Main
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Organization
Page
Related Documentation
Conventions
Commands in Task Tables
Obtaining Documentation
Cisco.com
Product Documentation DVD
Ordering Documentation
Documentation Feedback
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Submitting a Service Request
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Page
Product Overview
Layer 2 Software Features
802.1Q and Layer 2 Protocol Tunneling
CDP
EtherChannel Bundles
Jumbo Frames
MST
PVRST+
QoS
Spanning Tree Protocol
SSO
UBRL
UDLD
Unidirectional Ethernet
VLANs
Layer 3 Software Features
CEF
HSRP
IP Routing Protocols
RIP
OSPF
IS-IS
IGRP
EIGRP
BGP
Multicast Services
Policy-Based Routing
Unidirectional Link Routing
VRF-lite
Management Features
Cisco Network Assistant and Embedded CiscoView
Dynamic Host Control Protocol
Forced 10/100 Autonegotiation
Intelligent Power Management
NetFlow Statistics
Secure Shell
Simple Network Management Protocol
SPAN and RSPAN
Security Features
Network Admission Control (NAC)
802.1X Identity-Based Network Security
Dynamic ARP Inspection
Dynamic Host Configuration Protocol Snooping
Flood Blocking
IP Source Guard
Local Authentication, RADIUS, and TACACS+ Authentication
Network Security with ACLs
Port Security
Storm Control
Utilities
Layer 2 Traceroute
Time Domain Reflectometry
Debugging Features
Page
Command-Line Interfaces
Accessing the Switch CLI
Accessing the CLI Using the EIA/TIA-232 Console Interface
Accessing the CLI Through Telnet
Performing Command-Line Processing
Performing History Substitution
Understanding Cisco IOS Command Modes
Getting a List of Commands and Syntax
ROMMOM Command-Line Interface
Configuring the Switch for the First Time
Default Switch Configuration
Configuring DHCP-Based Autoconfiguration
Understanding DHCP-Based Autoconfiguration
DHCP Client Request Process
Configuring the DHCP Server
Configuring the TFTP Server
Configuring the DNS Server
Configuring the Relay Device
Obtaining Configuration Files
Example Configuration
Configuring the Switch
Using Configuration Mode to Configure Your Switch
Verifying the Running Configuration Settings
3-10
Saving the Running Configuration Settings to Your Start-Up File
!
Reviewing the Configuration in NVRAM
Configuring a Default Gateway
Configuring a Static Route
Page
Controlling Access to Privileged EXEC Commands
Setting or Changing a Static enable Password
Using the enable password and enable secret Commands
Setting or Changing a Privileged Password
Setting TACACS+ Password Protection for Privileged EXEC Mode
Encrypting Passwords
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Changing the Default Privilege Level for Lines
Logging In to a Privilege Level
Exiting a Privilege Level
Displaying the Password, Access Level, and Privilege Level Configuration
Recovering a Lost Enable Password
Modifying the Supervisor Engine Startup Configuration
Understanding the Supervisor Engine Boot Configuration
Understanding the ROM Monitor
Configuring the Software Configuration Register
Modifying the Boot Field and Using the boot Command
Modifying the Boot Field
Verifying the Configuration Register Setting
Specifying the Startup System Image
Using Flash Memory
Flash Memory Features
Security Precautions
Configuring Flash Memory
Controlling Environment Variables
Resetting a Switch to Factory Default Settings
Page
Configuring Interfaces
Overview of Interface Configuration
Using the interface Command
4-3
in the preceding line you can specify either fastethernet 5/5 or fastethernet5/5.
keyword, interface type, slot number, and interface number in global configuration mode:
Note You do not need to add a space between the interface type and interface number. For example,
Configuring a Range of Interfaces
Defining and Using Interface-Range Macros
Deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP Ports
Configuring Optional Interface Features
Configuring Ethernet Interface Speed and Duplex Mode
Speed and Duplex Mode Configuration Guidelines
Setting the Interface Speed
Setting the Interface Duplex Mode
Displaying the Interface Speed and Duplex Mode Configuration
Adding a Description for an Interface
Configuring Jumbo Frame Support
Ports and Modules that Support Jumbo Frames
Understanding Jumbo Frame Support
Jumbo Frame Support Overview
Ethernet Ports
VLAN Interfaces
Configuring MTU Sizes
Interacting with the Baby Giants Feature
Understanding Online Insertion and Removal
Monitoring and Maintaining the Interface
Monitoring Interface and Controller Status
Clearing and Resetting the Interface
Shutting Down and Restarting an Interface
Configuring Interface Link Status and Trunk Status Events
Configuring Link Status Event Notification for an Interface
Global Settings
Configuring a Switch Global Link Status Logging Event
4-17
Result
Page
Checking Port Status and Connectivity
Checking Module Status
Checking Interfaces Status
Displaying MAC Addresses
Checking Cable Status Using TDR
Overview
Running the TDR Test
Guidelines
Using Telnet
Changing the Logout Timer
Monitoring User Sessions
Using Ping
Understanding How Ping Works
Running Ping
Using IP Traceroute
Understanding How IP Traceroute Works
Running IP Traceroute
Using Layer 2 Traceroute
Layer 2 Traceroute Usage Guidelines
Running Layer 2 Traceroute
Configuring ICMP
Enabling ICMP Protocol Unreachable Messages
Enabling ICMP Redirect Messages
Enabling ICMP Mask Reply Messages
Page
Configuring Supervisor Engine Redundancy Using RPR and SSO
Understanding Cisco IOS NSF-Awareness Support
Understanding Supervisor Engine Redundancy
Overview
RPR Operation
SSO Operation
Page
Understanding Supervisor Engine Redundancy Synchronization
RPR Supervisor Engine Configuration Synchronization
SSO Supervisor Engine Configuration Synchronization
Supervisor Engine Redundancy Guidelines and Restrictions
Configuring Supervisor Engine Redundancy
Configuring Redundancy
6-9
This example shows how to display redundancy facility state information:
Synchronizing the Supervisor Engine Configurations
Performing a Manual Switchover
Performing a Software Upgrade
Page
Manipulating Bootflash on the Redundant Supervisor Engine
Page
Page
Environmental Monitoring and Power Management
Understanding Environmental Monitoring
Using CLI Commands to Monitor your Environment
System Alarms
Power Management
Power Management for the Catalyst 4948 Switches
Power Management Modes
Power Management for the Catalyst 4500 Series Switches
Supported Power Supplies
Power Management Modes
Selecting a Power Management Mode
Power Management Limitations in Catalyst 4500 Series Switches
Page
Configuring Redundant Mode on a Catalyst 4500 Series Switch
Configuring Combined Mode on a Catalyst 4500 Series Switch
Insufficient Inline Power Handling for Supervisor Engine II-TS
7-11
Available Power for Catalyst 4500 Series Switches Power Supplies
Special Considerations for the 1400 W DC Power Supply
Configuring the DC Input for a Power Supply
Special Considerations for the 1400 W DC SP Triple Input Power Supply
Special Considerations for the 4200 W AC Power Supply
Page
Power Management for the Catalyst 4006 Switch
Limitations of the 1+1 Redundancy Mode
Setting the Power Redundancy Mode
Power Consumption of Chassis Components
Powering Down a Module
Page
Configuring Power over Ethernet
Power Management Modes
Configuring Power Consumption for Powered Devices on an Interface
Overview
Page
Intelligent Power Management
PoE and Supported Cabling Topology
Displaying the Operational Status for an Interface
8-7
This example shows how to display the operational status for all interfaces on module 3.
This example shows how to display the operational status for Fast Ethernet interface 4/1:
Displaying the PoE Consumed by a Module
Page
8-9
8-10
8-11
Page
Configuring Switches with Web-Based Tools
Configuring and Using the Network Assistant
Installation Requirements
Software and Hardware Requirements
Page
Network Assistant-Related Features and Their Defaults
Overview of the CLI Commands
Installing Network Assistant
Getting Started with Network Assistant
Launching the Network Assistant
Connecting Network Assistant to a Device
Using Community Mode to Manage a Network
Candidate and Member Characteristics
Automatic Discovery of Candidates and Members
Community Names
Hostnames
Passwords
Communication Protocols
Access Modes in Network Assistant
Community Information
Converting a Cluster into a Community
Using Cluster Mode to Manage a Network of Switches
Understanding Switch Clusters
Clustering Overview
Cluster Command Switch Characteristics
Network Assistant and VTY
Candidate Switch and Cluster Member Switch Characteristics
Using the CLI to Manage Switch Clusters
Configuring Network Assistant in Community or Cluster Mode
Configuring Network Assistant in on a Networked Switch in Community Mode
9-16
This example shows how to configure Network Assistant on a networked switch in community m ode:
Step16 Step17
Step21
Step18
9-17
Configuring Network Assistant in a Networked Switch in Cluster Mode
9-19
Step16
Step23
Step20
Step17
9-20
Configuring Embedded CiscoView Support
Understanding Embedded CiscoView
Installing and Configuring Embedded CiscoView
Page
9-23
Displaying Embedded CiscoView Information
9-25
The following example shows how to display the Embedded CiscoView file and version information:
Page
Understanding and Configuring VLANs, VTP, and VMPS
VLANs
Overview of VLANs
Page
VLAN Configuration Guidelines and Restrictions
VLAN Ranges
Configurable Normal-Range VLAN Parameters
VLAN Default Configuration
Configuring VLANs
Configuring VLANs in Global Configuration Mode
Page
Configuring VLANs in VLAN Database Mode
Assigning a Layer 2 LAN Interface to a VLAN
VLAN Trunking Protocol
Overview of VTP
Understanding the VTP Domain
Understanding VTP Modes
Understanding VTP Advertisements
Understanding VTP Version 2
Understanding VTP Pruning
Page
VTP Configuration Guidelines and Restrictions
VTP Default Configuration
Configuring VTP
Configuring VTP Global Parameters
Configuring a VTP Password
Enabling VTP Pruning
Enabling VTP Version 2
Configuring the Switch as a VTP Server
Configuring the Switch as a VTP Client
Disabling VTP (VTP Transparent Mode)
Displaying VTP Statistics
VLAN Membership Policy Server
Overview of VMPS
Understanding the VMPS Server
Security Modes for VMPS Server
Open Mode
Secure Mode
Multiple Mode
Fallback VLAN
Illegal VMPS Client Requests
Overview of VMPS Clients
Understanding Dynamic VLAN Membership
Default VMPS Client Configuration
Configuring a Switch as a VMPS Client
Configuring the IP Address of the VMPS Server
10-22
Configuring Dynamic Access Ports on a VMPS Client
Verifies the entry.
To configure a dynamic access port on a VMPS client switch, perform this task:
This example shows how to configure a dynamic access port and to verify the entry:
Step1 Step2
Voice Ports
Reconfirming VLAN Memberships
Configuring Reconfirmation Interval
Configuring the Retry Interval
Administering and Monitoring the VMPS
Troubleshooting Dynamic Port VLAN Membership
10-26
Dynamic Port VLAN Membership Configuration Example
Catalyst 4500 series XL Switch 2 (running Catalyst IOS)
Catalyst 4500 series XL Switch 9 (running Catalyst IOS)
address 172.20.22.7.
Page
Page
10-29
VMPS Database Configuration File Example
10-30
Configuring Layer 2 Ethernet Interfaces
Overview of Layer 2 Ethernet Switching
Understanding Layer 2 Ethernet Switching
Switching Frames Between Segments
Building the MAC Address Table
Understanding VLAN Trunks
Encapsulation Types
Layer 2 Interface Modes
Default Layer 2 Ethernet Interface Configuration
Layer 2 Interface Configuration Guidelines and Restrictions
Configuring Ethernet Interfaces for Layer 2 Switching
Configuring an Ethernet Interface as a Layer 2 Trunk
11-7
This example shows how to verify the running configuration:
This example shows how to verify the switch port configuration:
This example shows how to verify the trunk configuration:
Step11
Configuring an Interface as a Layer 2 Access Port
11-9
This example shows how to verify the running configuration:
Displays the switch port configuration of the interface.
This example shows how to verify the switch port configuration:
Clearing Layer 2 Configuration
To clear the Layer 2 configuration on an interface, perform this task:
This example shows how to clear the Layer 2 configuration on the Fast Ethernet interface 5/6:
Step1
Specifies the interface to clear.
Page
Configuring SmartPort Macros
Understanding SmartPort Macros
Configuring Smart-Port Macros
Default SmartPort Macro Configuration
cisco-desktop
cisco-phone
12-3
cisco-switch
This is the example for the cisco-switch macr o:
cisco-router
This is the example for the cisco-router macro:
SmartPort Macro Configuration Guidelines
Creating and Applying SmartPort Macros
cisco-desktop
12-6
cisco-phone
Note This macro requires the $AVID and $VVID keywords, which are the access and voice VLANs of the
port.
12-7
cisco-switch
Note This macro requires the $NVID keyword, which is the native VLANs of the port.
cisco-router
Note This macro requires the $NVID keyword, which is the native VLANs of the port.
Displaying SmartPort Macros
Understanding and Configuring STP
Overview of STP
Understanding the Bridge ID
Bridge Priority Value
Extended System ID
STP MAC Address Allocation
Bridge Protocol Data Units
Election of the Root Bridge
STP Timers
Creating the STP Topology
STP Port States
MAC Address Allocation
STP and IEEE 802.1Q Trunks
Per-VLAN Rapid Spanning Tree
Default STP Configuration
Configuring STP
Enabling STP
Enabling the Extended System ID
Configuring the Root Bridge
Page
13-11
Now, you can set the switch as the root:
This is the configuration after the switch becomes the root:
Configuring a Secondary Root Switch
Configuring STP Port Priority
13-14
Configuring STP Port Cost
Configuring the Bridge Priority of a VLAN
Configuring the Hello Time
Configuring the Maximum Aging Time for a VLAN
Configuring the Forward-Delay Time for a VLAN
Disabling Spanning Tree Protocol
Enabling Per-VLAN Rapid Spanning Tree
Specifying the Link Type
Restarting Protocol Migration
Page
Configuring STP Features
Overview of Root Guard
Enabling Root Guard
Overview of Loop Guard
Enabling Loop Guard
Overview of PortFast
Enabling PortFast
Overview of BPDU Guard
Enabling BPDU Guard
Overview of PortFast BPDU Filtering
Enabling PortFast BPDU Filtering
Page
Overview of UplinkFast
Enabling UplinkFast
Overview of BackboneFast
Page
Page
Enabling BackboneFast
14-16
This example shows how to display the total lines of the spanning tree state section:
Understanding and Configuring Multiple Spanning Trees
Overview of MST
IEEE 802.1s MST
IEEE 802.1w RSTP
RSTP Port Roles
RSTP Port States
MST-to-SST Interoperability
Common Spanning Tree
MST Instances
MST Configuration Parameters
MST Regions
MST Region Overview
Boundary Ports
IST Master
Edge Ports
Message Age and Hop Count
MST-to-PVST+ Interoperability
MST Configuration Restrictions and Guidelines
Configuring MST
Enabling MST
15-10
15-11
Configuring MST Instance Parameters
X
Step2
X
Step1
Configuring MST Instance Port Parameters
Restarting Protocol Migration
15-13
Displaying MST Configurations
Displays VLAN information in MST mode.
Step6
instance-id
Step5
15-14
15-15
Page
Understanding and Configuring EtherChannel
Overview of EtherChannel
Understanding Port-Channel Interfaces
Understanding How EtherChannels Are Configured
EtherChannel Configuration Overview
Understanding Manual EtherChannel Configuration
Understanding PAgP EtherChannel Configuration
Understanding IEEE 802.3ad LACP EtherChannel Configuration
Page
Understanding Load Balancing
EtherChannel Configuration Guidelines and Restrictions
Configuring EtherChannel
Configuring Layer 3 EtherChannels
Creating Port-Channel Logical Interfaces
Configuring Physical Interfaces as Layer 3 EtherChannels
16-8
Step5 Step6
port_channel_number
Configuring Layer 2 EtherChannels
Page
16-11
Configuring the LACP System Priority and System ID
Configuring EtherChannel Load Balancing
Removing an Interface from an EtherChannel
Removing an EtherChannel
Configuring IGMP Snooping and Filtering
Overview of IGMP Snooping
Page
Immediate-Leave Processing
Explicit Host Tracking
Configuring IGMP Snooping
Default IGMP Snooping Configuration
Enabling IGMP Snooping
Configuring Learning Methods
Configuring PIM/DVMRP Learning
Configuring CGMP Learning
Configuring a Multicast Router Port Statical
Enabling IGMP Immediate-Leave Processing
Configuring Explicit Host Tracking
Configuring a Host Statically
Suppressing Multicast Flooding
IGMP Snooping Interface Configuration
IGMP Snooping Switch Configuration
Displaying IGMP Snooping Information
Displaying Querier Information
Displaying IGMP Host Membership Information
Displaying Group Information
Displaying Multicast Router Interfaces
Displaying MAC Address Multicast Entries
Displaying IGMP Snooping Information on a VLAN Interface
Configuring IGMP Filtering
Default IGMP Filtering Configuration
Configuring IGMP Profiles
Applying IGMP Profiles
Setting the Maximum Number of IGMP Groups
Displaying IGMP Filtering Configuration
Page
Page
Configuring 802.1Q and Layer 2 Protocol Tunneling
Understanding 802.1Q Tunneling
Page
Page
Configuring 802.1Q Tunneling
802.1Q Tunneling Configuration Guidelines
Native VLANs
System MTU
802.1Q Tunneling and Other Features
Configuring an 802.1Q Tunneling Port
Understanding Layer 2 Protocol Tunneling
18-8
Configuring Layer 2 Protocol Tunneling
Default Layer 2 Protocol Tunneling Configuration
Layer 2 Protocol Tunneling Configuration Guidelines
Configuring Layer 2 Tunneling
Page
Monitoring and Maintaining Tunneling Status
Understanding and Configuring CDP
Overview of CDP
Configuring CDP
Enabling CDP Globally
Displaying the CDP Global Configuration
Enabling CDP on an Interface
Displaying the CDP Interface Configuration
Monitoring and Maintaining CDP
Page
Configuring UDLD
Overview of UDLD
Default UDLD Configuration
Configuring UDLD on the Switch
Enabling UDLD Globally
Enabling UDLD on Individual Interfaces
Disabling UDLD on Non-Fiber-Optic Interfaces
Disabling UDLD on Fiber-Optic Interfaces
Resetting Disabled Interfaces
Configuring Unidirectional Ethernet
Overview of Unidirectional Ethernet
Configuring Unidirectional Ethernet
21-2
To enable Unidirectional Ethernet, perform this task:
number
Step1
This example shows how to set Gigabit Ethernet interface 1/1 to unidirectional ly send traffic:
Page
Page
Configuring Layer 3 Interfaces
Overview of Layer 3 Interfaces
Logical Layer 3 VLAN Interfaces
Physical Layer 3 Interfaces
Configuration Guidelines
Configuring Logical Layer 3 VLAN Interfaces
22-4
disabled, and specify an IP routing protocol.
Configuring Physical Layer 3 Interfaces
22-5
To configure physical Layer 3 interfaces, perform this task:
type slot/interface
subnet_mask
port_channel_number
Page
Configuring Cisco Express Forwarding
Overview of CEF
Benefits of CEF
Forwarding Information Base
Adjacency Tables
Adjacency Discovery
Adjacency Resolution
Adjacency Types That Require Special Handling
Catalyst 4500 Series Switch Implementation of CEF
Hardware and Software Switching
Hardware Switching
Software Switching
Load Balancing
Software Interfaces
CEF Configuration Restrictions
Configuring CEF
Enabling CEF
Configuring Load Balancing for CEF
Configuring Per-Destination Load Balancing
Configuring Load Sharing Hash Function
Viewing CEF Information
Monitoring and Maintaining CEF
Displaying IP Statistics
Page
Page
Understanding and Configuring IP Multicast
Overview of IP Multicast
IP Multicast Protocols
Internet Group Management Protocol
Protocol-Independent Multicast
PIM Dense Mode
PIM Sparse Mode
IGMP Snooping and CGMP
IP Multicast on the Catalyst 4500 Series Switch
CEF, MFIB, and Layer 2 Forwarding
Page
IP Multicast Tables
Hardware and Software Forwarding
Partial Routes
Software Routes
Non-Reverse Path Forwarding Traffic
Multicast Fast Drop
Multicast Forwarding Information Base
S/M, 224/4
Unsupported Features
Configuring IP Multicast Routing
Default Configuration in IP MUlticast Routing
Enabling IP Multicast Routing
Enabling PIM on an Interface
Enabling Dense Mode
Enabling Sparse Mode
Enabling Sparse-Dense Mode
Monitoring and Maintaining IP Multicast Routing
Displaying System and Network Statistics
24-16
Displaying the Multicast Routing Table
Note Interface timers are not updated for hardware-forwar ded packets. Entry timers are updated
24-17
The following is sample output from the show ip mroute command with the active keyword:
The following is sample output from the show ip mroute command with the count keyword:
Displaying IP MFIB
Displaying IP MFIB Fast Drop
Displaying PIM Statistics
Clearing Tables and Databases
Configuration Examples
PIM Dense Mode Example
PIM Sparse Mode Example
BSR Configuration Example
Page
Configuring Policy-Based Routing
Overview of Policy-Based Routing
Understanding PBR
Understanding PBR Flow Switching
Using Policy-Based Routing
Policy-Based Routing Configuration Task List
Enabling PBR
Page
Enabling Local PBR
Unsupported Commands
Policy-Based Routing Configuration Examples
Equal Access Example
25-6
default interface null0 to set interface null0.
Differing Next Hops Example
Deny ACE Example
Configuring VRF-lite
Understanding VRF-lite
Default VRF-lite Configuration
VRF-lite Configuration Guidelines
Configuring VRFs
Configuring a VPN Routing Session
Configuring BGP PE to CE Routing Sessions
VRF-lite Configuration Example
26-8
Configuring Switch S8
On switch S8, enable routing and configure VRF.
26-9
Configure OSPF routing in VPN1 and VPN2:
Configure BGP for CE to PE routing:
Configuring Switch S20
Configure S20 to connect to CE:
26-10
Configuring Switch S11
Configure S11 to connect to CE:
Configuring the PE Switch S3
On switch S3 (the router), these commands configure only the con nections to switch S8:
Displaying VRF-lite Status
Page
Configuring Quality of Service
Overview of QoS
Prioritization
QoS Terminology
Page
Basic QoS Model
Classification
Page
27-8
Software Configuration GuideRelease 12.2(25)SG OL-7659-03
Chapter27 Configuring Quality of Service Overview of QoS
Figure27-3 Classification Flowchart
Classification Based on QoS ACLs
Classification Based on Class Maps and Policy Maps
Policing and Marking
Page
27-12
Software Configuration GuideRelease 12.2(25)SG OL-7659-03
Chapter27 Configuring Quality of Service Overview of QoS
Figure27-4 Policing and Marking Flowchart
Internal DSCP Values
Internal DSCP Sources
Egress ToS and CoS Sources
Mapping Tables
Queueing and Scheduling
Active Queue Management
Sharing Link Bandwidth Among Transmit Queues
Strict Priority / Low Latency Queueing
Traffic Shaping
Packet Modification
Per Port Per VLAN QoS
QoS and Software Processed Packets
Configuring Auto-QoS
Generated Auto-QoS Configuration
Effects of Auto-QoS on the Configuration
Configuration Guidelines
Enabling Auto-QoS for VoIP
Displaying Auto-QoS Information
27-21
Auto-QoS Configuration Example
This section describes how you could implement auto-QoS in a network, as shown in Figure 27-5.
Page
Configuring QoS
Default QoS Configuration
Page
Configuration Guidelines
Enabling QoS Globally
Configuring a Trusted Boundary to Ensure Port Security
Enabling Dynamic Buffer Limiting
Creating Named Aggregate Policers
Page
Configuring a QoS Policy
Overview of QoS Policy Configuration
Configuring a Class Map (Optional)
Creating a Class Map
Configuring Filtering in a Class Map
Verifying Class Map Configuration
Configuring a Policy Map
Creating a Policy Map
Configuring Policy-Map Class Actions
Page
Verifying Policy-Map Configuration
Attaching a Policy Map to an Interface
Configuring User Based Rate Limiting
Examples
27-37
This example shows how to create a flow-based class map associated with a desti nation address:
27-38
Example 5
Assume that there are two active flows on FastEthernet interface 6/1:
consolidated into one flow because they have the same source and destina tion address.
27-39
Hierarchical policers
Note Hierarchical policers are only supported on Supervisor Engine V-10GE.
Page
Enabling Per-Port Per-VLAN QoS
27-42
27-43
27-44
Enabling or Disabling QoS on an Interface
number
Step1
|
Selects the interface to configure.
Configuring VLAN-Based QoS on Layer 2 Interfaces
Configuring the Trust State of Interfaces
Configuring the CoS Value for an Interface
Configuring DSCP Values for an Interface
Configuring Transmit Queues
Mapping DSCP Values to Specific Transmit Queues
Allocating Bandwidth Among Transmit Queues
Configuring Traffic Shaping of Transmit Queues
Configuring a High Priority Transmit Queue
Configuring DSCP Maps
Configuring the CoS-to-DSCP Map
Configuring the Policed-DSCP Map
Configuring the DSCP-to-CoS Map
Page
Configuring Voice Interfaces
Overview of Voice Interfaces
Configuring a Port to Connect to a Cisco 7960 IP Phone
Configuring Voice Ports for Voice and Data Traffic
Page
Overriding the CoS Priority of Incoming Frames
Configuring Power
Understanding and Configuring 802.1X Port-Based Authentication
Understanding 802.1X Port-Based Authentication
Device Roles
802.1x and Network Access Control
Authentication Initiation and Message Exchange
Ports in Authorized and Unauthorized States
Using 802.1X with VLAN Assignment
Using 802.1X Authentication for Guest VLANs
Usage Guidelines for Using 802.1X Authentication with Guest VLANs on Windows-XP Hosts
Using 802.1X with Authentication Failed VLAN Assignment
Usage Guidelines for Using Authentication Failed VLAN Assignment
Using 802.1X with Port Security
Using 802.1X with RADIUS-Provided Session Timeouts
Using 802.1X with RADIUS Accounting
Page
Using 802.1X with Voice VLAN Ports
Supported Topologies
How to Configure 802.1X
Default 802.1X Configuration
802.1X Configuration Guidelines
Enabling 802.1X Authentication
Configuring Switch-to-RADIUS-Server Communication
Page
Configuring RADIUS-Provided Session Timeouts
Enabling 802.1X Accounting
Configuring 802.1X with Guest VLANs
Page
Configuring 802.1X with Authentication Failed VLAN Assignment
Page
Configuring 802.1X with Voice VLAN
Enabling Periodic Reauthentication
Manually Reauthenticating a Client Connected to a Port
Changing the Quiet Period
Changing the Switch-to-Client Retransmission Time
Setting the Switch-to-Client Frame-Retransmission Number
Enabling Multiple Hosts
Resetting the 802.1X Configuration to the Default Values
Displaying 802.1X Statistics and Status
Configuring Port Security and Trunk Port Security
Overview of Port Security
Page
Port mode changes
Default Port Security Configuration
Port Security Guidelines and Restrictions
Configuring Port Security
Configuring Port Security on an Interface
Page
Page
Configuring Trunk Port Security
Page
Configuration Guidelines
Configuring Port Security Aging
Page
Displaying Port Security Settings
30-12
This example shows how to display all secure MAC addresses configured on all switch inte rfaces:
This example shows how to display the port security settings on interface g1/1 for VLANs 2 and 3:
30-13
Page
Configuring DHCP Snooping and IP Source Guard
Overview of DHCP Snooping
Overview of the DHCP Snooping Database Agent
Configuring DHCP Snooping on the Switch
Default Configuration for DHCP Snooping
Enabling DHCP Snooping
Enabling DHCP Snooping on Aggregration Switch
Enabling DHCP Snooping on Private VLAN
Enabling the DHCP Snooping Database Agent
Configuration Examples for the Database Agent
Example 1: Enabling the Database Agent
Example 2: Reading Binding Entries from a TFTP File
31-9
Example 3: Adding Information to the DHCP Snooping Database
Step3
lease-time
vlan-id
binding-id
Displaying DHCP Snooping Information
Displaying a Binding Table
Displaying the DHCP Snooping Configuration
Overview of IP Source Guard
Configuring IP Source Guard on the Switch
Configuring IP Source Guard on Private VLANs
Displaying IP Source Guard Information
Displaying IP Source Binding Information
Page
Page
Understanding and Configuring Dynamic ARP Inspection
Overview of Dynamic ARP Inspection
ARP Cache Poisoning
Purpose of Dynamic ARP Inspection
Interface Trust State, Security Coverage and Network Configuration
Relative Priority of Static Bindings and DHCP Snooping Entries
Logging of Dropped Packets
Rate Limiting of ARP Packets
Port Channels and Their Behavior
Configuring Dynamic ARP Inspection
Configuring Dynamic ARP Inspection in DHCP Environments
Page
32-7
On Switch A
32-8
On Switch B
32-9
Configuring ARP ACLs for Non-DHCP Environments
Page
Page
32-13
Configuring the Log Buffer
Page
Limiting the Rate of Incoming ARP Packets
32-17
32-18
Performing Validation Checks
Page
32-20
Configuring Network Security with ACLs
Understanding ACLs
ACL Overview
Supported Features That Use ACLs
Router ACLs
Port ACLs
VLAN Maps
Hardware and Software ACL Support
TCAM Programming and ACLs
Layer 4 Operators in ACLs
Restrictions for Layer 4 Operations
Configuration Guidelines for Layer 4 Operations
How ACL Processing Impacts CPU
Page
Configuring Unicast MAC Address Filtering
Configuring Named MAC Extended ACLs
Configuring VLAN Maps
VLAN Map Configuration Guidelines
Creating and Deleting VLAN Maps
Examples of ACLs and VLAN Maps
Page
Applying a VLAN Map to a VLAN
Using VLAN Maps in Your Network
Page
Denying Access to a Server on Another VLAN
Displaying VLAN Access Map Information
Using VLAN Maps with Router ACLs
Guidelines for Using Router ACLs and VLAN Maps
Examples of Router ACLs and VLAN Maps Applied to VLANs
ACLs and Switched Packets
ACLs and Routed Packets
Configuring PACLs
Creating a PACL
PACL Configuration Guidelines
Configuring IP and MAC ACLs on a Layer 2 Interface
Using PACL with Access-Group Mode
Configuring Access-group Mode on Layer 2 Interface
Applying ACLs to a Layer 2 Interface
Displaying an ACL Configuration on a Layer 2 Interface
Using PACL with VLAN Maps and Router ACLs
Page
Page
Configuring Private VLANs
Overview of PVLANs
PVLAN Trunks
PVLANs and VLAN ACL/QoS
How to Configure PVLANs
PVLAN Configuration Guidelines and Restrictions
Page
Configuring a VLAN as a PVLAN
Associating a Secondary VLAN with a Primary VLAN
Configuring a Layer 2 Interface as a PVLAN Promiscuous Port
Configuring a Layer 2 Interface as a PVLAN Host Port
34-9
Configuring a Layer 2 Interface as a PVLAN Trunk Port
To configure a Layer 2 interface as a PVLAN trunk port, perform this task:
Step1 Step2 Step3
Specifies the LAN port to configure.
Step4
Page
Permitting Routing of Secondary VLAN Ingress Traffic
34-12
Port Unicast and Multicast Flood Blocking
Overview of Flood Blocking
Configuring Port Blocking
Blocking Flooded Traffic on an Interface
Resuming Normal Forwarding on a Port
Page
Configuring Storm Control
Overview of Storm Control
Hardware-based Storm Control Implementation
Software-based Storm Control Implementation
Enabling Storm Control
Disabling Storm Control
Displaying Storm Control
36-5
The following example shows an interface that supports broadcast suppression in hardware (hw).
Note Use the show interfaces counters storm-control command to display a count of discarded packets.
Multicast Storm Control
Multicast Suppression on the WS-X4516 Supervisor Engine
Multicast Suppression on the WS-X4515, WS-X4014, and WS-X4013+ Supervisor Engines
Page
Configuring SPAN and RSPAN
Overview of SPAN and RSPAN
Page
SPAN and RSPAN Concepts and Terminology
SPAN Session
Traffic Types
Source Port
Destination Port
VLAN-Based SPAN
SPAN Traffic
SPAN and RSPAN Session Limits
Default SPAN and RSPAN Configuration
Configuring SPAN
SPAN Configuration Guidelines and Restrictions
Configuring SPAN Sources
Configuring SPAN Destinations
Monitoring Source VLANs on a Trunk Interface
Configuration Scenario
Verifying a SPAN Configuration
CPU Port Sniffing
Page
Encapsulation Configuration
Ingress Packets
Access List Filtering
ACL Configuration Guidelines
Configuring Access List Filtering
Packet Type Filtering
Configuration Example
Configuring RSPAN
RSPAN Configuration Guidelines
Creating an RSPAN Session
Creating an RSPAN Destination Session
Creating an RSPAN Destination Session and Enabling Ingress Traffic
Page
Removing Ports from an RSPAN Session
Specifying VLANs to Monitor
Specifying VLANs to Filter
Displaying SPAN and RSPAN Status
37-25
Page
Configuring NetFlow
Overview of NetFlow Statistics Collection
NDE Versions
Information Derived from Hardware
Information Derived from Software
Assigning the Input and Output Interface and AS Numbers
Assigning the Inferred Fields
Assigning the Output Interface and Output Related Inferred Fields
Assigning the Input Interface and Input Related Inferred Fields
Feature Interaction of Netflow Statistics with UBRL and Microflow Policing
VLAN Statistics
Configuring NetFlow Statistics Collection
Checking for Required Hardware
Enabling NetFlow Statistics Collection
Configuring Switched/Bridged IP Flows
Exporting NetFlow Statistics
Managing NetFlow Statistics Collection
Configuring an Aggregation Cache
Verifying Aggregation Cache Configuration and Data Export
Configuring a NetFlow Minimum Prefix Mask for Router-Based Aggregation
Configuring the Minimum Mask of a Prefix Aggregation Scheme
Configuring the Minimum Mask of a Destination-Prefix Aggregation Scheme
Configuring the Minimum Mask of a Source-Prefix Aggregation Scheme
Monitoring and Maintaining Minimum Masks for Aggregation Schemes
Configuring NetFlow Aging Parameters
38-13
NetFlow Statistics Collection Configuration Example
NetFlow Configuration Examples
Sample NetFlow Enabling Schemes
Sample NetFlow Aggregation Configurations
Autonomous System Configuration
Destination Prefix Configuration
Prefix Configuration
Protocol Port Configuration
Source Prefix Configuration
Sample NetFlow Minimum Prefix Mask Router-Based Aggregation Schemes
Prefix Aggregation Scheme
Destination-Prefix Aggregation Scheme
Source-Prefix Aggregation Scheme
Diagnostics on the Catalyst 4500 Switch
Online Diagnostics
Troubleshooting with Online Diagnostics
Power-On-Self-Test Diagnostics
Overview
Sample POST Results
39-21
The following example shows the output for a WS-X4516 supervisor engine:
39-22
Power-On-Self-Test Results for Supervisor Engine V-10GE
POST on the Active Supervisor Engine
Sample POST Results on an Active Supervisor Engine
39-24
39-25
39-26
POST on Standby Supervisor Engine
Sample Display of the POST on Standby Supervisor Engine
39-27
39-28
on power-up.
Causes of Failure and Troubleshooting
Page
Page
APPENDIX
A
Acronyms and Abbreviations
Page
Page
Page
Page
Page
Page
Page
INDEX
Numerics
A
B
C
D
Page
E
F
G
H
I
Page
J
K
L
M
Page
N
O
P
Page
Page
Q
R
S
Page
Page
T
U
V
