Manuals / Cisco Systems / Computer Equipment / Webcam

Cisco Systems 3750E manual 10-4, Authentication Flowchart

Models: 3750E

1 1236

Download 1236 pages 40.08 Kb

Page 256

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Understanding IEEE 802.1x Port-Based Authentication

Figure 10-2shows the authentication process.

If Multi Domain Authentication (MDA) is enabled on a port, this flow can be used with some exceptions that are applicable to voice authorization. For more information on MDA, see “Using Multidomain Authentication” section on page 10-19.

Figure 10-2

Authentication Flowchart

Start

No

Is the client IEEE

IEEE 802.1x authentication

Is MAC authentication

802.1x capable?

process times out.

bypass enabled? 1

Yes

Yes

No

The switch gets an

EAPOL message,

and the EAPOL

message

Start IEEE 802.1x port-based

exchange begins.

Use MAC authentication

authentication.

bypass. 1

Client

Client

Client MAC

Client MAC

identity is

identity is

address

address

invalid

valid

identity

identity

is valid.

is invalid.

Assign the port to

Assign the port to

Assign the port to

Assign the port to

a restricted VLAN.

a VLAN.

a VLAN.

a guest VLAN.1

141679

Done

Done

Done

Done

All authentication

All authentication

servers are down.

servers are down.

Use inaccessible

authentication bypass (critical authentication) to assign the critical port to a VLAN.

Done

1 = This occurs if the switch does not detect EAPOL packets from the client.

The switch re-authenticates a client when one of these situations occurs:

•Periodic re-authentication is enabled, and the re-authentication timer expires.

You can configure the re-authentication timer to use a switch-specific value or to be based on values from the RADIUS server.

After IEEE 802.1x authentication using a RADIUS server is configured, the switch uses timers based on the Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute (Attribute [29]).

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

10-4	OL-9775-02

Image 256

Cisco Systems 3750E manual 10-4, Authentication Flowchart

Contents

Americas Headquarters Text Part Number OL-9775-02Page N T E N T S IiiAssigning the Switch IP Address and Default Gateway Understanding Cisco Configuration Engine Software Clustering Switches Catalyst 1900 and Catalyst 2820 CLI Considerations ViiCreating a Banner ViiiChanging the Default Privilege Level for Lines Device Roles Bypass Routed Ports XiiMonitoring and Maintaining the Interfaces XiiiEncapsulation Types XivDomain Names Private-VLAN Configuration Guidelines XviDisabled State XviiBoundary Ports XviiiXix 19-25Dhcp Server Configuring Dynamic ARP Inspection XxiConfiguring MVR XxiiUnderstanding Storm Control XxiiiUnderstanding Udld Modes of Operation XxivCreating an Rspan Source Session XxvSnmp Agent Functions XxviCreating a Numbered Extended ACL XxviiInteraction with Other Features and Switches XxviiiXxix Port-Channel Interfaces XxxConfiguring IP Addressing XxxiNonstop Forwarding Awareness XxxiiIPv6 Addresses XxxiiiConfiguring Hsrp Priority XxxivConfiguring IP Multicast Routing XxxvConfiguring Basic Dvmrp Interoperability Features XxxviUsing a Filter XxxviiXxxviii 45-14Configuring Online Diagnostics XxxixUnsupported Route-Map Configuration Commands C-1 Hsrp XliVTP XliiPreface AudiencePurpose ConventionsRelated Publications XlivXlv Xlvi Features OverviewDeployment Features Availability and Redundancy Features, Vlan Features,Overview Features Performance Features Management Options Manageability Features Availability and Redundancy Features Vlan Features Security FeaturesOverview Features QoS and CoS Features Layer 3 Features Power over Ethernet Features Monitoring Features Default Settings After Initial Switch ConfigurationVlan Overview Default Settings After Initial Switch Configuration Overview Default Settings After Initial Switch Configuration Network Configuration Examples Design Concepts for Using the SwitchNetwork Demands Suggested Design Methods Cost-Effective Wiring Closet High-Performance Wiring Closet High-Performance Workgroup Gigabit-to-the-Desktop Redundant Gigabit Backbone Server Aggregation Linux Server Cluster Cisco SoftPhone Software Gigabit servers Internet Cisco 2600 or 3700 routers Catalyst 3560-E switches Large Network Using Catalyst 3750-E and 3560-E Switches Cisco 7x00 routers Catalyst Catalyst 3560-E Multidwelling Network Using Catalyst 3750-E Switches Long-Distance, High-Bandwidth Transport Configuration 11 Catalyst 3750-E Switches in a MAN ConfigurationWhere to Go Next Access layer Aggregation layerOL-9775-02 Using the Command-Line Interface Understanding Command ModesMode Access Method Prompt Exit Method About This Mode ConfigureQuit Ctrl-ZConsole command Command PurposeUnderstanding the Help System Line vty or lineUnderstanding Abbreviated Commands Understanding no and default Forms of CommandsCommand ? Command keyword ?Using Configuration Logging Understanding CLI Error MessagesError Message Meaning How to Get Help Using Command History Changing the Command History Buffer SizeRecalling Commands Action1 ResultUsing Editing Features Disabling the Command History FeatureEnabling and Disabling Editing Features Switch# terminal editingEditing Commands through Keystrokes Capability Keystroke1 PurposeReturn and Space bar Editing Command Lines that WrapPress Ctrl-L or Ctrl-R Command begin include exclude regular-expression Accessing the CLISwitch# show interfaces include protocol Using the Command-Line Interface Accessing the CLI OL-9775-02 Assigning the Switch IP Address and Default Gateway Understanding the Boot ProcessAssigning Switch Information Understanding DHCP-Based Autoconfiguration Default Switch InformationFeature Default Setting Dhcp Client Request Process Dhcp Client and Server Message ExchangeConfiguring DHCP-Based Autoconfiguration Dhcp Server Configuration GuidelinesConfiguring the Tftp Server Configuring the DNSObtaining Configuration Files Configuring the Relay DeviceRouterconfig-if#ip helper-address Example Configuration TftpserverSwitch a Switch B Switch C Switch D DNS Server ConfigurationTftp Server Configuration on Unix Dhcp Client ConfigurationManually Assigning IP Information Switch# show running-config Checking and Saving the Running ConfigurationSwitch# copy running-config startup-config Default Boot Configuration Modifying the Startup ConfigurationAutomatically Downloading a Configuration File Booting Manually Boot config-file flash/ file-urlShow boot Configure terminal Enter global configuration modeBooting a Specific Software Image Boot system filesystem /file-urlBoot system switch number all Controlling Environment VariablesSet Manualboot yes Boot manual Set SwitchnumberSwitch current-stack-member-number renumber Set SwitchpriorityConfiguring a Scheduled Reload Scheduling a Reload of the Software ImageVariable Description Reload in hhmm textSwitch# reload at 0200 jun Switch# reload atDisplaying Scheduled Reload Information Configuring Cisco IOS CNS Agents Understanding Cisco Configuration Engine SoftwareConfiguration Service Configuration Engine Architectural OverviewEvent Service ConfigIDWhat You Should Know About the CNS IDs and Device Hostnames NameSpace MapperDeviceID Using Hostname, DeviceID, and ConfigIDHostname and DeviceID Initial Configuration Understanding Cisco IOS AgentsConfiguring Cisco IOS Agents Incremental Partial ConfigurationSynchronized Configuration Enabling Automated CNS ConfigurationDevice Required Configuration Backup init-retry retry-count keepalive seconds Show running-configEnabling the CNS Event Agent Show cns event connectionsEnabling an Initial Configuration Enabling the Cisco IOS CNS AgentCns config initial ip-address hostname Cns id interface num dns-reverse ipaddressMac-address event Cns id hardware-serial hostname string stringEnabling a Partial Configuration Show running-config Verify your entriesCns config partial ip-address hostname Show cns config statsDisplaying CNS Configuration Show cns config connectionsShow cns event stats Show cns event subjectManaging Switch Stacks Understanding Switch StacksManaging Switch Stacks Understanding Switch Stacks Switch Stack Membership Creating a Switch Stack from Two Standalone Switches Adding a Standalone Switch to a Switch Stack Stack Master Election and Re-ElectionSwitch Stack Bridge ID and Router MAC Address Stack Member NumbersStack Member Priority Values Effects of Adding a Provisioned Switch to a Switch Stack Switch Stack Offline ConfigurationScenario Result Scenario Result Switch Stack Software Compatibility Recommendations Effects of Replacing a Provisioned Switch in a Switch StackMinor Version Number Incompatibility Among Switches Major Version Number Incompatibility Among SwitchesStack Protocol Version Compatibility Understanding Auto-Upgrade and Auto-Advise Switch Auto-Upgrade and Auto-Advise Example MessagesDirectory Mar 1 000422.537%IMAGEMGR-6-AUTOADVISESW Incompatible Software and Stack Member Image Upgrades Switch Stack Configuration FilesSwitch Stack Management Connectivity Connectivity to the Switch Stack Through an SSH Session Connectivity to the Switch Stack Through an IP AddressConnectivity to Specific Stack Members Use the switch stack-member-number Switch Stack Configuration ScenariosPriority new-priority-number global Current-stack-member-number Renumber new-stack-member-number Default Switch Stack Configuration Configuring the Switch StackEnabling Persistent MAC Address Stack-mac persistent timer Show switchSwitchconfig# stack-mac persistent timer Time-valueAssigning Stack Member Information Setting the Stack Member Priority ValueAssigning a Stack Member Number Provisioning a New Member for a Switch Stack Accessing the CLI of a Specific Stack Member Displaying Switch Stack InformationCommand Description Show switch stack-member-numberShow switch stack-ring activity Show switch stack-portsDetail OL-9775-02 Clustering Switches Understanding Switch ClustersSwitch Cisco IOS Release Cluster Capability Cluster Command Switch Characteristics Standby Cluster Command Switch CharacteristicsPlanning a Switch Cluster Candidate Switch and Cluster Member Switch CharacteristicsAutomatic Discovery of Cluster Candidates and Members Discovery Through CDP HopsDiscovery Through CDP Hops Discovery Through Different VLANs Discovery Through Different Management VLANs Discovery Through Different VLANsDiscovery Through Routed Ports Discovery of Newly Installed Switches New out-of-boxHsrp and Standby Cluster Command Switches Virtual IP Addresses Other Considerations for Cluster Standby GroupsAutomatic Recovery of Cluster Configuration IP Addresses HostnamesPasswords Snmp Community StringsSwitch Stack Switch Cluster Switch Clusters and Switch StacksMembers Other cluster member switches TACACS+ and Radius LRE ProfilesSwitch# rcommand Using the CLI to Manage Switch ClustersCatalyst 1900 and Catalyst 2820 CLI Considerations Using Snmp to Manage Switch Clusters Snmp Management for a ClusterOL-9775-02 Managing the System Time and Date Administering the SwitchUnderstanding the System Clock Understanding Network Time Protocol NTPConfiguring NTP Typical NTP Network ConfigurationConfiguring NTP Authentication Default NTP ConfigurationNtp authenticate Configuring NTP Associations Configuring NTP Broadcast Service Switchconfig# ntp server 172.16.22.44 versionNtp peer ip-address version number Key keyid source interface preferInterface interface-id Ntp broadcast version number key keyidDestination-address Ntp broadcast clientConfiguring NTP Access Restrictions Ntp broadcastdelay microsecondsNtp access-group query-only Serve-onl y serve peerCommand Purpose Configuring the Source IP Address for NTP Packets Interface interface-idConfiguring Time and Date Manually Displaying the NTP ConfigurationSetting the System Clock Fundamentals Command Reference, ReleaseDisplaying the Time and Date Configuration Configuring the Time ZoneClock timezone zone hours-offset Minutes-offsetConfiguring Summer Time Daylight Saving Time Clock summer-time zone recurringWeek day month hh mm week day month Hh mm offsetClock summer-time zone date month Configuring a System Name and PromptClock summer-time zone date date Default System Name and Prompt Configuration Configuring a System NameCopy running-config startup-confi g Understanding DNSDefault DNS Configuration Setting Up DNSIp domain-name name Ip name-server server-address1Displaying the DNS Configuration Default Banner ConfigurationCreating a Banner Banner motd c message c Configuring a Message-of-the-Day Login BannerUnix telnet Banner login c message c Configuring a Login BannerManaging the MAC Address Table Building the Address Table MAC Addresses and VLANsDefault MAC Address Table Configuration MAC Addresses and Switch StacksChanging the Address Aging Time Configuring MAC Address Notification Traps Removing Dynamic Address EntriesMac address-table aging-time Show mac address-table aging-timeString by using the snmp-server community Snmp-server enable traps mac-notificationSnmp-server host host-addr traps informs version Mac address-table notificationAdding and Removing Static Address Entries Configuring Unicast MAC Address Filtering Mac address-table static mac-addrVlan vlan-id interface interface-id Show mac address-table staticVlan vlan-id drop Managing the ARP Table Displaying Address Table EntriesOL-9775-02 Configuring SDM Templates Understanding the SDM TemplatesResource Access Default Routing Dual IPv4 and IPv6 SDM TemplatesSDM Templates and Switch Stacks IPv4-and-IPv6 Resource Default RoutingDefault SDM Template Configuring the Switch SDM TemplateSDM Template Configuration Guidelines Setting the SDM Template Sdm prefer access defaultDual-ipv4-and-ipv6 default routing Vlan routing vlanSwitchconfig# sdm prefer dual-ipv4-and-ipv6 default Switchconfig# sdm prefer routingDisplaying the SDM Templates Policy based routing aces 25K OL-9775-02 Configuring Switch-Based Authentication Preventing Unauthorized Access to Your SwitchProtecting Access to Privileged Exec Commands Default Password and Privilege Level ConfigurationEnable password password Setting or Changing a Static Enable PasswordSwitchconfig# enable password l1u2c3k4y5 Enable password level level password Encryption-type encrypted-passwordEnable secret level level password Service password-encryptionNo service password-recovery Disabling Password RecoveryShow version Setting a Telnet Password for a Terminal Line Configuring Username and Password PairsPassword password Switchconfig-line#password let45me67in89Configuring Multiple Privilege Levels Username commandLogin local Username name privilege levelPrivilege mode level level command Setting the Privilege Level for a CommandShow privilege Command Changing the Default Privilege Level for LinesLogging into and Exiting a Privilege Level Controlling Switch Access with TACACS+ Understanding TACACS+Typical TACACS+ Network Configuration Configuring TACACS+ TACACS+ OperationDefault TACACS+ Configuration Tacacs-server host hostname portAaa new-model Aaa group server tacacs+ group-nameAaa new-model Enable AAA Configuring TACACS+ Login AuthenticationShow tacacs Verify your entries Aaa authentication login default Login authentication defaultAuthentication login command Line console tty vty line-numberShow running-config Verify your entries Displaying the TACACS+ Configuration Controlling Switch Access with RadiusStarting TACACS+ Accounting Understanding Radius Transitioning from Radius to TACACS+ Services Radius OperationDefault Radius Configuration Configuring RadiusIdentifying the Radius Server Host Page Acct-port port-number timeout Radius-server host hostnameIp-address auth-port port-number Seconds retransmit retries keyConfiguring Radius Login Authentication Switchconfig# radius-server host host1Server Host section on Defining AAA Server Groups Aaa group server radius group-name Aaa authorization network radius RadiusStarting Radius Accounting Configuring Settings for All Radius Servers Radius-server timeout secondsRadius-server key string Radius-server retransmit retriesAuthentication Radius-server vsa send accountingCisco-avpair=shellpriv-lvl=15 Cisco-avpair=ipoutacl#2=deny ip 10.10.10.10 0.0.255.255 anyDisplaying the Radius Configuration Controlling Switch Access with KerberosRadius-server host hostname ip-address non-standard Understanding Kerberos Term Definition KDCAuthenticating to a Boundary Switch Kerberos OperationKeytab SrvtabAuthenticating to Network Services Configuring KerberosObtaining a TGT from a KDC Aaa authorization exec local Aaa authentication login default localAaa authorization network local Username command Configuring the Switch for Secure ShellUsername name privilege level Understanding SSH SSH Servers, Integrated Clients, and Supported VersionsConfiguration Guidelines Configuring SSHLimitations Setting Up the Switch to Run SSH Displaying the SSH Configuration and Status Configuring the SSH ServerIp ssh timeout seconds Authentication-retries numberUnderstanding Secure Http Servers and Clients Configuring the Switch for Secure Socket Layer HttpCertificate Authority Trustpoints Rsakeypair TP-self-signed-3080755072 Default SSL Configuration Configuring Secure Http Servers and ClientsCipherSuites SSL Configuration Guidelines Configuring a CA TrustpointConfiguring the Secure Http Server Configuring the Secure Http Client Ip http timeout-policy idle seconds lifeShow ip http server secure status Ip http client secure-trustpoint nameConfiguring the Switch for Secure Copy Protocol Displaying Secure Http Server and Client StatusIp http client secure-ciphersuite Show ip http client secure statusInformation About Secure Copy HtmlOL-9775-02 Understanding Ieee 802.1x Port-Based Authentication Configuring Ieee 802.1x Port-Based Authentication10-1 Device Roles 10-2Authentication Process 10-3Authentication Flowchart 10-4Authentication Initiation and Message Exchange 10-510-6 EAPOL-StartPorts in Authorized and Unauthorized States Ieee 802.1x Authentication and Switch Stacks10-7 Ieee 802.1x Host Mode 10-8Ieee 802.1x Accounting Ieee 802.1x Accounting Attribute-Value PairsAttribute Number AV Pair Name 10-9Using Ieee 802.1x Authentication with Vlan Assignment 10-10Using Ieee 802.1x Authentication with Per-User ACLs 10-11Using Ieee 802.1x Authentication with Guest Vlan 10-12Using Ieee 802.1x Authentication with Restricted Vlan 10-1310-14 Using Ieee 802.1x Authentication with Voice Vlan Ports 10-15Using Ieee 802.1x Authentication with Port Security 10-16Using Ieee 802.1x Authentication with Wake-on-LAN 10-1710-18 Network Admission Control Layer 2 Ieee 802.1x Validation Using Multidomain Authentication10-19 For example Using Web Authentication10-20 Configuring Ieee 802.1x Authentication 10-21AAA Default Ieee 802.1x Authentication Configuration10-22 Ieee 802.1x Authentication Ieee 802.1x Authentication Configuration Guidelines10-23 10-24 MAC Authentication Bypass Configuring Ieee 802.1x Authentication10-25 Configuring the Switch-to-RADIUS-Server Communication 10-26Ip-address auth-port port-number key 10-27Configuring the Host Mode Dot1x host-mode multi-hostMulti-domain Show dot1x interface interface-idManually Re-Authenticating a Client Connected to a Port Configuring Periodic Re-Authentication10-29 Changing the Switch-to-Client Retransmission Time Dot1x timeout tx-period secondsChanging the Quiet Period Show dot1x interface interface-id Verify your entriesSetting the Switch-to-Client Frame-Retransmission Number Switchconfig-if#dot1x timeout tx-periodShow dot1xinterface interface-id Verify your entries Dot1x max-reauth-req countSetting the Re-Authentication Number Configuring Ieee 802.1x AccountingSwitchconfig-if#dot1x max-reauth-req 10-32Configuring a Guest Vlan 10-33Configuring a Restricted Vlan Switchport mode private-vlan hostSwitchconfig# interface gigabitethernet2/0/2 Dot1x guest-vlan vlan-idDot1x auth-fail vlan vlan-id Dot1x auth-fail max-attempts maxAttempts 10-35Configuring the Inaccessible Authentication Bypass Feature Switchconfig-if#dot1x auth-fail max-attemptsRadius-server dead-criteria time time Tries tries10-37 Configuring Ieee 802.1x Authentication with WoL Dot1x critical recovery actionReinitialize vlan vlan-id Show dot1x interface interface-idConfiguring MAC Authentication Bypass Switchconfig-if#dot1x control-direction bothSwitchconfig-if#dot1x mac-auth-bypass Dot1x control-direction bothConfiguring NAC Layer 2 Ieee 802.1x Validation 10-40Configuring Web Authentication 10-4110-42 Disabling Ieee 802.1x Authentication on the Port No dot1x pae Disable Ieee 802.1x authentication on the portDot1x fallback fallback-profile 10-43Displaying Ieee 802.1x Statistics and Status 10-44Understanding Interface Types Configuring Interface Characteristics11-1 Port-Based VLANs Switch Ports11-2 Trunk Ports Access Ports11-3 Tunnel Ports Routed Ports11-4 EtherChannel Port Groups Switch Virtual Interfaces11-5 Power over Ethernet Ports Gigabit Ethernet InterfacesSupported Protocols and Standards 11-6Class Powered-Device Detection and Initial Power Allocation11-7 Power Management Modes 11-8Power Monitoring and Power Policing 11-9Maximum Power Allocation Cutoff Power on a PoE Port 11-10Connecting Interfaces 11-11Ethernet Management Port 11-12Connecting a Switch Stack to a PC 11-13Tftp 11-14Using Interface Configuration Mode MgmtinitMgmtshow MgmtclrProcedures for Configuring Interfaces 11-16Configuring a Range of Interfaces Interface range port-range macroMacroname Show interfaces interface-id11-18 Configuring and Using Interface Range Macros Show running-config include defineDefine interface-range macroname Interface range macro macronameConfiguring Ethernet Interfaces Switch# show running-config include defineSwitch# show run include define 11-20Default Ethernet Interface Configuration 11-21Speed and Duplex Configuration Guidelines Configuring Interface Speed and Duplex Mode11-22 Setting the Interface Speed and Duplex Parameters Speed 10 100 1000 auto 10Nonegotiate Duplex auto full halfFlowcontrol receive on off desired Configuring Ieee 802.3x Flow Control11-24 Configuring Auto-MDIX on an Interface Local Side Auto-MDIXWith Correct Cabling 11-25Interface-id phy Configuring a Power Management Mode on a PoE Port11-26 Budgeting Power for Devices Connected to a PoE Port Power inline auto max max-wattageShow power inline i nterface-id Neve r static max max-wattageWattage 11-28Configuring Power Policing 11-29Adding a Description for an Interface 11-30Configuring Layer 3 Interfaces Configuring Ethernet Management PortsSwitch# show interfaces gigabitethernet1/0/2 description 11-31No switchport Interface gigabitethernet interface-id vlan vlan-idNo shutdown 11-32Configuring the System MTU 11-33Use the system mtu jumbo Use the system mtu routing System mtu jumbo bytesSystem mtu routing bytes 11-34Configuring the Cisco Redundant Power System System mtu bytesReload Show system mtuPower rps switch-number name string serialnumber Power rps switch-number port rps-port-id mode activeStandby 11-36Configuring the Power Supplies Power supply switch-numberoff onShow env power Show env rpsMonitoring Interface Status Monitoring and Maintaining the Interfaces11-38 Clearing and Resetting Interfaces and Counters 11-39Shutting Down and Restarting the Interface Interface vlan vlan-id gigabitethernet interface-idShutdown 11-40Understanding Smartports Macros Configuring Smartports Macros12-1 Configuring Smartports Macros Default Smartports Macro ConfigurationMacro Name Description 12-2Smartports Macro Configuration Guidelines 12-3Creating Smartports Macros Macro name macro-nameName Sample-Macro and macro name sample-macro will result Show parser macro name macro-nameApplying Smartports Macros 12-5Applying Cisco-Default Smartports Macros Show parser macroShow parser macro macro-name 12-6Switchconfig-if#macro apply cisco-desktop $AVID Switch# show parser macro cisco-desktop12-7 Displaying Smartports Macros Show parser macro briefShow parser macro description interface 12-8Understanding VLANs Configuring VLANs13-1 13-2 Vlan Port Membership Modes Supported VLANs13-3 Configuring Normal-Range VLANs 13-4Vlan ID 13-5Token Ring VLANs Normal-Range Vlan Configuration Guidelines13-6 Vlan Configuration Mode Options Saving Vlan ConfigurationVlan Configuration in config-vlan Mode Vlan Configuration in Vlan Database Configuration ModeDefault Ethernet Vlan Configuration Parameter Default RangeVLANxxxx, where 13-8Copy running-config startup config Creating or Modifying an Ethernet VlanRemote-span 13-9Vlan database Deleting a Vlan13-10 Assigning Static-Access Ports to a Vlan Switchport access vlan vlan-idNo vlan vlan-id Show vlan briefConfiguring Extended-Range VLANs Default Vlan ConfigurationShow interfaces interface-id switchport Vlan fields of the displayExtended-Range Vlan Configuration Guidelines 13-13Vtp mode transparent Creating an Extended-Range VlanShow vlan id vlan-id 13-14Switchconfig# vtp mode transparent Switch# copy running-config startup configCreating an Extended-Range Vlan with an Internal Vlan ID Show vlan internal usageConfiguring Vlan Trunks Command Command Mode PurposeDisplaying VLANs Trunking OverviewSwitches in an ISL Trunking Environment 13-17Mode Function Encapsulation TypesEncapsulation Function 13-18Default Layer 2 Ethernet Interface Vlan Configuration Configuring an Ethernet Interface as a Trunk PortIeee 802.1Q Configuration Considerations 13-19Interaction with Other Features Configuring a Trunk PortDot1q negotiate 13-20Defining the Allowed VLANs on a Trunk 13-21Switchport trunk allowed vlan add Changing the Pruning-Eligible ListAll except remove vlan-list 13-22Configuring the Native Vlan for Untagged Traffic Switchport trunk pruning vlan addExcept none remove vlan-list Vlan ,vlanConfiguring Trunk Ports for Load Sharing Load Sharing Using STP Port PrioritiesSwitchport trunk native vlan vlan-id 13-2413-25 Load Sharing Using STP Path Cost Or switch stackConnect to the trunk ports configured on Switch a Exit Return to global configuration modeSwitchport trunk encapsulation Interface gigabitethernet1/0/1Isl dot1q negotiate Spanning-tree vlan 2-4 costUnderstanding Vmps Configuring Vmps13-28 Default Vmps Client Configuration Vmps Configuration GuidelinesDynamic-Access Port Vlan Membership 13-29Entering the IP Address of the Vmps Configuring the Vmps Client13-30 Configuring Dynamic-Access Ports on Vmps Clients Switchport access vlan dynamicReconfirming Vlan Memberships Vmps reconfirmChanging the Reconfirmation Interval Changing the Retry CountVmps reconfirm minutes 13-32Troubleshooting Dynamic-Access Port Vlan Membership Vmps Configuration ExampleSwitch# show vmps Monitoring the VmpsDynamic Port Vlan Membership Configuration 13-34Understanding VTP Configuring VTP14-1 VTP Domain 14-2VTP Mode Description VTP ModesVTP Advertisements 14-3VTP Pruning VTP Version14-4 14-5 VlanVTP and Switch Stacks Configuring VTP14-6 Default VTP Configuration VTP Configuration OptionsVTP Configuration in Global Configuration Mode 14-7VTP Configuration Guidelines VTP Configuration in Vlan Database Configuration ModePasswords Domain NamesConfiguring a VTP Server Configuration RequirementsVTP Version 14-9Vtp password password Vtp password passwordShow vtp status Vtp serverConfiguring a VTP Client Vtp mode clientSwitch# vlan database 14-11Disabling VTP VTP Transparent Mode 14-12Vtp version Enabling VTP Version14-13 Adding a VTP Client Switch to a VTP Domain Enabling VTP PruningVtp pruning 14-1414-15 Monitoring VTP 14-16Understanding Voice Vlan Configuring Voice Vlan15-1 Cisco IP Phone Data Traffic Cisco IP Phone Voice Traffic15-2 Configuring Voice Vlan Default Voice Vlan ConfigurationVoice Vlan Configuration Guidelines 15-3Configuring a Port Connected to a Cisco 7960 IP Phone 15-4Configuring Cisco IP Phone Voice Traffic 15-5Configuring the Priority of Incoming Data Frames 15-6Displaying Voice Vlan 15-715-8 Understanding Private VLANs Configuring Private VLANs16-1 16-2 Private-VLAN DomainIP Addressing Scheme with Private VLANs 16-3Private-VLAN Interaction with Other Features Private VLANs across Multiple Switches16-4 Private VLANs and SVIs Private VLANs and Unicast, Broadcast, and Multicast Traffic16-5 Configuring Private VLANs Tasks for Configuring Private VLANsPrivate VLANs and Switch Stacks 16-6Default Private-VLAN Configuration Private-VLAN Configuration GuidelinesSecondary and Primary Vlan Configuration 16-7Private-VLAN Port Configuration 16-8Limitations with Other Features 16-9Configuring and Associating VLANs in a Private Vlan 16-10Show interfaces status Show vlan private-vlan type16-11 Configuring a Layer 2 Interface as a Private-VLAN Host Port Switchport private-vlan host-associationSwitch# show interfaces gigabitethernet1/0/22 switchport Primaryvlanid secondaryvlanidSwitchport mode private-vlan promiscuous Switchport private-vlan mapping primaryvlanidAdd remove secondaryvlanlist 16-13Switch# show interfaces private-vlan mapping Interface vlan primaryvlanidPrivate-vlan mapping add remove Show interface private-vlan mappingMonitoring Private VLANs 16-1516-16 Understanding Ieee 802.1Q Tunneling Configuring Ieee 802.1Q and Layer 2 Protocol Tunneling17-1 Ieee 802.1Q Tunnel Ports in a Service-Provider Network 17-217-3 Configuring Ieee 802.1Q Tunneling Default Ieee 802.1Q Tunneling ConfigurationIeee 802.1Q Tunneling Configuration Guidelines Native VLANsSystem MTU 17-5Ieee 802.1Q Tunneling and Other Features 17-6Configuring an Ieee 802.1Q Tunneling Port Vlan dot1q tag nativeShow dot1q-tunnel Show vlan dot1q tag nativeUnderstanding Layer 2 Protocol Tunneling 17-817-9 Layer 2 Protocol TunnelingConfiguring Layer 2 Protocol Tunneling 17-10Default Layer 2 Protocol Tunneling Configuration 17-11Layer 2 Protocol Tunneling Configuration Guidelines 17-12Configuring Layer 2 Protocol Tunneling 17-13Configuring Layer 2 Tunneling for EtherChannels Configuring the SP Edge SwitchL2protocol-tunnel point-to-point Pagp lacp udld17-15 Configuring the Customer Switch 17-16Switchconfig# interface port-channel Switchconfig-if#channel-group 1 mode desirable17-17 Monitoring and Maintaining Tunneling Status 17-18Understanding Spanning-Tree Features Configuring STP18-1 STP Overview 18-2Spanning-Tree Topology and BPDUs 18-3Bridge ID, Switch Priority, and Extended System ID 18-4Switch Priority Value Spanning-Tree Interface StatesBit 32768 16384 8192 4096 2048 1024 512 256 1282illustrates how an interface moves through the states 18-6Blocking State Listening StateLearning State Forwarding StateDisabled State How a Switch or Port Becomes the Root Switch or Root Port18-8 Spanning Tree and Redundant Connectivity Spanning-Tree Address ManagementAccelerated Aging to Retain Connectivity 18-9Supported Spanning-Tree Instances Spanning-Tree Modes and Protocols18-10 Spanning-Tree Interoperability and Backward Compatibility STP and Ieee 802.1Q TrunksVLAN-Bridge Spanning Tree Rapid PVST+Spanning Tree and Switch Stacks Configuring Spanning-Tree Features18-12 Spanning-Tree Configuration Guidelines Default Spanning-Tree Configuration18-13 18-14 Changing the Spanning-Tree Mode 18-15Configuring the Root Switch Disabling Spanning TreeShow spanning-tree vlan vlan-id Verify your entries 18-16Spanning-tree vlan vlan-id root primary Diameter net-diameter hello-time secondsShow spanning-tree detail 18-17Configuring a Secondary Root Switch Configuring Port PrioritySpanning-tree vlan vlan-id root secondary Diameter net-diameter hello-timeSpanning-tree port-priority priority Spanning-tree vlan vlan-id port-priority priorityShow spanning-tree interface interface-id Show spanning-tree vlan vlan-idConfiguring Path Cost Port-channel-numberSpanning-tree cost cost Spanning-tree vlan vlan-id cost costSpanning-tree vlan vlan-id priority priority Configuring the Switch Priority of a Vlan18-21 Configuring Spanning-Tree Timers Configuring the Hello TimeSpanning-tree vlan vlan-id hello-time seconds 18-22Configuring the Forwarding-Delay Time for a Vlan Configuring the Maximum-Aging Time for a VlanSpanning-tree vlan vlan-id forward-time Spanning-tree vlan vlan-idmax-age secondsConfiguring the Transmit Hold-Count Displaying the Spanning-Tree StatusShow spanning-tree detail Verify your entries 18-24Configuring Mstp 19-1Multiple Spanning-Tree Regions Understanding Mstp19-2 Operations Within an MST Region IST, CIST, and CST19-3 Operations Between MST Regions 19-4Hop Count Ieee 802.1s TerminologyCisco Prestandard Cisco Standard 19-5Ieee 802.1s Implementation Boundary Ports19-6 Port Role Naming Change Interoperation Between Legacy and Standard Switches19-7 Detecting Unidirectional Link Failure Mstp and Switch Stacks19-8 Understanding Rstp Interoperability with Ieee 802.1D STPPort Roles and the Active Topology 19-9Rapid Convergence 19-10Synchronization of Port Roles 19-11Bit Function Bridge Protocol Data Unit Format and Processing19-12 Topology Changes Processing Superior Bpdu InformationProcessing Inferior Bpdu Information 19-13Configuring Mstp Features 19-14Mstp Configuration Guidelines Default Mstp Configuration19-15 Specifying the MST Region Configuration and Enabling Mstp Spanning-tree mst configurationInstance instance-id vlan vlan-range Name nameSpanning-tree mode mst Revision versionShow pending ExitSpanning-tree mst instance-id root primary 19-1819-19 Show spanning-tree mst interface interface-id Spanning-tree mst instance-id port-priority priority19-20 Spanning-tree mst instance-id cost cost 19-21Configuring the Switch Priority Configuring the Hello TimeSpanning-tree mst instance-id priority priority 19-22Configuring the Forwarding-Delay Time Show spanning-tree mst Verify your entriesSpanning-tree mst forward-time seconds Show spanning-tree mstConfiguring the Maximum-Aging Time Configuring the Maximum-Hop CountSpecifying the Link Type to Ensure Rapid Transitions Spanning-tree mst max-age secondsDesignating the Neighbor Type 19-25Restarting the Protocol Migration Process Displaying the MST Configuration and Status19-26 Understanding Optional Spanning-Tree Features Configuring Optional Spanning-Tree Features20-1 Understanding Bpdu Guard Understanding Port Fast20-2 Understanding UplinkFast Understanding Bpdu Filtering20-3 Switches in a Hierarchical Network 20-4Understanding Cross-Stack UplinkFast 20-5How Csuf Works 20-6Events that Cause Fast Convergence Understanding BackboneFast20-7 20-8 BackboneFast Example Before Indirect Link FailureAdding a Switch in a Shared-Medium Topology 20-9Understanding Root Guard Understanding EtherChannel Guard20-10 Understanding Loop Guard 20-11Default Optional Spanning-Tree Configuration Optional Spanning-Tree Configuration GuidelinesEnabling Port Fast 20-12Spanning-tree portfast trunk interface configuration Enabling Bpdu GuardSpanning-tree portfast trunk PortfastEnabling Bpdu Filtering Spanning-tree portfast Enable the Port Fast feature20-14 Enabling UplinkFast for Use with Redundant Links 20-15Spanning-tree uplinkfast max-update-rate Uplinkfast commandEnabling Cross-Stack UplinkFast Enabling BackboneFastSpanning-tree backbonefast Enable BackboneFast Enabling EtherChannel GuardShow spanning-tree summary Verify your entries 20-17Enabling Loop Guard Enabling Root Guard20-18 20-19 20-20 Flex Links 21-1Vlan Flex Link Load Balancing and Support Switchport backup interface preemption delay commands21-2 MAC Address-Table Move Update 21-3MAC Address-Table Move Update Example 21-4Default Configuration Configuration Guidelines21-5 Configuring Flex Links Switchport backup interface interface-idShow interface interface-id switchport backup Switch# show interface switchport backupSwitchport backup interface interface-id preemption Mode forced bandwidth offDelay delay-time 21-7Configuring Vlan Load Balancing on Flex Links Switchport backup interface interface-id prefer vlanShow interfaces interface-id switchport backup Switch#show interfaces switchport backupConfiguring the MAC Address-Table Move Update Feature Switchport backup interface interface-idmmuPrimary vlan vlan-id 21-9End Return to global configuration mode Switchconf# mac address-table move update transmitSwitch# show mac-address-table move update 21-10Monitoring Flex Links and the MAC Address-Table Move Update 21-1121-12 Understanding Dhcp Features Configuring Dhcp Features and IP Source Guard22-1 Dhcp Server Dhcp Relay AgentDhcp Snooping 22-2Option-82 Data Insertion 22-322-4 Dhcp Relay Agent in a Metropolitan Ethernet NetworkRemote ID Suboption Frame Format 22-5Cisco IOS Dhcp Server Database Dhcp Snooping Binding DatabaseRelease 22-622-7 Configuring Dhcp Features Dhcp Snooping and Switch StacksDefault Dhcp Configuration 22-8Dhcp Snooping Configuration Guidelines 22-9Dhcp Server and Switch Stacks Configuring the Dhcp Server22-10 Configuring the Dhcp Relay Agent Specifying the Packet Forwarding AddressIp helper-address address 22-11Switchport mode access Switchport access vlan vlan-idEnabling Dhcp Snooping and Option Interface range port-range22-13 Enabling Dhcp Snooping on Private VLANs Enabling the Cisco IOS Dhcp Server DatabaseEnabling the Dhcp Snooping Binding Database Agent Ip dhcp snooping databaseDisplaying Dhcp Snooping Information 22-15Source IP Address Filtering Understanding IP Source Guard22-16 Configuring IP Source Guard Default IP Source Guard ConfigurationIP Source Guard Configuration Guidelines Source IP and MAC Address FilteringEnabling IP Source Guard 22-18Displaying IP Source Guard Information 22-1922-20 Understanding Dynamic ARP Inspection Configuring Dynamic ARP Inspection23-1 23-2 ARP Cache PoisoningInterface Trust States and Network Security 23-3Relative Priority of ARP ACLs and Dhcp Snooping Entries Rate Limiting of ARP Packets23-4 Configuring Dynamic ARP Inspection Default Dynamic ARP Inspection ConfigurationLogging of Dropped Packets 23-5Dynamic ARP Inspection Configuration Guidelines 23-6Configuring Dynamic ARP Inspection in Dhcp Environments Show cdp neighborsIp arp inspection vlan vlan-range 23-7Configuring ARP ACLs for Non-DHCP Environments 23-823-9 Show arp access-list acl-name Limiting the Rate of Incoming ARP PacketsNo ip arp inspection trust Specified with the ip arp inspection vlan loggingPerforming Validation Checks 23-11Configuring the Log Buffer Ip arp inspection validateSrc-mac dst-mac ip Show ip arp inspection vlanNumber logs number interval Ip arp inspection log-buffer entries23-13 Displaying Dynamic ARP Inspection Information 23-14Clear ip arp inspection statistics Show ip arp inspection statistics vlanClear ip arp inspection log Show ip arp inspection log23-16 Configuring Igmp Snooping and MVR 24-1Understanding Igmp Snooping 24-2Joining a Multicast Group Igmp Versions24-3 224.1.2.3 24-4Leaving a Multicast Group 24-5Igmp Configurable-Leave Timer Immediate LeaveIgmp Report Suppression 24-6Configuring Igmp Snooping Igmp Snooping and Switch StacksDefault Igmp Snooping Configuration PIM-DVMRPIp igmp snooping vlan vlan-id Enabling or Disabling Igmp Snooping24-8 Setting the Snooping Method Ip igmp snooping vlan vlan-id mrouterLearn cgmp pim-dvmrp Show ip igmp snoopingShow ip igmp snooping mrouter vlan vlan-id Configuring a Multicast Router Port24-10 Configuring a Host Statically to Join a Group Enabling Igmp Immediate LeaveIp igmp snooping vlan vlan-id static ipaddress Show ip igmp snooping groupsConfiguring the Igmp Leave Timer 24-12Configuring TCN-Related Commands Recovering from Flood ModeControlling the Multicast Flooding Time After a TCN Event CountNo ip igmp snooping tcn flood Disabling Multicast Flooding During a TCN Event24-14 Configuring the Igmp Snooping Querier 24-15No ip igmp snooping report-suppression Disabling Igmp Report Suppression24-16 Displaying Igmp Snooping Information 24-17Understanding Multicast Vlan Registration 24-18Using MVR in a Multicast Television Application 24-19Configuring MVR Default MVR ConfigurationMVR 24-20MVR Configuration Guidelines and Limitations Configuring MVR Global ParametersMvr Enable MVR on the switch 24-21Configuring MVR Interfaces 24-22Mvr type source receiver Mvr immediateShow mvr Show mvr interface Show mvr membersDisplaying MVR Information Configuring Igmp Filtering and Throttling24-24 Configuring Igmp Profiles Default Igmp Filtering and Throttling Configuration24-25 Ip igmp profile profile number Permit denyRange ip multicast address Show ip igmp profile profile numberSetting the Maximum Number of Igmp Groups Switch# show ip igmp profileApplying Igmp Profiles Ip igmp filter profile numberConfiguring the Igmp Throttling Action Show running-config interface Verify the configurationEtherChannel group or a EtherChannel interface Interface-idDisplaying Igmp Filtering and Throttling Configuration Ip igmp max-groups action denyReplace Show ip igmp profile profile24-30 Understanding MLD Snooping Configuring IPv6 MLD Snooping25-1 25-2 MLD Messages MLD QueriesMulticast Client Aging Robustness 25-3Multicast Router Discovery MLD ReportsMLD Done Messages and Immediate-Leave 25-4Configuring IPv6 MLD Snooping MLD Snooping in Switch StacksTopology Change Notification Processing 25-5MLD Snooping Configuration Guidelines Default MLD Snooping Configuration25-6 Enabling or Disabling MLD Snooping Ipv6 mld snoopingIpv6 mld snooping vlan vlan-id 25-7Configuring a Static Multicast Group Ipv6 mld snooping vlan vlan-id staticShow ipv6 mld snooping multicast-address user Show ipv6 mld snooping multicast-address vlanEnabling MLD Immediate Leave Ipv6 mld snooping vlan vlan-id mrouterShow ipv6 mld snooping mrouter vlan vlan-id 25-9Configuring MLD Snooping Queries 25-10Disabling MLD Listener Message Suppression Displaying MLD Snooping Information25-11 Show ipv6 mld snooping querier vlan vlan-id Vlan-id count dynamic userVlan-id ipv6-multicast-address 25-12Configuring Port-Based Traffic Control Configuring Storm ControlUnderstanding Storm Control 26-126-2 Broadcast Storm Control ExampleConfiguring Storm Control and Threshold Levels Default Storm Control Configuration26-3 Storm-control broadcast multicast Unicast level level level-low bps bpsBps-low pps pps pps-low Storm-control action shutdown trapConfiguring Protected Ports Default Protected Port ConfigurationShow storm-control interface-id broadcast Multicast unicastConfiguring Port Blocking Protected Port Configuration GuidelinesConfiguring a Protected Port 26-6Configuring Port Security Default Port Blocking ConfigurationBlocking Flooded Traffic on an Interface 26-7Secure MAC Addresses Understanding Port Security26-8 Security Violations 26-9Default Port Security Configuration Port Security Configuration GuidelinesForwarded1 Trap Message Message2 Increments 26-1026-11 Enabling and Configuring Port Security 26-12Switchport port-security violation Protect restrict shutdownShutdown vlan 26-1326-14 Switchconfig-if#switchport port-security Switchconfig-if#switchport port-security maximumSwitchconfig-if#switchport port-security mac-address sticky Switchconfig-if#switchport port-security violation restrictEnabling and Configuring Port Security Aging 26-16Port Security and Switch Stacks Switchconfig# interface GigabitEthernet 1/0/8Port Security and Private VLANs 26-17Displaying Port-Based Traffic Control Settings Show port-security interface interface-idaddressShow port-security interface interface-idvlan 26-18Understanding CDP Configuring CDP27-1 Configuring CDP CDP and Switch StacksDefault CDP Configuration Configuring the CDP CharacteristicsDisabling and Enabling CDP Cdp holdtime secondsCdp advertise-v2 Show cdpNo cdp enable Disable CDP on the interface Cdp enable Enable CDP on the interface after disabling itDisabling and Enabling CDP on an Interface 27-4Monitoring and Maintaining CDP 27-527-6 Configuring Lldp and LLDP-MED Understanding Lldp and LLDP-MEDUnderstanding Lldp 28-1Understanding LLDP-MED 28-2Configuring Lldp and LLDP-MED Default Lldp ConfigurationConfiguring Lldp Characteristics 28-3Disabling and Enabling Lldp Globally 28-4Disabling and Enabling Lldp on an Interface 28-5Configuring LLDP-MED TLVs TLV, and enter interface configuration modeNo lldp med-tlv-select tlv Specify the TLV to disable Lldp med-tlv-select tlv Specify the TLV to enableMonitoring and Maintaining Lldp and LLDP-MED 28-728-8 Configuring Udld Understanding UdldModes of Operation 29-1Methods to Detect Unidirectional Links 29-2Configuring Udld 29-3Default Udld Configuration 29-4Udld aggressive enable message time Message-timer-intervalEnabling Udld Globally Show udldResetting an Interface Disabled by Udld Udld reset Show udldEnabling Udld on an Interface Udld port aggressiveDisplaying Udld Status 29-729-8 Understanding Span and Rspan Configuring Span and Rspan30-1 Local Span 30-2Remote Span 30-3Span Sessions Span and Rspan Concepts and Terminology30-4 Monitored Traffic 30-5Source Ports 30-6Vlan Filtering Source VLANs30-7 Destination Port 30-8Rspan Vlan Span and Rspan Interaction with Other Features30-9 Span and Rspan and Switch Stacks Configuring Span and Rspan30-10 Default Span and Rspan Configuration Configuring Local SpanSpan Configuration Guidelines 30-11Creating a Local Span Session 30-12Monitor session sessionnumber Destination interface interface-idEncapsulation replicate Show monitor session sessionnumber30-14 Monitor session sessionnumber filter vlan Specifying VLANs to Filter30-15 Configuring Rspan Rspan Configuration GuidelinesBe a Vlan 30-16Configuring a Vlan as an Rspan Vlan 30-17Creating an Rspan Source Session Interfaces port-channelport-channel-number. ValidDestination remote vlan vlan-id 30-18Remote vlan vlan-id Creating an Rspan Destination Session30-19 30-20 Untagged vlan vlan-id or vlan vlan-id- Forward incoming Ingress dot1q vlan vlan-id isl untagged30-21 Show monitor session sessionnumber 30-22Displaying Span and Rspan Status 30-2330-24 Understanding Rmon Configuring Rmon31-1 Configuring Rmon 31-2Configuring Rmon Alarms and Events Default Rmon Configuration31-3 Add an event in the Rmon event table that is Rmon event number description string log owner string31-4 Collecting Group History Statistics on an Interface Collecting Group Ethernet Statistics on an InterfaceRmon collection history index Show rmon historyDisplaying Rmon Status Rmon collection stats index owner ownernameShow rmon statistics 31-6Understanding System Message Logging Configuring System Message Logging32-1 System Log Message Format Configuring System Message Logging32-2 Text string that uniquely describes the message Hhmmss short uptime32-3 Default System Message Logging Configuration No logging console Disable message loggingShow running-config Verify your entries Show logging Disabling Message LoggingSetting the Message Display Destination Device Logging buffered sizeLogging host 32-5Synchronizing Log Messages Logging file flash filenameTerminal monitor Session to see the debugging messagesLine console vty line-number Line vtyLogging synchronous level severity-level All limit number-of-buffersEnabling and Disabling Sequence Numbers in Log Messages Enabling and Disabling Time Stamps on Log Messages32-8 Defining the Message Severity Level Logging console levelLogging monitor level Logging trap levelLevel Description Syslog Definition 32-10Enabling the Configuration-Change Logger Logging history levelLogging history size number 32-11Logging Messages to a Unix Syslog Daemon Configuring Unix Syslog Servers32-12 Configuring the Unix System Logging Facility Logging facility facility-typeFacility-type keywords 32-13Facility Type Keyword Description Displaying the Logging Configuration32-14 Understanding Snmp Configuring Snmp33-1 Snmp Versions 33-2Model Level Authentication Encryption Result Snmp Manager FunctionsDES Operation DescriptionSnmp Agent Functions Using Snmp to Access MIB Variables33-4 Snmp Notifications 33-5Configuring Snmp Snmp ifIndex MIB Object ValuesIfIndex Range SVISnmp Configuration Guidelines Default Snmp Configuration33-7 Configuring Community Strings No snmp-server Disable the Snmp agent operationDisabling the Snmp Agent 33-8View-name ro rw access-list-number Access-list access-list-number denySnmp-server community string view Permit source source-wildcardConfiguring Snmp Groups and Users Snmp-server engineID local engineid-stringSnmp-server engineID local 33-10Write writeview notify notifyview access Snmp-server group groupname v1 v2cAuth noauth priv read readview 33-11Configuring Snmp Notifications Remote host udp-port port v1 accessEncrypted access access-list auth md5 Notification Type Keyword Description33-13 33-14 Setting the Agent Contact and Location Information 33-12 , or enter snmp-server enable traps ?Enable traps command for each trap type Notification-typesSwitchconfig# snmp-server community public Limiting Tftp Servers Used Through SnmpSnmp Examples Snmp-server tftp-server-listDisplaying Snmp Status 33-1733-18 Understanding ACLs Configuring Network Security with ACLs34-1 Supported ACLs 34-2Port ACLs 34-3Router ACLs 34-4Vlan Maps Handling Fragmented and Unfragmented Traffic34-5 ACLs and Switch Stacks 34-6Configuring IPv4 ACLs 34-7Access List Numbers Access List Number Type SupportedCreating Standard and Extended IPv4 ACLs 34-8ACL Logging 34-9Access-list access-list-number deny permit Show access-lists number nameCreating a Numbered Standard ACL Source source-wildcard logCreating a Numbered Extended ACL 34-1134-12 34-13 34-14 Creating Named Standard and Extended ACLs Resequencing ACEs in an ACL34-15 Ip access-list standard name Ip access-list extended nameAny log Tos tos established log time-rangeUsing Time Ranges with ACLs 34-17Absolute start time date Periodic weekdays weekend dailyShow time-range 34-18Switch# show ip access-lists Applying an IPv4 ACL to a Terminal LineIncluding Comments in ACLs 34-19Access-class access-list-number Applying an IPv4 ACL to an InterfaceOut 34-20Ip access-group access-list-number 34-21Hardware and Software Treatment of IP ACLs IPv4 ACL Configuration Examples34-22 Switchconfig# access-list 106 permit ip any 172.20.128.64 Switchconfig# access-list 6 permit 172.20.128.6434-23 Extended ACLs Numbered ACLs34-24 Named ACLs Time Range Applied to an IP ACLCommented IP ACL Entries 34-25Switchconfig-if#ip access-group ext1 Switch# show logging34-26 Creating Named MAC Extended ACLs 34-27Applying a MAC ACL to a Layer 2 Interface 34-28Configuring Vlan Maps Mac access-group nameShow mac access-group interface interface-id ACLVlan Map Configuration Guidelines 34-30Vlan access-map name number Creating a Vlan MapAction drop forward Match ip mac address nameExamples of ACLs and Vlan Maps 34-3234-33 Using Vlan Maps in Your Network Wiring Closet ConfigurationApplying a Vlan Map to a Vlan Vlan filter mapname vlan-list listDenying Access to a Server on Anothera Vlan Switchconfig# vlan access-map map2Switchconfig# ip access-list extended matchall Switchconfig# vlan filter map2 vlanUsing Vlan Maps with Router ACLs 34-36Vlan Maps and Router ACL Configuration Guidelines 34-37ACLs and Switched Packets Examples of Router ACLs and Vlan Maps Applied to VLANsACLs and Bridged Packets 34-38ACLs and Routed Packets 34-39Displaying IPv4 ACL Configuration Show ip access-lists number nameACLs and Multicast Packets 34-40Show running-config interface interface-id Show mac access-group interface interface-idShow ip interface interface-id 34-4134-42 Configuring IPv6 ACLs 35-1Understanding IPv6 ACLs 35-2Supported ACL Features IPv6 ACLs and Switch StacksIPv6 ACL Limitations 35-3Configuring IPv6 ACLs Default IPv6 ACL ConfigurationInteraction with Other Features and Switches 35-4Creating IPv6 ACLs Ipv6 access-list access-list-name35-5 Dscp value fragments log Log-input routing sequenceValue time-range name 35-635-7 Ipv6 traffic-filter access-list-name Applying an IPv6 ACL to an InterfaceIpv6 address ipv6-address 35-8Show access-lists Show ipv6 access-list access-list-nameDisplaying IPv6 ACLs 35-935-10 Configuring QoS 36-1Understanding QoS 36-2Basic QoS Model 36-336-4 Basic QoS ModelClassification 36-536-6 Check if packet came with CoS label tag YesClassification Based on Class Maps and Policy Maps Classification Based on QoS ACLs36-7 Policing and Marking 36-8Policing on Physical Ports 36-9Policing on SVIs 36-10Policing and Marking Flowchart on SVIs 36-11Mapping Tables 36-12Queueing and Scheduling Overview 36-13SRR Shaping and Sharing Weighted Tail Drop36-14 Queueing and Scheduling on Ingress Queues 36-15Queue Type Function 36-16WTD Thresholds 36-17Queueing and Scheduling on Egress Queues 36-1836-19 Buffer and Memory Allocation 36-20Packet Modification 36-21Configuring Auto-QoS 36-22Generated Auto-QoS Configuration 36-23Description Automatically Generated Command 36-2436-25 Switch automatically configures the egress queue buffer Sizes. It configures the bandwidth and the SRR mode shapedIf you entered the auto qos voip trust command, the switch Or shared on the egress queues mapped to the portAuto-QoS Configuration Guidelines Effects of Auto-QoS on the Configuration36-27 Enabling Auto-QoS for VoIP Auto qos voip cisco-phoneCisco-softphone trust Show auto qos interface interface-id36-29 Auto-QoS Configuration Example 36-30Cdp enable Debug auto qosAuto qos voip trust Show auto qosDisplaying Auto-QoS Information Configuring Standard QoS36-32 Default Ingress Queue Configuration Default Standard QoS Configuration36-33 Dscp Value Queue ID -Threshold ID Default Egress Queue Configuration36-34 Standard QoS Configuration Guidelines Default Mapping Table ConfigurationQoS ACL Guidelines Applying QoS on InterfacesGeneral QoS Guidelines Policing Guidelines36-36 Enabling VLAN-Based QoS on Physical Ports Enabling QoS Globally36-37 Configuring the Trust State on Ports within the QoS Domain Configuring Classification Using Port Trust States36-38 36-39 15 Port Trusted States within the QoS DomainConfiguring the CoS Value for an Interface Mls qos trust cos dscp ip-precedenceShow mls qos interface 36-40Mls qos cos default-cos override Configuring a Trusted Boundary to Ensure Port Security36-41 Enabling Dscp Transparency Mode Mls qos trust dscpMls qos trust device cisco-phone 36-42No mls qos rewrite ip dscp 36-43Mls qos map dscp-mutation Mls qos dscp-mutationShow mls qos maps dscp-mutation 36-44Switchconfig-if#mls qos dscp-mutation gi1/0/2-mutation Configuring a QoS Policy36-45 Classifying Traffic by Using ACLs 36-46Switchconfig# access-list 100 permit ip any any dscp Switchconfig# access-list 102 permit pim any 224.0.0.2 dscpPermit protocol source source-wildcard Source-wildcardMac access-list extended name 36-48Classifying Traffic by Using Class Maps Class-map match-all match-anyIs match-all Match-any keywordsMatch access-group acl-index-or-name Ip dscp dscp-list ip precedenceIp-precedence-list Show class-map36-51 Class class-map-name Policy-map policy-map-name36-52 36-53 Show policy-map policy-map-nameclass Service-policy input policy-map-name36-54 Switchconfig# policy-map macpolicy1 Switchconfig-pmap#class macclass2 maclist2Switchconfig-if#service-policy input macpolicy1 36-55Traffic by Using Class Maps section on 36-5636-57 Police rate-bps burst-byte exceed-action Drop policed-dscp-transmitExceed-action policed-dscp-transmit keywords to mark down 36-58Service-policy policy-map-name 36-59Show policy-map policy-map-nameclass Service-policy input policy-map-nameShow mls qos vlan-based Mls qos aggregate-policer Aggregate-policer-name rate-bps burst-byteExceed-action drop Policed-dscp-transmitShow mls qos aggregate-policer Only one policy map per ingress port is supportedAggregate-policer-name Configuring Dscp Maps Configuring the CoS-to-DSCP MapSwitchconfig-pmap-c#police aggregate transmit1 CoS Value Dscp ValueConfiguring the IP-Precedence-to-DSCP Map Mls qos map cos-dscp dscp1...dscp8IP Precedence Value Dscp Value 36-64Configuring the Policed-DSCP Map 36-65Configuring the DSCP-to-CoS Map Dscp Value CoS Value36-66 ShowConfiguring the DSCP-to-DSCP-Mutation Map Mls qos map dscp-cos dscp-list to cosShow mls qos maps dscp-to-cos 36-67Switch# show mls qos maps dscp-mutation mutation1 Switchconfig-if#mls qos dscp-mutation mutation136-68 Configuring Ingress Queue Characteristics 36-69Mls qos srr-queue input dscp-map Mls qos srr-queue input cos-mapMls qos srr-queue input threshold Show mls qos mapsAllocating Buffer Space Between the Ingress Queues Allocating Bandwidth Between the Ingress QueuesMls qos srr-queue input buffers Show mls qos interface bufferConfiguring the Ingress Priority Queue Weight1 weight2Mls qos srr-queue input bandwidth Show mls qos interface queueingConfiguring Egress Queue Characteristics WeightMls qos srr-queue input Priority-queue queue-id bandwidth36-74 Queue-set qset-id Mls qos queue-set output qset-id36-75 36-76 Mls qos srr-queue output cos-map Mls qos srr-queue output dscp-map36-77 Configuring SRR Shaped Weights on Egress Queues Srr-queue bandwidth shape weight1Weight2 weight3 weight4 QueueingConfiguring SRR Shared Weights on Egress Queues Configuring the Egress Expedite QueueSrr-queue bandwidth share weight1 36-79Mls qos Enable QoS on a switch Srr-queue bandwidth limit weight1Limiting the Bandwidth on an Egress Interface 36-80Displaying Standard QoS Information 36-81Show running-config include rewrite 36-82Understanding EtherChannels Configuring EtherChannels and Link-State Tracking37-1 EtherChannel Overview 37-2Single-Switch EtherChannel 37-3Port-Channel Interfaces 37-4Port Aggregation Protocol 37-5PAgP Interaction with Other Features Mode DescriptionPAgP Modes AutoLacp Interaction with Other Features Link Aggregation Control ProtocolLacp Modes 37-7Load-Balancing and Forwarding Methods EtherChannel On Mode37-8 37-9 EtherChannel and Switch Stacks 37-10Default EtherChannel Configuration Configuring EtherChannels37-11 EtherChannel Configuration Guidelines 37-12Configuring Layer 2 EtherChannels 37-13Active passive Auto non-silent desirable non-silent on37-14 Configuring Layer 3 EtherChannels Switchconfig-if-range#channel-group 5 mode activeCreating Port-Channel Logical Interfaces 37-15Configuring the Physical Interfaces Interface port-channel port-channel-numberShow etherchannel channel-group-number detail No ip addressPartner that is PAgP capable, configure the switch port for For channel-group-number, the range is 1 to 48. This numberMust be the same as the port-channel-number logical port 37-17Configuring EtherChannel Load-Balancing Port-channel load-balance dst-ip dst-macSrc-dst-ip src-dst-mac src-ip src-mac 37-18Show etherchannel load-balance Verify your entries Configuring the PAgP Learn Method and Priority37-19 Configuring Lacp Hot-Standby Ports Pagp learn-method physical-portPagp port-priority priority Show pagp channel-group-number internalShow running-config Verify your entries Show lacp sys-id Configuring the Lacp System Priority37-21 Configuring the Lacp Port Priority Lacp port-priority priorityShow lacp channel-group-number InternalUnderstanding Link-State Tracking Displaying EtherChannel, PAgP, and Lacp Status37-23 37-24 Configuring Link-State Tracking 37-25Default Link-State Tracking Configuration Link-State Tracking Configuration GuidelinesConfiguring Link-State Tracking 37-26Switch show link state group Switch show link state group detailDisplaying Link-State Tracking Status 37-2737-28 Configuring IP Unicast Routing 38-1Types of Routing Understanding IP Routing38-2 IP Routing and Switch Stacks 38-338-4 Configuring IP Addressing Steps for Configuring Routing38-5 Default Addressing Configuration ARPIrdp 38-6Show running-config Verify your entry Assigning IP Addresses to Network InterfacesUse of Subnet Zero 38-7Classless Routing 38-8No ip classless Disable classless routing behavior Configuring Address Resolution Methods38-9 Arp ip-address hardware-address type Define a Static ARP Cache38-10 Set ARP Encapsulation 38-11Routing Assistance When IP Routing is Disabled Enable Proxy ARPDefault Gateway Proxy ARPIcmp Router Discovery Protocol Irdp 38-13Configuring Broadcast Packet Handling 38-14Ip forward-protocol udp port nd sdns Ip directed-broadcast access-list-number38-15 Forwarding UDP Broadcast Packets and Protocols 38-16Establishing an IP Broadcast Address Flooding IP BroadcastsIp broadcast-address ip-address 38-17Monitoring and Maintaining IP Addressing Clear arp-cacheClear host name Clear ip route network maskEnabling IP Unicast Routing 38-19Configuring RIP 38-20Default RIP Configuration Configuring Basic RIP ParametersRouter rip Network network number38-22 Configuring RIP Authentication Configuring Summary Addresses and Split HorizonIp rip authentication key-chain name-of-chain Ip rip authentication mode text md5Configuring Split Horizon Switchconfig-router#neighbor 2.2.2.2 peer-group mygroupIp summary-address rip ip address ip-network mask No ip split horizonNo ip split-horizon Configuring Ospf38-25 Default Ospf Configuration 38-26Ospf Nonstop Forwarding 38-27Ospf NSF Awareness 38-28Configuring Ospf Interfaces Configuring Basic Ospf Parameters38-29 38-30 Configuring Ospf Area Parameters 38-31Configuring Other Ospf Parameters 38-3238-33 Configuring a Loopback Interface Changing LSA Group PacingIp address address mask 38-34Monitoring Ospf Configuring Eigrp38-35 38-36 Default Eigrp Configuration 38-37Eigrp Nonstop Forwarding 38-38Configuring Basic Eigrp Parameters Router eigrp autonomous-systemNetwork network-number Eigrp log-neighbor-changesConfiguring Eigrp Interfaces No auto-summaryIp summary-address eigrp 38-40Configuring Eigrp Route Authentication Ip hello-interval eigrp autonomous-system-numberNo ip split-horizon eigrp autonomous-system-number Show ip eigrp interfaceEigrp Stub Routing 38-42Monitoring and Maintaining Eigrp Configuring BGP38-43 38-44 EBGP, IBGP, and Multiple Autonomous SystemsDefault BGP Configuration 38-4538-46 Nonstop Forwarding Awareness 38-47Enabling BGP Routing Router bgp autonomous-systemNetwork network-number mask network-mask Route-map route-map-name38-49 Switchconfig-router#neighbor 192.208.10.2 remote-as Switch# show ip bgp neighborsManaging Routing Policy Changes 38-50Type of Reset Advantages Disadvantages Show ip bgp neighborsClear ip bgp * address Show ip bgpConfiguring BGP Decision Attributes 38-5238-53 Configuring BGP Filtering by Neighbor Configuring BGP Filtering with Route Maps38-54 Ip as-path access-list access-list-number Out weight weightRoute-map map-tag in out Show ip bgp neighbors pathsConfiguring Prefix Lists for BGP Filtering 38-56Configuring BGP Community Filtering Ip community-listcommunity-list-numberPermit deny community-number Send-communityConfiguring BGP Neighbors and Peer Groups Set comm-list list-num deleteIp bgp-community new-format Show ip bgp community38-59 Configuring Aggregate Addresses 38-60Configuring BGP Route Reflectors Configuring Routing Domain Confederations38-61 Configuring Route Dampening Route-reflector-clientBgp cluster-id cluster-id No bgp client-to-client reflectionMonitoring and Maintaining BGP 38-63Configuring Multi-VRF CE 38-64Understanding Multi-VRF CE 38-6538-66 Default Multi-VRF CE Configuration Multi-VRF CE Configuration GuidelinesVRF 38-67Configuring VRFs Route-target export import bothImport map route-map Ip vrf forwarding vrf-nameConfiguring a VPN Routing Session Show ip vrf brief detail interfacesLog-adjacency-changes Redistribute bgpMulti-VRF CE Configuration Example Configuring BGP PE to CE Routing Sessions38-70 38-71 VPN2 CE1Configuring Switch a 38-72Switchconfig-router-af#network 8.8.2.0 mask Switchconfig-router-af#network 8.8.1.0 maskSwitchconfig-if#ip address 208.0.0.20 38-73Router# configure terminal 38-74Displaying Multi-VRF CE Status Configuring Unicast Reverse Path Forwarding38-75 Configuring Distributed Cisco Express Forwarding Configuring Protocol-Independent Features38-76 Configuring the Number of Equal-Cost Routing Paths 38-77Configuring Static Unicast Routes Router bgp rip ospf eigrpMaximum-paths maximum Show ip routeSpecifying Default Routes and Networks Route Source Default DistanceIp default-network network number Specify a default network 38-79Using Route Maps to Redistribute Routing Information 38-8038-81 38-82 Configuring Policy-Based Routing 38-83PBR Configuration Guidelines 38-84Enabling PBR 38-85Ip policy route-map map-tag Ip route-cache policyIp local policy route-map map-tag 38-86Filtering Routing Information Setting Passive Interfaces38-87 Controlling Advertising and Processing in Routing Updates Filtering Sources of Routing InformationRouter bgp rip eigrp 38-88Managing Authentication Keys Distance weight ip-address ip-address maskIp access list 38-89Monitoring and Maintaining the IP Network 38-9038-91 38-92 Understanding IPv6 Configuring IPv6 Unicast Routing39-1 IPv6 Addresses 39-2Bit Wide Unicast Addresses Supported IPv6 Unicast Routing Features39-3 DNS for IPv6 Path MTU Discovery for IPv6 UnicastICMPv6 Neighbor DiscoveryIPv6 Applications 39-5Dual IPv4 and IPv6 Protocol Stacks Unsupported IPv6 Unicast Routing Features39-6 Limitations IPv6 and Switch Stacks39-7 39-8 Dual IPv4-and IPv6 SDM Templates SDM Templates39-9 Configuring IPv6 39-10Configuring IPv6 Addressing and Enabling IPv6 Routing Default IPv6 Configuration39-11 39-12 Configuring IPv4 and IPv6 Protocol Stacks Ip routing Enable routing on the switchSwitchconfig-if#ipv6 address 20010DB8c181/64 eui 39-1339-14 Configuring IPv6 Icmp Rate Limiting Configuring CEF and dCEF for IPv6Ipv6 icmp error-interval interval bucketsize Show ipv6 interface interface-idConfiguring Static Routing for IPv6 39-16Administrative distance Ipv6 route ipv6-prefix/prefix lengthIpv6-address interface-id ipv6-address 39-17Configuring RIP for IPv6 Show ipv6 route static updatedShow ipv6 static ipv6-address Interface-id recursive detail39-19 Configuring Ospf for IPv6 39-2039-21 Displaying IPv6 Switch# show ipv6 interface39-22 Switch# show ipv6 cef /0 Switch# show ipv6 protocolsSwitch# show ipv6 rip 39-23Switch# show ipv6 neighbors Switch# show ipv6 staticSwitch# show ipv6 route Switch# show ipv6 traffic39-25 39-26 Understanding Hsrp Configuring Hsrp and Enhanced Object Tracking40-1 40-2 Multiple Hsrp 40-3Hsrp and Switch Stacks Configuring Hsrp40-4 Default Hsrp Configuration Hsrp Configuration GuidelinesEnabling Hsrp 40-5Switch# show standby Standby group-number ip ip-addressSecondary Show standby interface-id groupConfiguring Hsrp Priority 40-7Priority preempt delay delay Standby group-number priorityStandby group-number track 40-8Configuring Mhsrp Configuring Hsrp Authentication and TimersSwitchconfig-if#standby 2 ip 40-9Standby group-number authentication string Standby group-number timers hellotimeSwitchconfig-if#standby 1 authentication word HoldtimeDisplaying Hsrp Configurations Configuring Hsrp Groups and ClusteringEnabling Hsrp Support for Icmp Redirect Messages Show standby interface-idgroup brief detailUnderstanding Enhanced Object Tracking Configuring Enhanced Object Tracking40-12 Configuring Enhanced Object Tracking Features Tracking Interface Line-Protocol or IP Routing StateTrack object-number interface 40-13Configuring a Tracked List Switch# show track 33 TrackTrack track-numberlist boolean Object object-number notWeight Threshold weight up numberTrack track-numberlist threshold 40-15Track track-number list threshold PercentageObject object-number Threshold percentage up numberConfiguring Hsrp Object Tracking 40-17Show standby Configuring Other Tracking Characteristics40-18 Understanding Wccp Configuring Web Cache Services By Using41-1 Wccp Message Exchange 41-2Packet Redirection and Service Groups Wccp NegotiationMD5 Security 41-3Wccp and Switch Stacks 41-4Configuring Wccp Unsupported Wccp FeaturesDefault Wccp Configuration Wccp Configuration GuidelinesEnabling the Web Cache Service 41-641-7 41-8 Switchconfig# interface range gigabitethernet1/0/3 Switchconfig-if-range#switchport access vlanMonitoring and Maintaining Wccp 41-9Enabled / disabled 41-10Configuring IP Multicast Routing 42-142-2 IP Multicast Routing ProtocolsIgmp Version Understanding Igmp42-3 Understanding PIM PIM VersionsPIM Modes 42-4PIM Stub Routing 42-5Auto-RP 42-6Multicast Forwarding and Reverse Path Check Bootstrap Router42-7 Network Port Understanding Dvmrp42-8 Understanding Cgmp Multicast Routing and Switch Stacks42-9 Configuring IP Multicast Routing Default Multicast Routing ConfigurationMulticast Routing Configuration Guidelines 42-10PIMv1 and PIMv2 Interoperability Auto-RP and BSR Configuration Guidelines42-11 Ip multicast-routing distributed Configuring Basic Multicast Routing42-12 Configuring PIM Stub Routing Ip pim version 1Ip pim dense-mode sparse-mode Sparse-dense-modeConfiguring a Rendezvous Point Manually Assigning an RP to Multicast GroupsIp pim passive 42-14Ip pim rp-address ip-address Access-list-number override42-15 Configuring Auto-RP 42-16Scope ttl group-list access-list-number Ip pim send-rp-announce interface-idInterval seconds 42-17Ip pim send-rp-discovery scope ttl Show ip pim rp mappingShow ip pim rp 42-18Ip pim rp-announce-filter rp-list Access-list-number group-list42-19 Ip pim bsr-border Configuring PIMv2 BSR42-20 Ip multicast boundary 42-21Hash-mask-length priority Ip pim bsr-candidate interface-id42-22 Ip pim rp-candidate interface-id Group-list access-list-number42-23 Using Auto-RP and a BSR Show ip pim rp group-nameGroup-address mapping Show ip pim rp-hash groupConfiguring Advanced PIM Features Troubleshooting PIMv1 and PIMv2 Interoperability ProblemsMonitoring the RP Mapping Information Understanding PIM Shared Tree and Source Tree42-26 Shared Tree and Source Tree Shortest-Path TreeIp pim spt-threshold kbps infinity Delaying the Use of PIM Shortest-Path Tree42-27 Configuring Optional Igmp Features Modifying the PIM Router-Query Message IntervalIp pim query-interval seconds Show ip igmp interface interface-idDefault Igmp Configuration Configuring the Switch as a Member of a GroupIp igmp join-group group-address 42-29Controlling Access to IP Multicast Groups Ip igmp access-group access-list-numberShow ip igmp interface interface-id Verify your entries 42-30Changing the Igmp Version Modifying the Igmp Host-Query Message IntervalIp igmp version 1 Query-interval or the ip igmp query-max-response-timeChanging the Igmp Query Timeout for IGMPv2 Ip igmp querier-timeout secondsIp igmp query-interval seconds 42-32Configuring the Switch as a Statically Connected Member Changing the Maximum Query Response Time for IGMPv2Ip igmp query-max-response-time 42-33Configuring Optional Multicast Routing Features Enabling Cgmp Server SupportIp igmp static-group group-address 42-34Ip cgmp proxy Configuring sdr Listener Support42-35 Ip sdr listen Enable sdr listener support Enabling sdr Listener SupportLimiting How Long an sdr Cache Entry Exists 42-36Configuring an IP Multicast Boundary 42-37Configuring Basic Dvmrp Interoperability Features 42-38Configuring Dvmrp Interoperability 42-39Ip dvmrp metric metric list 42-40Configuring a Dvmrp Tunnel 42-41Access-list-number distance Neighbor-list access-list-numberAdvertising Network 0.0.0.0 to Dvmrp Neighbors Ip dvmrp accept-filterConfiguring Advanced Dvmrp Interoperability Features Ip dvmrp default-informationResponding to mrinfo Requests Originate onlyEnabling Dvmrp Unicast Routing 42-44Rejecting a Dvmrp Nonpruning Neighbor 42-45Enter interface configuration mode 42-46By default, 7000 routes are advertised. The range is 0 to Controlling Route ExchangesLimiting the Number of Dvmrp Routes Advertised Changing the Dvmrp Route ThresholdConfiguring a Dvmrp Summary Address Default is 10,000 routes. The range is 1 toRoute-count 42-4842-49 Disabling Dvmrp Autosummarization Ip dvmrp summary-address addressMask metric value No ip dvmrp auto-summaryAdding a Metric Offset to the Dvmrp Route Ip dvmrp metric-offset in outIncrement 42-51Monitoring and Maintaining IP Multicast Routing Clearing Caches, Tables, and DatabasesDisplaying System and Network Statistics 42-52Monitoring IP Multicast Routing 42-5342-54 Understanding Msdp Configuring Msdp43-1 Msdp Operation 43-2Msdp Benefits 43-3Configuring Msdp Default Msdp ConfigurationConfiguring a Default Msdp Peer 43-4Prefix-list list Ip msdp default-peer ip-address name43-5 Caching Source-Active State Ip prefix-list name description stringSeq number permit deny network Ip msdp description peer-nameIp msdp cache-sa-state list 43-7Switchconfig# ip msdp sa-request Requesting Source Information from an Msdp PeerIp msdp sa-request ip-address name 43-8Controlling Source Information that Your Switch Originates Redistributing SourcesIp msdp redistribute list 43-943-10 Name list access-list-number Filtering Source-Active Request MessagesIp msdp filter-sa-request ip-address 43-11Controlling Source Information that Your Switch Forwards Using a FilterIp msdp sa-filter out ip-address name Route-map map-tag43-13 Controlling Source Information that Your Switch Receives Using TTL to Limit the Multicast Data Sent in SA MessagesIp msdp ttl-threshold ip-address name TtlIp msdp sa-filter in ip-address name Switchconfig# ip msdp sa-filter in switch.cisco.com43-15 Configuring an Msdp Mesh Group Shutting Down an Msdp PeerIp msdp mesh-group name ip-address 43-16Including a Bordering PIM Dense-Mode Region in Msdp Ip msdp shutdown peer-name peerIp msdp border sa-address interface-id 43-17Configuring an Originating Address other than the RP Address 43-18Monitoring and Maintaining Msdp Clear ip msdp peer peer-addressnameClear ip msdp statistics peer-addressname Clear ip msdp sa-cache group-addressname43-20 Configuring Fallback Bridging Understanding Fallback BridgingFallback Bridging Overview 44-144-2 Fallback Bridging and Switch Stacks Configuring Fallback Bridging44-3 Default Fallback Bridging Configuration Fallback Bridging Configuration GuidelinesCreating a Bridge Group 44-4Bridge bridge-group protocol Vlan-bridgeBridge-group bridge-group 44-5Switchconfig# bridge 10 protocol vlan-bridge Adjusting Spanning-Tree Parameters44-6 Changing the VLAN-Bridge Spanning-Tree Priority Changing the Interface PriorityBridge bridge-group priority number Bridge-group bridge-grouppriorityAssigning a Path Cost Bridge-group bridge-group path-costCost 44-8Adjusting Bpdu Intervals Switchconfig# bridge 10 hello-timeBridge bridge-group hello-time seconds 44-9Switchconfig# bridge 10 forward-time Switchconfig# bridge 10 max-ageBridge bridge-group forward-time Bridge bridge-group max-age secondsMonitoring and Maintaining Fallback Bridging Disabling the Spanning Tree on an InterfaceClear bridge bridge-group Show bridge bridge-group group44-12 Troubleshooting 45-1Recovering from a Software Failure 45-2Recovering from a Lost or Forgotten Password Switch flashinitSwitch loadhelper Switch copy xmodem flashimagefilename.bin45-4 Procedure with Password Recovery Enabled 45-5Copy the configuration file into memory 45-6Switch dir flash Procedure with Password Recovery Disabled45-7 Preventing Switch Stack Problems 45-8Recovering from a Command Switch Failure 45-9Switchconfig# no cluster commander-address Replacing a Failed Command Switch with a Cluster Member45-10 Replacing a Failed Command Switch with Another Switch 45-1145-12 Recovering from Lost Cluster Member Connectivity Troubleshooting Power over Ethernet Switch PortsPreventing Autonegotiation Mismatches 45-13Disabled Port Caused by Power Loss Disabled Port Caused by False Link UpShow controllers power inline privileged Exec command SFP Module Security and IdentificationMonitoring Temperature Using PingMonitoring SFP Module Status Understanding PingSwitch# ping Executing PingCharacter Description 45-16Using Layer 2 Traceroute Understanding Layer 2 TracerouteUsage Guidelines 45-17Using IP Traceroute Displaying the Physical PathUnderstanding IP Traceroute 45-18Switch# traceroute ip Executing IP TracerouteTraceroute ip host Trace the path that packets take through the networkUnderstanding TDR Using TDR45-20 Using Debug Commands Enabling Debugging on a Specific FeatureRunning TDR and Displaying the Results 45-21Redirecting Debug and Error Message Output Enabling All-System Diagnostics45-22 45-23 Using the show platform forward CommandUdp 10 45-24 Basic crashinfo Files Using the crashinfo Files45-25 Using On-Board Failure Logging Extended crashinfo FilesUnderstanding Obfl 45-26Configuring Obfl 45-27Show logging onboard module Displaying Obfl Information45-28 Understanding Online Diagnostics Configuring Online Diagnostics46-1 Configuring Online Diagnostics Scheduling Online DiagnosticsDiagnostic schedule switch Non-disruptive daily hhmmConfiguring Health-Monitoring Diagnostics Diagnostic monitor interval switchDiagnostic content command output Diagnostic monitor syslogDiagnostic monitor threshold switch Diagnostic monitor switch number testShow diagnostic content post result Schedule status switchRunning Online Diagnostic Tests Starting Online Diagnostic TestsDiagnostic start switch number All basic non-disruptiveDisplaying Online Diagnostic Tests and Test Results 46-6MIB List Supported MIBsCISCO-FTP-CLIENT-MIB CISCO-HSRP-MIB CISCO-IGMP-FILTER-MIB CISCO-RTTMON-MIB CISCO-SMI-MIBETHERLIKE-MIB IEEE8021-PAE-MIB IEEE8023-LAG-MIB IGMP-MIB INET-ADDRESS-MIB IPMROUTE-MIBTCP-MIB UDP-MIB Using FTP to Access the MIB Files Working with the Flash File System Switch# show file systems Displaying Available File SystemsSetting the Default File System Field ValueCd newconfigs Displaying Information about Files on a File SystemChanging Directories and Displaying the Working Directory PwdCreating and Removing Directories Mkdir oldconfigsCopying Files Deleting Files Switch# delete myconfigCreating, Displaying, and Extracting Files Flash Archive /create destination-urlArchive /table source-url Archive /xtract source-url Extract a file into a directory on the flash file systemDirectories are extracted More /ascii /binary /ebcdicWorking with Configuration Files Guidelines for Creating and Using Configuration Files Configuration File Types and LocationCreating a Configuration File By Using a Text Editor Copying Configuration Files By Using TftpDownloading the Configuration File By Using Tftp Uploading the Configuration File By Using TftpCopying Configuration Files By Using FTP Ip ftp password password Downloading a Configuration File By Using FTPIp ftp username username Uploading a Configuration File By Using FTP Ftp // username password @ location /directoryFilename systemrunning-config Filename nvramstartup-configCopying Configuration Files By Using RCP Copy systemrunning-configCopy nvramstartup-config Ftp // username password @ location /directory FilenameHostname Switch1 Ip rcmd remote-username User0 Downloading a Configuration File By Using RCP Systemrunning-configNvramstartup-config Ip rcmd remote-username usernameUploading a Configuration File By Using RCP Clearing Configuration InformationSwitch# copy nvramstartup-config rcp Deleting a Stored Configuration File Clearing the Startup Configuration FileWorking with Software Images Image Location on the Switch File Format of Images on a Server or Cisco.comCopying Image Files By Using Tftp Field DescriptionPreparing to Download or Upload an Image File By Using Tftp Downloading an Image File By Using TftpAllow-feature-upgrade /directory Archive download-swOverwrite /reload Archive download-sw /directoryArchive upload-sw Uploading an Image File By Using TftpTftp //location /directory /image-name .tar Copying Image Files By Using FTP Preparing to Download or Upload an Image File By Using FTPDownloading an Image File By Using FTP Archive download-sw /allow-feature-upgrade Directory /overwrite /reloadFor /directory /image-name1 .tar Directory /image-name2 .tar image-name3 .tarUploading an Image File By Using FTP Copying Image Files By Using RCP Preparing to Download or Upload an Image File By Using RCP Downloading an Image File By Using RCP File By Using RCP section on page B-31Or Upload an Image File By Using RCP section on Uploading an Image File By Using RCP Rcp // username @ location /directory /image-na Copying an Image File from One Stack Member to AnotherMe.tar Archive copy-sw /destination-system Destination-stack-member-number /force-reloadSource-stack-member-number For /destination-system destination-stack-member-numberUnsupported Commands Cisco IOS Release 12.237SE Access Control ListsUnsupported Privileged Exec Commands Unsupported Global Configuration CommandsArchive Commands ARP CommandsBoot Loader Commands Debug CommandsFallback Bridging Bridge bridge-groupacquireBridge crb Bridge bridge-group domain domain-name bridge irbHsrp X25 map bridge x.121-address broadcast options-keywordsInterface Commands Igmp Snooping CommandsIP Multicast Routing Ip pim accept-rpaddress auto-rpgroup-access-list-number Show ip pim vc group-address name type numberShow ip rtp header-compression type number detail Ip multicast-routing vrf vrf-nameUnsupported Privileged Exec or User Exec Commands IP Unicast RoutingUnsupported VPN Configuration Commands Unsupported BGP Router Configuration CommandsUnsupported Route Map Commands MAC Address Commands Show cable-diagnostics prbs Test cable-diagnostics prbsMiscellaneous Set tag tag-valueNetFlow Commands MsdpNetwork Address Translation NAT Commands Unsupported Global Configuration CommandUnsupported Policy-Map Configuration Command QoSUnsupported Interface Configuration Command Unsupported User Exec CommandsUnsupported Privileged Exec Command Spanning TreeNumerics IN-1ACLs IN-2CDP Lldp RIP EigrpHsrp TACACS+Cidr BGPIN-4 Bpdu IN-5CDP CEFCgmp CLICNS IN-7IN-8 DNS DhcpIN-9 Snmp TACACS+ UdldVmps WccpDhcp option IN-11DTP IN-12Dvmrp IN-13Dynamic ARP inspection IN-14Lacp IN-15FIB STPIN-16 FTP Mstp STPIN-17 Icmp HttpsIN-18 Igmp IN-19IN-20 IP addresses IN-21Mbone IN-22IGP IN-23IP unicast routing IN-24ISL IN-25LLDP-MED IN-26IN-27 Mhsrp MDAIN-28 Msdp IN-29CST ISTMTU IN-30NAC IN-31NSSA, Ospf IN-32PBR ObflIN-33 PIM IN-34Port-based authentication IN-35Vvid PvidIN-36 Private VLANs IN-37QoS IN-38IN-39 RCP IN-40Radius TACACS+ RFCRmon IN-41RPS RspanRstp IN-42SDM IN-43Snmp IN-44SRR SpanIN-45 VTP SSLIN-46 Stacks, switch IN-47LLDP-MED Ospf IN-48STP IN-49IN-50 System message logging IN-51IN-52 IN-53 IN-54 VLANs IN-55VQP VPNIN-56 WTD IN-57IN-58