Manuals / Cisco Systems / Computer Equipment / Webcam

Cisco Systems 3750E Default Port Security Configuration, Port Security Configuration Guidelines

Models: 3750E

1 1236

Download 1236 pages 40.08 Kb

Page 606

Chapter 26 Configuring Port-Based Traffic Control

Configuring Port Security

Table 26-1	Security Violation Mode Actions

						Violation
		Traffic is	Sends SNMP	Sends syslog	Displays error	counter
Violation Mode		forwarded1	trap	message	message2	increments	Shuts down port
protect		No	No	No	No	No	No

restrict		No	Yes	Yes	No	Yes	No

shutdown		No	Yes	Yes	No	Yes	Yes

shutdown vlan		No	Yes	Yes	No	Yes	No3

1.Packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses.

2.The switch returns an error message if you manually configure an address that would cause a security violation.

3.Shuts down only the VLAN on which the violation occurred.

Default Port Security Configuration

Table 26-2shows the default port security configuration for an interface.

Table 26-2 Default Port Security Configuration

Feature	Default Setting

Port security	Disabled on a port.

Sticky address learning	Disabled.

Maximum number of secure	1.
MAC addresses per port

Violation mode	Shutdown. The port shuts down when the maximum number of
	secure MAC addresses is exceeded.

Port security aging	Disabled. Aging time is 0.
	Static aging is disabled.
	Type is absolute.

Port Security Configuration Guidelines

Follow these guidelines when configuring port security:

•Port security can only be configured on static access ports or trunk ports. A secure port cannot be a dynamic access port.

•A secure port cannot be a destination port for Switched Port Analyzer (SPAN).

•A secure port cannot belong to a Gigabit EtherChannel port group.

Note Voice VLAN is only supported on access ports and not on trunk ports, even though the configuration is allowed.

	Catalyst 3750-E and 3560-E Switch Software Configuration Guide
26-10	OL-9775-02

Image 606

Cisco Systems 3750E manual Default Port Security Configuration, Port Security Configuration Guidelines, 26-10

Contents

Americas Headquarters Text Part Number OL-9775-02Page N T E N T S IiiAssigning the Switch IP Address and Default Gateway Understanding Cisco Configuration Engine Software Clustering Switches Catalyst 1900 and Catalyst 2820 CLI Considerations ViiCreating a Banner ViiiChanging the Default Privilege Level for Lines Device Roles Bypass Routed Ports XiiMonitoring and Maintaining the Interfaces XiiiEncapsulation Types XivDomain Names Private-VLAN Configuration Guidelines XviDisabled State XviiBoundary Ports XviiiXix 19-25Dhcp Server Configuring Dynamic ARP Inspection XxiConfiguring MVR XxiiUnderstanding Storm Control XxiiiUnderstanding Udld Modes of Operation XxivCreating an Rspan Source Session XxvSnmp Agent Functions XxviCreating a Numbered Extended ACL XxviiInteraction with Other Features and Switches XxviiiXxix Port-Channel Interfaces XxxConfiguring IP Addressing XxxiNonstop Forwarding Awareness XxxiiIPv6 Addresses XxxiiiConfiguring Hsrp Priority XxxivConfiguring IP Multicast Routing XxxvConfiguring Basic Dvmrp Interoperability Features XxxviUsing a Filter XxxviiXxxviii 45-14Configuring Online Diagnostics XxxixUnsupported Route-Map Configuration Commands C-1 Hsrp XliVTP XliiPurpose PrefaceAudience ConventionsRelated Publications XlivXlv Xlvi Features OverviewDeployment Features Availability and Redundancy Features, Vlan Features,Overview Features Performance Features Management Options Manageability Features Availability and Redundancy Features Vlan Features Security FeaturesOverview Features QoS and CoS Features Layer 3 Features Power over Ethernet Features Default Settings After Initial Switch Configuration Monitoring FeaturesVlan Overview Default Settings After Initial Switch Configuration Overview Default Settings After Initial Switch Configuration Network Configuration Examples Design Concepts for Using the SwitchNetwork Demands Suggested Design Methods Cost-Effective Wiring Closet High-Performance Wiring Closet High-Performance Workgroup Gigabit-to-the-Desktop Redundant Gigabit Backbone Server Aggregation Linux Server Cluster Cisco SoftPhone Software Gigabit servers Internet Cisco 2600 or 3700 routers Catalyst 3560-E switches Large Network Using Catalyst 3750-E and 3560-E Switches Cisco 7x00 routers Catalyst Catalyst 3560-E Multidwelling Network Using Catalyst 3750-E Switches Long-Distance, High-Bandwidth Transport Configuration 11 Catalyst 3750-E Switches in a MAN ConfigurationWhere to Go Next Access layer Aggregation layerOL-9775-02 Using the Command-Line Interface Understanding Command ModesQuit Mode Access Method Prompt Exit Method About This ModeConfigure Ctrl-ZUnderstanding the Help System Console commandCommand Purpose Line vty or lineCommand ? Understanding Abbreviated CommandsUnderstanding no and default Forms of Commands Command keyword ?Understanding CLI Error Messages Using Configuration LoggingError Message Meaning How to Get Help Recalling Commands Using Command HistoryChanging the Command History Buffer Size Action1 ResultEnabling and Disabling Editing Features Using Editing FeaturesDisabling the Command History Feature Switch# terminal editingEditing Commands through Keystrokes Capability Keystroke1 PurposeEditing Command Lines that Wrap Return and Space barPress Ctrl-L or Ctrl-R Accessing the CLI Command begin include exclude regular-expressionSwitch# show interfaces include protocol Using the Command-Line Interface Accessing the CLI OL-9775-02 Assigning the Switch IP Address and Default Gateway Understanding the Boot ProcessAssigning Switch Information Default Switch Information Understanding DHCP-Based AutoconfigurationFeature Default Setting Dhcp Client Request Process Dhcp Client and Server Message ExchangeConfiguring DHCP-Based Autoconfiguration Dhcp Server Configuration GuidelinesConfiguring the Tftp Server Configuring the DNSConfiguring the Relay Device Obtaining Configuration FilesRouterconfig-if#ip helper-address Example Configuration TftpserverTftp Server Configuration on Unix Switch a Switch B Switch C Switch DDNS Server Configuration Dhcp Client ConfigurationManually Assigning IP Information Checking and Saving the Running Configuration Switch# show running-configSwitch# copy running-config startup-config Modifying the Startup Configuration Default Boot ConfigurationAutomatically Downloading a Configuration File Show boot Booting ManuallyBoot config-file flash/ file-url Configure terminal Enter global configuration modeBooting a Specific Software Image Boot system filesystem /file-urlBoot system switch number all Controlling Environment VariablesSwitch current-stack-member-number renumber Set Manualboot yes Boot manualSet Switchnumber Set SwitchpriorityVariable Description Configuring a Scheduled ReloadScheduling a Reload of the Software Image Reload in hhmm textSwitch# reload at Switch# reload at 0200 junDisplaying Scheduled Reload Information Configuring Cisco IOS CNS Agents Understanding Cisco Configuration Engine SoftwareConfiguration Service Configuration Engine Architectural OverviewWhat You Should Know About the CNS IDs and Device Hostnames Event ServiceConfigID NameSpace MapperUsing Hostname, DeviceID, and ConfigID DeviceIDHostname and DeviceID Initial Configuration Understanding Cisco IOS AgentsSynchronized Configuration Configuring Cisco IOS AgentsIncremental Partial Configuration Enabling Automated CNS ConfigurationDevice Required Configuration Enabling the CNS Event Agent Backup init-retry retry-count keepalive secondsShow running-config Show cns event connectionsEnabling an Initial Configuration Enabling the Cisco IOS CNS AgentMac-address event Cns config initial ip-address hostnameCns id interface num dns-reverse ipaddress Cns id hardware-serial hostname string stringCns config partial ip-address hostname Enabling a Partial ConfigurationShow running-config Verify your entries Show cns config statsShow cns event stats Displaying CNS ConfigurationShow cns config connections Show cns event subjectManaging Switch Stacks Understanding Switch StacksManaging Switch Stacks Understanding Switch Stacks Switch Stack Membership Creating a Switch Stack from Two Standalone Switches Adding a Standalone Switch to a Switch Stack Stack Master Election and Re-ElectionSwitch Stack Bridge ID and Router MAC Address Stack Member NumbersStack Member Priority Values Switch Stack Offline Configuration Effects of Adding a Provisioned Switch to a Switch StackScenario Result Scenario Result Switch Stack Software Compatibility Recommendations Effects of Replacing a Provisioned Switch in a Switch StackMajor Version Number Incompatibility Among Switches Minor Version Number Incompatibility Among SwitchesStack Protocol Version Compatibility Understanding Auto-Upgrade and Auto-Advise Auto-Upgrade and Auto-Advise Example Messages SwitchDirectory Mar 1 000422.537%IMAGEMGR-6-AUTOADVISESW Incompatible Software and Stack Member Image Upgrades Switch Stack Configuration FilesSwitch Stack Management Connectivity Connectivity to the Switch Stack Through an IP Address Connectivity to the Switch Stack Through an SSH SessionConnectivity to Specific Stack Members Switch Stack Configuration Scenarios Use the switch stack-member-numberPriority new-priority-number global Current-stack-member-number Renumber new-stack-member-number Configuring the Switch Stack Default Switch Stack ConfigurationEnabling Persistent MAC Address Switchconfig# stack-mac persistent timer Stack-mac persistent timerShow switch Time-valueSetting the Stack Member Priority Value Assigning Stack Member InformationAssigning a Stack Member Number Provisioning a New Member for a Switch Stack Command Description Accessing the CLI of a Specific Stack MemberDisplaying Switch Stack Information Show switch stack-member-numberShow switch stack-ports Show switch stack-ring activityDetail OL-9775-02 Clustering Switches Understanding Switch ClustersSwitch Cisco IOS Release Cluster Capability Cluster Command Switch Characteristics Standby Cluster Command Switch CharacteristicsPlanning a Switch Cluster Candidate Switch and Cluster Member Switch CharacteristicsAutomatic Discovery of Cluster Candidates and Members Discovery Through CDP HopsDiscovery Through CDP Hops Discovery Through Different VLANs Discovery Through Different Management VLANs Discovery Through Different VLANsDiscovery Through Routed Ports Discovery of Newly Installed Switches New out-of-boxHsrp and Standby Cluster Command Switches Virtual IP Addresses Other Considerations for Cluster Standby GroupsAutomatic Recovery of Cluster Configuration IP Addresses HostnamesPasswords Snmp Community StringsSwitch Clusters and Switch Stacks Switch Stack Switch ClusterMembers Other cluster member switches TACACS+ and Radius LRE ProfilesUsing the CLI to Manage Switch Clusters Switch# rcommandCatalyst 1900 and Catalyst 2820 CLI Considerations Using Snmp to Manage Switch Clusters Snmp Management for a ClusterOL-9775-02 Administering the Switch Managing the System Time and DateUnderstanding the System Clock Understanding Network Time Protocol NTPConfiguring NTP Typical NTP Network ConfigurationDefault NTP Configuration Configuring NTP AuthenticationNtp authenticate Configuring NTP Associations Ntp peer ip-address version number Configuring NTP Broadcast ServiceSwitchconfig# ntp server 172.16.22.44 version Key keyid source interface preferDestination-address Interface interface-idNtp broadcast version number key keyid Ntp broadcast clientNtp access-group query-only Configuring NTP Access RestrictionsNtp broadcastdelay microseconds Serve-onl y serve peerCommand Purpose Configuring the Source IP Address for NTP Packets Interface interface-idSetting the System Clock Configuring Time and Date ManuallyDisplaying the NTP Configuration Fundamentals Command Reference, ReleaseClock timezone zone hours-offset Displaying the Time and Date ConfigurationConfiguring the Time Zone Minutes-offsetWeek day month hh mm week day month Configuring Summer Time Daylight Saving TimeClock summer-time zone recurring Hh mm offsetConfiguring a System Name and Prompt Clock summer-time zone date monthClock summer-time zone date date Copy running-config startup-confi g Default System Name and Prompt ConfigurationConfiguring a System Name Understanding DNSIp domain-name name Default DNS ConfigurationSetting Up DNS Ip name-server server-address1Default Banner Configuration Displaying the DNS ConfigurationCreating a Banner Configuring a Message-of-the-Day Login Banner Banner motd c message cUnix telnet Configuring a Login Banner Banner login c message cManaging the MAC Address Table Building the Address Table MAC Addresses and VLANsMAC Addresses and Switch Stacks Default MAC Address Table ConfigurationChanging the Address Aging Time Mac address-table aging-time Configuring MAC Address Notification TrapsRemoving Dynamic Address Entries Show mac address-table aging-timeSnmp-server host host-addr traps informs version String by using the snmp-server communitySnmp-server enable traps mac-notification Mac address-table notificationAdding and Removing Static Address Entries Vlan vlan-id interface interface-id Configuring Unicast MAC Address FilteringMac address-table static mac-addr Show mac address-table staticVlan vlan-id drop Managing the ARP Table Displaying Address Table EntriesOL-9775-02 Configuring SDM Templates Understanding the SDM TemplatesResource Access Default Routing Dual IPv4 and IPv6 SDM TemplatesSDM Templates and Switch Stacks IPv4-and-IPv6 Resource Default RoutingConfiguring the Switch SDM Template Default SDM TemplateSDM Template Configuration Guidelines Dual-ipv4-and-ipv6 default routing Setting the SDM TemplateSdm prefer access default Vlan routing vlanSwitchconfig# sdm prefer routing Switchconfig# sdm prefer dual-ipv4-and-ipv6 defaultDisplaying the SDM Templates Policy based routing aces 25K OL-9775-02 Configuring Switch-Based Authentication Preventing Unauthorized Access to Your SwitchProtecting Access to Privileged Exec Commands Default Password and Privilege Level ConfigurationSetting or Changing a Static Enable Password Enable password passwordSwitchconfig# enable password l1u2c3k4y5 Enable secret level level password Enable password level level passwordEncryption-type encrypted-password Service password-encryptionDisabling Password Recovery No service password-recoveryShow version Password password Setting a Telnet Password for a Terminal LineConfiguring Username and Password Pairs Switchconfig-line#password let45me67in89Login local Configuring Multiple Privilege LevelsUsername command Username name privilege levelSetting the Privilege Level for a Command Privilege mode level level commandShow privilege Changing the Default Privilege Level for Lines CommandLogging into and Exiting a Privilege Level Controlling Switch Access with TACACS+ Understanding TACACS+Typical TACACS+ Network Configuration Configuring TACACS+ TACACS+ OperationAaa new-model Default TACACS+ ConfigurationTacacs-server host hostname port Aaa group server tacacs+ group-nameConfiguring TACACS+ Login Authentication Aaa new-model Enable AAAShow tacacs Verify your entries Authentication login command Aaa authentication login defaultLogin authentication default Line console tty vty line-numberShow running-config Verify your entries Controlling Switch Access with Radius Displaying the TACACS+ ConfigurationStarting TACACS+ Accounting Understanding Radius Transitioning from Radius to TACACS+ Services Radius OperationConfiguring Radius Default Radius ConfigurationIdentifying the Radius Server Host Page Ip-address auth-port port-number Acct-port port-number timeoutRadius-server host hostname Seconds retransmit retries keyConfiguring Radius Login Authentication Switchconfig# radius-server host host1Server Host section on Defining AAA Server Groups Aaa group server radius group-name Aaa authorization network radius RadiusStarting Radius Accounting Radius-server key string Configuring Settings for All Radius ServersRadius-server timeout seconds Radius-server retransmit retriesCisco-avpair=shellpriv-lvl=15 AuthenticationRadius-server vsa send accounting Cisco-avpair=ipoutacl#2=deny ip 10.10.10.10 0.0.255.255 anyControlling Switch Access with Kerberos Displaying the Radius ConfigurationRadius-server host hostname ip-address non-standard Understanding Kerberos Term Definition KDCKeytab Authenticating to a Boundary SwitchKerberos Operation SrvtabConfiguring Kerberos Authenticating to Network ServicesObtaining a TGT from a KDC Aaa authentication login default local Aaa authorization exec localAaa authorization network local Configuring the Switch for Secure Shell Username commandUsername name privilege level Understanding SSH SSH Servers, Integrated Clients, and Supported VersionsConfiguring SSH Configuration GuidelinesLimitations Setting Up the Switch to Run SSH Ip ssh timeout seconds Displaying the SSH Configuration and StatusConfiguring the SSH Server Authentication-retries numberConfiguring the Switch for Secure Socket Layer Http Understanding Secure Http Servers and ClientsCertificate Authority Trustpoints Rsakeypair TP-self-signed-3080755072 Configuring Secure Http Servers and Clients Default SSL ConfigurationCipherSuites SSL Configuration Guidelines Configuring a CA TrustpointConfiguring the Secure Http Server Show ip http server secure status Configuring the Secure Http ClientIp http timeout-policy idle seconds life Ip http client secure-trustpoint nameIp http client secure-ciphersuite Configuring the Switch for Secure Copy ProtocolDisplaying Secure Http Server and Client Status Show ip http client secure statusInformation About Secure Copy HtmlOL-9775-02 Configuring Ieee 802.1x Port-Based Authentication Understanding Ieee 802.1x Port-Based Authentication10-1 Device Roles 10-2Authentication Process 10-3Authentication Flowchart 10-4Authentication Initiation and Message Exchange 10-510-6 EAPOL-StartIeee 802.1x Authentication and Switch Stacks Ports in Authorized and Unauthorized States10-7 Ieee 802.1x Host Mode 10-8Attribute Number AV Pair Name Ieee 802.1x AccountingIeee 802.1x Accounting Attribute-Value Pairs 10-9Using Ieee 802.1x Authentication with Vlan Assignment 10-10Using Ieee 802.1x Authentication with Per-User ACLs 10-11Using Ieee 802.1x Authentication with Guest Vlan 10-12Using Ieee 802.1x Authentication with Restricted Vlan 10-1310-14 Using Ieee 802.1x Authentication with Voice Vlan Ports 10-15Using Ieee 802.1x Authentication with Port Security 10-16Using Ieee 802.1x Authentication with Wake-on-LAN 10-1710-18 Using Multidomain Authentication Network Admission Control Layer 2 Ieee 802.1x Validation10-19 Using Web Authentication For example10-20 Configuring Ieee 802.1x Authentication 10-21Default Ieee 802.1x Authentication Configuration AAA10-22 Ieee 802.1x Authentication Configuration Guidelines Ieee 802.1x Authentication10-23 10-24 Configuring Ieee 802.1x Authentication MAC Authentication Bypass10-25 Configuring the Switch-to-RADIUS-Server Communication 10-26Ip-address auth-port port-number key 10-27Multi-domain Configuring the Host ModeDot1x host-mode multi-host Show dot1x interface interface-idConfiguring Periodic Re-Authentication Manually Re-Authenticating a Client Connected to a Port10-29 Changing the Quiet Period Changing the Switch-to-Client Retransmission TimeDot1x timeout tx-period seconds Show dot1x interface interface-id Verify your entriesShow dot1xinterface interface-id Verify your entries Setting the Switch-to-Client Frame-Retransmission NumberSwitchconfig-if#dot1x timeout tx-period Dot1x max-reauth-req countSwitchconfig-if#dot1x max-reauth-req Setting the Re-Authentication NumberConfiguring Ieee 802.1x Accounting 10-32Configuring a Guest Vlan 10-33Switchconfig# interface gigabitethernet2/0/2 Configuring a Restricted VlanSwitchport mode private-vlan host Dot1x guest-vlan vlan-idAttempts Dot1x auth-fail vlan vlan-idDot1x auth-fail max-attempts max 10-35Radius-server dead-criteria time time Configuring the Inaccessible Authentication Bypass FeatureSwitchconfig-if#dot1x auth-fail max-attempts Tries tries10-37 Reinitialize vlan vlan-id Configuring Ieee 802.1x Authentication with WoLDot1x critical recovery action Show dot1x interface interface-idSwitchconfig-if#dot1x mac-auth-bypass Configuring MAC Authentication BypassSwitchconfig-if#dot1x control-direction both Dot1x control-direction bothConfiguring NAC Layer 2 Ieee 802.1x Validation 10-40Configuring Web Authentication 10-4110-42 Dot1x fallback fallback-profile Disabling Ieee 802.1x Authentication on the PortNo dot1x pae Disable Ieee 802.1x authentication on the port 10-43Displaying Ieee 802.1x Statistics and Status 10-44Configuring Interface Characteristics Understanding Interface Types11-1 Switch Ports Port-Based VLANs11-2 Access Ports Trunk Ports11-3 Routed Ports Tunnel Ports11-4 Switch Virtual Interfaces EtherChannel Port Groups11-5 Supported Protocols and Standards Power over Ethernet PortsGigabit Ethernet Interfaces 11-6Powered-Device Detection and Initial Power Allocation Class11-7 Power Management Modes 11-8Power Monitoring and Power Policing 11-9Maximum Power Allocation Cutoff Power on a PoE Port 11-10Connecting Interfaces 11-11Ethernet Management Port 11-12Connecting a Switch Stack to a PC 11-13Tftp 11-14Mgmtshow Using Interface Configuration ModeMgmtinit MgmtclrProcedures for Configuring Interfaces 11-16Macroname Configuring a Range of InterfacesInterface range port-range macro Show interfaces interface-id11-18 Define interface-range macroname Configuring and Using Interface Range MacrosShow running-config include define Interface range macro macronameSwitch# show run include define Configuring Ethernet InterfacesSwitch# show running-config include define 11-20Default Ethernet Interface Configuration 11-21Configuring Interface Speed and Duplex Mode Speed and Duplex Configuration Guidelines11-22 Nonegotiate Setting the Interface Speed and Duplex ParametersSpeed 10 100 1000 auto 10 Duplex auto full halfConfiguring Ieee 802.3x Flow Control Flowcontrol receive on off desired11-24 With Correct Cabling Configuring Auto-MDIX on an InterfaceLocal Side Auto-MDIX 11-25Configuring a Power Management Mode on a PoE Port Interface-id phy11-26 Show power inline i nterface-id Budgeting Power for Devices Connected to a PoE PortPower inline auto max max-wattage Neve r static max max-wattageWattage 11-28Configuring Power Policing 11-29Adding a Description for an Interface 11-30Switch# show interfaces gigabitethernet1/0/2 description Configuring Layer 3 InterfacesConfiguring Ethernet Management Ports 11-31No shutdown No switchportInterface gigabitethernet interface-id vlan vlan-id 11-32Configuring the System MTU 11-33System mtu routing bytes Use the system mtu jumbo Use the system mtu routingSystem mtu jumbo bytes 11-34Reload Configuring the Cisco Redundant Power SystemSystem mtu bytes Show system mtuStandby Power rps switch-number name string serialnumberPower rps switch-number port rps-port-id mode active 11-36Show env power Configuring the Power SuppliesPower supply switch-numberoff on Show env rpsMonitoring and Maintaining the Interfaces Monitoring Interface Status11-38 Clearing and Resetting Interfaces and Counters 11-39Shutdown Shutting Down and Restarting the InterfaceInterface vlan vlan-id gigabitethernet interface-id 11-40Configuring Smartports Macros Understanding Smartports Macros12-1 Macro Name Description Configuring Smartports MacrosDefault Smartports Macro Configuration 12-2Smartports Macro Configuration Guidelines 12-3Name Sample-Macro and macro name sample-macro will result Creating Smartports MacrosMacro name macro-name Show parser macro name macro-nameApplying Smartports Macros 12-5Show parser macro macro-name Applying Cisco-Default Smartports MacrosShow parser macro 12-6Switch# show parser macro cisco-desktop Switchconfig-if#macro apply cisco-desktop $AVID12-7 Show parser macro description interface Displaying Smartports MacrosShow parser macro brief 12-8Configuring VLANs Understanding VLANs13-1 13-2 Supported VLANs Vlan Port Membership Modes13-3 Configuring Normal-Range VLANs 13-4Vlan ID 13-5Normal-Range Vlan Configuration Guidelines Token Ring VLANs13-6 Vlan Configuration in config-vlan Mode Vlan Configuration Mode OptionsSaving Vlan Configuration Vlan Configuration in Vlan Database Configuration ModeVLANxxxx, where Default Ethernet Vlan ConfigurationParameter Default Range 13-8Remote-span Copy running-config startup configCreating or Modifying an Ethernet Vlan 13-9Deleting a Vlan Vlan database13-10 No vlan vlan-id Assigning Static-Access Ports to a VlanSwitchport access vlan vlan-id Show vlan briefShow interfaces interface-id switchport Configuring Extended-Range VLANsDefault Vlan Configuration Vlan fields of the displayExtended-Range Vlan Configuration Guidelines 13-13Show vlan id vlan-id Vtp mode transparentCreating an Extended-Range Vlan 13-14Creating an Extended-Range Vlan with an Internal Vlan ID Switchconfig# vtp mode transparentSwitch# copy running-config startup config Show vlan internal usageDisplaying VLANs Configuring Vlan TrunksCommand Command Mode Purpose Trunking OverviewSwitches in an ISL Trunking Environment 13-17Encapsulation Function Mode FunctionEncapsulation Types 13-18Ieee 802.1Q Configuration Considerations Default Layer 2 Ethernet Interface Vlan ConfigurationConfiguring an Ethernet Interface as a Trunk Port 13-19Dot1q negotiate Interaction with Other FeaturesConfiguring a Trunk Port 13-20Defining the Allowed VLANs on a Trunk 13-21All except remove vlan-list Switchport trunk allowed vlan addChanging the Pruning-Eligible List 13-22Except none remove vlan-list Configuring the Native Vlan for Untagged TrafficSwitchport trunk pruning vlan add Vlan ,vlanSwitchport trunk native vlan vlan-id Configuring Trunk Ports for Load SharingLoad Sharing Using STP Port Priorities 13-2413-25 Connect to the trunk ports configured on Switch a Load Sharing Using STP Path CostOr switch stack Exit Return to global configuration modeIsl dot1q negotiate Switchport trunk encapsulationInterface gigabitethernet1/0/1 Spanning-tree vlan 2-4 costConfiguring Vmps Understanding Vmps13-28 Dynamic-Access Port Vlan Membership Default Vmps Client ConfigurationVmps Configuration Guidelines 13-29Configuring the Vmps Client Entering the IP Address of the Vmps13-30 Reconfirming Vlan Memberships Configuring Dynamic-Access Ports on Vmps ClientsSwitchport access vlan dynamic Vmps reconfirmVmps reconfirm minutes Changing the Reconfirmation IntervalChanging the Retry Count 13-32Switch# show vmps Troubleshooting Dynamic-Access Port Vlan MembershipVmps Configuration Example Monitoring the VmpsDynamic Port Vlan Membership Configuration 13-34Configuring VTP Understanding VTP14-1 VTP Domain 14-2VTP Advertisements VTP Mode DescriptionVTP Modes 14-3VTP Version VTP Pruning14-4 14-5 VlanConfiguring VTP VTP and Switch Stacks14-6 VTP Configuration in Global Configuration Mode Default VTP ConfigurationVTP Configuration Options 14-7Passwords VTP Configuration GuidelinesVTP Configuration in Vlan Database Configuration Mode Domain NamesVTP Version Configuring a VTP ServerConfiguration Requirements 14-9Show vtp status Vtp password passwordVtp password password Vtp serverSwitch# vlan database Configuring a VTP ClientVtp mode client 14-11Disabling VTP VTP Transparent Mode 14-12Enabling VTP Version Vtp version14-13 Vtp pruning Adding a VTP Client Switch to a VTP DomainEnabling VTP Pruning 14-1414-15 Monitoring VTP 14-16Configuring Voice Vlan Understanding Voice Vlan15-1 Cisco IP Phone Voice Traffic Cisco IP Phone Data Traffic15-2 Voice Vlan Configuration Guidelines Configuring Voice VlanDefault Voice Vlan Configuration 15-3Configuring a Port Connected to a Cisco 7960 IP Phone 15-4Configuring Cisco IP Phone Voice Traffic 15-5Configuring the Priority of Incoming Data Frames 15-6Displaying Voice Vlan 15-715-8 Configuring Private VLANs Understanding Private VLANs16-1 16-2 Private-VLAN DomainIP Addressing Scheme with Private VLANs 16-3Private VLANs across Multiple Switches Private-VLAN Interaction with Other Features16-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic Private VLANs and SVIs16-5 Private VLANs and Switch Stacks Configuring Private VLANsTasks for Configuring Private VLANs 16-6Secondary and Primary Vlan Configuration Default Private-VLAN ConfigurationPrivate-VLAN Configuration Guidelines 16-7Private-VLAN Port Configuration 16-8Limitations with Other Features 16-9Configuring and Associating VLANs in a Private Vlan 16-10Show vlan private-vlan type Show interfaces status16-11 Switch# show interfaces gigabitethernet1/0/22 switchport Configuring a Layer 2 Interface as a Private-VLAN Host PortSwitchport private-vlan host-association Primaryvlanid secondaryvlanidAdd remove secondaryvlanlist Switchport mode private-vlan promiscuousSwitchport private-vlan mapping primaryvlanid 16-13Private-vlan mapping add remove Switch# show interfaces private-vlan mappingInterface vlan primaryvlanid Show interface private-vlan mappingMonitoring Private VLANs 16-1516-16 Configuring Ieee 802.1Q and Layer 2 Protocol Tunneling Understanding Ieee 802.1Q Tunneling17-1 Ieee 802.1Q Tunnel Ports in a Service-Provider Network 17-217-3 Ieee 802.1Q Tunneling Configuration Guidelines Configuring Ieee 802.1Q TunnelingDefault Ieee 802.1Q Tunneling Configuration Native VLANsSystem MTU 17-5Ieee 802.1Q Tunneling and Other Features 17-6Show dot1q-tunnel Configuring an Ieee 802.1Q Tunneling PortVlan dot1q tag native Show vlan dot1q tag nativeUnderstanding Layer 2 Protocol Tunneling 17-817-9 Layer 2 Protocol TunnelingConfiguring Layer 2 Protocol Tunneling 17-10Default Layer 2 Protocol Tunneling Configuration 17-11Layer 2 Protocol Tunneling Configuration Guidelines 17-12Configuring Layer 2 Protocol Tunneling 17-13L2protocol-tunnel point-to-point Configuring Layer 2 Tunneling for EtherChannelsConfiguring the SP Edge Switch Pagp lacp udld17-15 Configuring the Customer Switch 17-16Switchconfig-if#channel-group 1 mode desirable Switchconfig# interface port-channel17-17 Monitoring and Maintaining Tunneling Status 17-18Configuring STP Understanding Spanning-Tree Features18-1 STP Overview 18-2Spanning-Tree Topology and BPDUs 18-3Bridge ID, Switch Priority, and Extended System ID 18-4Bit Switch Priority ValueSpanning-Tree Interface States 32768 16384 8192 4096 2048 1024 512 256 1282illustrates how an interface moves through the states 18-6Learning State Blocking StateListening State Forwarding StateHow a Switch or Port Becomes the Root Switch or Root Port Disabled State18-8 Accelerated Aging to Retain Connectivity Spanning Tree and Redundant ConnectivitySpanning-Tree Address Management 18-9Spanning-Tree Modes and Protocols Supported Spanning-Tree Instances18-10 VLAN-Bridge Spanning Tree Spanning-Tree Interoperability and Backward CompatibilitySTP and Ieee 802.1Q Trunks Rapid PVST+Configuring Spanning-Tree Features Spanning Tree and Switch Stacks18-12 Default Spanning-Tree Configuration Spanning-Tree Configuration Guidelines18-13 18-14 Changing the Spanning-Tree Mode 18-15Show spanning-tree vlan vlan-id Verify your entries Configuring the Root SwitchDisabling Spanning Tree 18-16Show spanning-tree detail Spanning-tree vlan vlan-id root primaryDiameter net-diameter hello-time seconds 18-17Spanning-tree vlan vlan-id root secondary Configuring a Secondary Root SwitchConfiguring Port Priority Diameter net-diameter hello-timeShow spanning-tree interface interface-id Spanning-tree port-priority prioritySpanning-tree vlan vlan-id port-priority priority Show spanning-tree vlan vlan-idSpanning-tree cost cost Configuring Path CostPort-channel-number Spanning-tree vlan vlan-id cost costConfiguring the Switch Priority of a Vlan Spanning-tree vlan vlan-id priority priority18-21 Spanning-tree vlan vlan-id hello-time seconds Configuring Spanning-Tree TimersConfiguring the Hello Time 18-22Spanning-tree vlan vlan-id forward-time Configuring the Forwarding-Delay Time for a VlanConfiguring the Maximum-Aging Time for a Vlan Spanning-tree vlan vlan-idmax-age secondsShow spanning-tree detail Verify your entries Configuring the Transmit Hold-CountDisplaying the Spanning-Tree Status 18-24Configuring Mstp 19-1Understanding Mstp Multiple Spanning-Tree Regions19-2 IST, CIST, and CST Operations Within an MST Region19-3 Operations Between MST Regions 19-4Cisco Prestandard Cisco Standard Hop CountIeee 802.1s Terminology 19-5Boundary Ports Ieee 802.1s Implementation19-6 Interoperation Between Legacy and Standard Switches Port Role Naming Change19-7 Mstp and Switch Stacks Detecting Unidirectional Link Failure19-8 Port Roles and the Active Topology Understanding RstpInteroperability with Ieee 802.1D STP 19-9Rapid Convergence 19-10Synchronization of Port Roles 19-11Bridge Protocol Data Unit Format and Processing Bit Function19-12 Processing Inferior Bpdu Information Topology ChangesProcessing Superior Bpdu Information 19-13Configuring Mstp Features 19-14Default Mstp Configuration Mstp Configuration Guidelines19-15 Instance instance-id vlan vlan-range Specifying the MST Region Configuration and Enabling MstpSpanning-tree mst configuration Name nameShow pending Spanning-tree mode mstRevision version ExitSpanning-tree mst instance-id root primary 19-1819-19 Spanning-tree mst instance-id port-priority priority Show spanning-tree mst interface interface-id19-20 Spanning-tree mst instance-id cost cost 19-21Spanning-tree mst instance-id priority priority Configuring the Switch PriorityConfiguring the Hello Time 19-22Spanning-tree mst forward-time seconds Configuring the Forwarding-Delay TimeShow spanning-tree mst Verify your entries Show spanning-tree mstSpecifying the Link Type to Ensure Rapid Transitions Configuring the Maximum-Aging TimeConfiguring the Maximum-Hop Count Spanning-tree mst max-age secondsDesignating the Neighbor Type 19-25Displaying the MST Configuration and Status Restarting the Protocol Migration Process19-26 Configuring Optional Spanning-Tree Features Understanding Optional Spanning-Tree Features20-1 Understanding Port Fast Understanding Bpdu Guard20-2 Understanding Bpdu Filtering Understanding UplinkFast20-3 Switches in a Hierarchical Network 20-4Understanding Cross-Stack UplinkFast 20-5How Csuf Works 20-6Understanding BackboneFast Events that Cause Fast Convergence20-7 20-8 BackboneFast Example Before Indirect Link FailureAdding a Switch in a Shared-Medium Topology 20-9Understanding EtherChannel Guard Understanding Root Guard20-10 Understanding Loop Guard 20-11Enabling Port Fast Default Optional Spanning-Tree ConfigurationOptional Spanning-Tree Configuration Guidelines 20-12Spanning-tree portfast trunk Spanning-tree portfast trunk interface configurationEnabling Bpdu Guard PortfastSpanning-tree portfast Enable the Port Fast feature Enabling Bpdu Filtering20-14 Enabling UplinkFast for Use with Redundant Links 20-15Enabling Cross-Stack UplinkFast Spanning-tree uplinkfast max-update-rateUplinkfast command Enabling BackboneFastShow spanning-tree summary Verify your entries Spanning-tree backbonefast Enable BackboneFastEnabling EtherChannel Guard 20-17Enabling Root Guard Enabling Loop Guard20-18 20-19 20-20 Flex Links 21-1Switchport backup interface preemption delay commands Vlan Flex Link Load Balancing and Support21-2 MAC Address-Table Move Update 21-3MAC Address-Table Move Update Example 21-4Configuration Guidelines Default Configuration21-5 Show interface interface-id switchport backup Configuring Flex LinksSwitchport backup interface interface-id Switch# show interface switchport backupDelay delay-time Switchport backup interface interface-id preemptionMode forced bandwidth off 21-7Show interfaces interface-id switchport backup Configuring Vlan Load Balancing on Flex LinksSwitchport backup interface interface-id prefer vlan Switch#show interfaces switchport backupPrimary vlan vlan-id Configuring the MAC Address-Table Move Update FeatureSwitchport backup interface interface-idmmu 21-9Switch# show mac-address-table move update End Return to global configuration modeSwitchconf# mac address-table move update transmit 21-10Monitoring Flex Links and the MAC Address-Table Move Update 21-1121-12 Configuring Dhcp Features and IP Source Guard Understanding Dhcp Features22-1 Dhcp Snooping Dhcp ServerDhcp Relay Agent 22-2Option-82 Data Insertion 22-322-4 Dhcp Relay Agent in a Metropolitan Ethernet NetworkRemote ID Suboption Frame Format 22-5Release Cisco IOS Dhcp Server DatabaseDhcp Snooping Binding Database 22-622-7 Default Dhcp Configuration Configuring Dhcp FeaturesDhcp Snooping and Switch Stacks 22-8Dhcp Snooping Configuration Guidelines 22-9Configuring the Dhcp Server Dhcp Server and Switch Stacks22-10 Ip helper-address address Configuring the Dhcp Relay AgentSpecifying the Packet Forwarding Address 22-11Enabling Dhcp Snooping and Option Switchport mode accessSwitchport access vlan vlan-id Interface range port-range22-13 Enabling the Dhcp Snooping Binding Database Agent Enabling Dhcp Snooping on Private VLANsEnabling the Cisco IOS Dhcp Server Database Ip dhcp snooping databaseDisplaying Dhcp Snooping Information 22-15Understanding IP Source Guard Source IP Address Filtering22-16 IP Source Guard Configuration Guidelines Configuring IP Source GuardDefault IP Source Guard Configuration Source IP and MAC Address FilteringEnabling IP Source Guard 22-18Displaying IP Source Guard Information 22-1922-20 Configuring Dynamic ARP Inspection Understanding Dynamic ARP Inspection23-1 23-2 ARP Cache PoisoningInterface Trust States and Network Security 23-3Rate Limiting of ARP Packets Relative Priority of ARP ACLs and Dhcp Snooping Entries23-4 Logging of Dropped Packets Configuring Dynamic ARP InspectionDefault Dynamic ARP Inspection Configuration 23-5Dynamic ARP Inspection Configuration Guidelines 23-6Ip arp inspection vlan vlan-range Configuring Dynamic ARP Inspection in Dhcp EnvironmentsShow cdp neighbors 23-7Configuring ARP ACLs for Non-DHCP Environments 23-823-9 No ip arp inspection trust Show arp access-list acl-nameLimiting the Rate of Incoming ARP Packets Specified with the ip arp inspection vlan loggingPerforming Validation Checks 23-11Src-mac dst-mac ip Configuring the Log BufferIp arp inspection validate Show ip arp inspection vlanIp arp inspection log-buffer entries Number logs number interval23-13 Displaying Dynamic ARP Inspection Information 23-14Clear ip arp inspection log Clear ip arp inspection statisticsShow ip arp inspection statistics vlan Show ip arp inspection log23-16 Configuring Igmp Snooping and MVR 24-1Understanding Igmp Snooping 24-2Igmp Versions Joining a Multicast Group24-3 224.1.2.3 24-4Leaving a Multicast Group 24-5Igmp Report Suppression Igmp Configurable-Leave TimerImmediate Leave 24-6Default Igmp Snooping Configuration Configuring Igmp SnoopingIgmp Snooping and Switch Stacks PIM-DVMRPEnabling or Disabling Igmp Snooping Ip igmp snooping vlan vlan-id24-8 Learn cgmp pim-dvmrp Setting the Snooping MethodIp igmp snooping vlan vlan-id mrouter Show ip igmp snoopingConfiguring a Multicast Router Port Show ip igmp snooping mrouter vlan vlan-id24-10 Ip igmp snooping vlan vlan-id static ipaddress Configuring a Host Statically to Join a GroupEnabling Igmp Immediate Leave Show ip igmp snooping groupsConfiguring the Igmp Leave Timer 24-12Controlling the Multicast Flooding Time After a TCN Event Configuring TCN-Related CommandsRecovering from Flood Mode CountDisabling Multicast Flooding During a TCN Event No ip igmp snooping tcn flood24-14 Configuring the Igmp Snooping Querier 24-15Disabling Igmp Report Suppression No ip igmp snooping report-suppression24-16 Displaying Igmp Snooping Information 24-17Understanding Multicast Vlan Registration 24-18Using MVR in a Multicast Television Application 24-19MVR Configuring MVRDefault MVR Configuration 24-20Mvr Enable MVR on the switch MVR Configuration Guidelines and LimitationsConfiguring MVR Global Parameters 24-21Configuring MVR Interfaces 24-22Show mvr Mvr type source receiverMvr immediate Show mvr interface Show mvr membersConfiguring Igmp Filtering and Throttling Displaying MVR Information24-24 Default Igmp Filtering and Throttling Configuration Configuring Igmp Profiles24-25 Range ip multicast address Ip igmp profile profile numberPermit deny Show ip igmp profile profile numberApplying Igmp Profiles Setting the Maximum Number of Igmp GroupsSwitch# show ip igmp profile Ip igmp filter profile numberEtherChannel group or a EtherChannel interface Configuring the Igmp Throttling ActionShow running-config interface Verify the configuration Interface-idReplace Displaying Igmp Filtering and Throttling ConfigurationIp igmp max-groups action deny Show ip igmp profile profile24-30 Configuring IPv6 MLD Snooping Understanding MLD Snooping25-1 25-2 Multicast Client Aging Robustness MLD MessagesMLD Queries 25-3MLD Done Messages and Immediate-Leave Multicast Router DiscoveryMLD Reports 25-4Topology Change Notification Processing Configuring IPv6 MLD SnoopingMLD Snooping in Switch Stacks 25-5Default MLD Snooping Configuration MLD Snooping Configuration Guidelines25-6 Ipv6 mld snooping vlan vlan-id Enabling or Disabling MLD SnoopingIpv6 mld snooping 25-7Show ipv6 mld snooping multicast-address user Configuring a Static Multicast GroupIpv6 mld snooping vlan vlan-id static Show ipv6 mld snooping multicast-address vlanShow ipv6 mld snooping mrouter vlan vlan-id Enabling MLD Immediate LeaveIpv6 mld snooping vlan vlan-id mrouter 25-9Configuring MLD Snooping Queries 25-10Displaying MLD Snooping Information Disabling MLD Listener Message Suppression25-11 Vlan-id ipv6-multicast-address Show ipv6 mld snooping querier vlan vlan-idVlan-id count dynamic user 25-12Understanding Storm Control Configuring Port-Based Traffic ControlConfiguring Storm Control 26-126-2 Broadcast Storm Control ExampleDefault Storm Control Configuration Configuring Storm Control and Threshold Levels26-3 Bps-low pps pps pps-low Storm-control broadcast multicastUnicast level level level-low bps bps Storm-control action shutdown trapShow storm-control interface-id broadcast Configuring Protected PortsDefault Protected Port Configuration Multicast unicastConfiguring a Protected Port Configuring Port BlockingProtected Port Configuration Guidelines 26-6Blocking Flooded Traffic on an Interface Configuring Port SecurityDefault Port Blocking Configuration 26-7Understanding Port Security Secure MAC Addresses26-8 Security Violations 26-9Forwarded1 Trap Message Message2 Increments Default Port Security ConfigurationPort Security Configuration Guidelines 26-1026-11 Enabling and Configuring Port Security 26-12Shutdown vlan Switchport port-security violationProtect restrict shutdown 26-1326-14 Switchconfig-if#switchport port-security mac-address sticky Switchconfig-if#switchport port-securitySwitchconfig-if#switchport port-security maximum Switchconfig-if#switchport port-security violation restrictEnabling and Configuring Port Security Aging 26-16Port Security and Private VLANs Port Security and Switch StacksSwitchconfig# interface GigabitEthernet 1/0/8 26-17Show port-security interface interface-idvlan Displaying Port-Based Traffic Control SettingsShow port-security interface interface-idaddress 26-18Configuring CDP Understanding CDP27-1 Default CDP Configuration Configuring CDPCDP and Switch Stacks Configuring the CDP CharacteristicsCdp advertise-v2 Disabling and Enabling CDPCdp holdtime seconds Show cdpDisabling and Enabling CDP on an Interface No cdp enable Disable CDP on the interfaceCdp enable Enable CDP on the interface after disabling it 27-4Monitoring and Maintaining CDP 27-527-6 Understanding Lldp Configuring Lldp and LLDP-MEDUnderstanding Lldp and LLDP-MED 28-1Understanding LLDP-MED 28-2Configuring Lldp Characteristics Configuring Lldp and LLDP-MEDDefault Lldp Configuration 28-3Disabling and Enabling Lldp Globally 28-4Disabling and Enabling Lldp on an Interface 28-5No lldp med-tlv-select tlv Specify the TLV to disable Configuring LLDP-MED TLVsTLV, and enter interface configuration mode Lldp med-tlv-select tlv Specify the TLV to enableMonitoring and Maintaining Lldp and LLDP-MED 28-728-8 Modes of Operation Configuring UdldUnderstanding Udld 29-1Methods to Detect Unidirectional Links 29-2Configuring Udld 29-3Default Udld Configuration 29-4Enabling Udld Globally Udld aggressive enable message timeMessage-timer-interval Show udldEnabling Udld on an Interface Resetting an Interface Disabled by UdldUdld reset Show udld Udld port aggressiveDisplaying Udld Status 29-729-8 Configuring Span and Rspan Understanding Span and Rspan30-1 Local Span 30-2Remote Span 30-3Span and Rspan Concepts and Terminology Span Sessions30-4 Monitored Traffic 30-5Source Ports 30-6Source VLANs Vlan Filtering30-7 Destination Port 30-8Span and Rspan Interaction with Other Features Rspan Vlan30-9 Configuring Span and Rspan Span and Rspan and Switch Stacks30-10 Span Configuration Guidelines Default Span and Rspan ConfigurationConfiguring Local Span 30-11Creating a Local Span Session 30-12Encapsulation replicate Monitor session sessionnumberDestination interface interface-id Show monitor session sessionnumber30-14 Specifying VLANs to Filter Monitor session sessionnumber filter vlan30-15 Be a Vlan Configuring RspanRspan Configuration Guidelines 30-16Configuring a Vlan as an Rspan Vlan 30-17Destination remote vlan vlan-id Creating an Rspan Source SessionInterfaces port-channelport-channel-number. Valid 30-18Creating an Rspan Destination Session Remote vlan vlan-id30-19 30-20 Ingress dot1q vlan vlan-id isl untagged Untagged vlan vlan-id or vlan vlan-id- Forward incoming30-21 Show monitor session sessionnumber 30-22Displaying Span and Rspan Status 30-2330-24 Configuring Rmon Understanding Rmon31-1 Configuring Rmon 31-2Default Rmon Configuration Configuring Rmon Alarms and Events31-3 Rmon event number description string log owner string Add an event in the Rmon event table that is31-4 Rmon collection history index Collecting Group History Statistics on an InterfaceCollecting Group Ethernet Statistics on an Interface Show rmon historyShow rmon statistics Displaying Rmon StatusRmon collection stats index owner ownername 31-6Configuring System Message Logging Understanding System Message Logging32-1 Configuring System Message Logging System Log Message Format32-2 Hhmmss short uptime Text string that uniquely describes the message32-3 Show running-config Verify your entries Show logging Default System Message Logging ConfigurationNo logging console Disable message logging Disabling Message LoggingLogging host Setting the Message Display Destination DeviceLogging buffered size 32-5Terminal monitor Synchronizing Log MessagesLogging file flash filename Session to see the debugging messagesLogging synchronous level severity-level Line console vty line-numberLine vty All limit number-of-buffersEnabling and Disabling Time Stamps on Log Messages Enabling and Disabling Sequence Numbers in Log Messages32-8 Logging monitor level Defining the Message Severity LevelLogging console level Logging trap levelLevel Description Syslog Definition 32-10Logging history size number Enabling the Configuration-Change LoggerLogging history level 32-11Configuring Unix Syslog Servers Logging Messages to a Unix Syslog Daemon32-12 Facility-type keywords Configuring the Unix System Logging FacilityLogging facility facility-type 32-13Displaying the Logging Configuration Facility Type Keyword Description32-14 Configuring Snmp Understanding Snmp33-1 Snmp Versions 33-2DES Model Level Authentication Encryption ResultSnmp Manager Functions Operation DescriptionUsing Snmp to Access MIB Variables Snmp Agent Functions33-4 Snmp Notifications 33-5IfIndex Range Configuring SnmpSnmp ifIndex MIB Object Values SVIDefault Snmp Configuration Snmp Configuration Guidelines33-7 Disabling the Snmp Agent Configuring Community StringsNo snmp-server Disable the Snmp agent operation 33-8Snmp-server community string view View-name ro rw access-list-numberAccess-list access-list-number deny Permit source source-wildcardSnmp-server engineID local Configuring Snmp Groups and UsersSnmp-server engineID local engineid-string 33-10Auth noauth priv read readview Write writeview notify notifyview accessSnmp-server group groupname v1 v2c 33-11Encrypted access access-list auth md5 Configuring Snmp NotificationsRemote host udp-port port v1 access Notification Type Keyword Description33-13 33-14 Enable traps command for each trap type Setting the Agent Contact and Location Information33-12 , or enter snmp-server enable traps ? Notification-typesSnmp Examples Switchconfig# snmp-server community publicLimiting Tftp Servers Used Through Snmp Snmp-server tftp-server-listDisplaying Snmp Status 33-1733-18 Configuring Network Security with ACLs Understanding ACLs34-1 Supported ACLs 34-2Port ACLs 34-3Router ACLs 34-4Handling Fragmented and Unfragmented Traffic Vlan Maps34-5 ACLs and Switch Stacks 34-6Configuring IPv4 ACLs 34-7Creating Standard and Extended IPv4 ACLs Access List NumbersAccess List Number Type Supported 34-8ACL Logging 34-9Creating a Numbered Standard ACL Access-list access-list-number deny permitShow access-lists number name Source source-wildcard logCreating a Numbered Extended ACL 34-1134-12 34-13 34-14 Resequencing ACEs in an ACL Creating Named Standard and Extended ACLs34-15 Any log Ip access-list standard nameIp access-list extended name Tos tos established log time-rangeUsing Time Ranges with ACLs 34-17Show time-range Absolute start time datePeriodic weekdays weekend daily 34-18Including Comments in ACLs Switch# show ip access-listsApplying an IPv4 ACL to a Terminal Line 34-19Out Access-class access-list-numberApplying an IPv4 ACL to an Interface 34-20Ip access-group access-list-number 34-21IPv4 ACL Configuration Examples Hardware and Software Treatment of IP ACLs34-22 Switchconfig# access-list 6 permit 172.20.128.64 Switchconfig# access-list 106 permit ip any 172.20.128.6434-23 Numbered ACLs Extended ACLs34-24 Commented IP ACL Entries Named ACLsTime Range Applied to an IP ACL 34-25Switch# show logging Switchconfig-if#ip access-group ext134-26 Creating Named MAC Extended ACLs 34-27Applying a MAC ACL to a Layer 2 Interface 34-28Show mac access-group interface interface-id Configuring Vlan MapsMac access-group name ACLVlan Map Configuration Guidelines 34-30Action drop forward Vlan access-map name numberCreating a Vlan Map Match ip mac address nameExamples of ACLs and Vlan Maps 34-3234-33 Applying a Vlan Map to a Vlan Using Vlan Maps in Your NetworkWiring Closet Configuration Vlan filter mapname vlan-list listSwitchconfig# ip access-list extended matchall Denying Access to a Server on Anothera VlanSwitchconfig# vlan access-map map2 Switchconfig# vlan filter map2 vlanUsing Vlan Maps with Router ACLs 34-36Vlan Maps and Router ACL Configuration Guidelines 34-37ACLs and Bridged Packets ACLs and Switched PacketsExamples of Router ACLs and Vlan Maps Applied to VLANs 34-38ACLs and Routed Packets 34-39ACLs and Multicast Packets Displaying IPv4 ACL ConfigurationShow ip access-lists number name 34-40Show ip interface interface-id Show running-config interface interface-idShow mac access-group interface interface-id 34-4134-42 Configuring IPv6 ACLs 35-1Understanding IPv6 ACLs 35-2IPv6 ACL Limitations Supported ACL FeaturesIPv6 ACLs and Switch Stacks 35-3Interaction with Other Features and Switches Configuring IPv6 ACLsDefault IPv6 ACL Configuration 35-4Ipv6 access-list access-list-name Creating IPv6 ACLs35-5 Value time-range name Dscp value fragments logLog-input routing sequence 35-635-7 Ipv6 address ipv6-address Ipv6 traffic-filter access-list-nameApplying an IPv6 ACL to an Interface 35-8Displaying IPv6 ACLs Show access-listsShow ipv6 access-list access-list-name 35-935-10 Configuring QoS 36-1Understanding QoS 36-2Basic QoS Model 36-336-4 Basic QoS ModelClassification 36-536-6 Check if packet came with CoS label tag YesClassification Based on QoS ACLs Classification Based on Class Maps and Policy Maps36-7 Policing and Marking 36-8Policing on Physical Ports 36-9Policing on SVIs 36-10Policing and Marking Flowchart on SVIs 36-11Mapping Tables 36-12Queueing and Scheduling Overview 36-13Weighted Tail Drop SRR Shaping and Sharing36-14 Queueing and Scheduling on Ingress Queues 36-15Queue Type Function 36-16WTD Thresholds 36-17Queueing and Scheduling on Egress Queues 36-1836-19 Buffer and Memory Allocation 36-20Packet Modification 36-21Configuring Auto-QoS 36-22Generated Auto-QoS Configuration 36-23Description Automatically Generated Command 36-2436-25 If you entered the auto qos voip trust command, the switch Switch automatically configures the egress queue bufferSizes. It configures the bandwidth and the SRR mode shaped Or shared on the egress queues mapped to the portEffects of Auto-QoS on the Configuration Auto-QoS Configuration Guidelines36-27 Cisco-softphone trust Enabling Auto-QoS for VoIPAuto qos voip cisco-phone Show auto qos interface interface-id36-29 Auto-QoS Configuration Example 36-30Auto qos voip trust Cdp enableDebug auto qos Show auto qosConfiguring Standard QoS Displaying Auto-QoS Information36-32 Default Standard QoS Configuration Default Ingress Queue Configuration36-33 Default Egress Queue Configuration Dscp Value Queue ID -Threshold ID36-34 QoS ACL Guidelines Standard QoS Configuration GuidelinesDefault Mapping Table Configuration Applying QoS on InterfacesPolicing Guidelines General QoS Guidelines36-36 Enabling QoS Globally Enabling VLAN-Based QoS on Physical Ports36-37 Configuring Classification Using Port Trust States Configuring the Trust State on Ports within the QoS Domain36-38 36-39 15 Port Trusted States within the QoS DomainShow mls qos interface Configuring the CoS Value for an InterfaceMls qos trust cos dscp ip-precedence 36-40Configuring a Trusted Boundary to Ensure Port Security Mls qos cos default-cos override36-41 Mls qos trust device cisco-phone Enabling Dscp Transparency ModeMls qos trust dscp 36-42No mls qos rewrite ip dscp 36-43Show mls qos maps dscp-mutation Mls qos map dscp-mutationMls qos dscp-mutation 36-44Configuring a QoS Policy Switchconfig-if#mls qos dscp-mutation gi1/0/2-mutation36-45 Classifying Traffic by Using ACLs 36-46Permit protocol source source-wildcard Switchconfig# access-list 100 permit ip any any dscpSwitchconfig# access-list 102 permit pim any 224.0.0.2 dscp Source-wildcardMac access-list extended name 36-48Is match-all Classifying Traffic by Using Class MapsClass-map match-all match-any Match-any keywordsIp-precedence-list Match access-group acl-index-or-nameIp dscp dscp-list ip precedence Show class-map36-51 Policy-map policy-map-name Class class-map-name36-52 36-53 Service-policy input policy-map-name Show policy-map policy-map-nameclass36-54 Switchconfig-if#service-policy input macpolicy1 Switchconfig# policy-map macpolicy1Switchconfig-pmap#class macclass2 maclist2 36-55Traffic by Using Class Maps section on 36-5636-57 Exceed-action policed-dscp-transmit keywords to mark down Police rate-bps burst-byte exceed-actionDrop policed-dscp-transmit 36-58Service-policy policy-map-name 36-59Service-policy input policy-map-name Show policy-map policy-map-nameclassShow mls qos vlan-based Exceed-action drop Mls qos aggregate-policerAggregate-policer-name rate-bps burst-byte Policed-dscp-transmitOnly one policy map per ingress port is supported Show mls qos aggregate-policerAggregate-policer-name Switchconfig-pmap-c#police aggregate transmit1 Configuring Dscp MapsConfiguring the CoS-to-DSCP Map CoS Value Dscp ValueIP Precedence Value Dscp Value Configuring the IP-Precedence-to-DSCP MapMls qos map cos-dscp dscp1...dscp8 36-64Configuring the Policed-DSCP Map 36-6536-66 Configuring the DSCP-to-CoS MapDscp Value CoS Value ShowShow mls qos maps dscp-to-cos Configuring the DSCP-to-DSCP-Mutation MapMls qos map dscp-cos dscp-list to cos 36-67Switchconfig-if#mls qos dscp-mutation mutation1 Switch# show mls qos maps dscp-mutation mutation136-68 Configuring Ingress Queue Characteristics 36-69Mls qos srr-queue input threshold Mls qos srr-queue input dscp-mapMls qos srr-queue input cos-map Show mls qos mapsMls qos srr-queue input buffers Allocating Buffer Space Between the Ingress QueuesAllocating Bandwidth Between the Ingress Queues Show mls qos interface bufferMls qos srr-queue input bandwidth Configuring the Ingress Priority QueueWeight1 weight2 Show mls qos interface queueingMls qos srr-queue input Configuring Egress Queue CharacteristicsWeight Priority-queue queue-id bandwidth36-74 Mls qos queue-set output qset-id Queue-set qset-id36-75 36-76 Mls qos srr-queue output dscp-map Mls qos srr-queue output cos-map36-77 Weight2 weight3 weight4 Configuring SRR Shaped Weights on Egress QueuesSrr-queue bandwidth shape weight1 QueueingSrr-queue bandwidth share weight1 Configuring SRR Shared Weights on Egress QueuesConfiguring the Egress Expedite Queue 36-79Limiting the Bandwidth on an Egress Interface Mls qos Enable QoS on a switchSrr-queue bandwidth limit weight1 36-80Displaying Standard QoS Information 36-81Show running-config include rewrite 36-82Configuring EtherChannels and Link-State Tracking Understanding EtherChannels37-1 EtherChannel Overview 37-2Single-Switch EtherChannel 37-3Port-Channel Interfaces 37-4Port Aggregation Protocol 37-5PAgP Modes PAgP Interaction with Other FeaturesMode Description AutoLacp Modes Lacp Interaction with Other FeaturesLink Aggregation Control Protocol 37-7EtherChannel On Mode Load-Balancing and Forwarding Methods37-8 37-9 EtherChannel and Switch Stacks 37-10Configuring EtherChannels Default EtherChannel Configuration37-11 EtherChannel Configuration Guidelines 37-12Configuring Layer 2 EtherChannels 37-13Auto non-silent desirable non-silent on Active passive37-14 Creating Port-Channel Logical Interfaces Configuring Layer 3 EtherChannelsSwitchconfig-if-range#channel-group 5 mode active 37-15Show etherchannel channel-group-number detail Configuring the Physical InterfacesInterface port-channel port-channel-number No ip addressMust be the same as the port-channel-number logical port Partner that is PAgP capable, configure the switch port forFor channel-group-number, the range is 1 to 48. This number 37-17Src-dst-ip src-dst-mac src-ip src-mac Configuring EtherChannel Load-BalancingPort-channel load-balance dst-ip dst-mac 37-18Configuring the PAgP Learn Method and Priority Show etherchannel load-balance Verify your entries37-19 Pagp port-priority priority Configuring Lacp Hot-Standby PortsPagp learn-method physical-port Show pagp channel-group-number internalConfiguring the Lacp System Priority Show running-config Verify your entries Show lacp sys-id37-21 Show lacp channel-group-number Configuring the Lacp Port PriorityLacp port-priority priority InternalDisplaying EtherChannel, PAgP, and Lacp Status Understanding Link-State Tracking37-23 37-24 Configuring Link-State Tracking 37-25Configuring Link-State Tracking Default Link-State Tracking ConfigurationLink-State Tracking Configuration Guidelines 37-26Displaying Link-State Tracking Status Switch show link state groupSwitch show link state group detail 37-2737-28 Configuring IP Unicast Routing 38-1Understanding IP Routing Types of Routing38-2 IP Routing and Switch Stacks 38-338-4 Steps for Configuring Routing Configuring IP Addressing38-5 Irdp Default Addressing ConfigurationARP 38-6Use of Subnet Zero Show running-config Verify your entryAssigning IP Addresses to Network Interfaces 38-7Classless Routing 38-8Configuring Address Resolution Methods No ip classless Disable classless routing behavior38-9 Define a Static ARP Cache Arp ip-address hardware-address type38-10 Set ARP Encapsulation 38-11Default Gateway Routing Assistance When IP Routing is DisabledEnable Proxy ARP Proxy ARPIcmp Router Discovery Protocol Irdp 38-13Configuring Broadcast Packet Handling 38-14Ip directed-broadcast access-list-number Ip forward-protocol udp port nd sdns38-15 Forwarding UDP Broadcast Packets and Protocols 38-16Ip broadcast-address ip-address Establishing an IP Broadcast AddressFlooding IP Broadcasts 38-17Clear host name Monitoring and Maintaining IP AddressingClear arp-cache Clear ip route network maskEnabling IP Unicast Routing 38-19Configuring RIP 38-20Router rip Default RIP ConfigurationConfiguring Basic RIP Parameters Network network number38-22 Ip rip authentication key-chain name-of-chain Configuring RIP AuthenticationConfiguring Summary Addresses and Split Horizon Ip rip authentication mode text md5Ip summary-address rip ip address ip-network mask Configuring Split HorizonSwitchconfig-router#neighbor 2.2.2.2 peer-group mygroup No ip split horizonConfiguring Ospf No ip split-horizon38-25 Default Ospf Configuration 38-26Ospf Nonstop Forwarding 38-27Ospf NSF Awareness 38-28Configuring Basic Ospf Parameters Configuring Ospf Interfaces38-29 38-30 Configuring Ospf Area Parameters 38-31Configuring Other Ospf Parameters 38-3238-33 Ip address address mask Configuring a Loopback InterfaceChanging LSA Group Pacing 38-34Configuring Eigrp Monitoring Ospf38-35 38-36 Default Eigrp Configuration 38-37Eigrp Nonstop Forwarding 38-38Network network-number Configuring Basic Eigrp ParametersRouter eigrp autonomous-system Eigrp log-neighbor-changesIp summary-address eigrp Configuring Eigrp InterfacesNo auto-summary 38-40No ip split-horizon eigrp autonomous-system-number Configuring Eigrp Route AuthenticationIp hello-interval eigrp autonomous-system-number Show ip eigrp interfaceEigrp Stub Routing 38-42Configuring BGP Monitoring and Maintaining Eigrp38-43 38-44 EBGP, IBGP, and Multiple Autonomous SystemsDefault BGP Configuration 38-4538-46 Nonstop Forwarding Awareness 38-47Network network-number mask network-mask Enabling BGP RoutingRouter bgp autonomous-system Route-map route-map-name38-49 Managing Routing Policy Changes Switchconfig-router#neighbor 192.208.10.2 remote-asSwitch# show ip bgp neighbors 38-50Clear ip bgp * address Type of Reset Advantages DisadvantagesShow ip bgp neighbors Show ip bgpConfiguring BGP Decision Attributes 38-5238-53 Configuring BGP Filtering with Route Maps Configuring BGP Filtering by Neighbor38-54 Route-map map-tag in out Ip as-path access-list access-list-numberOut weight weight Show ip bgp neighbors pathsConfiguring Prefix Lists for BGP Filtering 38-56Permit deny community-number Configuring BGP Community FilteringIp community-listcommunity-list-number Send-communityIp bgp-community new-format Configuring BGP Neighbors and Peer GroupsSet comm-list list-num delete Show ip bgp community38-59 Configuring Aggregate Addresses 38-60Configuring Routing Domain Confederations Configuring BGP Route Reflectors38-61 Bgp cluster-id cluster-id Configuring Route DampeningRoute-reflector-client No bgp client-to-client reflectionMonitoring and Maintaining BGP 38-63Configuring Multi-VRF CE 38-64Understanding Multi-VRF CE 38-6538-66 VRF Default Multi-VRF CE ConfigurationMulti-VRF CE Configuration Guidelines 38-67Import map route-map Configuring VRFsRoute-target export import both Ip vrf forwarding vrf-nameLog-adjacency-changes Configuring a VPN Routing SessionShow ip vrf brief detail interfaces Redistribute bgpConfiguring BGP PE to CE Routing Sessions Multi-VRF CE Configuration Example38-70 38-71 VPN2 CE1Configuring Switch a 38-72Switchconfig-if#ip address 208.0.0.20 Switchconfig-router-af#network 8.8.2.0 maskSwitchconfig-router-af#network 8.8.1.0 mask 38-73Router# configure terminal 38-74Configuring Unicast Reverse Path Forwarding Displaying Multi-VRF CE Status38-75 Configuring Protocol-Independent Features Configuring Distributed Cisco Express Forwarding38-76 Configuring the Number of Equal-Cost Routing Paths 38-77Maximum-paths maximum Configuring Static Unicast RoutesRouter bgp rip ospf eigrp Show ip routeIp default-network network number Specify a default network Specifying Default Routes and NetworksRoute Source Default Distance 38-79Using Route Maps to Redistribute Routing Information 38-8038-81 38-82 Configuring Policy-Based Routing 38-83PBR Configuration Guidelines 38-84Enabling PBR 38-85Ip local policy route-map map-tag Ip policy route-map map-tagIp route-cache policy 38-86Setting Passive Interfaces Filtering Routing Information38-87 Router bgp rip eigrp Controlling Advertising and Processing in Routing UpdatesFiltering Sources of Routing Information 38-88Ip access list Managing Authentication KeysDistance weight ip-address ip-address mask 38-89Monitoring and Maintaining the IP Network 38-9038-91 38-92 Configuring IPv6 Unicast Routing Understanding IPv639-1 IPv6 Addresses 39-2Supported IPv6 Unicast Routing Features Bit Wide Unicast Addresses39-3 ICMPv6 DNS for IPv6Path MTU Discovery for IPv6 Unicast Neighbor DiscoveryIPv6 Applications 39-5Unsupported IPv6 Unicast Routing Features Dual IPv4 and IPv6 Protocol Stacks39-6 IPv6 and Switch Stacks Limitations39-7 39-8 SDM Templates Dual IPv4-and IPv6 SDM Templates39-9 Configuring IPv6 39-10Default IPv6 Configuration Configuring IPv6 Addressing and Enabling IPv6 Routing39-11 39-12 Switchconfig-if#ipv6 address 20010DB8c181/64 eui Configuring IPv4 and IPv6 Protocol StacksIp routing Enable routing on the switch 39-1339-14 Ipv6 icmp error-interval interval bucketsize Configuring IPv6 Icmp Rate LimitingConfiguring CEF and dCEF for IPv6 Show ipv6 interface interface-idConfiguring Static Routing for IPv6 39-16Ipv6-address interface-id ipv6-address Administrative distanceIpv6 route ipv6-prefix/prefix length 39-17Show ipv6 static ipv6-address Configuring RIP for IPv6Show ipv6 route static updated Interface-id recursive detail39-19 Configuring Ospf for IPv6 39-2039-21 Switch# show ipv6 interface Displaying IPv639-22 Switch# show ipv6 rip Switch# show ipv6 cef /0Switch# show ipv6 protocols 39-23Switch# show ipv6 route Switch# show ipv6 neighborsSwitch# show ipv6 static Switch# show ipv6 traffic39-25 39-26 Configuring Hsrp and Enhanced Object Tracking Understanding Hsrp40-1 40-2 Multiple Hsrp 40-3Configuring Hsrp Hsrp and Switch Stacks40-4 Enabling Hsrp Default Hsrp ConfigurationHsrp Configuration Guidelines 40-5Secondary Switch# show standbyStandby group-number ip ip-address Show standby interface-id groupConfiguring Hsrp Priority 40-7Standby group-number track Priority preempt delay delayStandby group-number priority 40-8Switchconfig-if#standby 2 ip Configuring MhsrpConfiguring Hsrp Authentication and Timers 40-9Switchconfig-if#standby 1 authentication word Standby group-number authentication stringStandby group-number timers hellotime HoldtimeEnabling Hsrp Support for Icmp Redirect Messages Displaying Hsrp ConfigurationsConfiguring Hsrp Groups and Clustering Show standby interface-idgroup brief detailConfiguring Enhanced Object Tracking Understanding Enhanced Object Tracking40-12 Track object-number interface Configuring Enhanced Object Tracking FeaturesTracking Interface Line-Protocol or IP Routing State 40-13Track track-numberlist boolean Configuring a Tracked ListSwitch# show track 33 Track Object object-number notTrack track-numberlist threshold WeightThreshold weight up number 40-15Object object-number Track track-number list thresholdPercentage Threshold percentage up numberConfiguring Hsrp Object Tracking 40-17Configuring Other Tracking Characteristics Show standby40-18 Configuring Web Cache Services By Using Understanding Wccp41-1 Wccp Message Exchange 41-2MD5 Security Packet Redirection and Service GroupsWccp Negotiation 41-3Wccp and Switch Stacks 41-4Default Wccp Configuration Configuring WccpUnsupported Wccp Features Wccp Configuration GuidelinesEnabling the Web Cache Service 41-641-7 41-8 Monitoring and Maintaining Wccp Switchconfig# interface range gigabitethernet1/0/3Switchconfig-if-range#switchport access vlan 41-9Enabled / disabled 41-10Configuring IP Multicast Routing 42-142-2 IP Multicast Routing ProtocolsUnderstanding Igmp Igmp Version42-3 PIM Modes Understanding PIMPIM Versions 42-4PIM Stub Routing 42-5Auto-RP 42-6Bootstrap Router Multicast Forwarding and Reverse Path Check42-7 Understanding Dvmrp Network Port42-8 Multicast Routing and Switch Stacks Understanding Cgmp42-9 Multicast Routing Configuration Guidelines Configuring IP Multicast RoutingDefault Multicast Routing Configuration 42-10Auto-RP and BSR Configuration Guidelines PIMv1 and PIMv2 Interoperability42-11 Configuring Basic Multicast Routing Ip multicast-routing distributed42-12 Ip pim dense-mode sparse-mode Configuring PIM Stub RoutingIp pim version 1 Sparse-dense-modeIp pim passive Configuring a Rendezvous PointManually Assigning an RP to Multicast Groups 42-14Access-list-number override Ip pim rp-address ip-address42-15 Configuring Auto-RP 42-16Interval seconds Scope ttl group-list access-list-numberIp pim send-rp-announce interface-id 42-17Show ip pim rp Ip pim send-rp-discovery scope ttlShow ip pim rp mapping 42-18Access-list-number group-list Ip pim rp-announce-filter rp-list42-19 Configuring PIMv2 BSR Ip pim bsr-border42-20 Ip multicast boundary 42-21Ip pim bsr-candidate interface-id Hash-mask-length priority42-22 Group-list access-list-number Ip pim rp-candidate interface-id42-23 Group-address mapping Using Auto-RP and a BSRShow ip pim rp group-name Show ip pim rp-hash groupMonitoring the RP Mapping Information Configuring Advanced PIM FeaturesTroubleshooting PIMv1 and PIMv2 Interoperability Problems Understanding PIM Shared Tree and Source Tree42-26 Shared Tree and Source Tree Shortest-Path TreeDelaying the Use of PIM Shortest-Path Tree Ip pim spt-threshold kbps infinity42-27 Ip pim query-interval seconds Configuring Optional Igmp FeaturesModifying the PIM Router-Query Message Interval Show ip igmp interface interface-idIp igmp join-group group-address Default Igmp ConfigurationConfiguring the Switch as a Member of a Group 42-29Show ip igmp interface interface-id Verify your entries Controlling Access to IP Multicast GroupsIp igmp access-group access-list-number 42-30Ip igmp version 1 Changing the Igmp VersionModifying the Igmp Host-Query Message Interval Query-interval or the ip igmp query-max-response-timeIp igmp query-interval seconds Changing the Igmp Query Timeout for IGMPv2Ip igmp querier-timeout seconds 42-32Ip igmp query-max-response-time Configuring the Switch as a Statically Connected MemberChanging the Maximum Query Response Time for IGMPv2 42-33Ip igmp static-group group-address Configuring Optional Multicast Routing FeaturesEnabling Cgmp Server Support 42-34Configuring sdr Listener Support Ip cgmp proxy42-35 Limiting How Long an sdr Cache Entry Exists Ip sdr listen Enable sdr listener supportEnabling sdr Listener Support 42-36Configuring an IP Multicast Boundary 42-37Configuring Basic Dvmrp Interoperability Features 42-38Configuring Dvmrp Interoperability 42-39Ip dvmrp metric metric list 42-40Configuring a Dvmrp Tunnel 42-41Advertising Network 0.0.0.0 to Dvmrp Neighbors Access-list-number distanceNeighbor-list access-list-number Ip dvmrp accept-filterResponding to mrinfo Requests Configuring Advanced Dvmrp Interoperability FeaturesIp dvmrp default-information Originate onlyEnabling Dvmrp Unicast Routing 42-44Rejecting a Dvmrp Nonpruning Neighbor 42-45Enter interface configuration mode 42-46Limiting the Number of Dvmrp Routes Advertised By default, 7000 routes are advertised. The range is 0 toControlling Route Exchanges Changing the Dvmrp Route ThresholdRoute-count Configuring a Dvmrp Summary AddressDefault is 10,000 routes. The range is 1 to 42-4842-49 Mask metric value Disabling Dvmrp AutosummarizationIp dvmrp summary-address address No ip dvmrp auto-summaryIncrement Adding a Metric Offset to the Dvmrp RouteIp dvmrp metric-offset in out 42-51Displaying System and Network Statistics Monitoring and Maintaining IP Multicast RoutingClearing Caches, Tables, and Databases 42-52Monitoring IP Multicast Routing 42-5342-54 Configuring Msdp Understanding Msdp43-1 Msdp Operation 43-2Msdp Benefits 43-3Configuring a Default Msdp Peer Configuring MsdpDefault Msdp Configuration 43-4Ip msdp default-peer ip-address name Prefix-list list43-5 Seq number permit deny network Caching Source-Active StateIp prefix-list name description string Ip msdp description peer-nameIp msdp cache-sa-state list 43-7Ip msdp sa-request ip-address name Switchconfig# ip msdp sa-requestRequesting Source Information from an Msdp Peer 43-8Ip msdp redistribute list Controlling Source Information that Your Switch OriginatesRedistributing Sources 43-943-10 Ip msdp filter-sa-request ip-address Name list access-list-numberFiltering Source-Active Request Messages 43-11Ip msdp sa-filter out ip-address name Controlling Source Information that Your Switch ForwardsUsing a Filter Route-map map-tag43-13 Ip msdp ttl-threshold ip-address name Controlling Source Information that Your Switch ReceivesUsing TTL to Limit the Multicast Data Sent in SA Messages TtlSwitchconfig# ip msdp sa-filter in switch.cisco.com Ip msdp sa-filter in ip-address name43-15 Ip msdp mesh-group name ip-address Configuring an Msdp Mesh GroupShutting Down an Msdp Peer 43-16Ip msdp border sa-address interface-id Including a Bordering PIM Dense-Mode Region in MsdpIp msdp shutdown peer-name peer 43-17Configuring an Originating Address other than the RP Address 43-18Clear ip msdp statistics peer-addressname Monitoring and Maintaining MsdpClear ip msdp peer peer-addressname Clear ip msdp sa-cache group-addressname43-20 Fallback Bridging Overview Configuring Fallback BridgingUnderstanding Fallback Bridging 44-144-2 Configuring Fallback Bridging Fallback Bridging and Switch Stacks44-3 Creating a Bridge Group Default Fallback Bridging ConfigurationFallback Bridging Configuration Guidelines 44-4Bridge-group bridge-group Bridge bridge-group protocolVlan-bridge 44-5Adjusting Spanning-Tree Parameters Switchconfig# bridge 10 protocol vlan-bridge44-6 Bridge bridge-group priority number Changing the VLAN-Bridge Spanning-Tree PriorityChanging the Interface Priority Bridge-group bridge-grouppriorityCost Assigning a Path CostBridge-group bridge-group path-cost 44-8Bridge bridge-group hello-time seconds Adjusting Bpdu IntervalsSwitchconfig# bridge 10 hello-time 44-9Bridge bridge-group forward-time Switchconfig# bridge 10 forward-timeSwitchconfig# bridge 10 max-age Bridge bridge-group max-age secondsClear bridge bridge-group Monitoring and Maintaining Fallback BridgingDisabling the Spanning Tree on an Interface Show bridge bridge-group group44-12 Troubleshooting 45-1Recovering from a Software Failure 45-2Switch loadhelper Recovering from a Lost or Forgotten PasswordSwitch flashinit Switch copy xmodem flashimagefilename.bin45-4 Procedure with Password Recovery Enabled 45-5Copy the configuration file into memory 45-6Procedure with Password Recovery Disabled Switch dir flash45-7 Preventing Switch Stack Problems 45-8Recovering from a Command Switch Failure 45-9Replacing a Failed Command Switch with a Cluster Member Switchconfig# no cluster commander-address45-10 Replacing a Failed Command Switch with Another Switch 45-1145-12 Preventing Autonegotiation Mismatches Recovering from Lost Cluster Member ConnectivityTroubleshooting Power over Ethernet Switch Ports 45-13Show controllers power inline privileged Exec command Disabled Port Caused by Power LossDisabled Port Caused by False Link Up SFP Module Security and IdentificationMonitoring SFP Module Status Monitoring TemperatureUsing Ping Understanding PingCharacter Description Switch# pingExecuting Ping 45-16Usage Guidelines Using Layer 2 TracerouteUnderstanding Layer 2 Traceroute 45-17Understanding IP Traceroute Using IP TracerouteDisplaying the Physical Path 45-18Traceroute ip host Switch# traceroute ipExecuting IP Traceroute Trace the path that packets take through the networkUsing TDR Understanding TDR45-20 Running TDR and Displaying the Results Using Debug CommandsEnabling Debugging on a Specific Feature 45-21Enabling All-System Diagnostics Redirecting Debug and Error Message Output45-22 Using the show platform forward Command 45-23Udp 10 45-24 Using the crashinfo Files Basic crashinfo Files45-25 Understanding Obfl Using On-Board Failure LoggingExtended crashinfo Files 45-26Configuring Obfl 45-27Displaying Obfl Information Show logging onboard module45-28 Configuring Online Diagnostics Understanding Online Diagnostics46-1 Diagnostic schedule switch Configuring Online DiagnosticsScheduling Online Diagnostics Non-disruptive daily hhmmDiagnostic content command output Configuring Health-Monitoring DiagnosticsDiagnostic monitor interval switch Diagnostic monitor syslogShow diagnostic content post result Diagnostic monitor threshold switchDiagnostic monitor switch number test Schedule status switchDiagnostic start switch number Running Online Diagnostic TestsStarting Online Diagnostic Tests All basic non-disruptiveDisplaying Online Diagnostic Tests and Test Results 46-6Supported MIBs MIB ListCISCO-FTP-CLIENT-MIB CISCO-HSRP-MIB ETHERLIKE-MIB IEEE8021-PAE-MIB IEEE8023-LAG-MIB CISCO-IGMP-FILTER-MIBCISCO-RTTMON-MIB CISCO-SMI-MIB IGMP-MIB INET-ADDRESS-MIB IPMROUTE-MIBTCP-MIB UDP-MIB Using FTP to Access the MIB Files Working with the Flash File System Switch# show file systems Displaying Available File SystemsSetting the Default File System Field ValueChanging Directories and Displaying the Working Directory Cd newconfigsDisplaying Information about Files on a File System PwdMkdir oldconfigs Creating and Removing DirectoriesCopying Files Switch# delete myconfig Deleting FilesCreating, Displaying, and Extracting Files Archive /create destination-url FlashArchive /table source-url Directories are extracted Archive /xtract source-urlExtract a file into a directory on the flash file system More /ascii /binary /ebcdicWorking with Configuration Files Guidelines for Creating and Using Configuration Files Configuration File Types and LocationCreating a Configuration File By Using a Text Editor Copying Configuration Files By Using TftpDownloading the Configuration File By Using Tftp Uploading the Configuration File By Using TftpCopying Configuration Files By Using FTP Downloading a Configuration File By Using FTP Ip ftp password passwordIp ftp username username Filename systemrunning-config Uploading a Configuration File By Using FTPFtp // username password @ location /directory Filename nvramstartup-configCopy nvramstartup-config Copying Configuration Files By Using RCPCopy systemrunning-config Ftp // username password @ location /directory FilenameHostname Switch1 Ip rcmd remote-username User0 Nvramstartup-config Downloading a Configuration File By Using RCPSystemrunning-config Ip rcmd remote-username usernameClearing Configuration Information Uploading a Configuration File By Using RCPSwitch# copy nvramstartup-config rcp Clearing the Startup Configuration File Deleting a Stored Configuration FileWorking with Software Images Image Location on the Switch File Format of Images on a Server or Cisco.comCopying Image Files By Using Tftp Field DescriptionPreparing to Download or Upload an Image File By Using Tftp Downloading an Image File By Using TftpOverwrite /reload Allow-feature-upgrade /directoryArchive download-sw Archive download-sw /directoryUploading an Image File By Using Tftp Archive upload-swTftp //location /directory /image-name .tar Copying Image Files By Using FTP Preparing to Download or Upload an Image File By Using FTPDownloading an Image File By Using FTP For /directory /image-name1 .tar Archive download-sw /allow-feature-upgradeDirectory /overwrite /reload Directory /image-name2 .tar image-name3 .tarUploading an Image File By Using FTP Copying Image Files By Using RCP Preparing to Download or Upload an Image File By Using RCP Downloading an Image File By Using RCP File By Using RCP section on page B-31Or Upload an Image File By Using RCP section on Uploading an Image File By Using RCP Copying an Image File from One Stack Member to Another Rcp // username @ location /directory /image-naMe.tar Source-stack-member-number Archive copy-sw /destination-systemDestination-stack-member-number /force-reload For /destination-system destination-stack-member-numberUnsupported Privileged Exec Commands Unsupported Commands Cisco IOS Release 12.237SEAccess Control Lists Unsupported Global Configuration CommandsBoot Loader Commands Archive CommandsARP Commands Debug CommandsBridge crb Fallback BridgingBridge bridge-groupacquire Bridge bridge-group domain domain-name bridge irbHsrp X25 map bridge x.121-address broadcast options-keywordsIgmp Snooping Commands Interface CommandsIP Multicast Routing Show ip rtp header-compression type number detail Ip pim accept-rpaddress auto-rpgroup-access-list-numberShow ip pim vc group-address name type number Ip multicast-routing vrf vrf-nameUnsupported Privileged Exec or User Exec Commands IP Unicast RoutingUnsupported BGP Router Configuration Commands Unsupported VPN Configuration CommandsUnsupported Route Map Commands Miscellaneous MAC Address CommandsShow cable-diagnostics prbs Test cable-diagnostics prbs Set tag tag-valueNetFlow Commands MsdpUnsupported Policy-Map Configuration Command Network Address Translation NAT CommandsUnsupported Global Configuration Command QoSUnsupported Privileged Exec Command Unsupported Interface Configuration CommandUnsupported User Exec Commands Spanning TreeNumerics IN-1ACLs IN-2Hsrp CDP Lldp RIPEigrp TACACS+BGP CidrIN-4 Bpdu IN-5Cgmp CDPCEF CLICNS IN-7IN-8 Dhcp DNSIN-9 Vmps SnmpTACACS+ Udld WccpDhcp option IN-11DTP IN-12Dvmrp IN-13Dynamic ARP inspection IN-14Lacp IN-15STP FIBIN-16 Mstp STP FTPIN-17 Https IcmpIN-18 Igmp IN-19IN-20 IP addresses IN-21Mbone IN-22IGP IN-23IP unicast routing IN-24ISL IN-25LLDP-MED IN-26IN-27 MDA MhsrpIN-28 Msdp IN-29MTU CSTIST IN-30NAC IN-31NSSA, Ospf IN-32Obfl PBRIN-33 PIM IN-34Port-based authentication IN-35Pvid VvidIN-36 Private VLANs IN-37QoS IN-38IN-39 RCP IN-40Rmon Radius TACACS+RFC IN-41Rstp RPSRspan IN-42SDM IN-43Snmp IN-44Span SRRIN-45 SSL VTPIN-46 Stacks, switch IN-47LLDP-MED Ospf IN-48STP IN-49IN-50 System message logging IN-51IN-52 IN-53 IN-54 VLANs IN-55VPN VQPIN-56 WTD IN-57IN-58