Sign In
Upload
Manuals
Brands
Cisco Manuals
Network Router
Catalyst 2928
Cisco Catalyst 2928 Manuals
Manuals and User Guides for Cisco Catalyst 2928. We have
1
Cisco Catalyst 2928 manual available for free PDF download: Software Configuration Manual
Cisco Catalyst 2928 Software Configuration Manual (700 pages)
IOS Release 12.2(55)EZ
Brand:
Cisco
| Category:
Network Router
| Size: 7.64 MB
Table of Contents
Table of Contents
3
Related Publications
30
Features
33
Chapter 1 Overview
34
Management Options
35
Manageability Features
36
Availability and Redundancy Features
37
Security Features
38
Qos and Cos Features
39
Monitoring Features
40
Network Configuration Examples
43
Small to Medium-Sized Network Using Catalyst 2928 Switches
46
Campus Network Using Catalyst 2928 Switches
47
Where to Go Next
48
CHAPTER 2 Using the Command-Line Interface2-1
49
Understanding Command Modes
49
C H a P T E R 2 Using the Command-Line Interface
50
Understanding the Help System
51
Understanding Abbreviated Commands
51
Understanding no and Default Forms of Commands
52
Understanding CLI Error Messages
52
Using Configuration Logging
52
Using Command History
53
Changing the Command History Buffer Size
53
Recalling Commands
54
Disabling the Command History Feature
54
Using Editing Features
54
Enabling and Disabling Editing Features
54
Editing Commands through Keystrokes
55
Editing Command Lines that Wrap
56
Searching and Filtering Output of Show and more Commands
57
Accessing the CLI
57
Accessing the CLI through a Console Connection or through Telnet
57
Chapter 3 Assigning the Switch IP Address and Default Gateway
59
Understanding the Boot Process
59
Assigning Switch Information
60
Default Switch Information
61
Understanding DHCP-Based Autoconfiguration
61
DHCP Client Request Process
62
Understanding DHCP-Based Autoconfiguration and Image Update
62
DHCP Auto-Image Update
63
DHCP Autoconfiguration
63
Limitations and Restrictions
63
Configuring DHCP-Based Autoconfiguration
64
Configuring the TFTP Server
64
DHCP Server Configuration Guidelines
64
Configuring the DNS
65
Configuring the Relay Device
65
Obtaining Configuration Files
66
Example Configuration
67
Configuring the DHCP Auto Configuration and Image Update Features
69
Configuring DHCP Autoconfiguration (Only Configuration File)
69
Configuring DHCP Auto-Image Update (Configuration File and Image)
70
Configuring the Client
71
Manually Assigning IP Information
72
Checking and Saving the Running Configuration
72
Modifying the Startup Configuration
73
Default Boot Configuration
74
Automatically Downloading a Configuration File
74
Specifying the Filename to Read and Write the System Configuration
74
Booting Manually
75
Booting a Specific Software Image
76
Controlling Environment Variables
76
Scheduling a Reload of the Software Image
78
Configuring a Scheduled Reload
78
Displaying Scheduled Reload Information
79
Chapter 4 Configuring Cisco IOS CNS Agents
81
Understanding Cisco Configuration Engine Software
81
Configuration Service
82
Chapter 4 Configuring Cisco IO CN Agent
82
Event Service
83
Namespace Mapper
83
What You Should Know about the CNS Ids and Device Hostnames
83
Configid
83
Deviceid
84
Hostname and Deviceid
84
Using Hostname, Deviceid, and Configid
84
Understanding Cisco IOS Agents
85
Initial Configuration
85
Incremental (Partial) Configuration
86
Synchronized Configuration
86
Configuring Cisco IOS Agents
86
Enabling Automated CNS Configuration
86
Enabling the CNS Event Agent
87
Enabling the Cisco IOS CNS Agent
88
Enabling an Initial Configuration
89
Enabling a Partial Configuration
91
Displaying CNS Configuration
92
Chapter 5 Clustering Switches
93
Understanding Switch Clusters
93
Cluster Command Switch Characteristics
94
Standby Cluster Command Switch Characteristics
95
Candidate Switch and Cluster Member Switch Characteristics
95
Planning a Switch Cluster
96
Automatic Discovery of Cluster Candidates and Members
96
Discovery through CDP Hops
96
Discovery through Non-CDP-Capable and Noncluster-Capable Devices
97
Discovery through Different Vlans
98
Discovery through Different Management Vlans
99
Discovery of Newly Installed Switches
100
HSRP and Standby Cluster Command Switches
101
Other Considerations for Cluster Standby Groups
102
Virtual IP Addresses
102
Automatic Recovery of Cluster Configuration
103
IP Addresses
104
Hostnames
104
Passwords
104
SNMP Community Strings
105
TACACS+ and RADIUS
105
LRE Profiles
105
Using the CLI to Manage Switch Clusters
105
Catalyst 1900 and Catalyst 2820 CLI Considerations
106
Using SNMP to Manage Switch Clusters
106
Chapter 6 Configuring SDM Templates
109
Understanding the SDM Templates
109
Configuring the Switch SDM Template
110
Default SDM Template
110
SDM Template Configuration Guidelines
110
Displaying the SDM Templates
111
Managing the System Time and Date
113
Understanding Network Time Protocol
114
Chapter 7 Administering the Switch
114
Configuring NTP
116
Default NTP Configuration
116
Configuring NTP Authentication
116
Configuring NTP Associations
117
Configuring NTP Broadcast Service
118
Configuring NTP Access Restrictions
120
Configuring the Source IP Address for NTP Packets
122
Displaying the NTP Configuration
123
Configuring Time and Date Manually
123
Setting the System Clock
123
Displaying the Time and Date Configuration
124
Configuring the Time Zone
124
Configuring Summer Time (Daylight Saving Time)
125
Configuring a System Name and Prompt
126
Default System Name and Prompt Configuration
127
Configuring a System Name
127
Understanding DNS
127
Default DNS Configuration
128
Setting up DNS
128
Displaying the DNS Configuration
129
Creating a Banner
129
Default Banner Configuration
129
Configuring a Message-Of-The-Day Login Banner
129
Configuring a Login Banner
130
Managing the MAC Address Table
131
Building the Address Table
132
MAC Addresses and Vlans
132
Default MAC Address Table Configuration
132
Changing the Address Aging Time
132
Removing Dynamic Address Entries
133
Configuring MAC Address Notification Traps
133
Adding and Removing Static Address Entries
135
Configuring Unicast MAC Address Filtering
136
Displaying Address Table Entries
138
Managing the ARP Table
138
Chapter 8 Configuring Switch-Based Authentication
139
Preventing Unauthorized Access to Your Switch
139
Protecting Access to Privileged EXEC Commands
140
Default Password and Privilege Level Configuration
140
Setting or Changing a Static Enable Password
141
Protecting Enable and Enable Secret Passwords with Encryption
141
Disabling Password Recovery
143
Setting a Telnet Password for a Terminal Line
144
Configuring Username and Password Pairs
144
Configuring Multiple Privilege Levels
145
Setting the Privilege Level for a Command
146
Changing the Default Privilege Level for Lines
147
Logging into and Exiting a Privilege Level
147
Controlling Switch Access with TACACS
148
Understanding TACACS
148
TACACS+ Operation
150
Configuring TACACS
150
Default TACACS+ Configuration
151
Identifying the TACACS+ Server Host and Setting the Authentication Key
151
Configuring TACACS+ Login Authentication
152
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services
154
Starting TACACS+ Accounting
155
Displaying the TACACS+ Configuration
155
Controlling Switch Access with RADIUS
155
Understanding RADIUS
156
RADIUS Operation
157
Configuring RADIUS
158
Displaying the RADIUS Configuration
169
Default RADIUS Configuration
158
Identifying the RADIUS Server Host
158
Configuring RADIUS Login Authentication
161
Defining AAA Server Groups
163
Configuring RADIUS Authorization for User Privileged Access and Network Services
165
Starting RADIUS Accounting
166
Configuring Settings for All RADIUS Servers
167
Configuring the Switch to Use Vendor-Specific RADIUS Attributes
167
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication
169
Configuring the Switch for Local Authentication and Authorization
170
Configuring the Switch for Secure Shell
171
SSH Servers, Integrated Clients, and Supported Versions
171
Understanding SSH
171
Configuration Guidelines
172
Configuring SSH
172
Limitations
172
Setting up the Switch to Run SSH
173
Configuring the SSH Server
174
Displaying the SSH Configuration and Status
174
Configuring the Switch for Secure Socket Layer HTTP
175
Certificate Authority Trustpoints
175
Understanding Secure HTTP Servers and Clients
175
Ciphersuites
177
Configuring Secure HTTP Servers and Clients
177
Default SSL Configuration
177
Configuring a CA Trustpoint
178
SSL Configuration Guidelines
178
Configuring the Secure HTTP Server
179
Configuring the Secure HTTP Client
180
Displaying Secure HTTP Server and Client Status
181
Configuring the Switch for Secure Copy Protocol
181
Information about Secure Copy
182
CHAPTER 9 Configuring IEEE 802.1X Port-Based Authentication9-1
184
Understanding IEEE 802.1X Port-Based Authentication
184
Device Roles
184
Authentication Process
185
Authentication Initiation and Message Exchange
187
Ports in Authorized and Unauthorized States
189
IEEE 802.1X Host Mode
189
IEEE 802.1X Accounting
190
IEEE 802.1X Accounting Attribute-Value Pairs
190
Using IEEE 802.1X Authentication with VLAN Assignment
191
Using IEEE 802.1X Authentication with Guest VLAN
193
Using IEEE 802.1X Authentication with Restricted VLAN
194
Using IEEE 802.1X Authentication with Voice VLAN Ports
195
Using IEEE 802.1X Authentication with Port Security
195
Using IEEE 802.1X Authentication with MAC Authentication Bypass
196
802.1X Authentication with Restricted VLAN
197
Common Session ID
198
Configuring IEEE 802.1X Authentication
199
Default IEEE 802.1X Authentication Configuration
199
Table
200
IEEE 802.1X Authentication Configuration Guidelines
201
IEEE 802.1X Authentication
201
VLAN Assignment and Guest VLAN
202
MAC Authentication Bypass
202
Configuring IEEE 802.1X Authentication
202
Upgrading from a Previous Software Release
202
Configuring the Switch-To-RADIUS-Server Communication
204
Configuring the Host Mode
205
Configuring Periodic Re-Authentication
206
Manually Re-Authenticating a Client Connected to a Port
206
Changing the Quiet Period
207
Changing the Switch-To-Client Retransmission Time
207
Setting the Switch-To-Client Frame-Retransmission Number
208
Setting the Re-Authentication Number
209
Configuring IEEE 802.1X Accounting
209
Configuring a Guest VLAN
210
Configuring a Restricted VLAN
211
Configuring MAC Authentication Bypass
213
Disabling IEEE 802.1X Authentication on the Port
213
Displaying IEEE 802.1X Statistics and Status
214
Resetting the IEEE 802.1X Authentication Configuration to the Default Values
214
CHAPTER 10 Configuring Web-Based Authentication
215
Understanding Web-Based Authentication
215
Device Roles
216
Host Detection
216
Configuring Web-Based Authentication
216
Session Creation
217
Authentication Process
217
Local Web Authentication Banner
218
Guidelines
220
Web Authentication Customizable Web Pages
220
Web-Based Authentication Interactions with Other Features
221
Port Security
221
Acls
222
Authentication
222
Context-Based Access Control
222
Etherchannel
222
Gateway IP
222
LAN Port IP
222
Configuring Web-Based Authentication
222
Default Web-Based Authentication Configuration
223
Web-Based Authentication Configuration Guidelines and Restrictions
223
Configuring the Authentication Rule and Interfaces
224
Web-Based Authentication Configuration Task List
224
Configuring AAA Authentication
225
Configuring Switch-To-RADIUS-Server Communication
225
Configuring the HTTP Server
227
Specifying a Redirection URL for Successful Login
227
Configuring an AAA Fail Policy
229
Configuring a Web Authentication Local Banner
230
Configuring the Web-Based Authentication Parameters
230
Displaying Web-Based Authentication Status
231
Removing Web-Based Authentication Cache Entries
231
Chapter 11 Configuring Portal-Based Authentication
233
Understanding Portal-Based Authentication
233
Configuring Portal-Based Authentication
234
Default Portal-Based Authentication Configuration
234
Enabling Portal-Based Authentication on the Switch
235
Enabling Portal-Based Authentication on an Interface
236
Configuring the Switch-To-RADIUS-Server Communication
236
Monitoring Portal-Based Authentication
238
CHAPTER 12 Configuring Interface Characteristics12-1
239
Understanding Interface Types
239
Port-Based Vlans
240
Switch Ports
240
Access Ports
240
C H a P T E R 12 Configuring Interface Characteristics
240
Trunk Ports
241
Power over Ethernet (Poe) Ports (WS-C2928-24LT-C Only)
242
Supported Protocols and Standards
242
Power Management Modes
243
Powered-Device Detection and Initial Power Allocation
243
Power Monitoring and Power Policing
244
Connecting Interfaces
247
Using Interface Configuration Mode
247
Configuring a Range of Interfaces
248
Procedures for Configuring Interfaces
248
Configuring and Using Interface Range Macros
250
Configuring Ethernet Interfaces
252
Default Ethernet Interface Configuration
252
Setting the Type of a Dual-Purpose Uplink Port
253
Configuring Interface Speed and Duplex Mode
255
Speed and Duplex Configuration Guidelines
255
Setting the Interface Speed and Duplex Parameters
256
Configuring IEEE 802.3X Flow Control
257
Configuring Auto-MDIX on an Interface
258
Configuring a Power Management Mode on a Poe Port
259
Budgeting Power for Devices Connected to a Poe Port
260
Configuring Power Policing
262
Adding a Description for an Interface
263
Configuring the System MTU
264
Monitoring and Maintaining the Interfaces
265
Clearing and Resetting Interfaces and Counters
266
Monitoring Interface Status
266
Table
266
Shutting down and Restarting the Interface
267
Chapter 13 Configuring Vlans
269
Chapter 13, "Configuring Vlans
269
Understanding Vlans
269
Supported Vlans
270
VLAN Port Membership Modes
271
Section on Page
271
Configuring Normal-Range Vlans
272
Token Ring Vlans
273
Normal-Range VLAN Configuration Guidelines
273
Saving VLAN Configuration
274
Default Ethernet VLAN Configuration
274
Creating or Modifying an Ethernet VLAN
275
Deleting a VLAN
276
Assigning Static-Access Ports to a VLAN
277
Configuring Extended-Range Vlans
278
Default VLAN Configuration
278
Extended-Range VLAN Configuration Guidelines
278
Creating an Extended-Range VLAN
279
Displaying Vlans
280
Configuring VLAN Trunks
280
Trunking Overview
280
IEEE 802.1Q Configuration Considerations
281
Default Layer 2 Ethernet Interface VLAN Configuration
282
Configuring an Ethernet Interface as a Trunk Port
282
Interaction with Other Features
282
Configuring a Trunk Port
283
Defining the Allowed Vlans on a Trunk
284
Changing the Pruning-Eligible List
285
Configuring the Native VLAN for Untagged Traffic
285
Configuring Trunk Ports for Load Sharing
286
Load Sharing Using STP Port Priorities
286
Load Sharing Using STP Path Cost
288
Configuring VMPS
289
Understanding VMPS
290
Dynamic-Access Port VLAN Membership
290
Default VMPS Client Configuration
291
VMPS Configuration Guidelines
291
Configuring the VMPS Client
292
Configuring Dynamic-Access Ports on VMPS Clients
292
Entering the IP Address of the VMPS
292
Changing the Reconfirmation Interval
293
Reconfirming VLAN Memberships
293
Changing the Retry Count
294
Monitoring the VMPS
294
Troubleshooting Dynamic-Access Port VLAN Membership
295
VMPS Configuration Example
295
Chapter 14 Configuring VTP
297
Understanding VTP
297
The VTP Domain
298
VTP Modes
299
VTP Advertisements
299
VTP Version 2
300
VTP Pruning
300
Configuring VTP
300
VTP Configuration Guidelines
303
Domain Names
303
Passwords
303
Configuration Requirements
304
VTP Version
304
Configuring a VTP Server
304
Configuring a VTP Client
305
Disabling VTP (VTP Transparent Mode)
306
Enabling VTP Version 2
307
Enabling VTP Pruning
308
Monitoring VTP
310
Adding a VTP Client Switch to a VTP Domain
308
Chapter 15 Configuring Voice VLAN
311
Understanding Voice VLAN
311
Cisco IP Phone Voice Traffic
312
Cisco IP Phone Data Traffic
312
Configuring Voice VLAN
313
Default Voice VLAN Configuration
313
Voice VLAN Configuration Guidelines
313
Configuring a Port Connected to a Cisco 7960 IP Phone
314
Configuring Cisco IP Phone Voice Traffic
315
Displaying Voice VLAN
316
Configuring STP
317
Understanding Spanning-Tree Features
317
Chapter 16 Configuring STP
318
Understanding Spanning-Tree Features
318
STP Overview
318
Spanning-Tree Topology and Bpdus
318
Bridge ID, Switch Priority, and Extended System ID
319
Spanning-Tree Interface States
320
Blocking State
321
Disabled State
322
Forwarding State
322
Learning State
322
Listening State
322
How a Switch or Port Becomes the Root Switch or Root Port
323
Spanning Tree and Redundant Connectivity
323
Spanning-Tree Address Management
324
Accelerated Aging to Retain Connectivity
324
Spanning-Tree Modes and Protocols
325
Supported Spanning-Tree Instances
325
Spanning-Tree Interoperability and Backward Compatibility
326
STP and IEEE 802.1Q Trunks
326
Configuring Spanning-Tree Features
326
Default Spanning-Tree Configuration
327
Spanning-Tree Configuration Guidelines
328
Changing the Spanning-Tree Mode
329
Configuring the Root Switch
330
Disabling Spanning Tree
330
Configuring a Secondary Root Switch
332
Configuring Port Priority
332
Configuring Path Cost
334
Configuring the Switch Priority of a VLAN
335
Configuring Spanning-Tree Timers
336
Configuring the Hello Time
336
Configuring the Forwarding-Delay Time for a VLAN
337
Configuring the Maximum-Aging Time for a VLAN
337
Configuring the Transmit Hold-Count
338
Displaying the Spanning-Tree Status
338
Chapter 17 Configuring MSTP
339
Understanding MSTP
340
Multiple Spanning-Tree Regions
340
IST, CIST, and CST
340
Operations between MST Regions
341
Operations Within an MST Region
341
IEEE 802.1S Terminology
343
Hop Count
343
Boundary Ports
344
IEEE 802.1S Implementation
344
Port Role Naming Change
344
Detecting Unidirectional Link Failure
345
Interoperation between Legacy and Standard Switches
345
Interoperability with IEEE 802.1D STP
346
Understanding RSTP
346
Port Roles and the Active Topology
347
Rapid Convergence
347
Synchronization of Port Roles
349
Bridge Protocol Data Unit Format and Processing
350
Processing Superior BPDU Information
350
Processing Inferior BPDU Information
351
Topology Changes
351
Configuring MSTP Features
351
Default MSTP Configuration
352
MSTP Configuration Guidelines
352
Specifying the MST Region Configuration and Enabling MSTP
353
Configuring the Root Switch
355
Configuring a Secondary Root Switch
356
Configuring Port Priority
357
Configuring Path Cost
358
Configuring the Switch Priority
359
Configuring the Hello Time
360
Configuring the Forwarding-Delay Time
361
Configuring the Maximum-Aging Time
361
Configuring the Maximum-Hop Count
362
Specifying the Link Type to Ensure Rapid Transitions
362
Designating the Neighbor Type
363
Restarting the Protocol Migration Process
363
Displaying the MST Configuration and Status
364
CHAPTER 18 Configuring Optional Spanning-Tree Features
365
Understanding Optional Spanning-Tree Features
365
Understanding Port Fast
366
Understanding BPDU Guard
366
C H a P T E R 18 Configuring Optional Spanning-Tree Features
366
Understanding BPDU Filtering
367
Understanding Uplinkfast
367
Understanding Backbonefast
369
Understanding Etherchannel Guard
371
Understanding Root Guard
372
Understanding Loop Guard
373
Configuring Optional Spanning-Tree Features
373
Default Optional Spanning-Tree Configuration
373
Optional Spanning-Tree Configuration Guidelines
374
Enabling Port Fast
374
Enabling BPDU Guard
375
Enabling BPDU Filtering
376
Enabling Uplinkfast for Use with Redundant Links
377
Enabling Backbonefast
377
Enabling Etherchannel Guard
378
Enabling Root Guard
379
Enabling Loop Guard
379
Displaying the Spanning-Tree Status
380
CHAPTER 19 Configuring DHCP Features and IP Source Guard Features
381
Understanding DHCP Snooping
381
DHCP Server
382
DHCP Relay Agent
382
DHCP Snooping
382
C H a P T E R 19 Configuring DHCP Features and IP Source Guard Features
382
Option-82 Data Insertion
384
DHCP Snooping Binding Database
387
Configuring DHCP Snooping
388
Default DHCP Snooping Configuration
388
DHCP Snooping Configuration Guidelines
389
Configuring the DHCP Relay Agent
390
Enabling DHCP Snooping and Option 82
391
Enabling the DHCP Snooping Binding Database Agent
392
Displaying DHCP Snooping Information
393
Understanding IP Source Guard
393
Source IP Address Filtering
394
Source IP and MAC Address Filtering
394
IP Source Guard for Static Hosts
395
Configuring IP Source Guard
395
Default IP Source Guard Configuration
396
IP Source Guard Configuration Guidelines
396
Enabling IP Source Guard
396
Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port
398
Displaying IP Source Guard Information
401
Understanding DHCP Server Port-Based Address Allocation
401
Configuring DHCP Server Port-Based Address Allocation
402
Default Port-Based Address Allocation Configuration
402
Port-Based Address Allocation Configuration Guidelines
402
Enabling DHCP Server Port-Based Address Allocation
403
Displaying DHCP Server Port-Based Address Allocation
405
Chapter 20 Configuring Dynamic ARP Inspection
407
Understanding Dynamic ARP Inspection
407
Interface Trust States and Network Security
409
Rate Limiting of ARP Packets
410
Relative Priority of ARP Acls and DHCP Snooping Entries
410
Logging of Dropped Packets
410
Configuring Dynamic ARP Inspection
411
Default Dynamic ARP Inspection Configuration
411
Dynamic ARP Inspection Configuration Guidelines
412
Configuring Dynamic ARP Inspection in DHCP Environments
413
Configuring ARP Acls for Non-DHCP Environments
414
Limiting the Rate of Incoming ARP Packets
416
Performing Validation Checks
417
Configuring the Log Buffer
418
Displaying Dynamic ARP Inspection Information
420
Chapter 21 Configuring IGMP Snooping
423
Understanding IGMP Snooping
423
IGMP Versions
424
Joining a Multicast Group
425
Leaving a Multicast Group
426
Immediate Leave
427
IGMP Configurable-Leave Timer
427
IGMP Report Suppression
427
Configuring IGMP Snooping
428
Default IGMP Snooping Configuration
428
Enabling or Disabling IGMP Snooping
428
Setting the Snooping Method
429
Configuring a Multicast Router Port
430
Configuring a Host Statically to Join a Group
431
Enabling IGMP Immediate Leave
431
Configuring the IGMP Leave Timer
432
Configuring TCN-Related Commands
433
Controlling the Multicast Flooding Time after a TCN Event
433
Disabling Multicast Flooding During a TCN Event
434
Recovering from Flood Mode
434
Configuring the IGMP Snooping Querier
435
Disabling IGMP Report Suppression
436
Displaying IGMP Snooping Information
436
Configuring IGMP Filtering and Throttling
438
Default IGMP Filtering and Throttling Configuration
438
Configuring IGMP Profiles
439
Applying IGMP Profiles
440
Setting the Maximum Number of IGMP Groups
441
Configuring the IGMP Throttling Action
441
Displaying IGMP Filtering and Throttling Configuration
442
CHAPTER 22 Configuring Port-Based Traffic Control22-1
445
Configuring Storm Control
445
Understanding Storm Control
445
Default Storm Control Configuration
447
Configuring Storm Control and Threshold Levels
447
C H a P T E R 22 Configuring Port-Based Traffic Control
447
Configuring Small-Frame Arrival Rate
449
Configuring Protected Ports
450
Default Protected Port Configuration
450
Protected Port Configuration Guidelines
450
Configuring a Protected Port
451
Configuring Port Blocking
451
Default Port Blocking Configuration
451
Blocking Flooded Traffic on an Interface
451
Configuring Port Security
452
Understanding Port Security
453
Secure MAC Addresses
453
Security Violations
454
Default Port Security Configuration
455
Port Security Configuration Guidelines
455
Enabling and Configuring Port Security
456
Enabling and Configuring Port Security Aging
461
Displaying Port-Based Traffic Control Settings
462
Chapter 23 Configuring CDP
463
Understanding CDP
463
Configuring CDP
464
Default CDP Configuration
464
Configuring the CDP Characteristics
464
Disabling and Enabling CDP
465
Disabling and Enabling CDP on an Interface
466
Monitoring and Maintaining CDP
467
Chapter 24 Configuring LLDP and LLDP-MED
469
Understanding LLDP and LLDP-MED
469
Lldp
469
Lldp-Med
470
Configuring LLDP and LLDP-MED
471
Configuration Guidelines
471
Default LLDP Configuration
471
Configuring LLDP and LLDP-MED
472
Configuring LLDP Characteristics
472
Enabling LLDP
472
Configuring LLDP-MED Tlvs
473
Configuring Network-Policy TLV
474
Monitoring and Maintaining LLDP and LLDP-MED
476
Chapter 25 Configuring UDLD
477
Understanding UDLD
477
Modes of Operation
477
Methods to Detect Unidirectional Links
478
Configuring UDLD
479
Default UDLD Configuration
480
Configuration Guidelines
480
Enabling UDLD Globally
481
Enabling UDLD on an Interface
481
Resetting an Interface Disabled by UDLD
482
Displaying UDLD Status
482
Chapter 26 Configuring SPAN
483
Understanding SPAN
483
Local SPAN
484
SPAN Concepts and Terminology
484
SPAN Sessions
484
Monitored Traffic
485
Source Ports
486
Source Vlans
486
Destination Port
487
VLAN Filtering
487
SPAN Interaction with Other Features
488
Configuring SPAN
489
Default SPAN Configuration
489
Configuring Local SPAN
489
SPAN Configuration Guidelines
489
Creating a Local SPAN Session
490
Creating a Local SPAN Session and Configuring Incoming Traffic
493
Specifying Vlans to Filter
494
Displaying SPAN Status
495
Chapter 27 Configuring RMON
497
Understanding RMON
497
Configuring RMON
498
Default RMON Configuration
499
Configuring RMON Alarms and Events
499
Collecting Group History Statistics on an Interface
501
Collecting Group Ethernet Statistics on an Interface
501
Displaying RMON Status
502
Chapter 28 Configuring System Message Logging
503
Understanding System Message Logging
503
Configuring System Message Logging
504
System Log Message Format
504
Default System Message Logging Configuration
505
Disabling Message Logging
505
Setting the Message Display Destination Device
506
Synchronizing Log Messages
507
Enabling and Disabling Time Stamps on Log Messages
509
Enabling and Disabling Sequence Numbers in Log Messages
509
Defining the Message Severity Level
510
Limiting Syslog Messages Sent to the History Table and to SNMP
511
Enabling the Configuration-Change Logger
512
Configuring UNIX Syslog Servers
513
Logging Messages to a UNIX Syslog Daemon
513
Configuring the UNIX System Logging Facility
514
Displaying the Logging Configuration
515
Understanding SNMP
517
SNMP Versions
518
Chapter 29 Configuring SNMP
518
SNMP Manager Functions
519
SNMP Agent Functions
520
SNMP Community Strings
520
Using SNMP to Access MIB Variables
520
SNMP Notifications
521
SNMP Ifindex MIB Object Values
521
Default SNMP Configuration
522
SNMP Configuration Guidelines
523
Disabling the SNMP Agent
523
Configuring Community Strings
524
Configuring SNMP Groups and Users
525
Configuring SNMP Notifications
527
Setting the Agent Contact and Location Information
531
Limiting TFTP Servers Used through SNMP
531
SNMP Examples
532
Displaying SNMP Status
533
Chapter 30 Configuring Network Security with Acls
535
Understanding Acls
535
ACL Overview
536
Port Acls
536
Handling Fragmented and Unfragmented Traffic
537
Configuring Ipv4 Acls
538
Creating Standard and Extended Ipv4 Acls
539
Access List Numbers
539
Creating a Numbered Standard ACL
540
Creating a Numbered Extended ACL
541
Creating Named Standard and Extended Acls
546
Resequencing Aces in an ACL
546
Using Time Ranges with Acls
548
Including Comments in Acls
549
Applying an Ipv4 ACL to a Terminal Line
550
Applying an Ipv4 ACL to a VLAN Interface
550
Hardware and Software Treatment of IP Acls
551
Troubleshooting Acls
552
Ipv4 ACL Configuration Examples
552
Extended Acls
553
Named Acls
553
Numbered Acls
553
Commented IP ACL Entries
554
Time Range Applied to an IP ACL
554
Displaying Ipv4 ACL Configuration
555
Chapter 31 Configuring Qos
557
Understanding Qos
557
Basic Qos Model
559
Classification
559
Queueing Overview
560
Queueing on Ingress Queues
560
Weighted Tail Drop
560
Queueing on Egress Queues
561
Packet Modification
562
Configuring Standard Qos
562
Default Standard Qos Configuration
563
Default Egress Queue Configuration
563
Default Ingress Queue Configuration
563
General Qos Guidelines
564
Enabling Qos Globally
565
Configuring Classification Using Port Trust States
565
Configuring the Trust State on Ports Within the Qos Domain
565
Configuring the Cos Value for an Interface
567
Enabling DSCP Transparency Mode
567
Configuring Ingress Queue Characteristics
568
Mapping Cos Values to an Ingress Queue
568
Configuring the Ingress Priority Queue
569
Configuring Egress Queue Characteristics
570
Configuration Guidelines
571
Mapping Cos Values to an Egress Queue and to a Threshold ID
571
Configuring the Egress Expedite Queue
572
Displaying Standard Qos Information
573
CHAPTER 32 Configuring Etherchannels32-1
575
Understanding Etherchannels
575
Etherchannel Overview
576
C H a P T E R 32 Configuring Etherchannels
576
Port-Channel Interfaces
577
Port Aggregation Protocol
578
Pagp Modes
578
Pagp Interaction with Other Features
579
Link Aggregation Control Protocol
579
LACP Modes
579
LACP Interaction with Other Features
580
Etherchannel on Mode
580
Load Balancing and Forwarding Methods
580
Configuring Etherchannels
582
Default Etherchannel Configuration
583
Etherchannel Configuration Guidelines
583
Configuring Layer 2 Etherchannels
584
Configuring Etherchannel Load Balancing
586
Configuring the Pagp Learn Method and Priority
587
Configuring LACP Hot-Standby Ports
588
Configuring the LACP Port Priority
589
Configuring the LACP System Priority
589
Displaying Etherchannel, Pagp, and LACP Status
590
Chapter 33 Troubleshooting
593
Recovering from a Software Failure
594
Recovering from a Lost or Forgotten Password
595
Procedure with Password Recovery Enabled
596
Procedure with Password Recovery Disabled
598
Recovering from a Command Switch Failure
599
Replacing a Failed Command Switch with a Cluster Member
600
Replacing a Failed Command Switch with Another Switch
601
Recovering from Lost Cluster Member Connectivity
603
Preventing Autonegotiation Mismatches
603
Troubleshooting Power over Ethernet Switch Ports
603
Disabled Port Caused by Power Loss
604
Disabled Port Caused by False Link up
604
SFP Module Security and Identification
604
Monitoring SFP Module Status
605
Using Ping
605
Understanding Ping
605
Executing Ping
605
Using Layer 2 Traceroute
606
Understanding Layer 2 Traceroute
606
Usage Guidelines
607
Displaying the Physical Path
607
Using IP Traceroute
608
Understanding IP Traceroute
608
Executing IP Traceroute
609
Using TDR
610
Understanding TDR
610
Running TDR and Displaying the Results
610
Using Debug Commands
610
Enabling Debugging on a Specific Feature
611
Enabling All-System Diagnostics
611
Redirecting Debug and Error Message Output
612
Using the Show Platform Forward Command
612
Using the Crashinfo Files
614
Basic Crashinfo Files
614
Extended Crashinfo Files
614
Memory Consistency Check Routines
615
Troubleshooting Tables
616
Troubleshooting CPU Utilization
616
Possible Symptoms of High CPU Utilization
616
Verifying the Problem and Cause
616
Troubleshooting Power over Ethernet (Poe)
617
Appendix
621
Supported Mibs
621
MIB List
621
Appendix A Supported MIB
622
Using FTP to Access the MIB Files
623
Appendix
625
Working with the Cisco IOS File System, Configuration Files, and Software Images
625
Working with the Flash File System
625
Displaying Available File Systems
626
Setting the Default File System
627
Displaying Information about Files on a File System
627
Changing Directories and Displaying the Working Directory
627
A P P E N D I X B Working with the Cisco IOS File System, Configuration Files, and Software Images
627
Creating and Removing Directories
628
Copying Files
628
Deleting Files
629
Creating, Displaying, and Extracting Tar Files
629
Creating a Tar File
630
Displaying the Contents of a Tar File
630
Extracting a Tar File
631
Displaying the Contents of a File
631
Working with Configuration Files
632
Guidelines for Creating and Using Configuration Files
632
Configuration File Types and Location
632
Creating a Configuration File by Using a Text Editor
632
Copying Configuration Files by Using TFTP
632
Downloading the Configuration File by Using TFTP
634
Preparing to Download or Upload a Configuration File by Using TFTP
634
Uploading the Configuration File by Using TFTP
634
Copying Configuration Files by Using FTP
636
Downloading a Configuration File by Using FTP
636
Preparing to Download or Upload a Configuration File by Using FTP
636
Uploading a Configuration File by Using FTP
636
Copying Configuration Files by Using RCP
639
Downloading a Configuration File by Using RCP
639
Preparing to Download or Upload a Configuration File by Using RCP
639
Uploading a Configuration File by Using RCP
639
Clearing Configuration Information
642
Clearing the Startup Configuration File
642
Deleting a Stored Configuration File
642
Working with Software Images
643
Image Location on the Switch
643
Tar File Format of Images on a Server or Cisco.com
643
Copying Image Files by Using TFTP
643
Preparing to Download or Upload an Image File by Using TFTP
645
Downloading an Image File by Using TFTP
646
Uploading an Image File by Using TFTP
648
Copying Image Files by Using FTP
648
Downloading an Image File by Using FTP
648
Preparing to Download or Upload an Image File by Using FTP
648
Uploading an Image File by Using FTP
648
Copying Image Files by Using RCP
652
Downloading an Image File by Using RCP
653
Preparing to Download or Upload an Image File by Using RCP
653
Uploading an Image File by Using RCP
653
Appendix
659
Unsupported Commands in Cisco IOS Release 12.2(55)EZ
659
Access Control Lists
659
Unsupported Privileged EXEC Commands
659
Unsupported Global Configuration Commands
659
Unsupported Route-Map Configuration Commands
659
Boot Loader Commands
660
Unsupported Global Configuration Commands
660
Debug Commands
660
Unsupported Privileged EXEC Commands
660
IEEE 802.1X Commands
660
Unsupported Privileged EXEC Command
660
Unsupported Global Configuration Command
660
IGMP Snooping Commands
660
Interface Commands
660
A P P E N D I X C Unsupported Commands in Cisco IOS Release 12.2(55)EZ
660
Unsupported Global Configuration Commands
661
Unsupported Interface Configuration Commands
661
MAC Address Commands
661
Unsupported Privileged EXEC Commands
661
Miscellaneous
662
Unsupported Privileged EXEC Commands
662
Unsupported Global Configuration Commands
662
Network Address Translation (NAT) Commands
662
Qos
662
Unsupported Global Configuration Command
662
Unsupported Interface Configuration Commands
662
Unsupported Policy-Map Configuration Command
662
Radius
663
Unsupported Global Configuration Commands
663
Snmp
663
Spanning Tree
663
Unsupported Global Configuration Command
663
Unsupported Interface Configuration Command
663
Vlan
663
Unsupported Vlan-Config Command
664
Unsupported User EXEC Commands
664
Vtp
664
Unsupported Privileged EXEC Commands
664
I N D E X
665
Advertisement
Advertisement
Related Products
Cisco 2900 - Catalyst Expansion Module
Cisco Cisco 2900 series
Cisco 2901
Cisco 2911
Cisco 2921
Cisco 2951
Cisco MWR 2941-DC-A
Cisco 2600-DC Series
Cisco 2651
Cisco CE 2000 Platform SCE 2000 4xGBE
Cisco Categories
Switch
IP Phone
Network Router
Wireless Access Point
Conference System
More Cisco Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL