Main
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Purpose
Conventions
Related Publications
Obtaining Documentation
Cisco.com
Product Documentation DVD
Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Page
Overview
Features
Performance Features
Management Options
Manageability Features
Availability Features
VLAN Features
Security Features
Subscriber Security
Switch Security
Network Security
Quality of Service and Class of Service Features
Layer 2 Virtual Private Network Services
Layer 3 Features
Layer 3 VPN Services
Monitoring Features
Default Settings After Initial Switch Configuration
Page
Page
Network Configuration Examples
Multidwelling or Ethernet-to-the-Subscriber Network
Service Provider POP
Residential location
Residential basement
Layer 2 VPN Application
Multi-VRF CE Application
Where to Go Next
Page
Using the Command-Line Interface
Understanding Command Modes
Page
Understanding the Help System
Understanding Abbreviated Commands
Understanding no and default Forms of Commands
Understanding CLI Error Messages
Using Command History
Changing the Command History Buffer Size
Recalling Commands
Disabling the Command History Feature
Using Editing Features
Enabling and Disabling Editing Features
Editing Commands through Keystrokes
Page
Editing Command Lines that Wrap
Searching and Filtering Output of show and more Commands
Accessing the CLI
Accessing the CLI through a Console Connection or through Telnet
Page
Assigning the Switch IP Address and Default Gateway
Understanding the Boot Process
Assigning Switch Information
Default Switch Information
Understanding DHCP-Based Autoconfiguration
DHCP Client Request Process
Page
Configuring DHCP-Based Autoconfiguration
DHCP Server Configuration Guidelines
Configuring the TFTP Server
Configuring the DNS
Configuring the Relay Device
Obtaining Configuration Files
Example Configuration
Manually Assigning IP Information
Checking and Saving the Running Configuration
3-11
Modifying the Startup Configuration
Default Boot Configuration
Automatically Downloading a Configuration File
Specifying the Filename to Read and Write the System Configuration
Booting Manually
Booting a Specific Software Image
Controlling Environment Variables
Scheduling a Reload of the Software Image
Configuring a Scheduled Reload
Displaying Scheduled Reload Information
Configuring Cisco IOS CNS Agents
Understanding Cisco Configuration Engine Software
Configuration Service
Event Service
NameSpace Mapper
What You Should Know About the CNS IDs and Device Hostnames
ConfigID
DeviceID
Hostname and DeviceID
Using Hostname, DeviceID, and ConfigID
Understanding Cisco IOS Agents
Initial Configuration
V
Incremental (Partial) Configuration
Synchronized Configuration
Configuring Cisco IOS Agents
Enabling Automated CNS Configuration
Page
Enabling the CNS Event Agent
Enabling the Cisco IOS CNS Agent
Enabling an Initial Configuration
Page
Enabling a Partial Configuration
Displaying CNS Configuration
Page
Administering the Switch
Managing the System Time and Date
Understanding the System Clock
Understanding Network Time Protocol
Page
Configuring NTP
Default NTP Configuration
Configuring NTP Authentication
Configuring NTP Associations
Configuring NTP Broadcast Service
Configuring NTP Access Restrictions
Creating an Access Group and Assigning a Basic IP Access List
Disabling NTP Services on a Specific Interface
Configuring the Source IP Address for NTP Packets
Displaying the NTP Configuration
Configuring Time and Date Manually
Setting the System Clock
Displaying the Time and Date Configuration
Configuring the Time Zone
Configuring Summer Time (Daylight Saving Time)
Configuring a System Name and Prompt
Default System Name and Prompt Configuration
Configuring a System Name
Understanding DNS
Default DNS Configuration
Setting Up DNS
Displaying the DNS Configuration
Creating a Banner
Default Banner Configuration
Configuring a Message-of-the-Day Login Banner
Configuring a Login Banner
Managing the MAC Address Table
Building the Address Table
MAC Addresses and VLANs
Default MAC Address Table Configuration
Changing the Address Aging Time
Removing Dynamic Address Entries
Configuring MAC Address Notification Traps
Page
Adding and Removing Static Address Entries
Configuring Unicast MAC Address Filtering
Disabling MAC Address Learning on a VLAN
Page
Displaying Address Table Entries
Managing the ARP Table
Configuring SDM Templates
Understanding the SDM Templates
Configuring the Switch SDM Template
Default SDM Template
SDM Template Configuration Guidelines
Setting the SDM Template
6-4
This example shows how to configure a switch with the layer-2 template.
Displaying the SDM Templates
This is an example of output from the show sdm prefer layer-2 command:
Configuring Switch-Based Authentication
Preventing Unauthorized Access to Your Switch
Protecting Access to Privileged EXEC Commands
Default Password and Privilege Level Configuration
Setting or Changing a Static Enable Password
Protecting Enable and Enable Secret Passwords with Encryption
Disabling Password Recovery
Setting a Telnet Password for a Terminal Line
Configuring Username and Password Pairs
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Changing the Default Privilege Level for Lines
Logging into and Exiting a Privilege Level
Controlling Switch Access with TACACS+
Understanding TACACS+
Page
TACACS+ Operation
Configuring TACACS+
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key
Configuring TACACS+ Login Authentication
Page
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Displaying the TACACS+ Configuration
Controlling Switch Access with RADIUS
Understanding RADIUS
RADIUS Operation
Configuring RADIUS
Default RADIUS Configuration
Identifying the RADIUS Server Host
Page
Page
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Starting RADIUS Accounting
Configuring Settings for All RADIUS Servers
Configuring the Switch to Use Vendor-Specific RADIUS Attributes
Page
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication
Displaying the RADIUS Configuration
Controlling Switch Access with Kerberos
Understanding Kerberos
Page
Kerberos Operation
Authenticating to a Boundary Switch
Obtaining a TGT from a KDC
Authenticating to Network Services
Configuring Kerberos
Configuring the Switch for Local Authentication and Authorization
Configuring the Switch for Secure Shell
Understanding SSH
SSH Servers, Integrated Clients, and Supported Versions
Limitations
Configuring SSH
Configuration Guidelines
Setting Up the Switch to Run SSH
Configuring the SSH Server
Displaying the SSH Configuration and Status
Page
Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Device Roles
Authentication Initiation and Message Exchange
Ports in Authorized and Unauthorized States
IEEE 802.1x Accounting
IEEE 802.1x Accounting Attribute-Value Pairs
IEEE 802.1x Host Mode
Using IEEE 802.1x with Port Security
Using IEEE 802.1x with VLAN Assignment
Configuring IEEE 802.1x Authentication
Default IEEE 802.1x Configuration
IEEE 802.1x Configuration Guidelines
Configuring IEEE 802.1x Authentication
Configuring the Switch-to-RADIUS-Server Communication
Configuring Periodic Re-Authentication
Manually Re-Authenticating a Client Connected to a Port
Changing the Quiet Period
Changing the Switch-to-Client Retransmission Time
Setting the Switch-to-Client Frame-Retransmission Number
Setting the Re-Authentication Number
Configuring the Host Mode
Resetting the IEEE 802.1x Configuration to the Default Values
Configuring IEEE 802.1x Accounting
Displaying IEEE 802.1x Statistics and Status
Page
Configuring Interface Characteristics
Understanding Interface Types
Port-Based VLANs
Switch Ports
UNI and NNI Ports
Access Ports
Trunk Ports
Tunnel Ports
Routed Ports
Switch Virtual Interfaces
EtherChannel Port Groups
Connecting Interfaces
Using Interface Configuration Mode
Procedures for Configuring Interfaces
Configuring a Range of Interfaces
Page
Configuring and Using Interface Range Macros
Configuring Ethernet Interfaces
Default Ethernet Interface Configuration
Configuring User Network and Network Node Interfaces
Configuring Interface Speed and Duplex Mode
Speed and Duplex Configuration Guidelines
Setting the Interface Speed and Duplex Parameters
Page
Configuring IEEE 802.3x Flow Control
Configuring Auto-MDIX on an Interface
Adding a Description for an Interface
Configuring Layer 3 Interfaces
Configuring the System MTU
Monitoring and Maintaining the Interfaces
Monitoring Interface Status
Clearing and Resetting Interfaces and Counters
Shutting Down and Restarting the Interface
Configuring Command Macros
Understanding Command Macros
Configuring Command Macros
Default Command Macro Configuration
Command Macro Configuration Guidelines
Creating Command Macros
Applying Command Macros
Displaying Command Macros
Page
Configuring VLANs
Understanding VLANs
Page
Supported VLANs
Normal-Range VLANs
Extended-Range VLANs
VLAN Port Membership Modes
UNI VLANs
Creating and Modifying VLANs
Default Ethernet VLAN Configuration
VLAN Configuration Guidelines
Creating or Modifying an Ethernet VLAN
Assigning Static-Access Ports to a VLAN
Creating an Extended-Range VLAN with an Internal VLAN ID
Configuring UNI VLANs
Configuration Guidelines
Configuring UNI VLANs
Displaying VLANs
Configuring VLAN Trunks
Trunking Overview
IEEE 802.1Q Configuration Considerations
Default Layer 2 Ethernet Interface VLAN Configuration
Configuring an Ethernet Interface as a Trunk Port
Interaction with Other Features
Configuring a Trunk Port
Defining the Allowed VLANs on a Trunk
Page
Configuring the Native VLAN for Untagged Traffic
Configuring Trunk Ports for Load Sharing
Load Sharing Using STP Port Priorities
Load Sharing Using STP Path Cost
Page
Configuring VMPS
Understanding VMPS
Dynamic-Access Port VLAN Membership
Default VMPS Client Configuration
VMPS Configuration Guidelines
Configuring the VMPS Client
Entering the IP Address of the VMPS
Configuring Dynamic-Access Ports on VMPS Clients
Reconfirming VLAN Memberships
Changing the Reconfirmation Interval
Changing the Retry Count
Monitoring the VMPS
Troubleshooting Dynamic-Access Port VLAN Membership
VMPS Configuration Example
11-29
Page
Configuring Private VLANs
Understanding Private VLANs
Types of Private VLANs and Private-VLAN Ports
Page
IP Addressing Scheme with Private VLANs
Private VLANs across Multiple Switches
Private VLANs and Unicast, Broadcast, and Multicast Traffic
Private VLANs and SVIs
Configuring Private VLANs
Tasks for Configuring Private VLANs
Default Private-VLAN Configuration
Private-VLAN Configuration Guidelines
Secondary and Primary VLAN Configuration
Private-VLAN Port Configuration
Limitations with Other Features
Configuring and Associating VLANs in a Private VLAN
Page
Configuring a Layer 2 Interface as a Private-VLAN Host Port
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface
Monitoring Private VLANs
Page
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
Understanding IEEE 802.1Q Tunneling
Page
Page
Configuring IEEE 802.1Q Tunneling
Default IEEE 802.1Q Tunneling Configuration
IEEE 802.1Q Tunneling Configuration Guidelines
Native VLANs
System MTU
IEEE 802.1Q Tunneling and Other Features
Configuring an IEEE 802.1Q Tunneling Port
Page
Understanding Layer 2 Protocol Tunneling
13-9
Configuring Layer 2 Protocol Tunneling
Default Layer 2 Protocol Tunneling Configuration
Layer 2 Protocol Tunneling Configuration Guidelines
Configuring Layer 2 Protocol Tunneling
Page
Configuring Layer 2 Tunneling for EtherChannels
Configuring the SP Edge Switch
Configuring the Customer Switch
Page
13-17
Monitoring and Maintaining Tunneling Status
Configuring STP
Understanding Spanning-Tree Features
STP Overview
Spanning-Tree Topology and BPDUs
Bridge ID, Switch Priority, and Extended System ID
Spanning-Tree Interface States
Page
Blocking State
Listening State
Learning State
Forwarding State
Disabled State
How a Switch or Port Becomes the Root Switch or Root Port
Spanning Tree and Redundant Connectivity
Spanning-Tree Address Management
Accelerated Aging to Retain Connectivity
Spanning-Tree Modes and Protocols
Supported Spanning-Tree Instances
Spanning-Tree Interoperability and Backward Compatibility
STP and IEEE 802.1Q Trunks
Configuring Spanning-Tree Features
Default Spanning-Tree Configuration
Spanning-Tree Configuration Guidelines
Changing the Spanning-Tree Mode.
Disabling Spanning Tree
Configuring the Root Switch
Page
Configuring a Secondary Root Switch
Configuring Port Priority
Page
Configuring Path Cost
Configuring the Switch Priority of a VLAN
Configuring Spanning-Tree Timers
Configuring the Hello Time
Configuring the Forwarding-Delay Time for a VLAN
Configuring the Maximum-Aging Time for a VLAN
Displaying the Spanning-Tree Status
Configuring MSTP
Understanding MSTP
Multiple Spanning-Tree Regions
IST, CIST, and CST
Operations Within an MST Region
Operations Between MST Regions
Hop Count
Boundary Ports
Interoperability with IEEE 802.1D STP
Understanding RSTP
Port Roles and the Active Topology
Rapid Convergence
Synchronization of Port Roles
Bridge Protocol Data Unit Format and Processing
Processing Superior BPDU Information
Processing Inferior BPDU Information
Topology Changes
Configuring MSTP Features
Default MSTP Configuration
MSTP Configuration Guidelines
Specifying the MST Region Configuration and Enabling MSTP
Configuring the Root Switch
Page
Configuring a Secondary Root Switch
Configuring Port Priority
Configuring Path Cost
Configuring the Switch Priority
Configuring the Hello Time
Configuring the Forwarding-Delay Time
Configuring the Maximum-Aging Time
Configuring the Maximum-Hop Count
Specifying the Link Type to Ensure Rapid Transitions
Restarting the Protocol Migration Process
Displaying the MST Configuration and Status
Page
Configuring Optional Spanning-Tree Features
Understanding Optional Spanning-Tree Features
Understanding Port Fast
Understanding BPDU Guard
Understanding BPDU Filtering
Understanding EtherChannel Guard
Understanding Root Guard
Understanding Loop Guard
Configuring Optional Spanning-Tree Features
Default Optional Spanning-Tree Configuration
Optional Spanning-Tree Configuration Guidelines
Enabling Port Fast
Enabling BPDU Guard
Enabling BPDU Filtering
Enabling EtherChannel Guard
Enabling Root Guard
Enabling Loop Guard
Displaying the Spanning-Tree Status
Configuring Flex Links
Understanding Flex Links
Configuring Flex Links
Default Flex Link Configuration
Flex Link Configuration Guidelines
Configuring Flex Links
Monitoring Flex Links
Configuring DHCP Features and IP Source Guard
Understanding DHCP Features
DHCP Server
DHCP Relay Agent
DHCP Snooping
Option-82 Data Insertion
Page
DHCP Snooping Binding Database
Circuit ID Suboption Frame Format
Remote ID Suboption Frame Format
Configuring DHCP Features
Default DHCP Configuration
DHCP Snooping Configuration Guidelines
Configuring the DHCP Relay Agent
Specifying the Packet Forwarding Address
Enabling DHCP Snooping and Option 82
Enabling DHCP Snooping on Private VLANs
Enabling the DHCP Snooping Binding Database Agent
Displaying DHCP Snooping Information
Understanding IP Source Guard
Source IP Address Filtering
Source IP and MAC Address Filtering
Configuring IP Source Guard
Default IP Source Guard Configuration
IP Source Guard Configuration Guidelines
Enabling IP Source Guard
Displaying IP Source Guard Information
Configuring Dynamic ARP Inspection
Understanding Dynamic ARP Inspection
Page
Interface Trust States and Network Security
Rate Limiting of ARP Packets
Relative Priority of ARP ACLs and DHCP Snooping Entries
Logging of Dropped Packets
Configuring Dynamic ARP Inspection
Default Dynamic ARP Inspection Configuration
Dynamic ARP Inspection Configuration Guidelines
Configuring Dynamic ARP Inspection in DHCP Environments
Configuring ARP ACLs for Non-DHCP Environments
Page
Limiting the Rate of Incoming ARP Packets
Page
Performing Validation Checks
Configuring the Log Buffer
Displaying Dynamic ARP Inspection Information
Page
Page
Configuring IGMP Snooping and MVR
Understanding IGMP Snooping
IGMP Versions
Joining a Multicast Group
Page
Leaving a Multicast Group
Immediate Leave
IGMP Configurable-Leave Timer
IGMP Report Suppression
Configuring IGMP Snooping
Default IGMP Snooping Configuration
Enabling or Disabling IGMP Snooping
Configuring a Multicast Router Port
Configuring a Host Statically to Join a Group
Enabling IGMP Immediate Leave
Configuring the IGMP Leave Timer
Configuring TCN-Related Commands
Controlling the Multicast Flooding Time After a TCN Event
Recovering from Flood Mode
Disabling Multicast Flooding During a TCN Event
Configuring the IGMP Snooping Querier
Disabling IGMP Report Suppression
Displaying IGMP Snooping Information
Understanding Multicast VLAN Registration
Using MVR in a Multicast Television Application
Page
Configuring MVR
Default MVR Configuration
MVR Configuration Guidelines and Limitations
Configuring MVR Global Parameters
Configuring MVR Interfaces
Page
Displaying MVR Information
Configuring IGMP Filtering and Throttling
Default IGMP Filtering and Throttling Configuration
Configuring IGMP Profiles
Page
Applying IGMP Profiles
Setting the Maximum Number of IGMP Groups
Configuring the IGMP Throttling Action
Page
Displaying IGMP Filtering and Throttling Configuration
Configuring Port-Based Traffic Control
Configuring Storm Control
Understanding Storm Control
Page
Default Storm Control Configuration
Configuring Storm Control and Threshold Levels
Page
Configuring Protected Ports
Default Protected Port Configuration
Protected Port Configuration Guidelines
Configuring a Protected Port
Configuring Port Blocking
Default Port Blocking Configuration
Blocking Flooded Traffic on an Interface
Configuring Port Security
Understanding Port Security
Secure MAC Addresses
Security Violations
Default Port Security Configuration
Port Security Configuration Guidelines
Enabling and Configuring Port Security
Page
Page
Page
Enabling and Configuring Port Security Aging
Page
Displaying Port-Based Traffic Control Settings
Page
Configuring CDP
Understanding CDP
Configuring CDP
Default CDP Configuration
Configuring the CDP Characteristics
Disabling and Enabling CDP
Disabling and Enabling CDP on an Interface
Monitoring and Maintaining CDP
Page
Configuring UDLD
Understanding UDLD
Modes of Operation
Methods to Detect Unidirectional Links
Page
Configuring UDLD
Default UDLD Configuration
Configuration Guidelines
Enabling UDLD Globally
Enabling UDLD on an Interface
Resetting an Interface Disabled by UDLD
Displaying UDLD Status
Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
Local SPAN
Remote SPAN
SPAN and RSPAN Concepts and Terminology
SPAN Sessions
Monitored Traffic
Source Ports
Source VLANs
VLAN Filtering
Destination Port
RSPAN VLAN
SPAN and RSPAN Interaction with Other Features
Configuring SPAN and RSPAN
Default SPAN and RSPAN Configuration
Configuring Local SPAN
SPAN Configuration Guidelines
Creating a Local SPAN Session
Page
Creating a Local SPAN Session and Configuring Ingress Traffic
Page
Specifying VLANs to Filter
Configuring RSPAN
RSPAN Configuration Guidelines
Configuring a VLAN as an RSPAN VLAN
Creating an RSPAN Source Session
Page
Creating an RSPAN Destination Session
Creating an RSPAN Destination Session and Configuring Ingress Traffic
Specifying VLANs to Filter
Displaying SPAN and RSPAN Status
Configuring RMON
Understanding RMON
Configuring RMON
Default RMON Configuration
Configuring RMON Alarms and Events
Page
Collecting Group History Statistics on an Interface
Collecting Group Ethernet Statistics on an Interface
Displaying RMON Status
Configuring System Message Logging
Understanding System Message Logging
Configuring System Message Logging
System Log Message Format
Default System Message Logging Configuration
Disabling Message Logging
Setting the Message Display Destination Device
Synchronizing Log Messages
Page
Enabling and Disabling Time Stamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages
Defining the Message Severity Level
Limiting Syslog Messages Sent to the History Table and to SNMP
Configuring UNIX Syslog Servers
Logging Messages to a UNIX Syslog Daemon
Configuring the UNIX System Logging Facility
Displaying the Logging Configuration
Configuring SNMP
Understanding SNMP
SNMP Versions
SNMP Manager Functions
SNMP Agent Functions
SNMP Community Strings
Using SNMP to Access MIB Variables
SNMP Notifications
SNMP ifIndex MIB Object Values
Configuring SNMP
Default SNMP Configuration
SNMP Configuration Guidelines
Disabling the SNMP Agent
Configuring Community Strings
Configuring SNMP Groups and Users
Page
Configuring SNMP Notifications
Page
Page
Setting the Agent Contact and Location Information
Limiting TFTP Servers Used Through SNMP
SNMP Examples
Displaying SNMP Status
Configuring Network Security with ACLs
Understanding ACLs
Supported ACLs
Port ACLs
Router ACLs
VLAN Maps
Handling Fragmented and Unfragmented Traffic
Configuring IPv4 ACLs
Creating Standard and Extended IPv4 ACLs
IPv4 Access List Numbers
ACL Logging
Creating a Numbered Standard ACL
Creating a Numbered Extended ACL
Page
Page
Page
Resequencing ACEs in an ACL
Creating Named Standard and Extended ACLs
Page
Using Time Ranges with ACLs
Page
Including Comments in ACLs
Applying an IPv4 ACL to a Terminal Line
Applying an IPv4 ACL to an Interface
Page
Hardware and Software Treatment of IP ACLs
IPv4 ACL Configuration Examples
Page
Numbered ACLs
Extended ACLs
Named ACLs
Time Range Applied to an IP ACL
Commented IP ACL Entries
ACL Logging
Creating Named MAC Extended ACLs
Page
Applying a MAC ACL to a Layer 2 Interface
Configuring VLAN Maps
VLAN Map Configuration Guidelines
Creating a VLAN Map
Examples of ACLs and VLAN Maps
Example 1
Example 2
Example 3
Example 4
Applying a VLAN Map to a VLAN
Using VLAN Maps in Your Network
Wiring Closet Configuration
Denying Access to a Server on Another VLAN
Using VLAN Maps with Router ACLs
VLAN Maps and Router ACL Configuration Guidelines
Examples of Router ACLs and VLAN Maps Applied to VLANs
ACLs and Switched Packets
28-38
ACLs and Routed Packets
ACLs and Multicast Packets
Displaying IPv4 ACL Configuration
Page
Configuring Control-Plane Security
Understanding Control-Plane Security
Page
Page
Configuring Control-Plane Security
Monitoring Control-Plane Security
Page
Configuring QoS
Understanding QoS
Page
Modular QoS CLI
Input and Output Policies
Input Policy Maps
Output Policy Maps
Classification
Class Maps
The match Command
Classification Based on Layer 2 CoS
Classification Based on IP Precedence
Classification Based on IP DSCP
Classification Comparisons
Classification Based on QoS ACLs
Classification Based on QoS Groups
Table Maps
Policing
Individual Policing
Aggregate Policing
Unconditional Priority Policing
Marking
30-17
Congestion Management and Scheduling
Traffic Shaping
Class-Based Shaping
Port Shaping
Parent-Child Hierarchy
Class-Based Weighted Fair Queuing
Priority Queuing
Page
Congestion Avoidance and Queuing
Page
Configuring QoS
Default QoS Configuration
QoS Configuration Guidelines
Using ACLs to Classify Traffic
Creating IP Standard ACLs
Creating IP Extended ACLs
Creating Layer 2 MAC ACLs
Using Class Maps to Define a Traffic Class
Page
Configuring Table Maps
Page
Attaching a Traffic Policy to an Interface
Configuring Input Policy Maps
Configuring Input Policy Maps with Individual Policing
Page
Page
Configuring Input Policy Maps with Aggregate Policing
Page
Configuring Input Policy Maps with Marking
Page
Configuring Output Policy Maps
Configuring Output Policy Maps with Class-Based-Weighted-Queuing
Page
Configuring Output Policy Maps with Class-Based Shaping
Configuring Output Policy Maps with Port Shaping
Configuring Output Policy Maps with Class-Based Priority Queuing
Configuring Priority Without Police
Page
Configuring Priority With Police
Page
Page
Configuring Output Policy Maps with Weighted Tail Drop
Page
Displaying QoS Information
QoS Statistics
Configuration Examples for Policy Maps
QoS Configuration for Customer A
Page
QoS Configuration for Customer B
Modifying Output Policies and Adding or Deleting Classification Criteria
Modifying Output Policies and Changing Queuing or Scheduling Parameters
Modifying Output Policies and Adding or Deleting Configured Actions
Modifying Output Policies and Adding or Deleting a Class
Page
Page
Page
Configuring EtherChannels
Understanding EtherChannels
EtherChannel Overview
Port-Channel Interfaces
Port Aggregation Protocol
PAgP Modes
PAgP Interaction with Other Features
Link Aggregation Control Protocol
LACP Modes
LACP Interaction with Other Features
EtherChannel On Mode
Load Balancing and Forwarding Methods
Page
Configuring EtherChannels
Default EtherChannel Configuration
EtherChannel Configuration Guidelines
Configuring Layer 2 EtherChannels
Page
Configuring Layer 3 EtherChannels
Creating Port-Channel Logical Interfaces
Configuring the Physical Interfaces
Page
Configuring EtherChannel Load Balancing
Configuring the PAgP Learn Method and Priority
Configuring LACP Hot-Standby Ports
Configuring the LACP System Priority
Configuring the LACP Port Priority
Displaying EtherChannel, PAgP, and LACP Status
Page
Configuring IP Unicast Routing
Understanding IP Routing
Types of Routing
Steps for Configuring Routing
Configuring IP Addressing
Default Addressing Configuration
Assigning IP Addresses to Network Interfaces
Use of Subnet Zero
Classless Routing
Configuring Address Resolution Methods
Define a Static ARP Cache
Set ARP Encapsulation
Enable Proxy ARP
Routing Assistance When IP Routing is Disabled
Proxy ARP
Default Gateway
ICMP Router Discovery Protocol (IRDP)
Configuring Broadcast Packet Handling
Enabling Directed Broadcast-to-Physical Broadcast Translation
Forwarding UDP Broadcast Packets and Protocols
Establishing an IP Broadcast Address
Flooding IP Broadcasts
Page
Monitoring and Maintaining IP Addressing
Enabling IPv4 Unicast Routing
Configuring RIP
Default RIP Configuration
Configuring Basic RIP Parameters
Page
Configuring RIP Authentication
Configuring Summary Addresses and Split Horizon
Page
Configuring Split Horizon
Configuring OSPF
Default OSPF Configuration
Page
Configuring Basic OSPF Parameters
Configuring OSPF Interfaces
Configuring OSPF Area Parameters
Page
Configuring Other OSPF Parameters
Changing LSA Group Pacing
Configuring a Loopback Interface
Monitoring OSPF
Configuring EIGRP
Page
Default EIGRP Configuration
Configuring Basic EIGRP Parameters
Configuring EIGRP Interfaces
Configuring EIGRP Route Authentication
Monitoring and Maintaining EIGRP
Configuring BGP
Page
Default BGP Configuration
Page
Enabling BGP Routing
Page
Page
Managing Routing Policy Changes
Configuring BGP Decision Attributes
Page
Configuring BGP Filtering with Route Maps
Configuring BGP Filtering by Neighbor
Configuring Prefix Lists for BGP Filtering
Configuring BGP Community Filtering
Configuring BGP Neighbors and Peer Groups
Page
Configuring Aggregate Addresses
Configuring Routing Domain Confederations
Configuring BGP Route Reflectors
Configuring Route Dampening
Monitoring and Maintaining BGP
Configuring Multi-VRF CE
Understanding Multi-VRF CE
Page
Default Multi-VRF CE Configuration
Multi-VRF CE Configuration Guidelines
Configuring VRFs
Configuring a VPN Routing Session
Configuring BGP PE to CE Routing Sessions
Multi-VRF CE Configuration Example
32-65
Configuring Switch A
On Switch A, enable routing and configure VRF.
32-66
Configure OSPF routing in VPN1 and VPN2.
Configure BGP for CE to PE routing.
32-67
Configuring Switch D
Switch D belongs to VPN 1. Configure the connection to Switch A by using these commands.
Configuring Switch F
Switch F belongs to VPN 2. Configure the connection to Switch A by u sing the se co mman ds.
Configuring the PE Switch B
Displaying Multi-VRF CE Status
Configuring Protocol-Independent Features
Configuring Cisco Express Forwarding
Configuring the Number of Equal-Cost Routing Paths
Configuring Static Unicast Routes
Specifying Default Routes and Networks
Using Route Maps to Redistribute Routing Information
Page
Page
Configuring Policy-Based Routing
PBR Configuration Guidelines
Enabling PBR
Filtering Routing Information
Setting Passive Interfaces
Controlling Advertising and Processing in Routing Updates
Filtering Sources of Routing Information
Managing Authentication Keys
Monitoring and Maintaining the IP Network
Page
Configuring HSRP
Understanding HSRP
Page
Multiple HSRP
Configuring HSRP
Default HSRP Configuration
HSRP Configuration Guidelines
Enabling HSRP
Configuring HSRP Priority
Page
Page
Configuring MHSRP
Configuring HSRP Authentication and Timers
Page
Enabling HSRP Support for ICMP Redirect Messages
Displaying HSRP Configurations
Page
Configuring IP Multicast Routing
Understanding Ciscos Implementation of IP Multicast Routing
Understanding IGMP
IGMP Version 1
IGMP Version 2
Understanding PIM
PIM Versions
PIM Modes
PIM DM
PIM SM
Auto-RP
Bootstrap Router
Multicast Forwarding and Reverse Path Check
Page
Configuring IP Multicast Routing
Default Multicast Routing Configuration
Multicast Routing Configuration Guidelines
PIMv1 and PIMv2 Interoperability
Auto-RP and BSR Configuration Guidelines
Configuring Basic Multicast Routing
Configuring a Rendezvous Point
Manually Assigning an RP to Multicast Groups
Configuring Auto-RP
Setting up Auto-RP in a New Internetwork
Adding Auto-RP to an Existing Sparse-Mode Cloud
Preventing Join Messages to False RPs
Filtering Incoming RP Announcement Messages
Configuring PIMv2 BSR
Defining the PIM Domain Border
Defining the IP Multicast Boundary
Configuring Candidate BSRs
Configuring Candidate RPs
Using Auto-RP and a BSR
Monitoring the RP Mapping Information
Troubleshooting PIMv1 and PIMv2 Interoperability Problems
Configuring Advanced PIM Features
Understanding PIM Shared Tree and Source Tree
Page
Delaying the Use of PIM Shortest-Path Tree
Modifying the PIM Router-Query Message Interval
Configuring Optional IGMP Features
Default IGMP Configuration
Configuring the Switch as a Member of a Group
Controlling Access to IP Multicast Groups
Changing the IGMP Version
Modifying the IGMP Host-Query Message Interval
Changing the IGMP Query Timeout for IGMPv2
Changing the Maximum Query Response Time for IGMPv2
Configuring the Switch as a Statically Connected Member
Configuring Optional Multicast Routing Features
Configuring sdr Listener Support
Enabling sdr Listener Support
Limiting How Long an sdr Cache Entry Exists
Configuring an IP Multicast Boundary
Page
Monitoring and Maintaining IP Multicast Routing
Clearing Caches, Tables, and Databases
Displaying System and Network Statistics
Monitoring IP Multicast Routing
Page
Configuring MSDP
Understanding MSDP
MSDP Operation
MSDP Benefits
Configuring MSDP
Default MSDP Configuration
Configuring a Default MSDP Peer
Page
Caching Source-Active State
Page
Requesting Source Information from an MSDP Peer
Controlling Source Information that Your Switch Originates
Redistributing Sources
Page
Filtering Source-Active Request Messages
Controlling Source Information that Your Switch Forwards
Using a Filter
Page
Using TTL to Limit the Multicast Data Sent in SA Messages
Controlling Source Information that Your Switch Receives
Page
Configuring an MSDP Mesh Group
Shutting Down an MSDP Peer
Including a Bordering PIM Dense-Mode Region in MSDP
Configuring an Originating Address other than the RP Address
Monitoring and Maintaining MSDP
Page
Troubleshooting
Recovering from Corrupted Software By Using the Xmodem Protocol
Recovering from a Lost or Forgotten Password
Page
Procedure with Password Recovery Enabled
Page
Procedure with Password Recovery Disabled
Preventing Autonegotiation Mismatches
SFP Module Security and Identification
Monitoring SFP Module Status
Monitoring Temperature
Using Ping
Understanding Ping
Using Ping
All Software Versions
Metro IP Access Image
IP Routing and SVI
IP Routing and Routed Port
Ping Responses
Summary
Using Layer 2 Traceroute
Understanding Layer 2 Traceroute
Layer 2 Traceroute Usage Guidelines
Displaying the Physical Path
Using IP Traceroute
Understanding IP Traceroute
Executing IP Traceroute
Using TDR
Understanding TDR
Running TDR and Displaying the Results
Using Debug Commands
Enabling Debugging on a Specific Feature
Enabling All-System Diagnostics
Redirecting Debug and Error Message Output
Using the show platform forward Command
36-20
36-21
Using the crashinfo File
A
Supported MIBs
MIB List
Page
Using FTP to Access the MIB Files
Page
B
Working with the Cisco IOS File System, Configuration Files, and Software Images
Working with the Flash File System
Displaying Available File Systems
Setting the Default File System
Displaying Information about Files on a File System
Changing Directories and Displaying the Working Directory
Creating and Removing Directories
Copying Files
Deleting Files
Creating, Displaying, and Extracting tar Files
Creating a tar File
Displaying the Contents of a tar File
Extracting a tar File
Displaying the Contents of a File
Working with Configuration Files
Guidelines for Creating and Using Configuration Files
Configuration File Types and Location
Creating a Configuration File By Using a Text Editor
Copying Configuration Files By Using TFTP
Preparing to Download or Upload a Configuration File By Using TFTP
Downloading the Configuration File By Using TFTP
Uploading the Configuration File By Using TFTP
Copying Configuration Files By Using FTP
Preparing to Download or Upload a Configuration File By Using FTP
Downloading a Configuration File By Using FTP
Uploading a Configuration File By Using FTP
Copying Configuration Files By Using RCP
Preparing to Download or Upload a Configuration File By Using RCP
Downloading a Configuration File By Using RCP
Uploading a Configuration File By Using RCP
Clearing Configuration Information
Clearing the Startup Configuration File
Deleting a Stored Configuration File
Working with Software Images
Image Location on the Switch
tar File Format of Images on a Server or Cisco.com
Copying Image Files By Using TFTP
Preparing to Download or Upload an Image File By Using TFTP
Downloading an Image File By Using TFTP
Page
Uploading an Image File By Using TFTP
Copying Image Files By Using FTP
Preparing to Download or Upload an Image File By Using FTP
Downloading an Image File By Using FTP
Page
Uploading an Image File By Using FTP
Copying Image Files By Using RCP
Preparing to Download or Upload an Image File By Using RCP
Downloading an Image File By Using RCP
Page
Uploading an Image File By Using RCP
Page
C
Unsupported Commands in Cisco IOS Release 12.2(25)EX
Access Control Lists
ARP Commands
Unsupported Debug Commands
HSRP
IGMP Snooping Commands
Interface Commands
IP Multicast Routing
IP Unicast Routing
Unsupported Privileged EXEC or User EXEC Commands
Page
Unsupported BGP Router Configuration Commands
Unsupported VPN Configuration Commands
Unsupported Route Map Commands
MAC Address Commands
Miscellaneous
Unsupported show platform Commands
MSDP
NetFlow Commands
QoS
RADIUS
SNMP
Spanning Tree
VLAN
INDEX
A
Page
B
C
Page
Page
D
Page
Page
E
Page
F
G
H
I
Page
Page
Page
Page
J
K
L
M
Page
Page
Page
N
O
P
Page
Page
Page
Q
R
Page
Page
S
Page
Page
Page
Page
T
Page
U
V
W
X
