Cisco Systems DOC-7814982 RADIUS Operation

7-19

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 7 Adminis tering the Switch Controlling Switch Access with RADIUS

RADIUS is not suitable in these network security situations:

•Multiprotocol access environments. RADIUS does not support AppleTalk Remote Access (ARA),

NetBI OS Frame Control Protocol (NBFCP), NetWare Asynchronous Services Interface (NASI), or

X.25 PAD co nne ctio ns .

•Switch-t o-switc h or router-to-router situat ions. RADIUS does not provide two-way authe ntication.

RADIUS can be used to authenticate from one device to a non-Cisco de vice if the non-Cisco device

requires authentication.

•Networks using a variet y of ser vic es. RA DIU S gene rally bi nds a user t o on e se rvice mo de l.

Figure 7-2 Transitioning from RADIUS to TACACS+ Services

RADIUS Operation

When a user attem pts to log in and authentic ate to a switch that is acce ss contro lled by a RADIUS serv er ,

these events occur:

1. The use r is pr om pted t o ent er a u ser name a nd pa sswor d.

2. The username and encrypted password are sent over the network to the RADIUS server.

3. The user receives one of these responses from the RADIUS server:

a. ACCEPT—The user is authenticated.

b. REJECT—The user is either not authenticated and is prompted to re-enter the username and

password, or a ccess i s deni ed.

c. CHALLENGE—A challenge requires additional data from the user.

d. CHALLENGE PASSWORD—A response re quests the use r to select a new password.

The ACCEPT or RE JE CT respo nse is bundled wi th ad di tiona l dat a that is used f or pr ivileged EXE C or

network authorization. Users must first successfully complete RADIUS authentication before

proceedin g to RADIUS authorization , if it is enabled. The additio nal data included with the ACCEPT or

REJ ECT p ac ket s in clud es the s e i t em s:

•Telnet, SSH, r login, or privileged EX EC services

•Connecti on para met ers, inc luding t he h ost o r cli ent I P addr ess , ac cess l ist, a nd user time outs

74721

RADIUS

server

RADIUS

server

TACACS+

server

TACACS+

server

R1

R2

T1

T2

Catalyst 2950 or

3550 switch

Remote

PC

Workstation

Contents

Main Catalyst 2950 Desktop Switch Software Configuration Guide Page CONTENTS Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Preface Audience Purpose Organization Page Conventions Related Publications Obtaining Documentation World Wide Web Documenta tion C D-ROM Ordering Documentation Obtaining Tech nical Ass istanc e Cisco.com Technical Assistance Center Cisco TAC Website Cisco TAC Escalation Center Overview Features Page Page Page Page Page Management Options Management Interface Options Advantages of Using CMS and Clustering Switches Network Config uration E xamples Design Concepts for Using the Switch Page Page 1-11 Small to Medium-Sized Network Configuration Page Collapsed Backbone and Switch Cluster Configuration Large Campus Configuration 1-15 Hotel Network Configuration 1-17 Multidwelling Network Usi ng Catalyst 2950 Switches 1-19 Long-Distance, High-Bandwidth Transport Configuration Where to Go Next Page Using the Command-Line Interface IOS Command Modes Page Getting Help Specifying Ports in Interfac e Configu ration Mode Abbreviating Command s Using no and defa ult Forms of Comman ds Understandin g CLI Message s Using Command History Changing the Command History Buffer Size Recalling Commands Disabling th e Com mand His tor y F eatu re Using Editing Fea tures Enabling and Disabling Editing Features Editing Commands through Keystrokes Editing Command Lines that Wrap Searching and Filtering Output of show and more Commands Accessing the CLI Accessing the CLI from a Bro wser Page Getting Started with CMS Features 3-3 switch settings; read-only access for users allowed to only view switch settings. uniform ap proa ch to viewing a nd set tin g con figurat ion pa rame ter s ( see Figure 3-1). 3-4 Front Panel View 3-5 Cluste r Tr ee Front-Panel Images Redundant Power System LED Port Modes and LEDs VLAN Membership Modes Topology Vie w 3-11 Topology Icons Device and Link Labels Colors in the Topo logy Vie w Topology Display Options Menus and Tool bar Menu Bar Page Page Page Page Toolbar Front Panel View Popup Menus Device Popup Menu Port Popup Menu Topology View Popup Menus Link Popup Menu Device Popup Menus Page Interaction Modes Guide Mode Expert Mode Wizards Tool Tips Online Help 3-27 CMS Window Components Host Name List Tabs, Lists, and Tables Filter Editor Icons Used in Windo ws Buttons Accessing CMS Access Mo des in CMS HTTP Access to CMS Verifying Your Changes Change Notification Error Checking Saving Your Co nfigurat ion Restoring Your Configuration CMS Preferences Using Different Versions of CMS Where to Go Next Assigning the Switch IP Address and Default Gateway Understandin g the Boot Proces s Assigning Switch Inf ormation Default Switch Information Understanding DHCP-Based Autoconfiguration DHCP Client Request Process Configuring the DHCP Server Configuring the TFTP Server Configuring the DNS Configuring the Relay Device Obtaining Configuration Files Example Configuration Page Manually Assigning IP Information Checking and Sa ving the Ru nning Con figuration 4-11 4-12 Configuring IE2100 CNS Ag ents Understandin g IE2100 Series Configurati on Registrar Software CNS Configuration Service CNS E ven t Serv i ce NameSpace Mapper What You Should Know About ConfigID, DeviceID, and Host Name ConfigID DeviceID Host Name and DeviceID Using Host Name, DeviceID, and ConfigID Understandin g CNS Embedde d Agents Initial Configuration V Incremental (Partial) Configur ation Synchronized Configuration Configuring CNS Embedd ed Agents Enabling Automated CNS Configuration Page Enabling the CNS Event Agent Enabling the CNS Configuration Agent Enabling an Initial Configuration Page Page Enabling a Partial Configuration Displaying CNS Confi guration Page Clustering Switches Understandin g Switch Clust ers Command Switch Characteristics Standby Command Switch Characteristics Candidate Switch and Member Switch Characteristics Planning a Switch Cl uster Automatic Discovery of Cluster Candidates and Members Discovery through CDP Hops Discovery through Non-CDP-Capable and Noncluster-Capable Devices Discovery through the Same Management VLAN Discovery through Different Management VLANs Discovery of Newly Installed Switches 6-11 HSRP and Standby Command Switches Virtual IP Addresses Other Considerations for Cluster Standby Groups Page Automatic Recovery of Cluster Configuration IP Addresses Host Names Passwords SNMP Community Strings TACACS+ and RADIUS Access Mo des in CMS Management VLAN LRE P rofi les Availability of Switch-Specifi c Features in Switch Clusters Creating a Switch Cluster Enabling a Command Switch Adding Member Switches Page Creating a Cluster Standby Group Page Verifying a Switch Cluster Using the CLI to Manage Swit ch Clusters Catalyst 1900 and Catalyst 2820 CLI Considerations Using SNMP to Manage Switc h Clusters Administering the Switch Preventing Unauthori zed Ac cess to You r Switch Protecting Access to Privileged EXEC Command s Default Password and Privilege Level Configuration Setting or Changing a Static Enable Password Protecting Enable and Enable Secret Passwords with Encryption Disabling Password Recovery Setting a Telnet Password for a Terminal Line Configuring Username and Password Pairs Configuring Multiple Privilege Level s Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Logging into and Exiting a Privilege Level Controlling Switch Access with TACACS+ Understanding TACACS+ Page TACACS+ Operation Configuring TACACS+ Default TACACS+ Configuration Identifying the TACACS+ Server Host and Setting the Authentication Key Configuring TACACS+ Login Authentication Page Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services Starting TACACS+ Accounting Displaying the TACACS+ Configuration Controlling Switch Access with RADIUS Understanding RADIUS RADIUS Operation Configuring RADIUS Default RADIUS Configuration Identifying the RADIUS Server Host Page Page Configuring RADIUS Login Authentication Page Defining AAA Server Groups Page Configuring RADIUS Authorization for User Privileged Access and Network Services Starting RADIUS Accounting Configuring Settings for All RADIUS Servers Configuring the Switch to Use Vendor-Specific RADIUS Attributes Configuring the Switch for Vendor-Proprietary RADIUS Server Communication Displaying the RADIUS Configuration Configuring the Switch for Local Authentication and Authorization Configuring the Switch for Se cure Sh ell Understanding SSH Configuring SSH Managing the System Time and Date Understanding the System Clock Understanding Network Time Protocol Page Configuring NTP Default NTP Configuration Configuring NTP Authentication Configuring NTP Associations Configuring NTP Broadcast Service Configuring NTP Access Restrictions Creating an Access Group and Assigning a Basic I P A ccess List Disabling NTP Services on a Specific Interface Configuring the Source IP Address for NTP Packets Displaying the NTP Configuration Configuring Time and Date Manually Setting the System Clock Displaying the Time and Date Configuration Configuring the Time Zone Configuring Summer Time (Daylight Saving Time) Page Configuring a System Name a nd Prompt Default System Name and Prompt Configuration Configuring a System Name Configuring a System Prompt Understanding DNS Default DNS Configuration Setting Up DNS Displaying the DNS Configuration Creating a Ba nner Default Banner Configuration Configuring a Message-of-the-Day Login Banner Configuring a Login Banner Managing the MAC Ad dress Tabl e Building the Address Table MAC Addresses and VLANs Default MAC Address Table Configuration Changing the Address Aging Time Removi ng Dyn amic Ad dre ss E ntries Configuring MAC Address Notification Traps Page Adding and Removing Static Address Entries Adding and Removing Secure Addresses Displaying Address Table Entries Managing the ARP Ta ble Switch Software Releases Page Configuring 802.1X Port-Ba sed Authen tication Understandin g 802.1X Port-Based Authen tication Device Roles Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States Support ed Topo lo gies Configuring 802.1X Authent ication Default 802.1X Configuration 802.1X Configuration Guidelines Enabling 802.1X Authentication Configuring the Switch-to-RADIUS-Server Communication Enabling Periodic Re-Authentication Manually Re-Authenticating a Client Connected to a Port Changing the Quiet Period Changing the Switch-to-Client Retransmission Time Setting the Switch-to-Client Frame-Retransmission Number Enabling Multiple Hosts Resetting the 802.1X Configuration to the Default Values Displaying 802.1X St atistics and Status Configuring the Switch Interfaces Understandin g Interfac e Types Access Ports Trunk Ports Port-Based VLANs EtherChannel Port Groups Connecting Interfaces Using the Interf ace Command Procedures for Configuring Interfaces Page Configuring a Range of Interfaces Page Configur ing an d Using Inter f ace- Ra nge Ma cros Configuring Switc h Interfaces Default Ethernet Interface Configuration SFP Configuration Configuring Interface Speed and Duplex Mode Configuration Guidelines Setting the Interface Speed and Duplex Parameters Configuring Media Types for Gigabit Interfaces Configuring IEEE 802.3X Flow Control on Gigabit Ethernet Ports Page Adding a Description for an Interface Monitoring and Main taining the In terfaces Monitoring Interface and Controller Status Page 9-18 Clearing and Resetting Interfaces and Counters Shutting Down and Restarting the Interface Page Configuring LRE Ports on the 2950 LRE LRE Links and LRE Profiles LRE P rofi les Page LRE Sequences CPE Et hern et L ink s Configuring LRE Ports Environmental Guidelines for LRE Links Guidelines for Using LRE Profiles CPE Ethe rnet L ink Guide line s Considerations for Connected Cisco 575 LRE CPEs Considerations for Connected Cisco 585 LRE CPEs Assigning a Global Profile to All LRE Ports Assigning a Profile to a Specific LRE Port Assigning a Global Sequence to All LRE Ports Assigning a Sequence to a Specific LRE Port Using Rate Selection to Automatically Assign Profiles Precedence Profile Locking Link Qualification and SNR Margins Page LRE Link Persistence LRE Li nk Monito r Upgrading LRE Switch Firmware Configur ing for an LR E Up gr ade Perf or ming an L RE Upg ra de Global Configuration of LRE Upgrades Controller Configuration of LRE Upgrades LRE Upgrade Behavior Details LRE Upgrade Example Page Page Configuring STP Understandin g Sp anning-T ree Featu res STP Overview Supported Spanning-Tree Instances Bridge Protocol Data Units Election of the Root Switch Bridge ID, Switch Priority, and Extended System ID Spannin g- Tr ee Time rs Creating the Spanning-Tree Topology Spanning-Tree Interface States Page Blocking State Listening State Learning State Forwarding State Disabled State Span ning- Tr ee Add re ss Ma na geme nt STP and IEEE 802.1Q Trunks Spanning Tree and Redundant Connectivity Accelerated Aging to Retain Connectivity Configuring Sp anni ng-Tree Features Default STP Configuration STP Configuration Guidelines Page Disabling STP Configuring the Root Switch Page Configur ing a Se co ndar y R oot S witch Configuring the Port Priority Configuring the Path Cost Page Configuring the Switch Priority of a VLAN Configuring the Hello Time Configuring the Forwarding-Delay Time for a VLAN Configuring the Maximum- Aging Time for a VLAN Configuring STP for Use in a Cascaded Stack Displaying the Sp anning-Tre e Status Page Configuring RSTP and MST P Understandin g RSTP Port Roles and the Active Topology Rapid Convergence Synchronization of Port Roles Bridge Protocol Data Unit Format and Processing Processing Superior BPDU Information Processing Inferior BPDU Information Topo l ogy C h an ges Understandin g MSTP Multiple Spanning-Tree Regions IST, CIST, and CST Operations Within an MST Region Operations Between MST Regions Hop Count Bounda ry Po rts Interoperability with 802.1D STP Configuring RSTP and MSTP Fe atures Default RSTP and MSTP Configuration RSTP and MSTP Configuration Guidelines Specifying the MST Region Configuration and Enabling MSTP Configuring the Root Switch Page Configur ing a Se co ndar y R oot S witch Configuring the Port Priority Configuring the Path Cost Configuring the Switch Priority Configuring the Hello Time Configuring the Forwarding-Delay Time Configuring the Maxi mum-Aging Time Configuring the Maximum-Hop Count Specifying the Link Type to Ensure Rapid Transitions Restarting the Protocol Migration Process Displaying the MST Configuratio n and Status Page Configuring Optional Spannin g-Tree Features Understandin g Optional Sp anning-Tre e Features Understanding Port Fast Understanding BPDU Guard Understanding BPDU Filtering Understanding UplinkFast Understanding Cross-Stack UplinkFast How CSUF Works Events That Cause Fast Convergence Limitations Connecting the Stack Ports 13-9 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01 2 3 4 5 6 7 8 9 10 910 910 910 Catalyst 2950G-48 2 3 4 5 6 7 8 9 10 11 12 Understanding BackboneFast Page Unders tanding Root Gu ar d Understanding Loop Guard Configuring Optio nal Spanning-Tre e Feature s Default Optional Spanning-Tree Conf iguration Enabling Port Fast Enabling BPDU Guard Enabling BPDU Filtering Enabling UplinkFast for Use with Redundant Links Enabling Cross-Stack UplinkFast Enabling BackboneFast Enabling Root Guard Enabling Loop Guard Displaying the Sp anning-Tre e Status Page Configuring VLANs Understandin g VLANs Supported VLANs VLAN Port Membership Modes Configuring Normal -Range VLANs Token Ring VLANs Normal-Range VLAN Configuration Guidelines VLAN Configuration Mode Options VLAN Configuration in config-vlan Mode VLAN Configuration in VLAN Configuration Mode Saving VLAN Configuration Default Ethernet VLAN Configuration Creating or Modifying an Ethernet VLAN Page Deleting a VLAN Assigning Static-Access Ports to a VLAN Configuring Ex tended-Rang e VLANs Default VLAN Configuration Extended-Range VLAN Configuration Guidelines Creating an Extended-Range VLAN Displaying VLANs Configuring VLAN T runks Trunking Overview 802.1Q Configuration Considerations Default Layer 2 Ethernet Interface VLAN Configuration Configuring an Ethernet Interface as a Trunk Port Interaction with Other Features Configuring a Trunk Port Defining the Allowed VLANs on a Trunk Changing the Pruning-Eligible List Configuring the Native VLAN for Untagged Traffic Load Sharing Using STP Load Sharing Using STP Port Priorities Page Load Sharing Using STP Path Cost Configuring VMPS Understanding VMPS Dynamic Port VLAN Membership VMPS Database Configuration File 14-27 Default VMPS Configuration Table 14-6 shows the de fault VM PS and dy na mic po rt con figuration on cli ent sw itch es. Table 14-6 Default VMPS Client and Dynamic Port Configuration VMPS Configuration Guidelines Configuring the VMPS Client Entering the IP Address of the VMPS Configuring Dynamic Access Ports on VMPS Clients Reconfirming VLAN Memberships Changing the Reconfirmation Interval Changing the Retry Count Monitoring the VMPS Troubleshooting Dynamic Port VLAN Membership 14-32 VMPS Co nfig ur at ion Ex am ple Catalyst 2950 Sw itch 2 Catalyst 350 0 X L Swi tch 9 Configuring VTP Understandin g VTP The VTP Domain VTP Modes VTP Advertisements VTP Version 2 VTP Pruning Page Configuri ng VTP Default VTP Configuration VTP Configuration Options VTP Configuration in Global Configuration Modes VTP Configuration in VLAN Configuration Mode VTP Configuration Guidelines Domain Names Passwords Upgrading from Previous Software Releases VTP Ve rs ion Configuring a VTP Server Page Configuring a VTP Client Disabling V TP (V TP Tr an spar en t Mod e) Enabling VTP Version 2 Enabling VTP Pruning Adding a VTP Client Switch to a VTP Domain Monitoring VTP Configuring Voic e VLAN Understandin g Vo ice VLAN Configuring Vo ice VLAN Default Voice VLAN Configuration Voice VLAN Configuration Guidelines Configuring a Port to Connect to a Cisco 7960 IP Phone Configuring Ports to Carry Voice Traffic in 802.1Q Frames Configuring Ports to Carry Voice Traffic in 802.1P Priority Tagged Frames Overriding the CoS Priority of Incoming Data Frames Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames Displaying Voice VLAN Configuring IGMP Sno oping an d MVR Understandin g IGMP Snooping Joining a Multicast Group Page Leaving a Multicast Group Immediate-Leave Processing Configuring IGMP Snooping Default IGMP Snooping Configuration Enabling or Disa bling IGM P Sn oopin g Setting the Snooping Method Configuring a Multicast Router Port Configuring a Host Statically to Join a Group Enabling IGMP Immediate-Leave Processing Disabling IP Multicast-Source-Only Learning Page Displaying IGMP Snooping Information Page Understandin g Multicast VL AN Registrati on Using MVR in a Multicast Television Application Page Configuring MVR Default MVR Configuration MVR Configuration Guidelines and Limitations Configuring MVR Global Parameters Configuring MVR Interfaces Page Displaying MVR Information Configuring IGMP Fil teri ng Default IGMP Filtering Configuration Configuring IGMP Profiles Applying IGMP P rofil es Setting the Maximum Number of IGMP Groups Displaying IGMP Filtering Configuration Configuring Port-Base d Traffic Control Configuring St orm Con trol Understanding Storm Control Default Storm Control Configuration Enabling Storm Control Disabling Stor m Co nt rol Configuring Prote cted Ports Configuring Po rt Security Understanding Port Security Secure MAC Addresses Security Violations Default Port Security Configuration Port Security Configuration Guidelines Enabling and Configuring Port Security Page Page Enabling and Configuring Port Security Aging Page Displaying Port-Based Traffic Control Settings Configuring UDLD Understandin g UDLD Page Configuring UDLD Default UDLD Configuration Enabling UDLD Globally Enabling UDLD on an Interface Resetting an Interface Shut Down by UDLD Displaying UDLD Status Configuring CDP Understandin g CDP Configuring CDP Default CDP Configuration Configuring the CDP Characteristics Disabling and Enabling CDP Disabling and Enabling CDP on an Interface Monitoring and Maintaining CDP Page Configuring SPAN and RSPAN Understandin g SPAN and RSPAN Page SPAN and RSPAN Concepts and Terminology SPAN Session Traffic Types Source Port Destination Port Reflector Port VLAN-Based SPAN SPAN Traffic SPAN and RSPAN Interaction with Other Features SPAN and RSPAN Session Limits Default SPAN and RSPAN Configuration Configuring SPAN SPAN Configuration Guidelines Creating a SPAN Session and Specifying Ports to Monitor Page Removing Ports from a SPAN Session Specifying VLANs to Monitor Specifying VLANs to Filter Configuring RSPAN RSPAN Configuration Guidelines Creating an RSPAN Session Creating an RSPAN Destination Session Removing Ports from an RSPAN Session Specifying VLANs to Monitor Specifying VLANs to Filter Displaying SPAN and RSPAN Status Configuring RMON Understandin g RMON Configuring RMON Default RMON Configuration Configuring RMON Alarms and Events Page Configuring RMON Collection on an Interface Displaying RMON Status Configuring System Message Logg ing Understandin g System Messa ge Logging Configuring Sy stem Me ssage Logging System Log Message Format Default System Message Logging Configuration Disabling and Enabling Message Logging Setting the Message Display Destination Device Page Synchronizing Log Messages Enabling and Disabling Timestamps on Log Messages Enabling and Disabling Sequence Numbers in Log Messages Defining the Message Severity Level Page Limiting Syslog Messages Sent to the History Table and to SNMP Configuring UNIX Syslog Servers Logging Messages to a UNIX Syslog Daemon Configuring the UNIX System Logging Facility Displaying the Log ging Configuration Configuring SNMP Understandin g SNMP SNMP Versions SNMP Manager Functions SNMP Agent Functions SNMP Community Strings Using SNMP to Access MIB Variables SNMP Notifications Configuring SNMP Default SNMP Configuration SNMP Configuration Guidelines Disabling the SNMP Agent Configuring Community Strings Configur ing SNMP Grou ps an d Us ers Page Configuring SNMP Notifications Page Page Setting the Agent Contact and Location Information Limiting TFTP Servers Used Through SNMP SNMP Examples Displaying SNMP Status Page Configuring Understandin g ACLs Handling Fragmented and Unfragmented Traffic Understanding Access Control Parameters Page Guidelines for Applying ACLs to Physical Interfaces Configuring ACLs Unsupported Features Creating Standard and Extended IP ACLs ACL Numbers Creating a Numbered Standard ACL Creating a Numbered Extended ACL Page Page Creating Named Standard and Extended ACLs Page Applying Time Ranges to ACLs Page Including Comments About Entries in ACLs Creating Named MAC Extended ACLs Creating MAC Access Groups Applying ACLs to Terminal Line s or Physical Interfac es Applying ACLs to a Te rminal L in e Applying ACLs to a Physical Interface Displaying ACL Information Displaying ACLs Displaying Access Groups Examples for Co mpiling ACLs Page Numbered ACL Examples Extended ACL Examples Named ACL Example Commen ted IP ACL En try Exam ples Page Configuring Understandin g QoS Basic QoS Model Classification Classification Based on QoS ACLs Classification Based on Class Maps and Policy Maps Policing and Marking Mapping Tables Queuein g an d Sc he dulin g How Class of Service Works Port Priority Port Scheduling CoS and WRR Configuring QoS Default QoS Configuration Configuration Guidelines Configuring Classification Using Port Trust States Configuring the Trust State on Ports within the QoS Domain Page Configuring the CoS Value for an Interface Configuring Trusted Boundary Page Enabling Pass-Through Mode Configuring a QoS Policy Classifying Traffic by Using ACLs Page Page Page Classifying Traffic by Using Class Maps Classifying, Policing, and Marking Traffic by Using Policy Maps Page Page 26-24 All the maps are globally defined. Configuring CoS Maps Note Th is fea ture is available o nly i f your sw itch i s r unn ing the EI . This se ction desc ribe s how to configure the Co S m aps: Configuring the CoS-to-DSCP Map, page 26-25 Configuring the DS CP-t o-C oS Ma p, pa ge 2 6-2 6 Configuring the CoS-to-DSCP Map Configuring the DSCP-to-CoS Map Config ur ing Co S an d WRR Configuring CoS Priority Queues Configuring WRR Displaying QoS Information 26-29 QoS Configuration Exa mples QoS Configuration for the Existing Wiring Closet QoS Configuration for the Intelligent Wiring Closet Page Page Configuring EtherChannels Understandin g EtherChann els Understanding Port-Channel Interfaces Understanding the Port Aggregation Protocol PAgP Modes Physical Learners and Aggregate-Port Learners PAgP Interaction with Other Features Understanding Load Balancing and Forwarding Methods Page Configuring Eth erChannels Default EtherChannel Configuration EtherChannel Configuration Guidelines Configuring Layer 2 EtherChannels Page Configuring EtherChannel Load Balancing Configuring the PAgP Learn Method and Priority Displaying EtherCh annel and PAgP Status Page Troubleshooting LRE Statistics Page Page Page Page Using Recovery Proced ures Recovering from Corrupted Software Recovering from a Lost or Forgotten Password Page Recovering from a Command Switch Failure Replacing a Failed Command Switch with a Cluster Member Replacing a Failed Command Switch with Another Switch Recove ring fro m L ost Memb er Co nnec tivi ty Preventing Autone gotiation Mismatc hes Troubleshooting LRE Port Configuration GBIC and SFP Module Security and Identification Using Debug Commands Enabling Debugging on a Specific Feature Enabling All-System Diagnostics Redirecting Debug and Error Message Output Using the crashinfo File Page APPENDIX A Supported MIBs MIB List Using FTP to Access the MIB Files Page Page APPENDIX B Working with the IOS File System, Configuration Files, and Software Imag es Working with the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information about Files on a File System Changing Dir ect or ies an d Displa ying the Wo rking Dire ctory Creating and Rem oving Directo rie s Copying Files Deleting Files Creating, Displaying, and Extracting tar Files Creating a tar File Displaying the Contents of a tar File Extracting a tar File Displaying the Contents of a File Working with Configuration Files Guidelines for Creating and Using Configuration Files Configuration File Types and Location Creating a Configuration File By Using a Text Editor Copying Configuration Files By Using TFTP Preparing to Download or Upload a Configuration File By Using TFTP Downloading the Configuration File By Using TFTP Uploading the Configuration File By Using TFTP Copying Configuration Files By Using FTP Preparing to Download or Upload a Configuration File By Using FTP Downloading a Configuration File By Using FTP Uploading a Configuration File By Using FTP Copying Configuration Files By Using RCP Preparing to Download or Upload a Configuration File By Using RCP Downloading a Configuration File By Using RCP Uploading a Configuration File By Using RCP Clearing Configuration Information Clearing the Startup Configuration File Deleting a Stored Configuration File Working with So ftware Image s Image Location on the Switch tar File Format of Images on a Server or Cisco.com Copying Image Files By Using TFTP Preparing to Download or Upload an Image File By Using TFTP Downloading an Image File By Using TFTP Uploading an Image File By Using TFTP Copying Image Files By Using FTP Preparing to Download or Upload an Image File By Using FTP Downloading an Image File By Using FTP Page Uploading an Image File By Using FTP Copying Image Files By Using RCP Preparing to Download or Upload an Image File By Using RCP Downloading an Image File By Using RCP Page Uploading an Image File By Using RCP Page Page INDEX Numerics A Page B C Page Page D Page E F G H I Page J L M Page Page N O P Page Page Q R Page S Page Page Page T U V Page W X