Main
Page
CONTENTS
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Preface
Audience
Purpose
Conventions
Related Publications
Page
Overview
Features
Ease of Use and Ease of Deployment
Performance
Manageability
Redundancy
VLAN Support
Security
Quality of Service and Class of Service
Monitoring
Management Options
Management Interface Options
1-7
Network Configuration Examples
Figure 1-1, Figure 1-2, and Figure 1-3 show three different network configurations.
1-8
Where to Go Next
Before configuring the switch, review these sections for start-up information:
Using the Command-Line Interface
Cisco IOS Command Modes
Page
Getting Help
Abbreviating Commands
Using no and default Forms of Commands
Understanding CLI Messages
Using Command History
Changing the Command History Buffer Size
Recalling Commands
Disabling the Command History Feature
Using Editing Features
Enabling and Disabling Editing Features
Editing Commands through Keystrokes
Editing Command Lines that Wrap
Searching and Filtering Output of show and more Commands
Accessing the CLI
Page
Assigning the Switch IP Address and Default Gateway
Understanding the Boot Process
Assigning Switch Information
Default Switch Information
Manually Assigning IP Information
Checking and Saving the Running Configuration
3-5
Modifying the Startup Configuration
Default Boot Configuration
Specifying the Filename to Read and Write the System Configuration
Booting a Specific Software Image
Controlling Environment Variables
Page
Page
Scheduling a Reload of the Software Image
Configuring a Scheduled Reload
Displaying Scheduled Reload Information
Administering the Switch
Managing the System Time and Date
Understanding the System Clock
Understanding Network Time Protocol
Configuring NTP
Default NTP Configuration
Configuring NTP Authentication
Configuring NTP Associations
Configuring NTP Broadcast Service
Configuring NTP Access Restrictions
Creating an Access Group and Assigning a Basic IP Access List
Disabling NTP Services on a Specific Interface
Configuring the Source IP Address for NTP Packets
Displaying the NTP Configuration
Configuring Time and Date Manually
Setting the System Clock
Displaying the Time and Date Configuration
Configuring the Time Zone
Configuring Summer Time (Daylight Saving Time)
Configuring a System Name and Prompt
Default System Name and Prompt Configuration
Configuring a System Name
Understanding DNS
Default DNS Configuration
Setting Up DNS
Displaying the DNS Configuration
Creating a Banner
Default Banner Configuration
Configuring a Message-of-the-Day Login Banner
Page
Configuring a Login Banner
Managing the MAC Address Table
Building the Address Table
MAC Addresses and VLANs
Default MAC Address Table Configuration
Changing the Address Aging Time
Removing Dynamic Address Entries
Configuring MAC Address Notification Traps
Page
Adding and Removing Static Address Entries
Displaying Address Table Entries
Managing the ARP Table
Configuring Switch-Based Authentication
Preventing Unauthorized Access to Your Switch
Protecting Access to Privileged EXEC Commands
Default Password and Privilege Level Configuration
Setting or Changing a Static Enable Password
Protecting Enable and Enable Secret Passwords with Encryption
Setting a Telnet Password for a Terminal Line
Configuring Username and Password Pairs
Configuring Multiple Privilege Levels
Setting the Privilege Level for a Command
Changing the Default Privilege Level for Lines
Logging into and Exiting a Privilege Level
Controlling Switch Access with TACACS+
Understanding TACACS+
Page
TACACS+ Operation
Configuring TACACS+
Default TACACS+ Configuration
Identifying the TACACS+ Server Host and Setting the Authentication Key
Configuring TACACS+ Login Authentication
Page
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
Starting TACACS+ Accounting
Displaying the TACACS+ Configuration
Controlling Switch Access with RADIUS
Understanding RADIUS
RADIUS Operation
Configuring RADIUS
Default RADIUS Configuration
Identifying the RADIUS Server Host
Page
Page
Configuring RADIUS Login Authentication
Page
Defining AAA Server Groups
Page
Configuring RADIUS Authorization for User Privileged Access and Network Services
Starting RADIUS Accounting
Configuring Settings for All RADIUS Servers
Configuring the Switch to Use Vendor-Specific RADIUS Attributes
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication
Displaying the RADIUS Configuration
Configuring the Switch for Local Authentication and Authorization
Configuring the Switch for Secure Shell
Understanding SSH
SSH Servers, Integrated Clients, and Supported Versions
Limitations
Configuring SSH
Configuration Guidelines
Cryptographic Software Image Guidelines
Setting Up the Switch to Run SSH
Configuring the SSH Server
Displaying the SSH Configuration and Status
Configuring IEEE 802.1x Port-Based Authentication
Understanding IEEE 802.1x Port-Based Authentication
Device Roles
Authentication Initiation and Message Exchange
Ports in Authorized and Unauthorized States
IEEE 802.1x Accounting
IEEE 802.1x Accounting Attribute-Value Pairs
IEEE 802.1x Host Mode
Using IEEE 802.1x with Port Security
Using IEEE 802.1x with Voice VLAN Ports
Using IEEE 802.1x with VLAN Assignment
Using IEEE 802.1x with Guest VLAN
Using IEEE 802.1x with Wake-on-LAN
Unidirectional State
Bidirectional State
Configuring IEEE 802.1x Authentication
Default IEEE 802.1x Configuration
IEEE 802.1x Configuration Guidelines
Enabling IEEE 802.1x Authentication
Configuring the Switch-to-RADIUS-Server Communication
Page
Configuring IEEE 802.1x Authentication Using a RADIUS Server
Enabling Periodic Re-Authentication
Manually Re-Authenticating a Client Connected to a Port
Changing the Quiet Period
Changing the Switch-to-Client Retransmission Time
Setting the Switch-to-Client Frame-Retransmission Number
Configuring the Host Mode
Configuring a Guest VLAN
Page
Resetting the IEEE 802.1x Configuration to the Default Values
Configuring IEEE 802.1x Authentication
Page
Configuring IEEE 802.1x Accounting
Displaying IEEE 802.1x Statistics and Status
Page
Configuring Interface Characteristics
Understanding Interface Types
Access Ports
Trunk Ports
Port-Based VLANs
EtherChannel Port Groups
Connecting Interfaces
Using the Interface Command
Procedures for Configuring Interfaces
Configuring a Range of Interfaces
Configuring and Using Interface-Range Macros
Page
Configuring Ethernet Interfaces
Default Ethernet Interface Configuration
Configuring Interface Speed and Duplex Mode
Configuration Guidelines
Setting the Interface Speed and Duplex Parameters
Adding a Description for an Interface
Monitoring and Maintaining the Interfaces
Monitoring Interface and Controller Status
Page
Clearing and Resetting Interfaces and Counters
Shutting Down and Restarting the Interface
Page
Configuring Smartports Macros
Understanding Smartports Macros
Configuring Smartports Macros
Default Smartports Macro Configuration
Smartports Macro Configuration Guidelines
Page
Creating Smartports Macros
Applying Smartports Macros
Applying Cisco-Default Smartports Macros
Page
Displaying Smartports Macros
Configuring STP
Understanding Spanning-Tree Features
STP Overview
Spanning-Tree Topology and BPDUs
Bridge ID, Switch Priority, and Extended System ID
Spanning-Tree Interface States
Blocking State
Listening State
Learning State
Forwarding State
Disabled State
How a Switch or Port Becomes the Root Switch or Root Port
Spanning Tree and Redundant Connectivity
Spanning-Tree Address Management
Accelerated Aging to Retain Connectivity
Spanning-Tree Modes and Protocols
Supported Spanning-Tree Instances
Spanning-Tree Interoperability and Backward Compatibility
STP and IEEE 802.1Q Trunks
Spanning Tree Considerations for Cisco Systems Intelligent Gigabit Ethernet Switch Modules
Configuring Spanning-Tree Features
Default Spanning-Tree Configuration
Spanning-Tree Configuration Guidelines
Changing the Spanning-Tree Mode
Disabling Spanning Tree
Configuring the Root Switch
Page
Configuring a Secondary Root Switch
Configuring the Port Priority
Page
Configuring the Path Cost
Configuring the Switch Priority of a VLAN
Configuring Spanning-Tree Timers
Configuring the Hello Time
Configuring the Forwarding-Delay Time for a VLAN
Configuring the Maximum-Aging Time for a VLAN
Displaying the Spanning-Tree Status
Page
Configuring MSTP
Understanding MSTP
Multiple Spanning-Tree Regions
IST, CIST, and CST
Operations Within an MST Region
Hop Count
Interoperability with IEEE 802.1D STP
Understanding RSTP
Port Roles and the Active Topology
Rapid Convergence
Synchronization of Port Roles
Bridge Protocol Data Unit Format and Processing
Processing Superior BPDU Information
Processing Inferior BPDU Information
Topology Changes
Configuring MSTP Features
Default MSTP Configuration
MSTP Configuration Guidelines
Specifying the MST Region Configuration and Enabling MSTP
Configuring the Root Switch
Page
Configuring a Secondary Root Switch
Configuring the Port Priority
Page
Configuring the Path Cost
Configuring the Switch Priority
Configuring the Hello Time
Configuring the Forwarding-Delay Time
Configuring the Maximum-Aging Time
Configuring the Maximum-Hop Count
Specifying the Link Type to Ensure Rapid Transitions
Restarting the Protocol Migration Process
Displaying the MST Configuration and Status
Configuring Optional Spanning-Tree Features
Understanding Optional Spanning-Tree Features
Understanding Port Fast
Understanding BPDU Guard
Understanding BPDU Filtering
Understanding UplinkFast
Understanding BackboneFast
Page
Page
Understanding EtherChannel Guard
Understanding Root Guard
Understanding Loop Guard
Configuring Optional Spanning-Tree Features
Default Optional Spanning-Tree Configuration
Optional Spanning-Tree Configuration Guidelines
Enabling Port Fast
Enabling BPDU Guard
Enabling BPDU Filtering
Enabling UplinkFast for Use with Redundant Links
Enabling BackboneFast
Enabling EtherChannel Guard
Enabling Root Guard
Enabling Loop Guard
Displaying the Spanning-Tree Status
Page
Configuring VLANs
Understanding VLANs
Supported VLANs
VLAN Port Membership Modes
Configuring Normal-Range VLANs
Token Ring VLANs
Normal-Range VLAN Configuration Guidelines
VLAN Configuration Mode Options
VLAN Configuration in config-vlan Mode
VLAN Configuration in VLAN Configuration Mode
Saving VLAN Configuration
Default Ethernet VLAN Configuration
Creating or Modifying an Ethernet VLAN
Page
Deleting a VLAN
Assigning Static-Access Ports to a VLAN
Configuring Extended-Range VLANs
Default VLAN Configuration
Extended-Range VLAN Configuration Guidelines
Creating an Extended-Range VLAN
Displaying VLANs
Configuring VLAN Trunks
Trunking Overview
Page
IEEE 802.1Q Configuration Considerations
Default Layer 2 Ethernet Interface VLAN Configuration
Configuring an Ethernet Interface as a Trunk Port
Interaction with Other Features
Configuring a Trunk Port
Defining the Allowed VLANs on a Trunk
Changing the Pruning-Eligible List
Configuring the Native VLAN for Untagged Traffic
Load Sharing Using STP
Load Sharing Using STP Port Priorities
Page
Load Sharing Using STP Path Cost
Configuring VMPS
Understanding VMPS
Dynamic Port VLAN Membership
VMPS Database Configuration File
Default VMPS Client Configuration
VMPS Configuration Guidelines
Configuring the VMPS Client
Entering the IP Address of the VMPS
Configuring Dynamic Access Ports on VMPS Clients
Reconfirming VLAN Memberships
Changing the Reconfirmation Interval
Changing the Retry Count
Monitoring the VMPS
Troubleshooting Dynamic Port VLAN Membership
VMPS Configuration Example
12-32
Configuring VTP
Understanding VTP
The VTP Domain
VTP Modes
VTP Advertisements
VTP Version 2
VTP Pruning
Page
Configuring VTP
Default VTP Configuration
VTP Configuration Options
VTP Configuration in Global Configuration Mode
VTP Configuration in VLAN Configuration Mode
VTP Configuration Guidelines
Domain Names
Passwords
VTP Version
Configuration Requirements
Configuring a VTP Server
Configuring a VTP Client
Disabling VTP (VTP Transparent Mode)
Enabling VTP Version 2
Enabling VTP Pruning
Adding a VTP Client Switch to a VTP Domain
Monitoring VTP
Page
Configuring IGMP Snooping and MVR
Understanding IGMP Snooping
IGMP Versions
Joining a Multicast Group
Page
Leaving a Multicast Group
Immediate-Leave Processing
IGMP Configurable-Leave Timer
IGMP Report Suppression
Source-Only Networks
Configuring IGMP Snooping
Default IGMP Snooping Configuration
Enabling or Disabling IGMP Snooping
Setting the Snooping Method
Configuring a Multicast Router Port
Configuring a Host Statically to Join a Group
Enabling IGMP Immediate-Leave Processing
Configuring the IGMP Leave Timer
Disabling IGMP Report Suppression
Disabling IP Multicast-Source-Only Learning
Configuring the Aging Time
Displaying IGMP Snooping Information
Understanding Multicast VLAN Registration
Using MVR in a Multicast Television Application
Configuring MVR
Default MVR Configuration
MVR Configuration Guidelines and Limitations
Configuring MVR Global Parameters
Page
Configuring MVR Interfaces
Displaying MVR Information
Configuring IGMP Filtering and Throttling
Default IGMP Filtering and Throttling Configuration
Configuring IGMP Profiles
Applying IGMP Profiles
Setting the Maximum Number of IGMP Groups
Configuring the IGMP Throttling Action
Page
Displaying IGMP Filtering and Throttling Configuration
Page
Configuring Port-Based Traffic Control
Configuring Storm Control
Understanding Storm Control
Default Storm Control Configuration
Configuring Storm Control and Threshold Levels
Configuring Protected Ports
Configuring Port Security
Understanding Port Security
Secure MAC Addresses
Security Violations
Default Port Security Configuration
Port Security Configuration Guidelines
Enabling and Configuring Port Security
Page
Enabling and Configuring Port Security Aging
Page
Displaying Port-Based Traffic Control Settings
Page
Configuring UDLD
Understanding UDLD
Modes of Operation
Methods to Detect Unidirectional Links
Page
Configuring UDLD
Default UDLD Configuration
Enabling UDLD Globally
Enabling UDLD on an Interface
Resetting an Interface Shut Down by UDLD
Displaying UDLD Status
Page
Configuring CDP
Understanding CDP
Configuring CDP
Default CDP Configuration
Configuring the CDP Characteristics
Disabling and Enabling CDP
Disabling and Enabling CDP on an Interface
Monitoring and Maintaining CDP
Page
Configuring SPAN and RSPAN
Understanding SPAN and RSPAN
Page
SPAN and RSPAN Concepts and Terminology
SPAN Session
Traffic Types
Source Port
Destination Port
Reflector Port
SPAN Traffic
SPAN and RSPAN Interaction with Other Features
SPAN and RSPAN Session Limits
Default SPAN and RSPAN Configuration
Configuring SPAN
SPAN Configuration Guidelines
Creating a SPAN Session and Specifying Ports to Monitor
Creating a SPAN Session and Enabling Ingress Traffic
Page
Removing Ports from a SPAN Session
Configuring RSPAN
RSPAN Configuration Guidelines
Configuring a VLAN as an RSPAN VLAN
Creating an RSPAN Source Session
Creating an RSPAN Destination Session
Removing Ports from an RSPAN Session
18-17
Displaying SPAN and RSPAN Status
Page
Configuring RMON
Understanding RMON
Configuring RMON
Default RMON Configuration
Configuring RMON Alarms and Events
Page
Configuring RMON Collection on an Interface
Displaying RMON Status
Configuring System Message Logging
Understanding System Message Logging
Configuring System Message Logging
System Log Message Format
Default System Message Logging Configuration
Disabling and Enabling Message Logging
Setting the Message Display Destination Device
Page
Synchronizing Log Messages
Enabling and Disabling Timestamps on Log Messages
Enabling and Disabling Sequence Numbers in Log Messages
Defining the Message Severity Level
Page
Limiting Syslog Messages Sent to the History Table and to SNMP
Configuring UNIX Syslog Servers
Logging Messages to a UNIX Syslog Daemon
Configuring the UNIX System Logging Facility
Displaying the Logging Configuration
Configuring SNMP
Understanding SNMP
SNMP Versions
SNMP Manager Functions
SNMP Agent Functions
SNMP Community Strings
Using SNMP to Access MIB Variables
SNMP Notifications
Configuring SNMP
Default SNMP Configuration
SNMP Configuration Guidelines
Disabling the SNMP Agent
Configuring Community Strings
Configuring SNMP Groups and Users
Page
Configuring SNMP Notifications
Page
Page
Setting the Agent Contact and Location Information
Limiting TFTP Servers Used Through SNMP
SNMP Examples
Displaying SNMP Status
Page
Configuring Network Security with ACLs
Understanding ACLs
Handling Fragmented and Unfragmented Traffic
Understanding Access Control Parameters
Guidelines for Applying ACLs to Physical Interfaces
Configuring ACLs
Unsupported Features
Creating Standard and Extended IP ACLs
ACL Numbers
Creating a Numbered Standard ACL
Creating a Numbered Extended ACL
Page
Page
Creating Named Standard and Extended ACLs
Page
Applying Time Ranges to ACLs
Page
Including Comments About Entries in ACLs
Creating Named MAC Extended ACLs
Creating MAC Access Groups
Applying ACLs to Terminal Lines or Physical Interfaces
Applying ACLs to a Terminal Line
Applying ACLs to a Physical Interface
Displaying ACL Information
Displaying ACLs
Displaying Access Groups
Examples for Compiling ACLs
Numbered ACL Examples
Extended ACL Examples
Named ACL Example
Commented IP ACL Entry Examples
Page
Configuring QoS
Understanding QoS
Basic QoS Model
Classification
Classification Based on QoS ACLs
Classification Based on Class Maps and Policy Maps
Policing and Marking
Mapping Tables
Queueing and Scheduling
How Class of Service Works
Port Priority
Port Scheduling
Egress CoS Queues
Configuring Auto-QoS
Generated Auto-QoS Configuration
Page
Effects of Auto-QoS on the Configuration
Enabling Auto-QoS for VoIP
Displaying Auto-QoS Information
Auto-QoS Configuration Example
Page
Configuring Standard QoS
Default Standard QoS Configuration
Configuring Classification Using Port Trust States
Configuring the Trust State on Ports within the QoS Domain
Configuring the CoS Value for an Interface
Configuring Trusted Boundary
Page
Enabling Pass-Through Mode
Configuring a QoS Policy
Classifying Traffic by Using ACLs
Page
Page
Page
Classifying Traffic by Using Class Maps
Classifying, Policing, and Marking Traffic by Using Policy Maps
Page
Page
Configuring CoS Maps
Configuring the CoS-to-DSCP Map
Configuring the DSCP-to-CoS Map
Configuring the Egress Queues
Configuring CoS Priority Queues
Configuring WRR Priority
Enabling the Expedite Queue and Configuring WRR Priority
Displaying Standard QoS Information
Standard QoS Configuration Examples
QoS Configuration for the Existing Wiring Closet
QoS Configuration for the Intelligent Wiring Closet
Page
Page
Configuring EtherChannels and Layer 2 Trunk Failover
Understanding EtherChannels
Understanding Port-Channel Interfaces
Understanding the Port Aggregation Protocol and Link Aggregation Protocol
PAgP and LACP Modes
Exchanging PAgP Packets
Exchanging LACP Packets
Physical Learners and Aggregate-Port Learners
PAgP and LACP Interaction with Other Features
EtherChannel On Mode
Understanding Load Balancing and Forwarding Methods
Page
Configuring EtherChannels
Default EtherChannel Configuration
EtherChannel Configuration Guidelines
Configuring Layer 2 EtherChannels
Page
Configuring EtherChannel Load Balancing
Configuring the PAgP Learn Method and Priority
Configuring the LACP Port Priority
Configuring Hot Standby Ports
Configuring the LACP System Priority
Displaying EtherChannel, PAgP, and LACP Status
Understanding Layer 2 Trunk Failover
Configuring Layer 2 Trunk Failover
Default Layer 2 Trunk Failover Configuration
Layer 2 Trunk Failover Configuration Guidelines
Configuring Layer 2 Trunk Failover
Displaying Layer 2 Trunk Failover Status
Troubleshooting
Using Recovery Procedures
Recovering from a Software Failure
Recovering from Lost or Forgotten Passwords
Page
Password Recovery with Password Recovery Enabled
Procedure with Password Recovery Disabled
Page
Preventing Autonegotiation Mismatches
SFP Module Security and Identification
Diagnosing Connectivity Problems
Using Ping
Understanding Ping
Executing Ping
Using Layer 2 Traceroute
Understanding Layer 2 Traceroute
Usage Guidelines
Displaying the Physical Path
Using Debug Commands
Enabling Debugging on a Specific Feature
Enabling All-System Diagnostics
Redirecting Debug and Error Message Output
Using the debug auto qos Command
Using the crashinfo File
Page
A
Supported MIBs
MIB List
Page
Using FTP to Access the MIB Files
Page
B
Working with the Cisco IOS File System, Configuration Files, and Software Images
Working with the Flash File System
Displaying Available File Systems
Setting the Default File System
Displaying Information about Files on a File System
Changing Directories and Displaying the Working Directory
Creating and Removing Directories
Copying Files
Deleting Files
Creating, Displaying, and Extracting tar Files
Creating a tar File
Displaying the Contents of a tar File
Extracting a tar File
Displaying the Contents of a File
Working with Configuration Files
Guidelines for Creating and Using Configuration Files
Configuration File Types and Location
Creating a Configuration File By Using a Text Editor
Copying Configuration Files By Using TFTP
Preparing to Download or Upload a Configuration File By Using TFTP
Downloading the Configuration File By Using TFTP
Uploading the Configuration File By Using TFTP
Copying Configuration Files By Using FTP
Preparing to Download or Upload a Configuration File By Using FTP
Downloading a Configuration File By Using FTP
Uploading a Configuration File By Using FTP
Copying Configuration Files By Using RCP
Preparing to Download or Upload a Configuration File By Using RCP
Downloading a Configuration File By Using RCP
Uploading a Configuration File By Using RCP
Clearing Configuration Information
Clearing the Startup Configuration File
Deleting a Stored Configuration File
Working with Software Images
Image Location on the Switch
tar File Format of Images on a Server or IBM.com
Copying Image Files By Using TFTP
Preparing to Download or Upload an Image File By Using TFTP
Downloading an Image File By Using TFTP
Uploading an Image File By Using TFTP
Copying Image Files By Using FTP
Preparing to Download or Upload an Image File By Using FTP
Downloading an Image File By Using FTP
Page
Uploading an Image File By Using FTP
Copying Image Files By Using RCP
Preparing to Download or Upload an Image File By Using RCP
Downloading an Image File By Using RCP
Page
Uploading an Image File By Using RCP
Page
C
Getting Help and Technical Assistance
Before You Call
Using the Documentation
Getting Help and Information from the World Wide Web
Software Service and Support
Hardware Service and Support
D
Notices
Edition Notice
Trademarks
Page
Page
INDEX
Numerics
A
Page
B
C
D
Page
E
F
G
H
I
J
L
M
Page
N
O
P
Page
Page
Q
R
Page
S
Page
Page
T
Page
U
V
Page
W
X