACL Guidelines
IPv6 QoS ACL Guidelines
Applying QoS on Interfaces
Configuring IPv6 QoS on Switch Stacks
Policing Guidelines
General QoS Guidelines
Enabling QoS Globally
Enabling VLAN-Based QoS on Physical Ports
Configuring Classification Using Port Trust States
Configuring the Trust State on Ports within the QoS Domain
Configuring the CoS Value for an Interface
Configuring a Trusted Boundary to Ensure Port Security
Enabling DSCP Transparency Mode
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain
Page
Configuring a QoS Policy
Classifying Traffic by Using ACLs
Creating an IP Standard ACL
Creating an IP Extended ACL
Creating an IPv6 ACL
Page
Creating a Layer 2 MAC ACL
Classifying Traffic by Using Class Maps
Page
Page
Classifying Traffic by Using Class Maps and Filtering IPv6 Traffic
Page
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps
Page
Page
Page
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps
Page
Page
Page
Page
Page
Page
39-67
This example shows how to configure a class map to match IP DSCP and IPv6:
Classifying, Policing, and Marking Traffic by Using Aggregate Policers
Page
Configuring DSCP Maps
Configuring the CoS-to-DSCP Map
Configuring the IP-Precedence-to-DSCP Map
Configuring the Policed-DSCP Map
Configuring the DSCP-to-CoS Map
Configuring the DSCP-to-DSCP-Mutation Map
Configuring Ingress Queue Characteristics
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds
Allocating Buffer Space Between the Ingress Queues
Allocating Bandwidth Between the Ingress Queues
Configuring the Ingress Priority Queue
Configuring Egress Queue Characteristics
Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set
Page
Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID
Page
Configuring SRR Shaped Weights on Egress Queues
Configuring SRR Shared Weights on Egress Queues
Configuring the Egress Expedite Queue
Limiting the Bandwidth on an Egress Interface
Displaying Standard QoS Information
Page
Configuring EtherChannels and Link-State Tracking
Understanding EtherChannels
EtherChannel Overview
Page
Port-Channel Interfaces
Port Aggregation Protocol
PAgP Modes
PAgP Interaction with Virtual Switches and Dual-Active Detection
PAgP Interaction with Other Features
Link Aggregation Control Protocol
LACP Modes
LACP Interaction with Other Features
EtherChannel On Mode
Load-Balancing and Forwarding Methods
Page
EtherChannel and Switch Stacks
Configuring EtherChannels
Default EtherChannel Configuration
EtherChannel Configuration Guidelines
Configuring Layer 2 EtherChannels
Page
Configuring Layer 3 EtherChannels
Creating Port-Channel Logical Interfaces
Configuring the Physical Interfaces
Page
Configuring EtherChannel Load-Balancing
Configuring the PAgP Learn Method and Priority
Configuring LACP Hot-Standby Ports
Configuring the LACP System Priority
Configuring the LACP Port Priority
Displaying EtherChannel, PAgP, and LACP Status
Understanding Link-State Tracking
40-24
The configuration in Figure 40-6 ensures that the network traffic flow is balanced as follows:
Server 1 and server 2 use switch A for primary links and switch B for secondary links.
Server 3 and server 4 use switch B for primary links and switch A for secondary links.
Configuring Link-State Tracking
Default Link-State Tracking Configuration
Link-State Tracking Configuration Guidelines
Configuring Link-State Tracking
Displaying Link-State Tracking Status
Page
Configuring TelePresence E911 IP Phone Support
Understanding TelePresence E911 IP Phone Support
Configuring TelePresence E911 IP Phone Support
Enabling TelePresence E911 IP Phone Support
Example
41-4
Configuring IP Unicast Routing
Understanding IP Routing
Types of Routing
IP Routing and Switch Stacks
Page
Steps for Configuring Routing
Configuring IP Addressing
Default Addressing Configuration
Assigning IP Addresses to Network Interfaces
Use of Subnet Zero
Classless Routing
Configuring Address Resolution Methods
Define a Static ARP Cache
Set ARP Encapsulation
Enable Proxy ARP
Routing Assistance When IP Routing is Disabled
Proxy ARP
Default Gateway
ICMP Router Discovery Protocol (IRDP)
Configuring Broadcast Packet Handling
Enabling Directed Broadcast-to-Physical Broadcast Translation
Forwarding UDP Broadcast Packets and Protocols
Establishing an IP Broadcast Address
Flooding IP Broadcasts
Monitoring and Maintaining IP Addressing
Enabling IP Unicast Routing
Configuring RIP
Default RIP Configuration
Configuring Basic RIP Parameters
Page
Configuring RIP Authentication
Configuring Summary Addresses and Split Horizon
Page
Configuring Split Horizon
Configuring OSPF
Page
Default OSPF Configuration
OSPF Nonstop Forwarding
OSPF NSF Awareness
OSPF NSF Capability
Configuring Basic OSPF Parameters
Configuring OSPF Interfaces
Configuring OSPF Area Parameters
Configuring Other OSPF Parameters
Page
Changing LSA Group Pacing
Configuring a Loopback Interface
Monitoring OSPF
Configuring EIGRP
Page
Default EIGRP Configuration
EIGRP Nonstop Forwarding
EIGRP NSF Awareness
EIGRP NSF Capability
Configuring Basic EIGRP Parameters
Configuring EIGRP Interfaces
Configuring EIGRP Route Authentication
EIGRP Stub Routing
Monitoring and Maintaining EIGRP
Configuring BGP
Page
Default BGP Configuration
Page
Nonstop Forwarding Awareness
Enabling BGP Routing
Page
Managing Routing Policy Changes
Page
Configuring BGP Decision Attributes
Page
Configuring BGP Filtering with Route Maps
Configuring BGP Filtering by Neighbor
Page
Configuring Prefix Lists for BGP Filtering
Configuring BGP Community Filtering
Configuring BGP Neighbors and Peer Groups
Page
Configuring Aggregate Addresses
Configuring Routing Domain Confederations
Configuring BGP Route Reflectors
Configuring Route Dampening
Monitoring and Maintaining BGP
Configuring ISO CLNS Routing
Configuring IS-IS Dynamic Routing
Default IS-IS Configuration
Nonstop Forwarding Awareness
Enabling IS-IS Routing
Page
Configuring IS-IS Global Parameters
Page
Configuring IS-IS Interface Parameters
Page
Monitoring and Maintaining ISO IGRP and IS-IS
Configuring Multi-VRF CE
Understanding Multi-VRF CE
Page
Default Multi-VRF CE Configuration
Multi-VRF CE Configuration Guidelines
Configuring VRFs
Configuring VRF-Aware Services
User Interface for ARP
User Interface for PING
User Interface for SNMP
User Interface for HSRP
User Interface for uRPF
User Interface for VRF-Aware RADIUS
User Interface for Syslog
User Interface for Traceroute
User Interface for FTP and TFTP
Configuring Multicast VRFs
Configuring a VPN Routing Session
Configuring BGP PE to CE Routing Sessions
42-85
Multi-VRF CE Configuration Example
Configuring Switch A
On Switch A, enable routing and configure VRF.
42-86
Configure OSPF routing in VPN1 and VPN2.
42-87
Configure BGP for CE to PE routing.
Configuring Switch D
Switch D belongs to VPN 1. Configure the connection to Switch A by using these commands.
Configuring Switch F
Switch F belongs to VPN 2. Configure the connection to Switch A by using these commands.
Configuring the PE Switch B
Displaying Multi-VRF CE Status
Tab le 42-15 Commands for Displaying Multi-VRF CE Information
Configuring Unicast Reverse Path Forwarding
Configuring Protocol-Independent Features
Configuring Distributed Cisco Express Forwarding
Page
Configuring the Number of Equal-Cost Routing Paths
Configuring Static Unicast Routes
Specifying Default Routes and Networks
Using Route Maps to Redistribute Routing Information
Page
Page
Page
Configuring Policy-Based Routing
PBR Configuration Guidelines
Enabling PBR
Filtering Routing Information
Setting Passive Interfaces
Controlling Advertising and Processing in Routing Updates
Filtering Sources of Routing Information
Managing Authentication Keys
Monitoring and Maintaining the IP Network
Configuring IPv6 Unicast Routing
Understanding IPv6
IPv6 Addresses
Supported IPv6 Unicast Routing Features
128-Bit Wide Unicast Addresses
DNS for IPv6
Path MTU Discovery for IPv6 Unicast
ICMPv6
Neighbor Discovery
Default Router Preference
IPv6 Stateless Autoconfiguration and Duplicate Address Detection
IPv6 Applications
Dual IPv4 and IPv6 Protocol Stacks
DHCP for IPv6 Address Assignment
Static Routes for IPv6
RIP for IPv6
OSPF for IPv6
EIGRP IPv6
HSRP for IPv6
SNMP and Syslog Over IPv6
Unsupported IPv6 Unicast Routing Features
Limitations
IPv6 and Switch Stacks
Configuring IPv6
Default IPv6 Configuration
Configuring IPv6 Addressing and Enabling IPv6 Routing
Page
Configuring Default Router Preference
Configuring IPv4 and IPv6 Protocol Stacks
Configuring DHCP for IPv6 Address Assignment
Default DHCPv6 Address Assignment Configuration
DHCPv6 Address Assignment Configuration Guidelines
Enabling DHCPv6 Server Function
Page
Enabling DHCPv6 Client Function
Configuring IPv6 ICMP Rate Limiting
Configuring CEF and dCEF for IPv6
Configuring Static Routing for IPv6
Configuring RIP for IPv6
Configuring OSPF for IPv6
Page
Configuring EIGRP for IPv6
Configuring HSRP for IPv6
Enabling HSRP Version 2
Enabling an HSRP Group for IPv6
Page
Displaying IPv6
43-28
This is an example of the output from the show ipv6 interface privileged EXEC command:
Configuring HSRP
Understanding HSRP
Page
HSRP Versions
Multiple HSRP
HSRP and Switch Stacks
Configuring HSRP
Default HSRP Configuration
HSRP Configuration Guidelines
Enabling HSRP
Page
Configuring HSRP Priority
Page
Configuring MHSRP
Configuring HSRP Authentication and Timers
Page
Enabling HSRP Support for ICMP Redirect Messages
Configuring HSRP Groups and Clustering
Troubleshooting HSRP for Mixed Stacks of Catalyst 3750-X, 3750-E and 3750 Switches
Displaying HSRP Configurations
Page
Configuring Cisco IOS IP SLAs Operations
Understanding Cisco IOS IP SLAs
Page
Using Cisco IOS IP SLAs to Measure Network Performance
IP SLAs Responder and IP SLAs Control Protocol
Response Time Computation for IP SLAs
IP SLAs Operation Scheduling
IP SLAs Operation Threshold Monitoring
Configuring IP SLAs Operations
Configuring the IP SLAs Responder
Analyzing IP Service Levels by Using the UDP Jitter Operation
Page
Page
Analyzing IP Service Levels by Using the ICMP Echo Operation
Page
Monitoring IP SLAs Operations
Page
Configuring Enhanced Object Tracking
Understanding Enhanced Object Tracking
Configuring Enhanced Object Tracking Features
Tracking Interface Line-Protocol or IP Routing State
Configuring a Tracked List
Configuring a Tracked List with a Boolean Expression
Configuring a Tracked List with a Weight Threshold
Configuring a Tracked List with a Percentage Threshold
Configuring HSRP Object Tracking
Configuring Other Tracking Characteristics
Configuring IP SLAs Object Tracking
Page
Configuring Static Routing Support
Configuring a Primary Interface
Configuring a Cisco IP SLAs Monitoring Agent and Track Object
Configuring a Routing Policy and Default Route
Monitoring Enhanced Object Tracking
Page
Page
Configuring Web Cache Services By Using WCCP
Understanding WCCP
WCCP Message Exchange
WCCP Negotiation
MD5 Security
Packet Redirection and Service Groups
WCCP and Switch Stacks
Unsupported WCCP Features
Configuring WCCP
Default WCCP Configuration
WCCP Configuration Guidelines
Enabling the Web Cache Service
Page
Page
Page
Monitoring and Maintaining WCCP
Configuring IP Multicast Routing
Understanding Ciscos Implementation of IP Multicast Routing
Understanding IGMP
IGMP Version 1
IGMP Version 2
Understanding PIM
PIM Versions
PIM Modes
PIM DM
PIM-SM
PIM Stub Routing
IGMP Helper
Auto-RP
Bootstrap Router
Multicast Forwarding and Reverse Path Check
Understanding DVMRP
Understanding CGMP
Multicast Routing and Switch Stacks
Configuring IP Multicast Routing
Default Multicast Routing Configuration
Multicast Routing Configuration Guidelines
PIMv1 and PIMv2 Interoperability
Auto-RP and BSR Configuration Guidelines
Configuring Basic Multicast Routing
Page
Configuring Source-Specific Multicast
SSM Components Overview
How SSM Differs from Internet Standard Multicast
SSM IP Address Range
SSM Operations
IGMPv3 Host Signalling
Legacy Applications Within the SSM Range Restrictions
Address Management Restrictions
IGMP Snooping and CGMP Limitations
State Maintenance Limitations
Configuring SSM
Configuring Source Specific Multicast Mapping
SSM Mapping Configuration Guidelines and Restrictions
SSM Mapping Overview
Static SSM Mapping
DNS-Based SSM Mapping
Configuring SSM Mapping
Configuring Static SSM Mapping
Configuring DNS-Based SSM Mapping
Configuring Static Traffic Forwarding with SSM Mapping
Monitoring SSM Mapping
Configuring PIM Stub Routing
PIM Stub Routing Configuration Guidelines
Enabling PIM Stub Routing
Configuring a Rendezvous Point
Manually Assigning an RP to Multicast Groups
Page
Configuring Auto-RP
Setting up Auto-RP in a New Internetwork
Adding Auto-RP to an Existing Sparse-Mode Cloud
Page
Preventing Join Messages to False RPs
Filtering Incoming RP Announcement Messages
Page
Configuring PIMv2 BSR
Defining the PIM Domain Border
Defining the IP Multicast Boundary
Configuring Candidate BSRs
Configuring Candidate RPs
Using Auto-RP and a BSR
Monitoring the RP Mapping Information
Troubleshooting PIMv1 and PIMv2 Interoperability Problems
Configuring Advanced PIM Features
Understanding PIM Shared Tree and Source Tree
Page
Delaying the Use of PIM Shortest-Path Tree
Modifying the PIM Router-Query Message Interval
Configuring Optional IGMP Features
Default IGMP Configuration
Configuring the Switch as a Member of a Group
Controlling Access to IP Multicast Groups
Changing the IGMP Version
Modifying the IGMP Host-Query Message Interval
Changing the IGMP Query Timeout for IGMPv2
Changing the Maximum Query Response Time for IGMPv2
Configuring the Switch as a Statically Connected Member
Configuring Optional Multicast Routing Features
Enabling CGMP Server Support
Configuring sdr Listener Support
Enabling sdr Listener Support
Limiting How Long an sdr Cache Entry Exists
Configuring an IP Multicast Boundary
Page
Configuring Basic DVMRP Interoperability Features
Configuring DVMRP Interoperability
Page
Configuring a DVMRP Tunnel
Page
Advertising Network 0.0.0.0 to DVMRP Neighbors
Responding to mrinfo Requests
Configuring Advanced DVMRP Interoperability Features
Enabling DVMRP Unicast Routing
Rejecting a DVMRP Nonpruning Neighbor
Page
Page
Controlling Route Exchanges
Limiting the Number of DVMRP Routes Advertised
Changing the DVMRP Route Threshold
Configuring a DVMRP Summary Address
Page
Disabling DVMRP Autosummarization
Adding a Metric Offset to the DVMRP Route
Monitoring and Maintaining IP Multicast Routing
Clearing Caches, Tables, and Databases
Displaying System and Network Statistics
Monitoring IP Multicast Routing
Configuring MSDP
Understanding MSDP
MSDP Operation
MSDP Benefits
Configuring MSDP
Default MSDP Configuration
Configuring a Default MSDP Peer
Page
Caching Source-Active State
Page
Requesting Source Information from an MSDP Peer
Controlling Source Information that Your Switch Originates
Redistributing Sources
Page
Filtering Source-Active Request Messages
Controlling Source Information that Your Switch Forwards
Using a Filter
Page
Using TTL to Limit the Multicast Data Sent in SA Messages
Controlling Source Information that Your Switch Receives
Page
Configuring an MSDP Mesh Group
Shutting Down an MSDP Peer
Including a Bordering PIM Dense-Mode Region in MSDP
Configuring an Originating Address other than the RP Address
Monitoring and Maintaining MSDP
Page
Configuring Fallback Bridging
Understanding Fallback Bridging
Fallback Bridging Overview
Page
Fallback Bridging and Switch Stacks
Configuring Fallback Bridging
Default Fallback Bridging Configuration
Fallback Bridging Configuration Guidelines
Creating a Bridge Group
Adjusting Spanning-Tree Parameters
Changing the VLAN-Bridge Spanning-Tree Priority
Changing the Interface Priority
Assigning a Path Cost
Adjusting BPDU Intervals
Adjusting the Interval between Hello BPDUs
Changing the Forward-Delay Interval
Changing the Maximum-Idle Interval
Disabling the Spanning Tree on an Interface
Monitoring and Maintaining Fallback Bridging
Troubleshooting
Recovering from a Software Failure
Recovering from a Lost or Forgotten Password
Procedure with Password Recovery Enabled
Page
Procedure with Password Recovery Disabled
Page
Preventing Switch Stack Problems
Recovering from a Command Switch Failure
Replacing a Failed Command Switch with a Cluster Member
Page
Replacing a Failed Command Switch with Another Switch
Recovering from Lost Cluster Member Connectivity
Preventing Autonegotiation Mismatches
Troubleshooting Power over Ethernet Switch Ports
Disabled Port Caused by Power Loss
Disabled Port Caused by False Link Up
SFP Module Security and Identification
Monitoring SFP Module Status
Monitoring Temperature
Using Ping
Understanding Ping
Executing Ping
Using Layer 2 Traceroute
Understanding Layer 2 Traceroute
Usage Guidelines
Displaying the Physical Path
Using IP Traceroute
Understanding IP Traceroute
Executing IP Traceroute
Using TDR
Understanding TDR
Running TDR and Displaying the Results
Using Debug Commands
Enabling Debugging on a Specific Feature
Enabling All-System Diagnostics
Redirecting Debug and Error Message Output
Using the show platform forward Command
51-23
Using the crashinfo Files
Basic crashinfo Files
Extended crashinfo Files
Using On-Board Failure Logging
Understanding OBFL
Configuring OBFL
Displaying OBFL Information
Troubleshooting Tables
Troubleshooting CPU Utilization
Possible Symptoms of High CPU Utilization
Verifying the Problem and Cause
Troubleshooting Power over Ethernet (PoE)
Page
Page
Troubleshooting Stackwise (Catalyst 3750-X Switches Only)
Page
Page
Configuring Online Diagnostics
Understanding Online Diagnostics
Configuring Online Diagnostics
Scheduling Online Diagnostics
Configuring Health-Monitoring Diagnostics
Page
Running Online Diagnostic Tests
Starting Online Diagnostic Tests
Displaying Online Diagnostic Tests and Test Results
Page
A
Supported MIBs
MIB List
Page
Page
Using FTP to Access the MIB Files
B
Working with the Cisco IOS File System, Configuration Files, and Software Images
Working with the Flash File System
Displaying Available File Systems
Setting the Default File System
Displaying Information about Files on a File System
Changing Directories and Displaying the Working Directory
Creating and Removing Directories
Copying Files
Deleting Files
Creating, Displaying, and Extracting Files
Page
Page
Working with Configuration Files
Guidelines for Creating and Using Configuration Files
Configuration File Types and Location
Creating a Configuration File By Using a Text Editor
Copying Configuration Files By Using TFTP
Preparing to Download or Upload a Configuration File By Using TFTP
Downloading the Configuration File By Using TFTP
Uploading the Configuration File By Using TFTP
Copying Configuration Files By Using FTP
Preparing to Download or Upload a Configuration File By Using FTP
Downloading a Configuration File By Using FTP
Page
Uploading a Configuration File By Using FTP
Copying Configuration Files By Using RCP
Preparing to Download or Upload a Configuration File By Using RCP
Downloading a Configuration File By Using RCP
Uploading a Configuration File By Using RCP
Clearing Configuration Information
Clearing the Startup Configuration File
Deleting a Stored Configuration File
Replacing and Rolling Back Configurations
Understanding Configuration Replacement and Rollback
Archiving a Configuration
Replacing a Configuration
Rolling Back a Configuration
Configuring the Configuration Archive
Performing a Configuration Replacement or Rollback Operation
Page
Working with Software Images
Image Location on the Switch
File Format of Images on a Server or Cisco.com
Copying Image Files By Using TFTP
Preparing to Download or Upload an Image File By Using TFTP
Downloading an Image File By Using TFTP
Page
Uploading an Image File By Using TFTP
Copying Image Files By Using FTP
Preparing to Download or Upload an Image File By Using FTP
Downloading an Image File By Using FTP
Page
Uploading an Image File By Using FTP
Copying Image Files By Using RCP
Preparing to Download or Upload an Image File By Using RCP
Downloading an Image File By Using RCP
Uploading an Image File By Using RCP
Copying an Image File from One Stack Member to Another
Page
C
Unsupported Commands in Cisco IOS Release 12.2(53)SE2
Access Control Lists
Archive Commands
ARP Commands
Boot Loader Commands
Debug Commands
Embedded Event Manager
Unsupported Commands in Applet Configuration Mode
Unsupported Commands in Event Trigger Configuration Mode
Fallback Bridging
HSRP
IGMP Snooping Commands
Interface Commands
IP Multicast Routing
IP Unicast Routing
Unsupported Privileged EXEC or User EXEC Commands
Unsupported BGP Router Configuration Commands
Unsupported VPN Configuration Commands
Unsupported Route Map Commands
MAC Address Commands
Miscellaneous
Unsupported User EXEC Commands
MSDP
NetFlow Commands
Network Address Translation (NAT) Commands
QoS
RADIUS
SNMP
Spanning Tree
VLAN
VTP
Unsupported Privileged EXEC Command
INDEX
Numerics
A
Page
Page
B
Page
C
Page
Page
Page
D
Page
Page
Page
Page
E
Page
F
Page
G
H
I
Page
Page
Page
Page
Page
J
K
L
M
Page
Page
Page
Page
N
O
P
Page
Page
Page
Page
Q
Page
R
Page
Page
S
Page
Page
Page
Page
Page
Page
Page
Page
T
Page
U
V
Page
Page
W
