LAN Switching Configuration Guide, Cisco IOS Release 15M&T
Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards
Downloads: This chapterpdf (PDF - 2.14MB) The complete bookPDF (PDF - 4.24MB) | The complete bookePub (ePub - 934.0KB) | Feedback

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards

Contents

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards

This document provides configuration tasks for the 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high-speed WAN interface cards (HWICs) hardware feature supported on the Cisco 1800 (modular), Cisco 2800, and Cisco 3800 series Integrated Services Routers.

Cisco EtherSwitch HWICs are 10/100BASE-T Layer 2 Ethernet switches with Layer 3 routing capability. (Layer 3 routing is forwarded to the host and is not actually performed at the device.) Traffic between different VLANs on a device is routed through the device platform. Any one port on a Cisco EtherSwitch HWIC may be configured as a stacking port to link to another Cisco EtherSwitch HWIC or EtherSwitch network module in the same system. An optional power module can also be added to provide inline power for IP telephones. The HWIC-D-9ESW HWIC requires a double-wide card slot.

This hardware feature does not introduce any new or modified Cisco commands.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for EtherSwitch HWICs

  • Configuration of IP routing. See the IP Routing: Protocol-Independent Configuration Guide for the Cisco software release you are using.
  • Depending on your release, see the Cisco software documentation for the support of Cisco HWIC-4ESW and Cisco HWIC-D-9ESW.

Restrictions for EtherSwitch HWICs

  • Not more than two EtherSwitch HWICs or network modules must be installed in a host device. Multiple EtherSwitch HWICs or network modules installed in a host device will not act independently of each other. They must be stacked, as they will not work otherwise.
  • The ports of a Cisco EtherSwitch HWIC must not be connected to the Fast Ethernet/Gigabit onboard ports of the device.
  • There must not be inline power on the ninth port (port 8) of the HWIC-D-9ESW card.
  • There must not be Auto MDIX support on the ninth port (port 8) of the HWIC-D-9ESW card when either speed or duplex is not set to auto.
  • There must not be support for online insertion/removal (OIR) of the EtherSwitch HWICs.
  • When EtherSwitches have been installed and configured in a host device, OIR of the CompactFlash memory card in the device must not occur. OIR of the CompactFlash memory card will compromise the configuration of the EtherSwitches.
  • VLAN Trunking Protocol (VTP) pruning is not supported.
  • There is a limit of 200 secure MAC addresses per module that can be supported by an EtherSwitch HWIC.
  • Maximum traffic for a secure MAC address is 8 Mb/s.

Prerequisites for Installing Two EtherSwitch Network Modules in a Single Chassis

A maximum of two EtherSwitch network modules can be installed in a single chassis. If two EtherSwitch network modules of any type are installed in the same chassis, the following configuration requirements must be met:

  • Both EtherSwitch network modules must have an optional Gigabit Ethernet expansion board installed.
  • An Ethernet crossover cable must be connected to the two EtherSwitch network modules using the optional Gigabit Ethernet expansion board ports.
  • Intra-chassis stacking for the optional Gigabit Ethernet expansion board ports must be configured. For information about intra-chassis stacking configuration, see the “16- and 36-Port EtherSwitch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series” feature module.

Note


Without this configuration and connection, duplications will occur in the VLAN databases, and unexpected packet handling may occur.


Information About EtherSwitch HWICs

VLANs

For conceptual information about VLANs, see the “VLANs” section of the EtherSwitch Network feature module.

Inline Power for Cisco IP Phones

For conceptual information about inline power for Cisco IP phones, see the “Inline Power for Cisco IP Phones” section of the EtherSwitch Network feature module.

Layer 2 Ethernet Switching

For conceptual information about Layer 2 Ethernet switching, see the “Layer 2 Ethernet Switching” section of the EtherSwitch Network feature module.

802.1x Authentication

For conceptual information about 802.1x authentication, see the “802.1x Authentication” section of the EtherSwitch Network feature module.

Spanning Tree Protocol

For conceptual information about Spanning Tree Protocol, see the “Using the Spanning Tree Protocol with the EtherSwitch Network Module” section of the EtherSwitch Network feature module.

Cisco Discovery Protocol

For conceptual information about Cisco Discovery Protocol, see the “Cisco Discovery Protocol” section of the EtherSwitch Network feature module.

Switched Port Analyzer

For conceptual information about a switched port analyzer, see the “Switched Port Analyzer” section of the EtherSwitch Network feature module.

IGMP Snooping

For conceptual information about Internet Group Management Protocol (IGMP) snooping, see the “IGMP Snooping” section of the EtherSwitch Network feature module.

Storm Control

For conceptual information about storm control, see the “Storm Control” section of the EtherSwitch Network feature module.

Intrachassis Stacking

For conceptual information about intrachassis stacking, see the ‘Intrachassis Stacking” section of the EtherSwitch Network feature module.

Fallback Bridging

For conceptual information about fallback bridging, see the “Fallback Bridging” section of the EtherSwitch Network feature module.

Default 802.1x Configuration

The table shows the default 802.1x configuration:

Table 1 Default 802.1x Configuration

Feature

Default Setting

Authentication, authorization, and accounting (AAA)

Disabled.

RADIUS server

  • IP address
  • UDP authentication port
  • Key
  • None specified.
  • 1645.
  • None specified.

Per-interface 802.1x enable state

Disabled (force-authorized).

The port transmits and receives normal traffic without 802.1x-based authentication of the client.

Periodic reauthentication

Disabled.

Number of seconds between reauthentication attempts

3600 sec.

Quiet period

60 sec (period in seconds, that the device remains in a quiet state following a failed authentication exchange with the client).

Retransmission time

30 sec (period in seconds, that the device waits for a response to an EAP request/identity frame from the client before retransmitting the request).

Maximum retransmission number

2 (number of times that the device sends an EAP-request/identity frame before restarting the authentication process).

Multiple host support

Disabled.

Client timeout period

30 sec (period in seconds, that the device waits for a response before retransmitting the request to the client, when relaying a request from the authentication server to the client). This setting is not configurable.

Authentication server timeout period

30 sec (the period in seconds, that the device waits for a reply before retransmitting the response to the server, when relaying a response from the client to the authentication server). This setting is not configurable.

802.1x Configuration Guidelines

The 802.1x authentication configuration guidelines are as follows:

  • When the 802.1x protocol is enabled, ports are authenticated before any other Layer 2 feature is enabled.
  • The 802.1x protocol is supported on Layer 2 static-access ports, but it is not supported on the following port types:
    • Trunk port—If you try to enable 802.1x on a trunk port, an error message is displayed, and 802.1x is not enabled. If you try to change the mode of an 802.1x-enabled port to trunk, the port mode is not changed.
    • Switched Port Analyzer (SPAN) destination port—You can enable 802.1x on a port that is a SPAN destination port; however, 802.1x is disabled until the port is removed as a SPAN destination. You can enable 802.1x on a SPAN source port.

How to Configure EtherSwitch HWICs

Configuring VLANs

Adding a VLAN Instance

A total of 15 VLANs can be supported by an EtherSwitch HWIC.

Perform this task to configure a Fast Ethernet interface as Layer 2 access:

SUMMARY STEPS

    1.    enable

    2.    vlan database

    3.    vlan vlan-id

    4.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 vlan database


    Example:
    Device# vlan database
     

    Adds an ethernet VLAN and enters VLAN configuration mode.

     
    Step 3 vlan vlan-id


    Example:
    Device(vlan)# vlan  1
     

    Adds an Ethernet VLAN and enters VLAN configuration mode.

    • Enter the VLAN number.
     
    Step 4 end


    Example:
    Device(vlan)# end
     

    Updates the VLAN database, propagates it throughout the administrative domain, and returns to privileged EXEC mode.

     

    Deleting a VLAN Instance from the Database

    You cannot delete the default VLANs for the following media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005.

    Perform the following task to delete a VLAN from the database:

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    vlan vlan-id

      4.    no vlan vlan-id

      5.    end


    DETAILED STEPS
       Command or ActionPurpose
      Step 1enable


      Example:
      Device> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2configure terminal


      Example:
      Device# configure terminal
       

      Enters global configuration mode.

       
      Step 3vlan vlan-id


      Example:
      Device(config)# vlan 3
       

      Adds an Ethernet VLAN.

      • Enter the VLAN number.
       
      Step 4no vlan vlan-id


      Example:
      Device(config-vlan)# no vlan 3
       

      Deletes an Ethernet VLAN.

      • Enter the VLAN number.
       
      Step 5end


      Example:
      Device(config-vlan)# end
       

      Updates the VLAN database, propagates it throughout the administrative domain, and returns to privileged EXEC mode.

       

      Configuring VLAN Trunking Protocol


      Note


      VTP pruning is not supported by EtherSwitch HWICs.


      Configuring a VTP Server

      When a device is in VTP server mode, you can change the VLAN configuration and propagate it throughout the network.

      Perform this task to configure the device as a VTP server:

      SUMMARY STEPS

        1.    enable

        2.    vlan database

        3.    vtp server

        4.    vtp domain domain -name

        5.    vtp password password -value

        6.    end


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Device> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 vlan database


        Example:
        Device# vlan database
         

        Enters VLAN configuration mode.

         
        Step 3 vtp server


        Example:
        Device(vlan)# vtp server
         

        Configures the device as a VTP server.

         
        Step 4 vtp domain domain -name


        Example:
        Device(vlan)# vtp domain  distantusers
         

        Defines the VTP domain name.

        • domain name- Enter the VTP domain name. Domain names can be a maximum of 32 characters.
         
        Step 5 vtp password password -value


        Example:
        Device(vlan)# vtp password  password1
         

        (Optional) Sets a VTP domain password.

        • Specify a password. Passwords can be from 8 to 64 characters.
         
        Step 6 end


        Example:
        Device(vlan)# end
         

        Updates the VLAN database, propagates it throughout the administrative domain, exits VLAN configuration mode, and returns to privileged EXEC mode.

         

        Configuring a VTP Client

        When a device is in a VTP client mode, you cannot change the VLAN configuration on the device. The client device receives VTP updates from a VTP server in the management domain and modifies its configuration accordingly.

        Perform this task to configure the device as a VTP client:

        SUMMARY STEPS

          1.    enable

          2.    vlan database

          3.    vtp client

          4.    exit


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 enable


          Example:
          Device> enable
           

          Enables privileged EXEC mode.

          • Enter your password if prompted.
           
          Step 2 vlan database


          Example:
          Device# vlan database
           

          Adds an ethernet VLAN and enters VLAN configuration mode.

           
          Step 3 vtp client


          Example:
          Device(vlan)# vtp client
           

          Configures the device as a VTP client.

           
          Step 4 exit


          Example:
          Device(vlan)# exit
           

          Updates the VLAN database, propagates it throughout the administrative domain, exits VLAN configuration mode, and returns to privileged EXEC mode.

           

          Disabling VTP (Transparent Mode)

          When you configure the device in a VTP transparent mode, the VTP is disabled on the device. A VTP transparent device does not send VTP updates and does not act on VTP updates received from other devices.

          Perform this task to disable VTP on the device.

          SUMMARY STEPS

            1.    enable

            2.    vlan database

            3.    vtp transparent

            4.    end


          DETAILED STEPS
             Command or ActionPurpose
            Step 1 enable


            Example:
            Device> enable
             

            Enables privileged EXEC mode.

            • Enter your password if prompted.
             
            Step 2 vlan database


            Example:
            Device# vlan database
             

            Adds an ethernet VLAN and enters VLAN configuration mode.

             
            Step 3 vtp transparent


            Example:
            Device(vlan)# vtp transparent
             

            Configures VTP transparent mode.

             
            Step 4 end


            Example:
            Device(vlan)# end
             

            Updates the VLAN database, propagates it throughout the administrative domain, exits VLAN configuration mode, and returns to privileged EXEC mode.

             

            Configuring Layer 2 Interfaces

            Configuring a Range of Interfaces

            Perform this task to configure a range of interfaces:

            SUMMARY STEPS

              1.    enable

              2.    configure terminal

              3.    interface range {macro macro-name | fastethernet interface-id [ - interface-id] | vlan vlan-id} [, fastethernet interface-id [ - interface-id] | vlan vlan-id]


            DETAILED STEPS
               Command or ActionPurpose
              Step 1 enable


              Example:
              Device> enable
               

              Enables privileged EXEC mode.

              • Enter your password if prompted.
               
              Step 2 configure terminal


              Example:
              Device# configure terminal
               

              Enters global configuration mode.

               
              Step 3 interface range {macro macro-name | fastethernet interface-id [ - interface-id] | vlan vlan-id} [, fastethernet interface-id [ - interface-id] | vlan vlan-id]


              Example:
              Device(config)# interface range FastEthernet 0/1/0 - 0/1/3
               

              Select the range of interfaces to be configured.

              • The space before the dash is required. For example, the command interface range fastethernet0/<slot>/0 -0/<slot>/3 is valid; the command interface range fastethernet0/<slot>/0-0/<slot>/3 is not valid.
              • You can enter one macro or up to five comma-separated ranges.
              • Comma-separated ranges can include both VLANs and physical interfaces.
              • You are not required to enter spaces before or after the comma.
              • The interface range command only supports VLAN interfaces that are configured with the interface vlan command.
               

              Defining a Range Macro

              Perform this task to define an interface range macro:

              SUMMARY STEPS

                1.    enable

                2.    configure terminal

                3.    define interface-range macro-name { fastethernet interface-id [ - interface-id] | {vlan vlan-id - vlan-id} | [, fastethernet interface-id [ - interface-id]


              DETAILED STEPS
                 Command or ActionPurpose
                Step 1 enable


                Example:
                Device> enable
                 

                Enables privileged EXEC mode.

                • Enter your password if prompted.
                 
                Step 2 configure terminal


                Example:
                Device# configure terminal
                 

                Enters global configuration mode.

                 
                Step 3 define interface-range macro-name { fastethernet interface-id [ - interface-id] | {vlan vlan-id - vlan-id} | [, fastethernet interface-id [ - interface-id]


                Example:
                Device(config)# define interface-range first_three FastEthernet0/1/0 - 2
                 

                Defines a range of macros.

                • Enter the macro name, along with the interface type and interface number, as appropriate.
                 

                Configuring Layer 2 Optional Interface Features

                This section provides the following configuration information:

                Configuring the Interface Speed

                Perform this task to set the interface speed:

                When configuring an interface speed, note these guidelines:

                • If both ends of the line support auto negotiation, Cisco highly recommends the default auto negotiation settings.
                • If one interface supports auto negotiation and the other end does not, configure interface speed on both interfaces; do not use the auto setting on the supported side.
                • Both ends of the line need to be configured to the same setting; for example, hard-set or auto-negotiate. Mismatched settings are not supported.

                Caution


                Changing the interface speed can shut down and reenable the interface during the reconfiguration.


                SUMMARY STEPS

                  1.    enable

                  2.    configure terminal

                  3.    interface fastethernet interface-id

                  4.    speed {10 | 100 | 1000 [negotiate] | auto[speed-list]}


                DETAILED STEPS
                   Command or ActionPurpose
                  Step 1 enable


                  Example:
                  Device> enable
                   

                  Enables privileged EXEC mode.

                  • Enter your password if prompted.
                   
                  Step 2 configure terminal


                  Example:
                  Device# configure terminal
                   

                  Enters global configuration mode.

                   
                  Step 3 interface fastethernet interface-id

                  Example:
                  Device(config)# interface fastethernet 0/1/0
                   

                  Selects the interface to be configured and enters interface configuration mode.

                  • Enter the interface number.
                   
                  Step 4 speed {10 | 100 | 1000 [negotiate] | auto[speed-list]}


                  Example:
                  Device(config-if)# speed 100
                   

                  Configures the speed for the interface.

                  • Enter the desired speed.
                   
                  What to Do Next


                  Note


                  If you set the interface speed to auto on a 10/100-Mbps Ethernet interface, both speed and duplex are automatically negotiated.


                  Configuring the Interface Duplex Mode

                  Perform the following steps to set the duplex mode of a Fast Ethernet interface:

                  When configuring an interface duplex mode, note these guidelines:

                  • If both ends of the line support auto negotiation, Cisco highly recommends the default auto negotiation settings.
                  • If one interface supports auto negotiation and the other end does not, configure duplex speed on both interfaces; do not use the auto setting on the supported side.
                  • Both ends of the line need to be configured to the same setting, for example, hard-set or auto-negotiate. Mismatched settings are not supported.

                  Caution


                  Changing the interface duplex mode configuration can shut down and reenable the interface during the reconfiguration.


                  SUMMARY STEPS

                    1.    enable

                    2.    configure terminal

                    3.    interface fastethernet interface-id

                    4.    duplex [auto | full | half]

                    5.    end


                  DETAILED STEPS
                     Command or ActionPurpose
                    Step 1enable


                    Example:
                    Device> enable
                     

                    Enables privileged EXEC mode.

                    • Enter your password if prompted.
                     
                    Step 2configure terminal


                    Example:
                    Device# configure terminal
                     

                    Enters global configuration mode.

                     
                    Step 3 interface fastethernet interface-id

                    Example:
                    Device(config)# interface fastethernet 0/1/0
                     

                    Selects the interface to be configured.

                    • Enter the interface number.

                     
                    Step 4duplex [auto | full | half]

                    Example:
                    Device(config-if)# duplex auto
                     

                    Sets the duplex mode of the interface.

                     
                    Step 5end


                    Example:
                    Device(config-if)# end
                     

                    Exits interface configuration mode.

                     
                    What to Do Next


                    Note


                    If you set the port speed to auto on a 10/100-Mbps Ethernet interface, both speed and duplex are automatically negotiated. You cannot change the duplex mode of auto negotiation interfaces.


                    Configuring a Description for an Interface

                    You can add a description of an interface to help you remember its function. The description appears in the output of the following commands: show configuration, show running-config, and show interfaces.

                    Use the description command to add a description for an interface.

                    SUMMARY STEPS

                      1.    enable

                      2.    configure terminal

                      3.    interface fastethernet interface-id

                      4.    description string

                      5.    end


                    DETAILED STEPS
                       Command or ActionPurpose
                      Step 1enable


                      Example:
                      Device> enable
                       

                      Enables privileged EXEC mode.

                      • Enter your password if prompted.
                       
                      Step 2configure terminal


                      Example:
                      Device# configure terminal
                       

                      Enters global configuration mode.

                       
                      Step 3 interface fastethernet interface-id

                      Example:
                      Device(config)# interface fastethernet 0/1/0
                       

                      Selects the interface to be configured and enters interface configuration mode.

                      • Enter the interface number.
                       
                      Step 4description string


                      Example:
                      Device(config-if)# description newinterface
                       

                      Adds a description for the interface.

                      • Enter a description for the interface.
                       
                      Step 5end


                      Example:
                      Device(config-if)# end
                       

                      Exits interface configuration mode.

                       
                      Configuring a Fast Ethernet Interface as a Layer 2 Trunk

                      Perform the following task to configure a Fast Ethernet interface as a Layer 2 trunk.

                      SUMMARY STEPS

                        1.    enable

                        2.    configure terminal

                        3.    interface fastethernet interface-id

                        4.    shutdown

                        5.    switchport mode trunk

                        6.    switchport trunk native vlan vlan-number

                        7.    switchport trunk allowed vlan {add | except | none | remove} vlan1[,vlan[,vlan[,...]]

                        8.    no shutdown

                        9.    end


                      DETAILED STEPS
                         Command or ActionPurpose
                        Step 1enable


                        Example:
                        Device> enable
                         

                        Enables privileged EXEC mode.

                        • Enter your password if prompted.
                         
                        Step 2configure terminal


                        Example:
                        Device# configure terminal
                         

                        Enters global configuration mode.

                         
                        Step 3 interface fastethernet interface-id

                        Example:
                        Device(config)# interface fastethernet 0/1/0
                         

                        Selects the interface to be configured and enters interface configuration mode.

                        • Enter the interface number.
                         
                        Step 4shutdown


                        Example:
                        Device(config-if)# shutdown
                         

                        (Optional) Shuts down the interface to prevent traffic flow until configuration is complete.

                         
                        Step 5 switchport mode trunk

                        Example:
                        Device(config-if)# switchport mode trunk
                         

                        Configures the interface as a Layer 2 trunk.

                        Note   

                        Encapsulation is always dot1q.

                         
                        Step 6 switchport trunk native vlan vlan-number

                        Example:
                        Device(config-if)# switchport trunk native vlan 1
                         

                        (Optional) For 802.1Q trunks, specifies the native VLAN.

                         
                        Step 7 switchport trunk allowed vlan {add | except | none | remove} vlan1[,vlan[,vlan[,...]]

                        Example:
                        Device(config-if)# switchport trunk allowed vlan add vlan1, vlan2, vlan3
                         

                        (Optional) Configures the list of VLANs allowed on the trunk. All VLANs are allowed by default. You cannot remove any of the default VLANs from a trunk.

                         
                        Step 8no shutdown


                        Example:
                        Device(config-if)# no shutdown
                         

                        Activates the interface. (Required only if you shut down the interface.)

                         
                        Step 9end


                        Example:
                        Device(config-if)# end
                         

                        Exits interface configuration mode.

                         
                        What to Do Next


                        Note


                        Ports do not support Dynamic Trunk Protocol (DTP). Ensure that the neighboring device is set to a mode that will not send DTP.


                        Configuring a Fast Ethernet Interface as Layer 2 Access

                        Perform the following task to configure a Fast Ethernet interface as Layer 2 access.

                        SUMMARY STEPS

                          1.    enable

                          2.    configure terminal

                          3.    interface fastethernet interface-id

                          4.    shutdown

                          5.    switchport mode access

                          6.    switchport access vlan vlan-number

                          7.    no shutdown

                          8.    end


                        DETAILED STEPS
                           Command or ActionPurpose
                          Step 1enable


                          Example:
                          Device> enable
                           

                          Enables privileged EXEC mode.

                          • Enter your password if prompted.
                           
                          Step 2configure terminal


                          Example:
                          Device# configure terminal
                           

                          Enters global configuration mode.

                           
                          Step 3 interface fastethernet interface-id

                          Example:
                          Device(config)# interface fastethernet 0/1/0
                           

                          Selects the interface to be configured and enters interface configuration mode.

                          • Enter the interface number.
                           
                          Step 4shutdown


                          Example:
                          Device(config-if)# shutdown
                           

                          (Optional) Shuts down the interface to prevent traffic flow until configuration is complete.

                           
                          Step 5switchport mode access


                          Example:
                          Device(config-if)# switchport mode access
                           

                          Configures the interface as a Layer 2 access.

                           
                          Step 6switchport access vlan vlan-number


                          Example:
                          Device(config-if)# switchport access vlan 1
                           

                          For access ports, specifies the access VLAN.

                          • Enter the VLAN number.
                           
                          Step 7no shutdown


                          Example:
                          Device(config-if)# no shutdown
                           

                          Activates the interface.

                          • Required only if you shut down the interface.
                           
                          Step 8end


                          Example:
                          Device(config-if)# end
                           

                          Exits interface configuration mode.

                           

                          Configuring 802.1x Authentication

                          Enabling 802.1x Authentication

                          To enable 802.1x port-based authentication, you must enable Authentication, Authorization, and Accounting (AAA) and specify the authentication method list. A method list describes the sequence and authentication methods to be queried to authenticate a user.

                          The software uses the first method listed to authenticate users; if that method fails to respond, the software selects the next authentication method in the method list. This process continues until there is a successful communication with a listed authentication method or until all defined methods are exhausted. If authentication fails at any point in this cycle, the authentication process stops, and other authentication methods are not attempted.

                          For additional information about default 802.1x configuration, see “Default 802.1x Configuration” section.

                          Perform the following task to configure 802.1x port-based authentication.

                          SUMMARY STEPS

                            1.    enable

                            2.    configure terminal

                            3.    aaa authentication dot1x {default | listname} method1 [method2...]

                            4.    interface interface-type interface-number

                            5.    dot1x port-control auto

                            6.    end

                            7.    show dot1x

                            8.    copy running-config startup-config


                          DETAILED STEPS
                             Command or ActionPurpose
                            Step 1enable


                            Example:
                            Device> enable
                             

                            Enables privileged EXEC mode.

                            • Enter your password if prompted.
                             
                            Step 2configure terminal


                            Example:
                            Device# configure terminal
                             

                            Enters global configuration mode.

                             
                            Step 3aaa authentication dot1x {default | listname} method1 [method2...]

                            Example:
                            Device(config)# aaa authentication dot1x default newmethod
                             

                            Creates an 802.1x authentication method list.

                            • To create a default list that is used when a named list is not specified in the authentication command, use the default keyword, followed by the methods that are to be used in default situations. The default method list is automatically applied to all interfaces.
                            • Enter at least one of these keywords:
                              • group radius—Use the list of all RADIUS servers for authentication.
                              • none—Use no authentication. The client is automatically authenticated without the device using the information supplied by the client.
                             
                            Step 4interface interface-type interface-number


                            Example:
                            Device(config)# interface fastethernet 0/1/3
                             

                            Specifies the interface to be enabled for 802.1x authentication and enters interface configuration mode.

                            • Enter the interface type and interface number.
                             
                            Step 5dot1x port-control auto


                            Example:
                            Device(config-if)# dot1x port-control auto
                             

                            Enables 802.1x on the interface.

                            • For feature interaction information with trunk, dynamic, dynamic-access, EtherChannel, secure, and SPAN ports, see the “802.1x Configuration Guidelines” section on page 19 .
                             
                            Step 6end


                            Example:
                            Device(config-if)# end
                             

                            Exits interface configuration mode and returns to privileged EXEC mode.

                             
                            Step 7show dot1x


                            Example:
                            Device# show dot1x
                             

                            Verifies your entries.

                             
                            Step 8copy running-config startup-config


                            Example:
                            Device# copy running-config startup-config
                             

                            (Optional) Saves your entries in the configuration file.

                             

                            Configuring the Switch-to-RADIUS-Server Communication

                            RADIUS security servers are identified by their hostname or IP address, hostname and specific UDP port numbers, or IP address and specific UDP port numbers. The combination of the IP address and UDP port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address. If two different host entries on the same RADIUS server are configured for the same service—for example, authentication—the second host entry configured acts as the failover backup to the first one. The RADIUS host entries are tried in the order that they were configured.

                            Perform the following task to configure the RADIUS server parameters on the device.

                            SUMMARY STEPS

                              1.    enable

                              2.    configure terminal

                              3.    radius-server host {hostname | ip-address} auth-port port-number key string

                              4.    end

                              5.    show running-config

                              6.    copy running-config startup-config


                            DETAILED STEPS
                               Command or ActionPurpose
                              Step 1enable


                              Example:
                              Device> enable
                               

                              Enables privileged EXEC mode.

                              • Enter your password if prompted.
                               
                              Step 2configure terminal


                              Example:
                              Device# configure terminal
                               

                              Enters global configuration mode.

                               
                              Step 3radius-server host {hostname | ip-address} auth-port port-number key string

                              Example:
                              Device(config)# radius-server host hostseven auth-port 75 key newauthority75
                               

                              Configures the RADIUS server parameters on the device.

                              • For hostname | ip-address, specify the hostname or IP address of the remote RADIUS server.
                              • For auth-port port-number, specify the UDP destination port for authentication requests. The default is 1645.
                              • For key string, specify the authentication and encryption key used between the device and the RADIUS daemon running on the RADIUS server. The key is a text string that must match the encryption key used on the RADIUS server.
                              Note   

                              Always configure the key as the last item in the radius-server host command syntax because leading spaces are ignored, but spaces within and at the end of the key are used. If you use spaces in the key, do not enclose the key in quotation marks unless the quotation marks are part of the key. This key must match the encryption used on the RADIUS daemon.

                              • If you want to use multiple RADIUS servers, repeat this command.
                               
                              Step 4end


                              Example:
                              Device(config)# end
                              
                               

                              Exits global configuration mode and returns to privileged EXEC mode.

                               
                              Step 5show running-config


                              Example:
                              Device# show running-config
                               

                              Verifies your entries.

                               
                              Step 6copy running-config startup-config


                              Example:
                              Device# copy running-config startup-config
                               

                              (Optional) Saves your entries in the configuration file.

                               
                              What to Do Next

                              To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global configuration command.

                              You can globally configure the timeout, retransmission, and encryption key values for all RADIUS servers by using the radius-server host global configuration command. If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands.

                              You also need to configure some settings on the RADIUS server. These settings include the IP address of the device and the key string to be shared by both the server and the device. For more information, refer to the RADIUS server documentation.

                              Troubleshooting Tips

                              To delete the specified RADIUS server, use the no radius server-host { hostname|ip-address} global configuration command. You can globally configure the timeout, retransmission, and encryption key values for all RADIUS servers by using the radius-server host global configuration command. If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and radius-server key commands in global configuration mode.

                              You also need to configure some settings on the RADIUS server. These settings include the IP address of the device and the key string to be shared by both the server and the device. For more information, refer to the RADIUS server documentation.

                              Enabling Periodic Reauthentication

                              You can enable periodic 802.1x client reauthentication and specify how often it should occur. If you do not specify a time period before enabling reauthentication, the default time period between reauthentication attempts is 3600 seconds.

                              Automatic 802.1x client reauthentication is a global setting and cannot be set for clients connected to individual ports.

                              Perform the following task to enable periodic reauthentication of the client and to configure the number of seconds between reauthentication attempts.

                              SUMMARY STEPS

                                1.    enable

                                2.    configure terminal

                                3.    dot1x re-authentication

                                4.    dot1x timeout re-authperiod seconds

                                5.    end

                                6.    show dot1x

                                7.    copy running-config startup-config


                              DETAILED STEPS
                                 Command or ActionPurpose
                                Step 1enable


                                Example:
                                Device> enable
                                 

                                Enables privileged EXEC mode.

                                • Enter your password if prompted.
                                 
                                Step 2configure terminal


                                Example:
                                Device# configure terminal
                                 

                                Enters global configuration mode.

                                 
                                Step 3dot1x re-authentication


                                Example:
                                Device(config)# dot1x re-authentication
                                 

                                Enables periodic reauthentication of the client.

                                • Periodic reauthentication is disabled by default.
                                 
                                Step 4dot1x timeout re-authperiod seconds


                                Example:
                                Device(config)# dot1x timeout re-authperiod 120
                                 

                                Sets the number of seconds between reauthentication attempts.

                                • The range is from 1 to 4294967295; the default is 3600 seconds.
                                • This command affects the behavior of the device only if periodic reauthentication is enabled
                                 
                                Step 5end


                                Example:
                                Device(config)# end
                                 

                                Exits global configuration mode and returns to privileged EXEC mode.

                                 
                                Step 6show dot1x


                                Example:
                                Device# show dot1x
                                 

                                Verifies your entries.

                                 
                                Step 7copy running-config startup-config


                                Example:
                                Device# copy running-config startup-config
                                 

                                (Optional) Saves your entries in the configuration file.

                                 

                                Changing the Quiet Period

                                If the device cannot authenticate the client, the device remains idle for a set period of time, and then tries again. The idle time is determined by the quiet-period value. A failed authentication of the client might occur because the client provided an invalid password. You can provide a faster response time to the user by entering smaller number than the default.

                                Perform the following task to change the quiet period.

                                SUMMARY STEPS

                                  1.    enable

                                  2.    configure terminal

                                  3.    dot1x timeout quiet-period seconds

                                  4.    end

                                  5.    show dot1x

                                  6.    copy running-config startup-config


                                DETAILED STEPS
                                   Command or ActionPurpose
                                  Step 1enable


                                  Example:
                                  Device> enable
                                   

                                  Enables privileged EXEC mode.

                                  • Enter your password if prompted.
                                   
                                  Step 2configure terminal


                                  Example:
                                  Device# configure terminal
                                   

                                  Enters global configuration mode.

                                   
                                  Step 3dot1x timeout quiet-period seconds


                                  Example:
                                  Device(config)# dot1x timeout quiet-period 120
                                   

                                  Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange with the client.

                                  • The range is from 0 to 65535 seconds; the default is 60.
                                   
                                  Step 4end


                                  Example:
                                  Device(config-if)# end
                                   

                                  Exits interface configuration mode and returns to privileged EXEC mode.

                                   
                                  Step 5show dot1x


                                  Example:
                                  Device# show dot1x
                                   

                                  Verifies your entries.

                                   
                                  Step 6copy running-config startup-config


                                  Example:
                                  Device# copy running-config startup-config
                                   

                                  (Optional) Saves your entries in the configuration file.

                                   

                                  Changing the Device-to-Client Retransmission Time

                                  The client responds to the EAP-request/identity frame from the device with an EAP-response/identity frame. If the device does not receive this response, it waits for a set period of time (known as the retransmission time), and then retransmits the frame.


                                  Note


                                  You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers.


                                  Perform the following task to change the amount of time that the device waits for client notification.

                                  SUMMARY STEPS

                                    1.    enable

                                    2.    configure terminal

                                    3.    dot1x timeout tx-period seconds

                                    4.    end

                                    5.    show dot1x

                                    6.    copy running-config startup-config


                                  DETAILED STEPS
                                     Command or ActionPurpose
                                    Step 1enable


                                    Example:
                                    Device> enable
                                     

                                    Enables privileged EXEC mode.

                                    • Enter your password if prompted.
                                     
                                    Step 2configure terminal


                                    Example:
                                    Device# configure terminal
                                     

                                    Enters global configuration mode.

                                     
                                    Step 3dot1x timeout tx-period seconds


                                    Example:
                                    Device(config)# dot1x timeout tx-period seconds
                                     

                                    Sets the number of seconds that the device waits for a response to an EAP-request/identity frame from the client before retransmitting the request.

                                    • The range is from 1 to 65535 seconds; the default is 30.
                                     
                                    Step 4end


                                    Example:
                                    Device(config)# end
                                     

                                    Exits global interface configuration mode and returns to privileged EXEC mode.

                                     
                                    Step 5show dot1x


                                    Example:
                                    Device# show dot1x
                                     

                                    Verifies your entries.

                                     
                                    Step 6copy running-config startup-config


                                    Example:
                                    Device# copy running-config startup-config
                                     

                                    (Optional) Saves your entries in the configuration file.

                                     

                                    Setting the Device-to-Client Frame-Retransmission Number

                                    In addition to changing the device-to-client retransmission time, you can change the number of times that the device sends an EAP-request/identity frame (assuming no response is received) to the client before restarting the authentication process.


                                    Note


                                    You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers.


                                    Perform the following task to set the device-to-client frame-retransmission number.

                                    SUMMARY STEPS

                                      1.    enable

                                      2.    configure terminal

                                      3.    dot1x max-req count

                                      4.    end

                                      5.    show dot1x

                                      6.    copy running-config startup-config


                                    DETAILED STEPS
                                       Command or ActionPurpose
                                      Step 1enable


                                      Example:
                                      Device> enable
                                       

                                      Enables privileged EXEC mode.

                                      • Enter your password if prompted.
                                       
                                      Step 2configure terminal


                                      Example:
                                      Device# configure terminal
                                       

                                      Enters global configuration mode.

                                       
                                      Step 3dot1x max-req count


                                      Example:
                                      Device(config)# dot1x max-req 5
                                       

                                      Sets the number of times that the device sends an EAP-request/identity frame to the client before restarting the authentication process.

                                      • The range is from 1 to 10; the default is 2.
                                       
                                      Step 4end


                                      Example:
                                      Device(config)# end
                                       

                                      Exits global configuration mode and returns to privileged EXEC mode.

                                       
                                      Step 5show dot1x


                                      Example:
                                      Device# show dot1x
                                       

                                      Verifies your entries.

                                       
                                      Step 6copy running-config startup-config


                                      Example:
                                      Device# copy running-config startup-config
                                       

                                      (Optional) Saves your entries in the configuration file.

                                       

                                      Enabling Multiple Hosts

                                      You can attach multiple hosts to a single 802.1x-enabled port. In this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted network access. If the port becomes unauthorized (reauthentication fails, and an EAPOL-logoff message is received), all attached clients are denied access to the network.

                                      Perform the following task to allow multiple hosts (clients) on an 802.1x-authorized port that has the dot1x port-control interface configuration command set to auto.

                                      SUMMARY STEPS

                                        1.    enable

                                        2.    configure terminal

                                        3.    interface interface-type interface-number

                                        4.    dot1x multiple-hosts

                                        5.    end

                                        6.    show dot1x

                                        7.    copy running-config startup-config


                                      DETAILED STEPS
                                         Command or ActionPurpose
                                        Step 1enable


                                        Example:
                                        Device> enable
                                         

                                        Enables privileged EXEC mode.

                                        • Enter your password if prompted.
                                         
                                        Step 2configure terminal


                                        Example:
                                        Device# configure terminal
                                         

                                        Enters global configuration mode.

                                         
                                        Step 3interface interface-type interface-number


                                        Example:
                                        Device(config)# interface fastethernet 0/1/2
                                         

                                        Specifies the interface and enters interface configuration mode.

                                        • Enter the interface type and interface number.
                                         
                                        Step 4dot1x multiple-hosts


                                        Example:
                                        Device(config-if)# dot1x multiple-hosts
                                         

                                        Allows multiple hosts (clients) on an 802.1x-authorized port.

                                        • Make sure that the dot1x port-control interface configuration command is set to auto for the specified interface.
                                         
                                        Step 5end


                                        Example:
                                        Device(config-if)# end
                                         

                                        Exits interface configuration mode and returns to privileged EXEC mode.

                                         
                                        Step 6show dot1x


                                        Example:
                                        Device# show dot1x
                                         

                                        Verifies your entries.

                                         
                                        Step 7copy running-config startup-config


                                        Example:
                                        Device# copy running-config startup-config
                                         

                                        (Optional) Saves your entries in the configuration file.

                                         

                                        Resetting the 802.1x Configuration to the Default Values

                                        You can reset the 802.1x configuration to the default values with a single command.

                                        Perform the following task to reset the 802.1x configuration to the default values.

                                        SUMMARY STEPS

                                          1.    enable

                                          2.    configure terminal

                                          3.    dot1x default

                                          4.    end

                                          5.    show dot1x

                                          6.    copy running-config startup-config


                                        DETAILED STEPS
                                           Command or ActionPurpose
                                          Step 1enable


                                          Example:
                                          Device> enable
                                           

                                          Enables privileged EXEC mode.

                                          • Enter your password if prompted.
                                           
                                          Step 2configure terminal


                                          Example:
                                          Device# configure terminal
                                           

                                          Enters global configuration mode.

                                           
                                          Step 3dot1x default


                                          Example:
                                          Device(config)# dot1x default
                                           

                                          Resets the configurable 802.1x parameters to the default values.

                                           
                                          Step 4end


                                          Example:
                                          Device(config)# end
                                           

                                          Exits global configuration mode and returns to privileged EXEC mode.

                                           
                                          Step 5show dot1x


                                          Example:
                                          Device# show dot1x
                                           

                                          Verifies your entries.

                                           
                                          Step 6copy running-config startup-config


                                          Example:
                                          Device# copy running-config startup-config
                                           

                                          (Optional) Saves your entries in the configuration file.

                                           

                                          Displaying 802.1x Statistics and Status

                                          To display 802.1x statistics for all interfaces, use the show dot1x statistics privileged EXEC command. To display 802.1x statistics for a specific interface, use the show dot1x statistics interface interface-id privileged EXEC command.

                                          To display the 802.1x administrative and operational status for the device, use the show dot1x privileged EXEC command. To display the 802.1x administrative and operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command.

                                          Configuring Spanning Tree

                                          Enabling Spanning Tree Protocol

                                          You can enable spanning tree protocol on a per-VLAN basis. The device maintains a separate instance of spanning tree for each VLAN except for which you disable spanning tree.

                                          SUMMARY STEPS

                                            1.    enable

                                            2.    configure terminal

                                            3.    spanning-tree vlan vlan-id

                                            4.    end

                                            5.    show spanning-tree vlan vlan-id


                                          DETAILED STEPS
                                             Command or ActionPurpose
                                            Step 1enable


                                            Example:
                                            Device> enable
                                             

                                            Enables privileged EXEC mode.

                                            • Enter your password if prompted.
                                             
                                            Step 2configure terminal


                                            Example:
                                            Device# configure terminal
                                             

                                            Enters global configuration mode.

                                             
                                            Step 3spanning-tree vlan vlan-id


                                            Example:
                                            Device(config)# spanning-tree vlan 200
                                             

                                            Enables spanning tree on a per-VLAN basis.

                                             
                                            Step 4end


                                            Example:
                                            Device(config)# end
                                             

                                            Exits global configuration mode and enters privileged EXEC mode.

                                             
                                            Step 5show spanning-tree vlan vlan-id


                                            Example:
                                            Device# show spanning-tree vlan 200
                                             

                                            Verifies spanning tree configuration.

                                             

                                            Configuring Spanning Tree Port Priority

                                            SUMMARY STEPS

                                              1.    enable

                                              2.    configure terminal

                                              3.    interface type number

                                              4.    spanning-tree port-priority port-priority

                                              5.    spanning-tree vlan vlan-id port-priority port-priority

                                              6.    end

                                              7.    show spanning-tree interface fastethernet interface-id


                                            DETAILED STEPS
                                               Command or ActionPurpose
                                              Step 1enable


                                              Example:
                                              Device> enable
                                               

                                              Enables privileged EXEC mode.

                                              • Enter your password if prompted.
                                               
                                              Step 2configure terminal


                                              Example:
                                              Device# configure terminal
                                               

                                              Enters global configuration mode.

                                               
                                              Step 3interface type number


                                              Example:
                                              Device(config)# interface fastethernet 0/1/6
                                               

                                              Configures an interface and enters interface configuration mode.

                                               
                                              Step 4spanning-tree port-priority port-priority

                                              Example:
                                              Device(config-if)# spanning-tree port-priority 8
                                               

                                              Configures the port priority for an interface.

                                               
                                              Step 5spanning-tree vlan vlan-id port-priority port-priority

                                              Example:
                                              Device (config-if)# spanning-tree vlan vlan1 port-priority 12
                                               

                                              Configures the port priority for a VLAN.

                                               
                                              Step 6end


                                              Example:
                                              Device(config)# end
                                               

                                              Exits global configuration mode and enters privileged EXEC mode.

                                               
                                              Step 7show spanning-tree interface fastethernet interface-id


                                              Example:
                                              Device# show spanning-tree interface fastethernet 0/1/6
                                               

                                              (Optional) Saves your entries in the configuration file.

                                               

                                              Configuring Spanning Tree Port Cost

                                              SUMMARY STEPS

                                                1.    enable

                                                2.    configure terminal

                                                3.    interface type number

                                                4.    spanning-tree cost port-cost

                                                5.    spanning-tree vlan vlan-id cost port-cost

                                                6.    end

                                                7.    show spanning-tree interface fastethernet interface-id


                                              DETAILED STEPS
                                                 Command or ActionPurpose
                                                Step 1enable


                                                Example:
                                                Device> enable
                                                 

                                                Enables privileged EXEC mode.

                                                • Enter your password if prompted.
                                                 
                                                Step 2configure terminal


                                                Example:
                                                Device# configure terminal
                                                 

                                                Enters global configuration mode.

                                                 
                                                Step 3interface type number


                                                Example:
                                                Device(config)# interface fastethernet 0/1/6
                                                 

                                                Configures an interface and enters interface configuration mode.

                                                 
                                                Step 4spanning-tree cost port-cost


                                                Example:
                                                Device(config-if)# spanning-tree cost 2000
                                                 

                                                Configures the port cost for an interface.

                                                 
                                                Step 5spanning-tree vlan vlan-id cost port-cost


                                                Example:
                                                Device(config-if)# spanning-tree vlan 200 cost 2000
                                                 

                                                Configures the VLAN port cost for an interface.

                                                 
                                                Step 6end


                                                Example:
                                                Device(config)# end
                                                 

                                                Exits interface configuration mode and enters privileged EXEC mode.

                                                 
                                                Step 7show spanning-tree interface fastethernet interface-id


                                                Example:
                                                Device# show spanning-tree interface fastethernet 0/1/6
                                                 

                                                (Optional) Saves your entries in the configuration file.

                                                 

                                                Configuring the Bridge Priority of a VLAN

                                                SUMMARY STEPS

                                                  1.    enable

                                                  2.    configure terminal

                                                  3.    spanning-tree vlan vlan-id priority bridge-priority

                                                  4.    show spanning-tree vlan bridge


                                                DETAILED STEPS
                                                   Command or ActionPurpose
                                                  Step 1enable


                                                  Example:
                                                  Device> enable
                                                   

                                                  Enables privileged EXEC mode.

                                                  • Enter your password if prompted.
                                                   
                                                  Step 2configure terminal


                                                  Example:
                                                  Device# configure terminal
                                                   

                                                  Enters global configuration mode.

                                                   
                                                  Step 3spanning-tree vlan vlan-id priority bridge-priority

                                                  Example:
                                                  Device(config)# spanning-tree vlan 200 priority 2
                                                   

                                                  Configures the bridge priority of a VLAN. The bridge priority value ranges from 0 to 65535.

                                                  Caution   

                                                  Use the spanning-tree vlan vlan-id root primary command and the spanning-tree vlan vlan-id root secondary command to modify the bridge priority.

                                                   
                                                  Step 4show spanning-tree vlan bridge


                                                  Example:
                                                  Device(config-if)# spanning-tree cost 200
                                                   

                                                  Verifies the bridge priority.

                                                   

                                                  Configuring Hello Time

                                                  SUMMARY STEPS

                                                    1.    enable

                                                    2.    configure terminal

                                                    3.    spanning-tree vlan vlan-id hello-time hello-time

                                                    4.    end


                                                  DETAILED STEPS
                                                     Command or ActionPurpose
                                                    Step 1enable


                                                    Example:
                                                    Device> enable
                                                     

                                                    Enables privileged EXEC mode.

                                                    • Enter your password if prompted.
                                                     
                                                    Step 2configure terminal


                                                    Example:
                                                    Device# configure terminal
                                                     

                                                    Enters global configuration mode.

                                                     
                                                    Step 3spanning-tree vlan vlan-id hello-time hello-time

                                                    Example:
                                                    Device(config)# spanning-tree vlan 200 hello-time 5
                                                     

                                                    Configures the hello time for a VLAN.

                                                     
                                                    Step 4end


                                                    Example:
                                                    Device(config)# end
                                                     

                                                    Exits global configuration mode and enters privileged EXEC mode.

                                                     

                                                    Configuring the Forward Delay Time for a VLAN

                                                    SUMMARY STEPS

                                                      1.    enable

                                                      2.    configure terminal

                                                      3.    spanning-tree vlan vlan-id forward-time forward-time

                                                      4.    end


                                                    DETAILED STEPS
                                                       Command or ActionPurpose
                                                      Step 1enable


                                                      Example:
                                                      Device> enable
                                                       

                                                      Enables privileged EXEC mode.

                                                      • Enter your password if prompted.
                                                       
                                                      Step 2configure terminal


                                                      Example:
                                                      Device# configure terminal
                                                       

                                                      Enters global configuration mode.

                                                       
                                                      Step 3spanning-tree vlan vlan-id forward-time forward-time


                                                      Example:
                                                      Device(config)# spanning-tree vlan 20 forward-time 5
                                                       

                                                      Configures the forward delay time for a VLAN.

                                                       
                                                      Step 4end


                                                      Example:
                                                      Device(config)# end
                                                       

                                                      Exits global configuration mode and enters privileged EXEC mode.

                                                       

                                                      Configuring the Maximum Aging Time for a VLAN

                                                      SUMMARY STEPS

                                                        1.    enable

                                                        2.    configure terminal

                                                        3.    spanning-tree vlan vlan-id max-age max-age

                                                        4.    end


                                                      DETAILED STEPS
                                                         Command or ActionPurpose
                                                        Step 1enable


                                                        Example:
                                                        Device> enable
                                                         

                                                        Enables privileged EXEC mode.

                                                        • Enter your password if prompted.
                                                         
                                                        Step 2configure terminal


                                                        Example:
                                                        Device# configure terminal
                                                         

                                                        Enters global configuration mode.

                                                         
                                                        Step 3spanning-tree vlan vlan-id max-age max-age

                                                        Example:
                                                        Device(config)# spanning-tree vlan 200 max-age 30
                                                         

                                                        Configures the maximum aging time for a VLAN.

                                                         
                                                        Step 4end


                                                        Example:
                                                        Device(config)# end
                                                         

                                                        Exits global configuration mode and enters privileged EXEC mode.

                                                         

                                                        Configuring Spanning Tree Root Bridge

                                                        SUMMARY STEPS

                                                          1.    enable

                                                          2.    configure terminal

                                                          3.    spanning-tree vlan vlanid root primary [diameter hops [hello-time seconds]]

                                                          4.    no spanning-tree vlan vlan-id

                                                          5.    show spanning-tree vlan vlan-id


                                                        DETAILED STEPS
                                                           Command or ActionPurpose
                                                          Step 1enable


                                                          Example:
                                                          Device> enable
                                                           

                                                          Enables privileged EXEC mode.

                                                          • Enter your password if prompted.
                                                           
                                                          Step 2configure terminal


                                                          Example:
                                                          Device# configure terminal
                                                           

                                                          Enters global configuration mode.

                                                           
                                                          Step 3spanning-tree vlan vlanid root primary [diameter hops [hello-time seconds]]


                                                          Example:
                                                          Device(config)# spanning-tree vlan 200 root primary 
                                                           

                                                          Configures a device as the root device.

                                                           
                                                          Step 4no spanning-tree vlan vlan-id

                                                          Example:
                                                          Device(config)# no spanning-tree vlan 200 root primary 
                                                           

                                                          Disables spanning tree on a per-VLAN basis.

                                                           
                                                          Step 5show spanning-tree vlan vlan-id

                                                          Example:
                                                          Device(config)# show spanning-tree vlan 200
                                                           

                                                          Verifies spanning tree on a per-VLAN basis.

                                                           

                                                          Configuring MAC Table Manipulation

                                                          Port security is implemented by providing the user with the option to secure a port by allowing only well-known MAC addresses to send in data traffic. Up to 200 secure MAC addresses per HWIC are supported.

                                                          Enabling Known MAC Address Traffic

                                                          Perform the following task to enable the MAC address secure option.

                                                          SUMMARY STEPS

                                                            1.    enable

                                                            2.    configure terminal

                                                            3.    mac-address-table secure mac-address fastethernet interface-id [vlan vlan-id] ]

                                                            4.    end

                                                            5.    show mac-address-table secure


                                                          DETAILED STEPS
                                                             Command or ActionPurpose
                                                            Step 1enable


                                                            Example:
                                                            Device> enable
                                                             

                                                            Enables privileged EXEC mode.

                                                            • Enter your password if prompted.
                                                             
                                                            Step 2configure terminal


                                                            Example:
                                                            Device# configure terminal
                                                             

                                                            Enters global configuration mode.

                                                             
                                                            Step 3mac-address-table secure mac-address fastethernet interface-id [vlan vlan-id] ]


                                                            Example:
                                                            Device(config)# mac-address-table secure 0000.0002.0001 fastethernet 0/1/1 vlan 2
                                                             

                                                            Secures the MAC address traffic on the port.

                                                            • Enter the MAC address, the fastethernet keyword, the interface number, and any optional keywords and arguments as desired.
                                                             
                                                            Step 4end


                                                            Example:
                                                            Device(config)# end
                                                             

                                                            Exits global configuration mode and returns to privileged EXEC mode.

                                                             
                                                            Step 5show mac-address-table secure


                                                            Example:
                                                            Device# show mac-address-table secure 
                                                             

                                                            Verifies the configuration.

                                                             

                                                            Creating a Static Entry in the MAC Address Table

                                                            Perform the following task to create a static entry in the MAC address table.

                                                            SUMMARY STEPS

                                                              1.    enable

                                                              2.    configure terminal

                                                              3.    mac-address-table static mac-address fastethernet interface-id [vlan vlan-id]

                                                              4.    end

                                                              5.    show mac-address-table


                                                            DETAILED STEPS
                                                               Command or ActionPurpose
                                                              Step 1enable


                                                              Example:
                                                              Device> enable
                                                               

                                                              Enables privileged EXEC mode.

                                                              • Enter your password if prompted.
                                                               
                                                              Step 2configure terminal


                                                              Example:
                                                              Device# configure terminal
                                                               

                                                              Enters global configuration mode.

                                                               
                                                              Step 3mac-address-table static mac-address fastethernet interface-id [vlan vlan-id]

                                                              Example:
                                                              Device(config)# mac-address-table static 00ff.ff0d.2dc0 fastethernet 0/1/1 
                                                               

                                                              Creates a static entry in the MAC address table.

                                                              • When the vlan-id is not specified, VLAN 1 is taken by default.

                                                               
                                                              Step 4end


                                                              Example:
                                                              Device(config)# end
                                                               

                                                              Returns to privileged EXEC mode.

                                                               
                                                              Step 5show mac-address-table


                                                              Example:
                                                              Device# show mac-address-table 
                                                               

                                                              Verifies the MAC address table.

                                                               

                                                              Configuring and Verifying the Aging Timer

                                                              The aging timer may be configured from 16 seconds to 4080 seconds, in 16-second increments.

                                                              Perform this task to configure the aging timer.

                                                              SUMMARY STEPS

                                                                1.    enable

                                                                2.    configure terminal

                                                                3.    mac -address-table aging-tim e time

                                                                4.    end

                                                                5.    show mac-address-table aging-time


                                                              DETAILED STEPS
                                                                 Command or ActionPurpose
                                                                Step 1 enable


                                                                Example:
                                                                Device> enable
                                                                 

                                                                Enables privileged EXEC mode.

                                                                • Enter your password if prompted.
                                                                 
                                                                Step 2 configure terminal


                                                                Example:
                                                                Device# configure terminal
                                                                 

                                                                Enters global configuration mode.

                                                                 
                                                                Step 3 mac -address-table aging-tim e time


                                                                Example:
                                                                Device(config)# mac-address-table aging-time 4080
                                                                 

                                                                Configures the MAC address aging timer age in seconds.

                                                                • The range is from 0 to 10000 seconds.
                                                                 
                                                                Step 4 end


                                                                Example:
                                                                Device(config)# end
                                                                 

                                                                Returns to privileged EXEC mode.

                                                                 
                                                                Step 5 show mac-address-table aging-time


                                                                Example:
                                                                Device# show mac-address-table aging-time
                                                                 

                                                                Verifies the MAC address table.

                                                                 

                                                                Configuring Cisco Discovery Protocol

                                                                Enabling Cisco Discovery Protocol

                                                                To enable Cisco Discovery Protocol (CDP) globally, use the following commands.

                                                                SUMMARY STEPS

                                                                  1.    enable

                                                                  2.    configure terminal

                                                                  3.    cdp run

                                                                  4.    end

                                                                  5.    show cdp


                                                                DETAILED STEPS
                                                                   Command or ActionPurpose
                                                                  Step 1enable


                                                                  Example:
                                                                  Device> enable
                                                                   

                                                                  Enables privileged EXEC mode.

                                                                  • Enter your password if prompted.
                                                                   
                                                                  Step 2configure terminal


                                                                  Example:
                                                                  Device# configure terminal
                                                                   

                                                                  Enters global configuration mode.

                                                                   
                                                                  Step 3cdp run


                                                                  Example:
                                                                  Device(config)# cdp run
                                                                   

                                                                  Enables CDP globally.

                                                                   
                                                                  Step 4end


                                                                  Example:
                                                                  Device(config)# end
                                                                   

                                                                  Returns to privileged EXEC mode.

                                                                   
                                                                  Step 5show cdp


                                                                  Example:
                                                                  Device# show cdp 
                                                                   

                                                                  Verifies the CDP configuration.

                                                                   

                                                                  Enabling CDP on an Interface

                                                                  Perform this task to enable CDP on an interface.

                                                                  SUMMARY STEPS

                                                                    1.    enable

                                                                    2.    configure terminal

                                                                    3.    interface {ethernet | fastethernet} interface-id

                                                                    4.    cdp enable

                                                                    5.    end

                                                                    6.    show cdp interface interface-id

                                                                    7.    show cdp neighbors


                                                                  DETAILED STEPS
                                                                     Command or ActionPurpose
                                                                    Step 1 enable


                                                                    Example:
                                                                    Device> enable
                                                                     

                                                                    Enables privileged EXEC mode.

                                                                    • Enter your password if prompted.
                                                                     
                                                                    Step 2 configure terminal


                                                                    Example:
                                                                    Device# configure terminal
                                                                     

                                                                    Enters global configuration mode.

                                                                     
                                                                    Step 3 interface {ethernet | fastethernet} interface-id


                                                                    Example:
                                                                    Device(config)# interface fastethernet 0/1/1
                                                                     

                                                                    Selects an interface and enters interface configuration mode.

                                                                    • Enter the interface number.
                                                                     
                                                                    Step 4 cdp enable


                                                                    Example:
                                                                    Device(config-if)# cdp enable
                                                                     

                                                                    Enables CDP globally.

                                                                     
                                                                    Step 5 end


                                                                    Example:
                                                                    Device(config-if)# end
                                                                     

                                                                    Exits interface configuration mode.

                                                                     
                                                                    Step 6 show cdp interface interface-id


                                                                    Example:
                                                                    Device# show cdp interface
                                                                     

                                                                    Verifies the CDP configuration on the interface.

                                                                     
                                                                    Step 7 show cdp neighbors


                                                                    Example:
                                                                    Device# show cdp neighbors
                                                                     

                                                                    Verifies the information about the neighboring equipment.

                                                                     

                                                                    Monitoring and Maintaining CDP

                                                                    Perform this task to monitor and maintain CDP on your device.

                                                                    SUMMARY STEPS

                                                                      1.    enable

                                                                      2.    clear cdp counter s

                                                                      3.    clear cdp table

                                                                      4.    show cdp

                                                                      5.    show cdp entry entry-name [protocol | version]

                                                                      6.    show cdp interface interface-id

                                                                      7.    show cdp neighbors interface-id [detail]

                                                                      8.    show cdp traffic


                                                                    DETAILED STEPS
                                                                       Command or ActionPurpose
                                                                      Step 1 enable


                                                                      Example:
                                                                      Device> enable
                                                                       

                                                                      Enables privileged EXEC mode.

                                                                      • Enter your password if prompted.
                                                                       
                                                                      Step 2 clear cdp counter s


                                                                      Example:
                                                                      Device# clear cdp counters
                                                                       

                                                                      (Optional) Resets the traffic counters to zero.

                                                                       
                                                                      Step 3 clear cdp table


                                                                      Example:
                                                                      Device# clear cdp table
                                                                       

                                                                      (Optional) Deletes the CDP table of information about neighbors.

                                                                       
                                                                      Step 4 show cdp


                                                                      Example:
                                                                      Device# show cdp
                                                                       

                                                                      (Optional) Verifies global information such as frequency of transmissions and the holdtime for packets being transmitted.

                                                                       
                                                                      Step 5 show cdp entry entry-name [protocol | version]


                                                                      Example:
                                                                      Device# show cdp entry newentry
                                                                       

                                                                      (Optional) Verifies information about a specific neighbor.

                                                                      • The display can be limited to protocol or version information.
                                                                       
                                                                      Step 6 show cdp interface interface-id


                                                                      Example:
                                                                      Device# show cdp interface 0/1/1
                                                                       

                                                                      (Optional) Verifies information about interfaces on which CDP is enabled.

                                                                      • Enter the interface number.
                                                                       
                                                                      Step 7 show cdp neighbors interface-id [detail]


                                                                      Example:
                                                                      Device# show cdp neighbors 0/1/1 
                                                                       

                                                                      (Optional) Verifies information about neighbors.

                                                                      • The display can be limited to neighbors on a specific interface and can be expanded to provide more detailed information.
                                                                       
                                                                      Step 8 show cdp traffic


                                                                      Example:
                                                                      Device# show cdp traffic
                                                                       

                                                                      (Optional) Verifies CDP counters, including the number of packets sent and received, and checksum errors.

                                                                       

                                                                      Configuring the Switched Port Analyzer (SPAN)


                                                                      Note


                                                                      An EtherSwitch HWIC supports only one SPAN session. Either Tx or both Tx and Rx monitoring is supported.


                                                                      Configuring the SPAN Sources

                                                                      Perform the following task to configure the source for a SPAN session.

                                                                      SUMMARY STEPS

                                                                        1.    enable

                                                                        2.    configure terminal

                                                                        3.    monitor session 1 {source interface interface-id | vlan vlan-id} [, | - | rx | tx | both]


                                                                      DETAILED STEPS
                                                                         Command or ActionPurpose
                                                                        Step 1enable


                                                                        Example:
                                                                        Device> enable
                                                                         

                                                                        Enables privileged EXEC mode.

                                                                        • Enter your password if prompted.
                                                                         
                                                                        Step 2configure terminal


                                                                        Example:
                                                                        Device# configure terminal
                                                                         

                                                                        Enters global configuration mode.

                                                                         
                                                                        Step 3monitor session 1 {source interface interface-id | vlan vlan-id} [, | - | rx | tx | both]


                                                                        Example:
                                                                        Device(config)# monitor session 1 source interface fastethernet 0/3/1
                                                                         

                                                                        Specifies the SPAN session (number 1), the source interfaces or VLANs, and the traffic direction to be monitored.

                                                                        • The example shows how to configure the SPAN session to monitor bidirectional traffic from source interface Fast Ethernet 0/3/1.
                                                                         

                                                                        Configuring SPAN Destinations

                                                                        Perform this task to configure the destination for a SPAN session.

                                                                        SUMMARY STEPS

                                                                          1.    enable

                                                                          2.    configure terminal

                                                                          3.    monitor session session-id {destination {interface interface-id} | {vlan vlan-id}} [, | - | rx | tx | both]

                                                                          4.    end


                                                                        DETAILED STEPS
                                                                           Command or ActionPurpose
                                                                          Step 1 enable


                                                                          Example:
                                                                          Device> enable
                                                                           

                                                                          Enables privileged EXEC mode.

                                                                          • Enter your password if prompted.
                                                                           
                                                                          Step 2 configure terminal


                                                                          Example:
                                                                          Device# configure terminal
                                                                           

                                                                          Enters global configuration mode.

                                                                           
                                                                          Step 3 monitor session session-id {destination {interface interface-id} | {vlan vlan-id}} [, | - | rx | tx | both]


                                                                          Example:
                                                                          Device(config)# monitor session 1 source interface fastethernet 0/3/1
                                                                           

                                                                          Specifies the SPAN session (number 1), the source interfaces or VLANs, and the traffic direction to be monitored.

                                                                          • The example shows how to configure the SPAN session to monitor bidirectional traffic from source interface Fast Ethernet 0/3/1.
                                                                           
                                                                          Step 4 end


                                                                          Example:
                                                                          Device(config)# end
                                                                           

                                                                          Exits global configuration mode.

                                                                           

                                                                          Configuring Power Management on the Interface

                                                                          The HWICs can supply inline power to a Cisco 7960 IP phone, if necessary. The Cisco 7960 IP phone can also be connected to an AC power source and supply its own power to the voice circuit. When the Cisco 7960 IP phone is supplying its own power, an HWICs can forward IP voice traffic to and from the phone.

                                                                          A detection mechanism on the HWIC determines whether the device is connected to a Cisco 7960 IP phone. If the device senses that there is no power on the circuit, the device supplies the power. If there is power on the circuit, the device does not supply it.

                                                                          You can configure the device never to supply power to the Cisco 7960 IP phone and to disable the detection mechanism.

                                                                          Follow these steps to manage the powering of the Cisco IP phones.

                                                                          SUMMARY STEPS

                                                                            1.    enable

                                                                            2.    configure terminal

                                                                            3.    interface fastethernet interface-id

                                                                            4.    power inline {auto | never}

                                                                            5.    end

                                                                            6.    show power inline


                                                                          DETAILED STEPS
                                                                             Command or ActionPurpose
                                                                            Step 1enable


                                                                            Example:
                                                                            Device> enable
                                                                             

                                                                            Enables privileged EXEC mode.

                                                                            • Enter your password if prompted.
                                                                             
                                                                            Step 2configure terminal


                                                                            Example:
                                                                            Device# configure terminal
                                                                             

                                                                            Enters global configuration mode.

                                                                             
                                                                            Step 3interface fastethernet interface-id


                                                                            Example:
                                                                            Device(config)# interface fastethernet 0/3/1
                                                                             

                                                                            Selects a particular Fast Ethernet interface for configuration, and enters interface configuration mode.

                                                                            • Enter the interface number.
                                                                             
                                                                            Step 4power inline {auto | never}

                                                                            Example:
                                                                            Device(config-if)# power inline auto
                                                                             

                                                                            Configures the port to supply inline power automatically to a Cisco IP phone.

                                                                            • Use never to permanently disable inline power on the port.
                                                                             
                                                                            Step 5end


                                                                            Example:
                                                                            Device(config-if)# end
                                                                             

                                                                            Returns to privileged EXEC mode.

                                                                             
                                                                            Step 6show power inline


                                                                            Example:
                                                                            Device# show power inline
                                                                             

                                                                            Displays power configuration on the ports.

                                                                             

                                                                            Configuring IP Multicast Layer 3 Switching

                                                                            Enabling IP Multicast Routing Globally

                                                                            You must enable IP multicast routing globally before you can enable IP multicast Layer 3 switching on Layer 3 interfaces.

                                                                            For complete information and procedures, see the following publications:


                                                                            Note


                                                                            See the Cisco command reference listing page for protocol-specific command references.


                                                                            Perform the following task to enable IP multicast routing globally.

                                                                            SUMMARY STEPS

                                                                              1.    enable

                                                                              2.    configure terminal

                                                                              3.    ip multicast-routing


                                                                            DETAILED STEPS
                                                                               Command or ActionPurpose
                                                                              Step 1enable


                                                                              Example:
                                                                              Device> enable
                                                                               

                                                                              Enables privileged EXEC mode.

                                                                              • Enter your password if prompted.
                                                                               
                                                                              Step 2configure terminal


                                                                              Example:
                                                                              Device# configure terminal
                                                                               

                                                                              Enters global configuration mode.

                                                                               
                                                                              Step 3ip multicast-routing


                                                                              Example:
                                                                              Device(config)# ip multicast-routing
                                                                               

                                                                              Enables IP multicast routing globally.

                                                                               

                                                                              Enabling IP Protocol-Independent Multicast (PIM) on Layer 3 Interfaces

                                                                              You must enable protocol-independent multicast (PIM) on the Layer 3 interfaces before enabling IP multicast Layer 3 switching functions on those interfaces.

                                                                              Perform this task to enable IP PIM on a Layer 3 interface.

                                                                              SUMMARY STEPS

                                                                                1.    enable

                                                                                2.    configure terminal

                                                                                3.    interface vlan vlan-id

                                                                                4.    ip pim {dense-mode | sparse-mode | sparse-dense-mode}


                                                                              DETAILED STEPS
                                                                                 Command or ActionPurpose
                                                                                Step 1 enable


                                                                                Example:
                                                                                Device> enable
                                                                                 

                                                                                Enables privileged EXEC mode.

                                                                                • Enter your password if prompted.
                                                                                 
                                                                                Step 2 configure terminal


                                                                                Example:
                                                                                Device# configure terminal
                                                                                 

                                                                                Enters global configuration mode.

                                                                                 
                                                                                Step 3 interface vlan vlan-id


                                                                                Example:
                                                                                Device(config)# interface vlan 1
                                                                                 

                                                                                Selects the interface to be configured and enters interface configuration mode.

                                                                                 
                                                                                Step 4 ip pim {dense-mode | sparse-mode | sparse-dense-mode}


                                                                                Example:
                                                                                Device(config-if)# ip pim sparse-dense mode
                                                                                 

                                                                                Enables IP PIM on a Layer 3 interface.

                                                                                 

                                                                                Verifying IP Multicast Layer 3 Hardware Switching Summary


                                                                                Note


                                                                                The show interface statistics command does not verify hardware-switched packets; only packets switched by software are verified.


                                                                                The show ip pim interface countcommand verifies the IP multicast Layer 3 switching enable state on IP PIM interfaces, and verifies the number of packets received and sent on the interface. Use the following show commands to verify IP multicast Layer 3 switching information for an IP PIM Layer 3 interface.
                                                                                SUMMARY STEPS

                                                                                  1.    Device# show ip pim interface count

                                                                                  2.    Device# show ip mroute count

                                                                                  3.    Device# show ip interface vlan 1


                                                                                DETAILED STEPS
                                                                                  Step 1   Device# show ip pim interface count

                                                                                  Example:
                                                                                  State:* - Fast Switched, D - Distributed Fast Switched
                                                                                        H - Hardware Switching Enabled
                                                                                  Address          Interface            FS  Mpackets In/Out
                                                                                  10.0.0.1         VLAN1                *   151/0
                                                                                  Device#
                                                                                  
                                                                                  Step 2   Device# show ip mroute count

                                                                                  Example:
                                                                                  IP Multicast Statistics
                                                                                  5 routes using 2728 bytes of memory
                                                                                  4 groups, 0.25 average sources per group
                                                                                  Forwarding Counts:Pkt Count/Pkts per second/Avg Pkt Size/Kilobits per second
                                                                                  Other counts:Total/RPF failed/Other drops(OIF-null, rate-limit etc)
                                                                                   
                                                                                  Group:209.165.200.225 Source count:1, Packets forwarded: 0, Packets received: 66
                                                                                    Source:10.0.0.2/32, Forwarding:0/0/0/0, Other:66/0/66
                                                                                  Group:209.165.200.226, Source count:0, Packets forwarded: 0, Packets received: 0
                                                                                  Group:209.165.200.227, Source count:0, Packets forwarded: 0, Packets received: 0
                                                                                  Group:209.165.200.228, Source count:0, Packets forwarded: 0, Packets received: 0
                                                                                  Device#
                                                                                  Note   

                                                                                  A negative counter means that the outgoing interface list of the corresponding entry is NULL, and this indicates that this flow is still active.

                                                                                  Step 3   Device# show ip interface vlan 1

                                                                                  Example:
                                                                                  Vlan1 is up, line protocol is up
                                                                                    Internet address is 10.0.0.1/24
                                                                                    Broadcast address is 209.165.201.1
                                                                                    Address determined by setup command
                                                                                    MTU is 1500 bytes
                                                                                    Helper address is not set
                                                                                    Directed broadcast forwarding is disabled
                                                                                    Multicast reserved groups joined:209.165.201.2 209.165.201.3 209.165.201.4 209.165.201.5
                                                                                    Outgoing access list is not set
                                                                                    Inbound  access list is not set
                                                                                    Proxy ARP is enabled
                                                                                    Local Proxy ARP is disabled
                                                                                    Security level is default
                                                                                    Split horizon is enabled
                                                                                    ICMP redirects are always sent
                                                                                    ICMP unreachables are always sent
                                                                                    ICMP mask replies are never sent
                                                                                    IP fast switching is enabled
                                                                                    IP fast switching on the same interface is disabled
                                                                                    IP Flow switching is disabled
                                                                                    IP CEF switching is enabled
                                                                                    IP CEF Fast switching turbo vector
                                                                                    IP multicast fast switching is enabled
                                                                                    IP multicast distributed fast switching is disabled
                                                                                    IP route-cache flags are Fast, CEF
                                                                                    Device Discovery is disabled
                                                                                    IP output packet accounting is disabled
                                                                                    IP access violation accounting is disabled
                                                                                    TCP/IP header compression is disabled
                                                                                    RTP/IP header compression is disabled
                                                                                    Policy routing is disabled
                                                                                    Network address translation is disabled
                                                                                    WCCP Redirect outbound is disabled
                                                                                    WCCP Redirect inbound is disabled
                                                                                    WCCP Redirect exclude is disabled
                                                                                    BGP Policy Mapping is disabled
                                                                                  Device#

                                                                                  Verifying the IP Multicast Routing Table

                                                                                  Use the show ip mroute command to verify the IP multicast routing table:

                                                                                  show ip mroute 224.10.103.10
                                                                                  IP Multicast Routing Table
                                                                                  Flags:D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
                                                                                         L - Local, P - Pruned, R - RP-bit set, F - Register flag,
                                                                                         T - SPT-bit set, J - Join SPT, M - MSDP created entry,
                                                                                         X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
                                                                                         U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel,
                                                                                         Y - Joined MDT-data group, y - Sending to MDT-data group
                                                                                  Outgoing interface flags:H - Hardware switched, A - Assert winner
                                                                                  Timers:Uptime/Expires
                                                                                  Interface state:Interface, Next-Hop or VCD, State/Mode
                                                                                  (*, 209.165.201.2), 00:09:21/00:02:56, RP 0.0.0.0, flags:DC
                                                                                    Incoming interface:Null, RPF nbr 0.0.0.0
                                                                                    Outgoing interface list:
                                                                                      Vlan1, Forward/Sparse-Dense, 00:09:21/00:00:00, H
                                                                                  Device#

                                                                                  Note


                                                                                  The RPF-MFD flag indicates that the flow is completely hardware switched. The H flag indicates that the flow is hardware switched on the outgoing interface.


                                                                                  Configuring IGMP Snooping

                                                                                  Enabling or Disabling IGMP Snooping

                                                                                  By default, IGMP snooping is globally enabled on the EtherSwitch HWIC. When globally enabled or disabled, it is enabled or disabled in all existing VLAN interfaces. By default, IGMP snooping is enabled on all VLANs, but it can be enabled and disabled on a per-VLAN basis.

                                                                                  Global IGMP snooping overrides the per-VLAN IGMP snooping capability. If global snooping is disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or disable snooping on a VLAN basis.

                                                                                  Perform this task to globally enable IGMP snooping on the EtherSwitch HWIC.

                                                                                  SUMMARY STEPS

                                                                                    1.    enable

                                                                                    2.    configure terminal

                                                                                    3.    ip igmp snooping

                                                                                    4.   

                                                                                    5.    ip igmp snooping vlan vlan-id

                                                                                    6.    end

                                                                                    7.    show ip igmp snooping

                                                                                    8.    copy running-config startup-config


                                                                                  DETAILED STEPS
                                                                                     Command or ActionPurpose
                                                                                    Step 1 enable


                                                                                    Example:
                                                                                    Device> enable
                                                                                     

                                                                                    Enables privileged EXEC mode.

                                                                                    • Enter your password if prompted.
                                                                                     
                                                                                    Step 2 configure terminal


                                                                                    Example:
                                                                                    Device# configure terminal
                                                                                     

                                                                                    Enters global configuration mode.

                                                                                     
                                                                                    Step 3 ip igmp snooping


                                                                                    Example:
                                                                                    Device(config)# ip igmp snooping
                                                                                     

                                                                                    Globally enables IGMP snooping in all existing VLAN interfaces.

                                                                                     
                                                                                    Step 4
                                                                                     

                                                                                     
                                                                                    Step 5 ip igmp snooping vlan vlan-id


                                                                                    Example:
                                                                                    Device(config)# ip igmp snooping vlan 100
                                                                                     

                                                                                    Globally enables IGMP snooping on a specific VLAN interface.

                                                                                    • Enter the VLAN number.
                                                                                     
                                                                                    Step 6 end


                                                                                    Example:
                                                                                    Device(config)# end
                                                                                     

                                                                                    Returns to privileged EXEC mode.

                                                                                     
                                                                                    Step 7 show ip igmp snooping


                                                                                    Example:
                                                                                    Device# show ip igmp snooping
                                                                                     

                                                                                    Displays snooping configuration.

                                                                                     
                                                                                    Step 8 copy running-config startup-config


                                                                                    Example:
                                                                                    Device# copy running-config startup-config
                                                                                     

                                                                                    (Optional) Saves your configuration to the startup configuration.

                                                                                     

                                                                                    Enabling IGMP Immediate-Leave Processing

                                                                                    When you enable IGMP Immediate-Leave processing, the EtherSwitch HWIC immediately removes a port from the IP multicast group when it detects an IGMP version 2 Leave message on that port. Immediate-Leave processing allows the device to remove an interface that sends a Leave message from the forwarding table without first sending out group-specific queries to the interface. You should use the Immediate-Leave feature only when there is only a single receiver present on every port in the VLAN.

                                                                                    Perform the following task to enable IGMP Immediate-Leave processing.

                                                                                    SUMMARY STEPS

                                                                                      1.    enable

                                                                                      2.    configure terminal

                                                                                      3.    ip igmp snooping vlan vlan-id immediate-leave

                                                                                      4.    end

                                                                                      5.    show ip igmp snooping

                                                                                      6.    copy running-config startup-config


                                                                                    DETAILED STEPS
                                                                                       Command or ActionPurpose
                                                                                      Step 1enable


                                                                                      Example:
                                                                                      Device> enable
                                                                                       

                                                                                      Enables privileged EXEC mode.

                                                                                      • Enter your password if prompted.
                                                                                       
                                                                                      Step 2configure terminal


                                                                                      Example:
                                                                                      Device# configure terminal
                                                                                       

                                                                                      Enters global configuration mode.

                                                                                       
                                                                                      Step 3ip igmp snooping vlan vlan-id immediate-leave


                                                                                      Example:
                                                                                      Device(config)# ip igmp snooping vlan 1 immediate-leave
                                                                                       

                                                                                      Enables IGMP Immediate-Leave processing on the VLAN interface.

                                                                                      • Enter the VLAN number.
                                                                                       
                                                                                      Step 4end


                                                                                      Example:
                                                                                      Device(config)# end
                                                                                       

                                                                                      Returns to privileged EXEC mode.

                                                                                       
                                                                                      Step 5show ip igmp snooping


                                                                                      Example:
                                                                                      Device# show ip igmp snooping
                                                                                       

                                                                                      Displays snooping configuration.

                                                                                       
                                                                                      Step 6copy running-config startup-config


                                                                                      Example:
                                                                                      Device# copy running-config startup-config
                                                                                       

                                                                                      (Optional) Saves your configuration to the startup configuration.

                                                                                       

                                                                                      Statically Configuring an Interface to Join a Group

                                                                                      Ports normally join multicast groups through the IGMP report message, but you can also statically configure a host on an interface.

                                                                                      Follow the steps below to add a port as a member of a multicast group.

                                                                                      SUMMARY STEPS

                                                                                        1.    enable

                                                                                        2.    configure terminal

                                                                                        3.    ip igmp snooping vlan vlan-id static mac-address interface interface-id

                                                                                        4.    end

                                                                                        5.    show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] [count]

                                                                                        6.    show ip igmp snooping

                                                                                        7.    copy running-config startup-config


                                                                                      DETAILED STEPS
                                                                                         Command or ActionPurpose
                                                                                        Step 1enable


                                                                                        Example:
                                                                                        Device> enable
                                                                                         

                                                                                        Enables privileged EXEC mode.

                                                                                        • Enter your password if prompted.
                                                                                         
                                                                                        Step 2configure terminal


                                                                                        Example:
                                                                                        Device# configure terminal
                                                                                         

                                                                                        Enters global configuration mode.

                                                                                         
                                                                                        Step 3ip igmp snooping vlan vlan-id static mac-address interface interface-id


                                                                                        Example:
                                                                                        Device(config)# ip igmp snooping vlan 1 static 0100.5e05.0505 interface FastEthernet0/1/1
                                                                                         

                                                                                        Enables IGMP snooping on the VLAN interface.

                                                                                         
                                                                                        Step 4end


                                                                                        Example:
                                                                                        Device(config)# end
                                                                                         

                                                                                        Returns to privileged EXEC mode.

                                                                                         
                                                                                        Step 5show mac-address-table multicast [vlan vlan-id] [user | igmp-snooping] [count]

                                                                                        Example:
                                                                                        Device# show mac-address-table multicast vlan 1 igmp-snooping
                                                                                         

                                                                                        Displays MAC address table entries for a VLAN.

                                                                                        • vlan-id is the multicast group VLAN ID.
                                                                                        • user displays only the user-configured multicast entries.
                                                                                        • igmp-snooping displays entries learned via IGMP snooping.
                                                                                        • count displays only the total number of entries for the selected criteria, not the actual entries.
                                                                                         
                                                                                        Step 6show ip igmp snooping


                                                                                        Example:
                                                                                        Device# show ip igmp snooping
                                                                                         

                                                                                        Displays snooping configuration.

                                                                                         
                                                                                        Step 7copy running-config startup-config


                                                                                        Example:
                                                                                        Device# copy running-config startup-config
                                                                                         

                                                                                        (Optional) Saves your configuration to the startup configuration.

                                                                                         

                                                                                        Configuring a Multicast Device Port

                                                                                        Perform this task to enable a static connection to a multicast device.

                                                                                        SUMMARY STEPS

                                                                                          1.    enable

                                                                                          2.    configure terminal

                                                                                          3.    ip igmp snooping vlan vlan-id mrouter {interface interface-id | learn pim-dvmrp}

                                                                                          4.    end

                                                                                          5.    show ip igmp snooping

                                                                                          6.    show ip igmp snooping mrouter [vlan vlan-id]

                                                                                          7.    copy running-config startup-config


                                                                                        DETAILED STEPS
                                                                                           Command or ActionPurpose
                                                                                          Step 1 enable


                                                                                          Example:
                                                                                          Device> enable
                                                                                           

                                                                                          Enables privileged EXEC mode.

                                                                                          • Enter your password if prompted.
                                                                                           
                                                                                          Step 2 configure terminal


                                                                                          Example:
                                                                                          Device# configure terminal
                                                                                           

                                                                                          Enters global configuration mode.

                                                                                           
                                                                                          Step 3 ip igmp snooping vlan vlan-id mrouter {interface interface-id | learn pim-dvmrp}


                                                                                          Example:
                                                                                          Device(config)# ip igmp snooping vlan1 interface Fa0/1/1 learn pim-dvmrp
                                                                                           

                                                                                          Enables IGMP snooping on the VLAN interface and enables route discovery.

                                                                                           
                                                                                          Step 4 end


                                                                                          Example:
                                                                                          Device(config)# end
                                                                                           

                                                                                          Returns to privileged EXEC mode.

                                                                                           
                                                                                          Step 5 show ip igmp snooping


                                                                                          Example:
                                                                                          Device# show ip igmp snooping
                                                                                           

                                                                                          (Optional) Displays snooping configuration.

                                                                                           
                                                                                          Step 6 show ip igmp snooping mrouter [vlan vlan-id]


                                                                                          Example:
                                                                                          Device# show ip igmp snooping mroute vlan vlan1
                                                                                           

                                                                                          (Optional) Displays Mroute discovery information.

                                                                                           
                                                                                          Step 7 copy running-config startup-config


                                                                                          Example:
                                                                                          Device# copy running-config startup-config
                                                                                           

                                                                                          (Optional) Saves your configuration to the startup configuration.

                                                                                           

                                                                                          Configuring Per-Port Storm Control

                                                                                          You can use these techniques to block the forwarding of unnecessary flooded traffic.

                                                                                          By default, unicast, broadcast, and multicast suppression is disabled.

                                                                                          Enabling Per-Port Storm Control

                                                                                          Perform this task to enable a per-port storm control.

                                                                                          SUMMARY STEPS

                                                                                            1.    enable

                                                                                            2.    configure terminal

                                                                                            3.    interface interface-type interface-number

                                                                                            4.    storm-control {broadcast | multicast | unicast} level level

                                                                                            5.    storm-control action shutdown

                                                                                            6.    storm-control action trap

                                                                                            7.    end

                                                                                            8.    show interfaces interface-type interface-number counters storm-control


                                                                                          DETAILED STEPS
                                                                                             Command or ActionPurpose
                                                                                            Step 1 enable


                                                                                            Example:
                                                                                            Device> enable
                                                                                             

                                                                                            Enables privileged EXEC mode.

                                                                                            • Enter your password if prompted.
                                                                                             
                                                                                            Step 2 configure terminal


                                                                                            Example:
                                                                                            Device# configure terminal
                                                                                             

                                                                                            Enters global configuration mode.

                                                                                             
                                                                                            Step 3 interface interface-type interface-number


                                                                                            Example:
                                                                                            Device(config)# interface fastethernet 0/3/1
                                                                                             

                                                                                            Specifies the port to configure, and enters interface configuration mode.

                                                                                            • Enter the interface type and interface number.

                                                                                             
                                                                                            Step 4 storm-control {broadcast | multicast | unicast} level level


                                                                                            Example:
                                                                                            Device(config-if)# storm-control broadcast level 7
                                                                                             

                                                                                            Configures broadcast, multicast, or unicast per-port storm control.

                                                                                            • Specify the rising suppression level for either broadcast, multicast, or unicast traffic. The storm control action occurs when traffic utilization reaches this level.
                                                                                             
                                                                                            Step 5 storm-control action shutdown


                                                                                            Example:
                                                                                            Device(config-if)# storm-control action shutdown
                                                                                             

                                                                                            Selects the shutdown keyword to disable the port during a storm.

                                                                                            • The default is to filter out the traffic.
                                                                                             
                                                                                            Step 6 storm-control action trap


                                                                                            Example:
                                                                                            Device(config-if)# storm-control action trap
                                                                                             

                                                                                            Sends Simple Management Network Protocol (SNMP) trap to disable the port during a storm.

                                                                                            • The default is to filter out the traffic.
                                                                                             
                                                                                            Step 7 end


                                                                                            Example:
                                                                                            Device(config-if)# end
                                                                                             

                                                                                            Returns to privileged EXEC mode.

                                                                                             
                                                                                            Step 8 show interfaces interface-type interface-number counters storm-control


                                                                                            Example:
                                                                                            Device# show interfaces fastethernet 0/3/1 counters storm-control 
                                                                                             

                                                                                            (Optional) Verifies your entries.

                                                                                             
                                                                                            What to Do Next


                                                                                            Note


                                                                                            If any type of traffic exceeds the upper threshold limit, all other traffic will be stopped.


                                                                                            Disabling Per-Port Storm Control

                                                                                            Perform this task to disable a per-port storm control.

                                                                                            SUMMARY STEPS

                                                                                              1.    enable

                                                                                              2.    configure terminal

                                                                                              3.    interface interface-type interface-number

                                                                                              4.    no storm-control {broadcast | multicast| unicast} level level

                                                                                              5.    no storm-control action shutdown

                                                                                              6.    no storm-control action trap

                                                                                              7.    end

                                                                                              8.    show interfaces interface-type interface-number counters storm-control


                                                                                            DETAILED STEPS
                                                                                               Command or ActionPurpose
                                                                                              Step 1 enable


                                                                                              Example:
                                                                                              Device> enable
                                                                                               

                                                                                              Enables privileged EXEC mode.

                                                                                              • Enter your password if prompted.
                                                                                               
                                                                                              Step 2 configure terminal


                                                                                              Example:
                                                                                              Device# configure terminal
                                                                                               

                                                                                              Enters global configuration mode.

                                                                                               
                                                                                              Step 3 interface interface-type interface-number


                                                                                              Example:
                                                                                              Device(config)# interface fastethernet 0/3/1
                                                                                               

                                                                                              Specifies the interface and enters interface configuration mode.

                                                                                              • Enter the interface type and interface number.
                                                                                               
                                                                                              Step 4 no storm-control {broadcast | multicast| unicast} level level


                                                                                              Example:
                                                                                              Device(config-if)# no storm-control broadcast level 7
                                                                                               

                                                                                              Disables per-port storm control.

                                                                                               
                                                                                              Step 5 no storm-control action shutdown


                                                                                              Example:
                                                                                              Device(config-if)# no storm-control action shutdown
                                                                                               

                                                                                              Disables the specified storm control action.

                                                                                               
                                                                                              Step 6 no storm-control action trap


                                                                                              Example:
                                                                                              Device(config-if)# no storm-control action trap
                                                                                               

                                                                                              Disables the specified storm control action.

                                                                                               
                                                                                              Step 7 end


                                                                                              Example:
                                                                                              Device(config-if)# end
                                                                                               

                                                                                              Returns to privileged EXEC mode.

                                                                                               
                                                                                              Step 8 show interfaces interface-type interface-number counters storm-control


                                                                                              Example:
                                                                                              Device# show interfaces fastethernet 0/3/1 counters storm-control 
                                                                                               

                                                                                              (Optional) Verifies your entries.

                                                                                               

                                                                                              Configuring Stacking

                                                                                              Stacking is the connection of two device modules resident in the same chassis so that they behave as a single device. When a chassis is populated with two device modules, the user must configure to operate in stacked mode. This is done by selecting one port from each device module and configuring it to be a stacking partner. The user must then use a cable to connect the stacking partners from each device module to physically stack the device modules. Any one port in a device module can be designated as the stacking partner for that device module.

                                                                                              Perform this task to configure a pair of ports on two different device modules as stacking partners.

                                                                                              SUMMARY STEPS

                                                                                                1.    enable

                                                                                                2.    configure terminal

                                                                                                3.    interface fastethernet interface-id

                                                                                                4.    no shutdown

                                                                                                5.    switchport stacking-partner interface fastethernet partner-interface-id

                                                                                                6.    exit

                                                                                                7.    interface fastethernet partner-interface-id

                                                                                                8.    no shutdown

                                                                                                9.    end


                                                                                              DETAILED STEPS
                                                                                                 Command or ActionPurpose
                                                                                                Step 1 enable


                                                                                                Example:
                                                                                                Device> enable
                                                                                                 

                                                                                                Enables privileged EXEC mode.

                                                                                                • Enter your password if prompted.
                                                                                                 
                                                                                                Step 2 configure terminal


                                                                                                Example:
                                                                                                Device# configure terminal
                                                                                                 

                                                                                                Enters global configuration mode.

                                                                                                 
                                                                                                Step 3 interface fastethernet interface-id


                                                                                                Example:
                                                                                                Device(config)# interface fastethernet 0/3/1
                                                                                                 

                                                                                                Enters interface configuration mode.

                                                                                                • Enter the interface number.
                                                                                                 
                                                                                                Step 4 no shutdown


                                                                                                Example:
                                                                                                Device(config-if)# no shutdown
                                                                                                 

                                                                                                Activates the interface.

                                                                                                • This step is required only if you shut down the interface.
                                                                                                 
                                                                                                Step 5 switchport stacking-partner interface fastethernet partner-interface-id


                                                                                                Example:
                                                                                                Device(config-if)# switchport stacking-partner interface FastEthernet partner-interface-id
                                                                                                 

                                                                                                Selects and configures the stacking partner port.

                                                                                                • Enter the partner interface number.
                                                                                                • To restore the defaults, use the no form of this command.
                                                                                                 
                                                                                                Step 6 exit


                                                                                                Example:
                                                                                                Device(config-if)# exit
                                                                                                 

                                                                                                Returns to privileged configuration mode.

                                                                                                 
                                                                                                Step 7 interface fastethernet partner-interface-id


                                                                                                Example:
                                                                                                Device# interface fastethernet 0/3/1
                                                                                                 

                                                                                                Specifies the partner-interface, and enters interface configuration mode.

                                                                                                • Enter the partner interface number.
                                                                                                 
                                                                                                Step 8 no shutdown


                                                                                                Example:
                                                                                                Device(config-if)# no shutdown
                                                                                                 

                                                                                                Activates the stacking partner interface.

                                                                                                 
                                                                                                Step 9 end


                                                                                                Example:
                                                                                                Device(config-if)# end
                                                                                                 

                                                                                                Exits configuration mode.

                                                                                                 
                                                                                                What to Do Next


                                                                                                Note


                                                                                                Both stacking partner ports must have their speed and duplex parameters set to auto.



                                                                                                Caution


                                                                                                If stacking is removed, stacked interfaces will shutdown. Other nonstacked ports will be left unchanged.


                                                                                                Configuring Fallback Bridging

                                                                                                The table below shows the default fallback bridging configuration.

                                                                                                Table 2 Default Fallback Bridging Configuration

                                                                                                Feature

                                                                                                Default Setting

                                                                                                Bridge groups

                                                                                                None are defined or assigned to an interface. No VLAN-bridge STP is defined.

                                                                                                Device forwards frames for stations that it has dynamically learned

                                                                                                Enabled.

                                                                                                Bridge table aging time for dynamic entries

                                                                                                300 seconds.

                                                                                                MAC-layer frame filtering

                                                                                                Disabled.

                                                                                                Spanning tree parameters:

                                                                                                • Device priority
                                                                                                • Interface priority
                                                                                                • Interface path cost
                                                                                                • Hello BPDU interval
                                                                                                • Forward-delay interval
                                                                                                • Maximum idle interval

                                                                                                • 32768
                                                                                                • 128
                                                                                                • 10 Mbps: 100 100 Mbps: 19 1000 Mbps: 4
                                                                                                • 2 seconds
                                                                                                • 20 seconds
                                                                                                • 30 seconds

                                                                                                Creating a Bridge Group

                                                                                                To configure fallback bridging for a set of switched virtual interfaces (SVIs), these interfaces must be assigned to bridge groups. All interfaces in the same group belong to the same bridge domain. Each SVI can be assigned to only one bridge group.

                                                                                                Perform this task to create a bridge group and assign an interface to it.

                                                                                                SUMMARY STEPS

                                                                                                  1.    enable

                                                                                                  2.    configure terminal

                                                                                                  3.    no ip routing

                                                                                                  4.    bridge bridge-group protocol vlan-bridge

                                                                                                  5.    interface interface-type interface-number

                                                                                                  6.    bridge-group bridge-group

                                                                                                  7.    end

                                                                                                  8.    show vlan-bridge

                                                                                                  9.    show running-config

                                                                                                  10.    copy running-config startup-config


                                                                                                DETAILED STEPS
                                                                                                   Command or ActionPurpose
                                                                                                  Step 1 enable


                                                                                                  Example:
                                                                                                  Device> enable
                                                                                                   

                                                                                                  Enables privileged EXEC mode.

                                                                                                  • Enter your password if prompted.
                                                                                                   
                                                                                                  Step 2 configure terminal


                                                                                                  Example:
                                                                                                  Device# configure terminal
                                                                                                   

                                                                                                  Enters global configuration mode.

                                                                                                   
                                                                                                  Step 3 no ip routing


                                                                                                  Example:
                                                                                                  Device(config)# no ip routing
                                                                                                   

                                                                                                  Disables IP routing.

                                                                                                   
                                                                                                  Step 4 bridge bridge-group protocol vlan-bridge


                                                                                                  Example:
                                                                                                  Device(config)# bridge 100 protocol vlan-bridge
                                                                                                   

                                                                                                  Assigns a bridge group number and specifies the VLAN-bridge spanning-tree protocol to run in the bridge group.

                                                                                                  • The ibm and dec keywords are not supported.
                                                                                                  • For bridge-group, specify the bridge group number. The range is from 1 to 255.
                                                                                                  • Frames are bridged only among interfaces in the same group.
                                                                                                   
                                                                                                  Step 5 interface interface-type interface-number


                                                                                                  Example:
                                                                                                  Device(config)# interface vlan 0/3/1
                                                                                                   

                                                                                                  Specifies the interface on which you want to assign the bridge group, and enters interface configuration mode.

                                                                                                  • The specified interface must be an SVI: a VLAN interface that you created by using the interface vlan vlan-id global configuration command.
                                                                                                  • These ports must have IP addresses assigned to them.
                                                                                                   
                                                                                                  Step 6 bridge-group bridge-group


                                                                                                  Example:
                                                                                                  Device(config-if)# bridge-group 100
                                                                                                   

                                                                                                  Assigns the interface to the bridge group.

                                                                                                  • By default, the interface is not assigned to any bridge group. An interface can be assigned to only one bridge group.
                                                                                                   
                                                                                                  Step 7 end


                                                                                                  Example:
                                                                                                  Device(config-if)# end
                                                                                                   

                                                                                                  Returns to privileged EXEC mode.

                                                                                                   
                                                                                                  Step 8 show vlan-bridge


                                                                                                  Example:
                                                                                                  Device# show vlan-bridge
                                                                                                   

                                                                                                  (Optional) Verifies forwarding mode.

                                                                                                   
                                                                                                  Step 9 show running-config


                                                                                                  Example:
                                                                                                  Device# show running-config
                                                                                                   

                                                                                                  (Optional) Verifies your entries.

                                                                                                   
                                                                                                  Step 10 copy running-config startup-config


                                                                                                  Example:
                                                                                                  Device# copy running-config startup-config
                                                                                                   

                                                                                                  (Optional) Saves your entries in the configuration file.

                                                                                                   

                                                                                                  Preventing the Forwarding of Dynamically Learned Stations

                                                                                                  By default, the device forwards any frames for stations that it has dynamically learned. When this activity is disabled, the device only forwards frames whose addresses have been statically configured into the forwarding cache.

                                                                                                  Perform this task to prevent the device from forwarding frames for stations that it has dynamically learned.

                                                                                                  SUMMARY STEPS

                                                                                                    1.    enable

                                                                                                    2.    configure terminal

                                                                                                    3.    no bridge bridge-group acquire

                                                                                                    4.    end

                                                                                                    5.    show running-config

                                                                                                    6.    copy running-config startup-config


                                                                                                  DETAILED STEPS
                                                                                                     Command or ActionPurpose
                                                                                                    Step 1 enable


                                                                                                    Example:
                                                                                                    Device> enable
                                                                                                     

                                                                                                    Enables privileged EXEC mode.

                                                                                                    • Enter your password if prompted.
                                                                                                     
                                                                                                    Step 2 configure terminal


                                                                                                    Example:
                                                                                                    Device# configure terminal
                                                                                                     

                                                                                                    Enters global configuration mode.

                                                                                                     
                                                                                                    Step 3 no bridge bridge-group acquire


                                                                                                    Example:
                                                                                                    
                                                                                                     
                                                                                                    		  


                                                                                                    Example:
                                                                                                    Device(config)# no bridge 100 acquire
                                                                                                     

                                                                                                    Enables the device to stop forwarding any frames for stations that it has dynamically learned through the discovery process and to limit frame forwarding to statically configured stations.

                                                                                                    • The device filters all frames except those whose destined-to addresses have been statically configured into the forwarding cache. To configure a static address, use the bridge bridge-group address mac-address {forward | discard} global configuration command.
                                                                                                    • For bridge-group, specify the bridge group number. The range is 1 to 255.
                                                                                                     
                                                                                                    Step 4 end


                                                                                                    Example:
                                                                                                    Device(config)# end
                                                                                                     

                                                                                                    Returns to privileged EXEC mode.

                                                                                                     
                                                                                                    Step 5 show running-config


                                                                                                    Example:
                                                                                                    Device# show running-config
                                                                                                     

                                                                                                    (Optional) Verifies your entry.

                                                                                                     
                                                                                                    Step 6 copy running-config startup-config


                                                                                                    Example:
                                                                                                    Device# copy running-config startup-config
                                                                                                     

                                                                                                    (Optional) Saves your entry in the configuration file.

                                                                                                     

                                                                                                    Configuring the Bridge Table Aging Time

                                                                                                    A device forwards, floods, or drops packets based on the bridge table. The bridge table maintains both static and dynamic entries. Static entries are entered by the user. Dynamic entries are entered by the bridge learning process. A dynamic entry is automatically removed after a specified length of time, known as aging time, from the time the entry was created or last updated.

                                                                                                    If you are likely to move hosts on a switched network, decrease the aging time to enable the device to quickly adapt to the change. If hosts on a switched network do not continuously send packets, increase the aging time to keep the dynamic entries for a longer time and thus reduce the possibility of flooding when the hosts send again.

                                                                                                    Perform this task to configure the aging time.

                                                                                                    SUMMARY STEPS

                                                                                                      1.    enable

                                                                                                      2.    configure terminal

                                                                                                      3.    bridge bridge-group aging-time seconds

                                                                                                      4.    end

                                                                                                      5.    show running-config

                                                                                                      6.    copy running-config startup-config


                                                                                                    DETAILED STEPS
                                                                                                       Command or ActionPurpose
                                                                                                      Step 1 enable


                                                                                                      Example:
                                                                                                      Device> enable
                                                                                                       

                                                                                                      Enables privileged EXEC mode.

                                                                                                      • Enter your password if prompted.
                                                                                                       
                                                                                                      Step 2 configure terminal


                                                                                                      Example:
                                                                                                      Device# configure terminal
                                                                                                       

                                                                                                      Enters global configuration mode.

                                                                                                       
                                                                                                      Step 3 bridge bridge-group aging-time seconds


                                                                                                      Example:
                                                                                                      Device(config)# bridge 100 aging-time 10000
                                                                                                       

                                                                                                      Specifies the length of time that a dynamic entry remains in the bridge table from the time the entry was created or last updated.

                                                                                                      • For bridge-group, specify the bridge group number. The range is 1 to 255.
                                                                                                      • For seconds, enter a number from 0 to 1000000. The default is 300 seconds.
                                                                                                       
                                                                                                      Step 4 end


                                                                                                      Example:
                                                                                                      Device(config)# end
                                                                                                       

                                                                                                      Returns to privileged EXEC mode.

                                                                                                       
                                                                                                      Step 5 show running-config


                                                                                                      Example:
                                                                                                      Device# show running-config
                                                                                                       

                                                                                                      (Optional) Verifies your entry.

                                                                                                       
                                                                                                      Step 6 copy running-config startup-config


                                                                                                      Example:
                                                                                                      Device# copy running-config startup-config
                                                                                                       

                                                                                                      (Optional) Saves your entry in the configuration file.

                                                                                                       

                                                                                                      Filtering Frames by a Specific MAC Address

                                                                                                      A device examines frames and sends them through the internetwork according to the destination address; a device does not forward a frame back to its originating network segment. You can use the software to configure specific administrative filters that filter frames based on information other than the paths to their destinations.

                                                                                                      You can filter frames with a particular MAC-layer station destination address. Any number of addresses can be configured in the system without a performance penalty.

                                                                                                      Perform this task to filter by the MAC-layer address.

                                                                                                      SUMMARY STEPS

                                                                                                        1.    enable

                                                                                                        2.    configure terminal

                                                                                                        3.    bridge bridge-group address mac-address {forward | discard} [interface-id]

                                                                                                        4.    end

                                                                                                        5.    show running-config

                                                                                                        6.    copy running-config startup-config


                                                                                                      DETAILED STEPS
                                                                                                         Command or ActionPurpose
                                                                                                        Step 1 enable


                                                                                                        Example:
                                                                                                        Device> enable
                                                                                                         

                                                                                                        Enables privileged EXEC mode.

                                                                                                        • Enter your password if prompted.
                                                                                                         
                                                                                                        Step 2 configure terminal


                                                                                                        Example:
                                                                                                        Device# configure terminal
                                                                                                         

                                                                                                        Enters global configuration mode.

                                                                                                         
                                                                                                        Step 3 bridge bridge-group address mac-address {forward | discard} [interface-id]


                                                                                                        Example:
                                                                                                        
                                                                                                         
                                                                                                        		  


                                                                                                        Example:
                                                                                                        Device(config)# bridge 1 address 0800.cb00.45e9 forward ethernet 1
                                                                                                         

                                                                                                        Filters frames with a particular MAC-layer station source or destination address.

                                                                                                        • Enter the bridge-group number (the range is 1 to 255), the MAC address and the forward or discard keywords.

                                                                                                         
                                                                                                        Step 4 end


                                                                                                        Example:
                                                                                                        Device(config)# end
                                                                                                         

                                                                                                        Returns to privileged EXEC mode.

                                                                                                         
                                                                                                        Step 5 show running-config


                                                                                                        Example:
                                                                                                        Device# show running-config
                                                                                                         

                                                                                                        (Optional) Verifies your entry.

                                                                                                         
                                                                                                        Step 6 copy running-config startup-config


                                                                                                        Example:
                                                                                                        Device# copy running-config startup-config
                                                                                                         

                                                                                                        (Optional) Saves your entry in the configuration file.

                                                                                                         

                                                                                                        Adjusting Spanning-Tree Parameters

                                                                                                        You might need to adjust certain spanning-tree parameters if the default values are not suitable for your device configuration. Parameters affecting the entire spanning tree are configured with variations of the bridge global configuration command. Interface-specific parameters are configured with variations of the bridge-group interface configuration command.

                                                                                                        You can adjust spanning-tree parameters by performing any of the tasks in these sections:

                                                                                                        • Changing the Device Priority, page 67
                                                                                                        • Changing the Interface Priority, page 68
                                                                                                        • Assigning a Path Cost, page 69
                                                                                                        • Adjusting BPDU Intervals, page 71
                                                                                                        • Adjusting the Interval Between Hello BPDUs, page 71
                                                                                                        • Changing the Forward-Delay Interval, page 72
                                                                                                        • Changing the Maximum-Idle Interval, page 73
                                                                                                        • Disabling the Spanning Tree on an Interface, page 74

                                                                                                        Note


                                                                                                        Only network administrators with a good understanding of how devices and STP function should make adjustments to spanning-tree parameters. Poorly planned adjustments can have a negative impact on performance.


                                                                                                        Changing the Device Priority

                                                                                                        You can globally configure the priority of an individual device when two devices tie for position as the root device, or you can configure the likelihood that a device will be selected as the root device. This priority is determined by default; however, you can change it.

                                                                                                        Perform this task to change the device priority.

                                                                                                        SUMMARY STEPS

                                                                                                          1.    enable

                                                                                                          2.    configure terminal

                                                                                                          3.    bridge bridge-group priority number

                                                                                                          4.    end

                                                                                                          5.    show running-config

                                                                                                          6.    copy running-config startup-config


                                                                                                        DETAILED STEPS
                                                                                                           Command or ActionPurpose
                                                                                                          Step 1 enable


                                                                                                          Example:
                                                                                                          Device> enable
                                                                                                           

                                                                                                          Enables privileged EXEC mode.

                                                                                                          • Enter your password if prompted.
                                                                                                           
                                                                                                          Step 2 configure terminal


                                                                                                          Example:
                                                                                                          Device# configure terminal
                                                                                                           

                                                                                                          Enters global configuration mode.

                                                                                                           
                                                                                                          Step 3 bridge bridge-group priority number


                                                                                                          Example:
                                                                                                          Device(config)# bridge 100 priority 5
                                                                                                           

                                                                                                          Changes the priority of the device.

                                                                                                          • For bridge-group, specify the bridge group number. The range is 1 to 255.
                                                                                                          • For number, enter a number from 0 to 65535. The default is 32768. The lower the number, the more likely the device will be chosen as the root.
                                                                                                           
                                                                                                          Step 4 end


                                                                                                          Example:
                                                                                                          Device(config)# end
                                                                                                           

                                                                                                          Returns to privileged EXEC mode.

                                                                                                           
                                                                                                          Step 5 show running-config


                                                                                                          Example:
                                                                                                          Device# show running-config
                                                                                                           

                                                                                                          Verifies your entry.

                                                                                                           
                                                                                                          Step 6 copy running-config startup-config


                                                                                                          Example:
                                                                                                          Device# copy running-config startup-config
                                                                                                           

                                                                                                          (Optional) Saves your entry in the configuration file.

                                                                                                           
                                                                                                          Changing the Interface Priority

                                                                                                          You can change the priority for an interface. When two devices tie for position as the root device, you configure an interface priority to break the tie. The device with the lower interface value is elected.

                                                                                                          Perform this task to change the interface priority.

                                                                                                          SUMMARY STEPS

                                                                                                            1.    enable

                                                                                                            2.    configure terminal

                                                                                                            3.    interface interface-type interface-number

                                                                                                            4.    bridge bridge-group priority number

                                                                                                            5.    end

                                                                                                            6.    show running-config

                                                                                                            7.    copy running-config startup-config


                                                                                                          DETAILED STEPS
                                                                                                             Command or ActionPurpose
                                                                                                            Step 1 enable


                                                                                                            Example:
                                                                                                            Device> enable
                                                                                                             

                                                                                                            Enables privileged EXEC mode.

                                                                                                            • Enter your password if prompted.
                                                                                                             
                                                                                                            Step 2 configure terminal


                                                                                                            Example:
                                                                                                            Device# configure terminal
                                                                                                             

                                                                                                            Enters global configuration mode.

                                                                                                             
                                                                                                            Step 3 interface interface-type interface-number


                                                                                                            Example:
                                                                                                            Device(config)# interface fastethernet 0/3/1
                                                                                                             

                                                                                                            Specifies the interface to set the priority, and enters interface configuration mode.

                                                                                                            • Enter the interface type and interface number.
                                                                                                             
                                                                                                            Step 4 bridge bridge-group priority number


                                                                                                            Example:
                                                                                                            Device(config-if)# bridge 100 priority 4
                                                                                                             

                                                                                                            Changes the priority of the bridge.

                                                                                                            • Enter the bridge-group number and the priority number.
                                                                                                             
                                                                                                            Step 5 end


                                                                                                            Example:
                                                                                                            Device(config-if)# end
                                                                                                             

                                                                                                            Returns to privileged EXEC mode.

                                                                                                             
                                                                                                            Step 6 show running-config


                                                                                                            Example:
                                                                                                            Device# show running-config
                                                                                                             

                                                                                                            (Optional) Verifies your entry.

                                                                                                             
                                                                                                            Step 7 copy running-config startup-config


                                                                                                            Example:
                                                                                                            Device# copy running-config startup-config
                                                                                                             

                                                                                                            (Optional) Saves your entry in the configuration file.

                                                                                                             
                                                                                                            Assigning a Path Cost

                                                                                                            Each interface has a path cost associated with it. By convention, the path cost is 1000/data rate of the attached LAN, in Mbps.

                                                                                                            Perform this task to assign a path cost.

                                                                                                            SUMMARY STEPS

                                                                                                              1.    enable

                                                                                                              2.    configure terminal

                                                                                                              3.    interface interface-type interface-number

                                                                                                              4.    bridge bridge-group path-costs cost

                                                                                                              5.    end

                                                                                                              6.    show running-config

                                                                                                              7.    copy running-config startup-config


                                                                                                            DETAILED STEPS
                                                                                                               Command or ActionPurpose
                                                                                                              Step 1 enable


                                                                                                              Example:
                                                                                                              Device> enable
                                                                                                               

                                                                                                              Enables privileged EXEC mode.

                                                                                                              • Enter your password if prompted.
                                                                                                               
                                                                                                              Step 2 configure terminal


                                                                                                              Example:
                                                                                                              Device# configure terminal
                                                                                                               

                                                                                                              Enters global configuration mode.

                                                                                                               
                                                                                                              Step 3 interface interface-type interface-number


                                                                                                              Example:
                                                                                                              Device(config)# interface fastethernet 0/3/1
                                                                                                               

                                                                                                              Specifies the interface to set the priority and enters interface configuration mode.

                                                                                                              • Enter the interface type and interface number.

                                                                                                               
                                                                                                              Step 4 bridge bridge-group path-costs cost


                                                                                                              Example:
                                                                                                              Device(config-if)# bridge 100 pathcost 4
                                                                                                               

                                                                                                              Changes the path cost.

                                                                                                              • Enter the bridge-group number and cost.
                                                                                                               
                                                                                                              Step 5 end


                                                                                                              Example:
                                                                                                              Device(config-if)# end
                                                                                                               

                                                                                                              Returns to privileged EXEC mode.

                                                                                                               
                                                                                                              Step 6 show running-config


                                                                                                              Example:
                                                                                                              Device# show running-config
                                                                                                               

                                                                                                              (Optional) Verifies your entry.

                                                                                                               
                                                                                                              Step 7 copy running-config startup-config


                                                                                                              Example:
                                                                                                              Device# copy running-config startup-config
                                                                                                               

                                                                                                              (Optional) Saves your entry in the configuration file.

                                                                                                               

                                                                                                              Adjusting BPDU Intervals

                                                                                                              You can adjust bridge protocol data unit (BPDU) intervals as described in these sections:

                                                                                                              • Adjusting the Interval Between Hello BPDUs, page 71 (optional)
                                                                                                              • Changing the Forward-Delay Interval, page 72 (optional)
                                                                                                              • Changing the Maximum-Idle Interval, page 73 (optional)

                                                                                                              Note


                                                                                                              Each device in a spanning tree adopts the interval between hello BPDUs, the forward delay interval, and the maximum idle interval parameters of the root device, regardless of what its individual configuration might be.


                                                                                                              Adjusting the Interval Between Hello BPDUs

                                                                                                              Perform this task to adjust the interval between hello BPDUs.

                                                                                                              SUMMARY STEPS

                                                                                                                1.    enable

                                                                                                                2.    configure terminal

                                                                                                                3.    bridge bridge-group hello-time seconds

                                                                                                                4.    end

                                                                                                                5.    show running-config

                                                                                                                6.    copy running-config startup-config


                                                                                                              DETAILED STEPS
                                                                                                                 Command or ActionPurpose
                                                                                                                Step 1 enable


                                                                                                                Example:
                                                                                                                Device> enable
                                                                                                                 

                                                                                                                Enables privileged EXEC mode.

                                                                                                                • Enter your password if prompted.
                                                                                                                 
                                                                                                                Step 2 configure terminal


                                                                                                                Example:
                                                                                                                Device# configure terminal
                                                                                                                 

                                                                                                                Enters global configuration mode.

                                                                                                                 
                                                                                                                Step 3 bridge bridge-group hello-time seconds


                                                                                                                Example:
                                                                                                                Device(config)# bridge 100 hello-time 5
                                                                                                                 

                                                                                                                Specifies the interval between hello BPDUs.

                                                                                                                • For bridge-group, specify the bridge group number. The range is 1 to 255.
                                                                                                                • For seconds, enter a number from 1 to 10. The default is 2 seconds.
                                                                                                                 
                                                                                                                Step 4 end


                                                                                                                Example:
                                                                                                                Device(config)# end
                                                                                                                 

                                                                                                                Returns to privileged EXEC mode.

                                                                                                                 
                                                                                                                Step 5 show running-config


                                                                                                                Example:
                                                                                                                Device# show running-config
                                                                                                                 

                                                                                                                (Optional) Verifies your entry.

                                                                                                                 
                                                                                                                Step 6 copy running-config startup-config


                                                                                                                Example:
                                                                                                                Device# copy running-config startup-config
                                                                                                                 

                                                                                                                (Optional) Saves your entry in the configuration file.

                                                                                                                 
                                                                                                                Changing the Forward-Delay Interval

                                                                                                                The forward-delay interval is the amount of time spent listening for topology change information after an interface has been activated for switching and before forwarding actually begins.

                                                                                                                Perform this task to change the forward-delay interval.

                                                                                                                SUMMARY STEPS

                                                                                                                  1.    enable

                                                                                                                  2.    configure terminal

                                                                                                                  3.    bridge bridge-group forward-time seconds

                                                                                                                  4.    end

                                                                                                                  5.    show running-config

                                                                                                                  6.    copy running-config startup-config


                                                                                                                DETAILED STEPS
                                                                                                                   Command or ActionPurpose
                                                                                                                  Step 1 enable


                                                                                                                  Example:
                                                                                                                  Device> enable
                                                                                                                   

                                                                                                                  Enables privileged EXEC mode.

                                                                                                                  • Enter your password if prompted.
                                                                                                                   
                                                                                                                  Step 2 configure terminal


                                                                                                                  Example:
                                                                                                                  Device# configure terminal
                                                                                                                   

                                                                                                                  Enters global configuration mode.

                                                                                                                   
                                                                                                                  Step 3 bridge bridge-group forward-time seconds


                                                                                                                  Example:
                                                                                                                  Device(config)# bridge 100 forward-time 25
                                                                                                                   

                                                                                                                  Specifies the forward-delay interval.

                                                                                                                  • For bridge-group, specify the bridge group number. The range is 1 to 255.
                                                                                                                  • For seconds, enter a number from 10 to 200. The default is 20 seconds.
                                                                                                                   
                                                                                                                  Step 4 end


                                                                                                                  Example:
                                                                                                                  Device(config)# end
                                                                                                                   

                                                                                                                  Returns to privileged EXEC mode.

                                                                                                                   
                                                                                                                  Step 5 show running-config


                                                                                                                  Example:
                                                                                                                  Device# show running-config
                                                                                                                   

                                                                                                                  (Optional) Verifies your entry.

                                                                                                                   
                                                                                                                  Step 6 copy running-config startup-config


                                                                                                                  Example:
                                                                                                                  Device# copy running-config startup-config
                                                                                                                   

                                                                                                                  (Optional) Saves your entry in the configuration file.

                                                                                                                   
                                                                                                                  Changing the Maximum-Idle Interval

                                                                                                                  If a device does not hear BPDUs from the root device within a specified interval, it recomputes the spanning-tree topology.

                                                                                                                  Perform this task to change the maximum-idle interval (maximum aging time).

                                                                                                                  SUMMARY STEPS

                                                                                                                    1.    enable

                                                                                                                    2.    configure terminal

                                                                                                                    3.    bridge bridge-group max-age seconds

                                                                                                                    4.    end

                                                                                                                    5.    show running-config

                                                                                                                    6.    copy running-config startup-config


                                                                                                                  DETAILED STEPS
                                                                                                                     Command or ActionPurpose
                                                                                                                    Step 1 enable


                                                                                                                    Example:
                                                                                                                    Device> enable
                                                                                                                     

                                                                                                                    Enables privileged EXEC mode.

                                                                                                                    • Enter your password if prompted.
                                                                                                                     
                                                                                                                    Step 2 configure terminal


                                                                                                                    Example:
                                                                                                                    Device# configure terminal
                                                                                                                     

                                                                                                                    Enters global configuration mode.

                                                                                                                     
                                                                                                                    Step 3 bridge bridge-group max-age seconds


                                                                                                                    Example:
                                                                                                                    Device(config)# bridge 100 forward-time 25
                                                                                                                     

                                                                                                                    Specifies the interval the device waits to hear BPDUs from the root device.

                                                                                                                    • For bridge-group, specify the bridge group number. The range is 1 to 255.
                                                                                                                    • For seconds, enter a number from 10 to 200. The default is 30 seconds.
                                                                                                                     
                                                                                                                    Step 4 end


                                                                                                                    Example:
                                                                                                                    Device(config)# end
                                                                                                                     

                                                                                                                    Returns to privileged EXEC mode.

                                                                                                                     
                                                                                                                    Step 5 show running-config


                                                                                                                    Example:
                                                                                                                    Device# show running-config
                                                                                                                     

                                                                                                                    (Optional) Verifies your entry.

                                                                                                                     
                                                                                                                    Step 6 copy running-config startup-config


                                                                                                                    Example:
                                                                                                                    Device# copy running-config startup-config
                                                                                                                     

                                                                                                                    (Optional) Saves your entry in the configuration file.

                                                                                                                     
                                                                                                                    Disabling the Spanning Tree on an Interface

                                                                                                                    When a loop-free path exists between any two switched subnetworks, you can prevent BPDUs generated in one switching subnetwork from impacting devices in the other switching subnetwork, yet still permit switching throughout the network as a whole. For example, when switched LAN subnetworks are separated by a WAN, BPDUs can be prevented from traveling across the WAN link.

                                                                                                                    Perform this task to disable spanning tree on an interface.

                                                                                                                    SUMMARY STEPS

                                                                                                                      1.    enable

                                                                                                                      2.    configure terminal

                                                                                                                      3.    interface interface-type interface-number

                                                                                                                      4.    bridge-group bridge-group spanning-disabled

                                                                                                                      5.    end

                                                                                                                      6.    show running-config

                                                                                                                      7.    copy running-config startup-config


                                                                                                                    DETAILED STEPS
                                                                                                                       Command or ActionPurpose
                                                                                                                      Step 1 enable


                                                                                                                      Example:
                                                                                                                      Device> enable
                                                                                                                       

                                                                                                                      Enables privileged EXEC mode.

                                                                                                                      • Enter your password if prompted.
                                                                                                                       
                                                                                                                      Step 2 configure terminal


                                                                                                                      Example:
                                                                                                                      Device# configure terminal
                                                                                                                       

                                                                                                                      Enters global configuration mode.

                                                                                                                       
                                                                                                                      Step 3 interface interface-type interface-number


                                                                                                                      Example:
                                                                                                                      Device(config)# interface fastethernet 0/3/1
                                                                                                                       

                                                                                                                      Specifies the interface to set the priority and enters interface configuration mode.

                                                                                                                      • Enter the interface type and interface number.
                                                                                                                       
                                                                                                                      Step 4 bridge-group bridge-group spanning-disabled


                                                                                                                      Example:
                                                                                                                      Device(config-if)# bridge 100 spanning-disabled
                                                                                                                       

                                                                                                                      Disables spanning tree on the interface.

                                                                                                                      • For bridge-group, specify the bridge group number. The range is 1 to 255.

                                                                                                                       
                                                                                                                      Step 5 end


                                                                                                                      Example:
                                                                                                                      Device(config-if)# end
                                                                                                                       

                                                                                                                      Returns to privileged EXEC mode.

                                                                                                                       
                                                                                                                      Step 6 show running-config


                                                                                                                      Example:
                                                                                                                      Device# show running-config
                                                                                                                       

                                                                                                                      (Optional) Verifies your entry.

                                                                                                                       
                                                                                                                      Step 7 copy running-config startup-config


                                                                                                                      Example:
                                                                                                                      Device# copy running-config startup-config
                                                                                                                       

                                                                                                                      (Optional) Saves your entry in the configuration file.

                                                                                                                       

                                                                                                                      Monitoring and Maintaining the Network

                                                                                                                      Perform this task to monitor and maintain the network.

                                                                                                                      SUMMARY STEPS

                                                                                                                        1.    enable

                                                                                                                        2.    clear bridge bridge-group

                                                                                                                        3.    show bridge

                                                                                                                        4.    end


                                                                                                                      DETAILED STEPS
                                                                                                                         Command or ActionPurpose
                                                                                                                        Step 1 enable


                                                                                                                        Example:
                                                                                                                        Device> enable
                                                                                                                         

                                                                                                                        Enables privileged EXEC mode.

                                                                                                                        • Enter your password if prompted.
                                                                                                                         
                                                                                                                        Step 2 clear bridge bridge-group


                                                                                                                        Example:
                                                                                                                        Device# clear bridge bridge1
                                                                                                                         

                                                                                                                        (Optional) Removes any learned entries from the forwarding database and clears the transmit and receive counts for any statically configured entries.

                                                                                                                        • Enter the number of the bridge group.
                                                                                                                         
                                                                                                                        Step 3 show bridge


                                                                                                                        Example:
                                                                                                                        Device# show bridge
                                                                                                                         

                                                                                                                        (Optional) Displays classes of entries in the bridge forwarding database.

                                                                                                                         
                                                                                                                        Step 4 end


                                                                                                                        Example:
                                                                                                                        Device# end
                                                                                                                         

                                                                                                                        (Optional) Exits privileged EXEC mode.

                                                                                                                         

                                                                                                                        Configuring Separate Voice and Data Subnets

                                                                                                                        The HWICs can automatically configure voice VLANs. This capability overcomes the management complexity of overlaying a voice topology onto a data network while maintaining the quality of voice traffic. With the automatically configured voice VLAN feature, network administrators can segment phones into separate logical networks, even though the data and voice infrastructure is physically the same. The voice VLAN feature places the phones into their own VLANs without the need for end-user intervention. A user can plug the phone into the device, which provides with the necessary VLAN information.

                                                                                                                        For ease of network administration and increased scalability, network managers can configure the HWICs to support Cisco IP phones such that the voice and data traffic reside on separate subnets. You should always use separate VLANs when you are able to segment the existing IP address space of your branch office.

                                                                                                                        User priority bits in the 802.1p portion of the 802.1Q standard header are used to provide prioritization in Ethernet devices. This is a vital component in designing Cisco AVVID networks.

                                                                                                                        The HWICs provides the performance and intelligent services of Cisco software for branch office applications. The HWICs can identify user applications--such as voice or multicast video--and classify traffic with the appropriate priority levels.

                                                                                                                        Follow these steps to automatically configure Cisco IP phones to send voice traffic on the voice VLAN ID (VVID) on a per-port basis (see the “Voice Traffic and VVID” section).

                                                                                                                        SUMMARY STEPS

                                                                                                                          1.    enable

                                                                                                                          2.    configure terminal

                                                                                                                          3.    interface interface-type interface-number

                                                                                                                          4.    switchport mode trunk

                                                                                                                          5.    switchport voice vlan vlan-id


                                                                                                                        DETAILED STEPS
                                                                                                                           Command or ActionPurpose
                                                                                                                          Step 1 enable


                                                                                                                          Example:
                                                                                                                          Device> enable
                                                                                                                           

                                                                                                                          Enables privileged EXEC mode.

                                                                                                                          • Enter your password if prompted.
                                                                                                                           
                                                                                                                          Step 2 configure terminal


                                                                                                                          Example:
                                                                                                                          Device# configure terminal
                                                                                                                           

                                                                                                                          Enters global configuration mode.

                                                                                                                           
                                                                                                                          Step 3 interface interface-type interface-number


                                                                                                                          Example:
                                                                                                                          Device(config)# 
                                                                                                                          interface fastethernet 0/2/1
                                                                                                                           

                                                                                                                          Specifies the port to be configured and enters interface configuration mode.

                                                                                                                          • Enter the interface type and interface number.
                                                                                                                           
                                                                                                                          Step 4 switchport mode trunk


                                                                                                                          Example:
                                                                                                                          Device(config-if)# 
                                                                                                                          switchport mode trunk
                                                                                                                           

                                                                                                                          Configures the port to trunk mode.

                                                                                                                           
                                                                                                                          Step 5 switchport voice vlan vlan-id


                                                                                                                          Example:
                                                                                                                          Device(config-if)# 
                                                                                                                          switchport voice vlan 100
                                                                                                                           

                                                                                                                          Configures the voice port with a VVID that will be used exclusively for voice traffic.

                                                                                                                          • Enter the VLAN number.
                                                                                                                           

                                                                                                                          Configuring a Single Subnet for Voice and Data

                                                                                                                          For network designs with incremental IP telephony deployment, network managers can configure the HWICs so that the voice and data traffic coexist on the same subnet. This might be necessary when it is impractical either to allocate an additional IP subnet for IP phones or to divide the existing IP address space into an additional subnet at the remote branch, it might be necessary to use a single IP address space for branch offices. (This is one of the simpler ways to deploy IP telephony.)

                                                                                                                          This configuration approach must address two key considerations:

                                                                                                                          • Network managers should ensure that existing subnets have enough available IP addresses for the new Cisco IP phones, each of which requires a unique IP address.
                                                                                                                          • Administering a network with a mix of IP phones and workstations on the same subnet might pose a challenge.

                                                                                                                          Perform this task to automatically configure Cisco IP phones to send voice and data traffic on the same VLAN.

                                                                                                                          SUMMARY STEPS

                                                                                                                            1.    enable

                                                                                                                            2.    configure terminal

                                                                                                                            3.    interface interface-type interface-number

                                                                                                                            4.    switchport access vlan vlan-id

                                                                                                                            5.    end


                                                                                                                          DETAILED STEPS
                                                                                                                             Command or ActionPurpose
                                                                                                                            Step 1 enable


                                                                                                                            Example:
                                                                                                                            Device> enable
                                                                                                                             

                                                                                                                            Enables privileged EXEC mode.

                                                                                                                            • Enter your password if prompted.
                                                                                                                             
                                                                                                                            Step 2 configure terminal


                                                                                                                            Example:
                                                                                                                            Device# configure terminal
                                                                                                                             

                                                                                                                            Enters global configuration mode.

                                                                                                                             
                                                                                                                            Step 3 interface interface-type interface-number


                                                                                                                            Example:
                                                                                                                            Device(config)# 
                                                                                                                            interface
                                                                                                                             fastethernet 
                                                                                                                            0/2/1
                                                                                                                             

                                                                                                                            Specifies the port to be configured, and enters interface configuration mode.

                                                                                                                            • Enter the interface type and interface number.

                                                                                                                             
                                                                                                                            Step 4 switchport access vlan vlan-id

                                                                                                                            Example:
                                                                                                                            Device(config-if)# 
                                                                                                                            switchport access vlan 100
                                                                                                                             

                                                                                                                            Sets the native VLAN for untagged traffic.

                                                                                                                            • The value of vlan-id represents the ID of the VLAN that is sending and receiving untagged traffic on the port. Valid IDs are from 1 to 1001. Leading zeroes are not permitted.
                                                                                                                             
                                                                                                                            Step 5 end


                                                                                                                            Example:
                                                                                                                            Device(config-if)# 
                                                                                                                            end
                                                                                                                             

                                                                                                                            Returns to privileged EXEC mode.

                                                                                                                             

                                                                                                                            Managing the EtherSwitch HWIC

                                                                                                                            Adding Trap Managers

                                                                                                                            A trap manager is a management station that receives and processes traps. When you configure a trap manager, community strings for each member device must be unique. If a member device has an IP address assigned to it, the management station accesses the device by using its assigned IP address.

                                                                                                                            By default, no trap manager is defined, and no traps are issued.

                                                                                                                            Perform this task to add a trap manager and community string.

                                                                                                                            SUMMARY STEPS

                                                                                                                              1.    enable

                                                                                                                              2.    configure terminal

                                                                                                                              3.    snmp-server host ip-address traps snmp vlan-membership

                                                                                                                              4.    end


                                                                                                                            DETAILED STEPS
                                                                                                                               Command or ActionPurpose
                                                                                                                              Step 1 enable


                                                                                                                              Example:
                                                                                                                              Device> enable
                                                                                                                               

                                                                                                                              Enables privileged EXEC mode.

                                                                                                                              • Enter your password if prompted.
                                                                                                                               
                                                                                                                              Step 2 configure terminal


                                                                                                                              Example:
                                                                                                                              Device# configure terminal
                                                                                                                               

                                                                                                                              Enters global configuration mode.

                                                                                                                               
                                                                                                                              Step 3 snmp-server host ip-address traps snmp vlan-membership


                                                                                                                              Example:
                                                                                                                              Device(config)# 
                                                                                                                              snmp-server host 172.16.128.263 traps1 snmp vlancommunity1
                                                                                                                               

                                                                                                                              Enters the trap manager IP address, community string, and the traps to generate.

                                                                                                                               
                                                                                                                              Step 4 end


                                                                                                                              Example:
                                                                                                                              Device(config)# end
                                                                                                                              
                                                                                                                               

                                                                                                                              Returns to privileged EXEC mode.

                                                                                                                               

                                                                                                                              Configuring IP Information

                                                                                                                              This section describes how to assign IP information on the HWICs. The following topics are included:

                                                                                                                              Assigning IP Information to the Device

                                                                                                                              You can use a BOOTP server to automatically assign IP information to the device; however, the BOOTP server must be set up in advance with a database of physical MAC addresses and corresponding IP addresses, subnet masks, and default gateway addresses. In addition, the device must be able to access the BOOTP server through one of its ports. At startup, a device without an IP address requests the information from the BOOTP server; the requested information is saved in the device running the configuration file. To ensure that the IP information is saved when the device is restarted, save the configuration by entering the write memory command in privileged EXEC mode.

                                                                                                                              You can change the information in these fields. The mask identifies the bits that denote the network number in the IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask. The broadcast address is reserved for sending messages to all hosts. The CPU sends traffic to an unknown IP address through the default gateway.

                                                                                                                              Perform this task to enter the IP information.

                                                                                                                              SUMMARY STEPS

                                                                                                                                1.    enable

                                                                                                                                2.    configure terminal

                                                                                                                                3.    interface interface-type interface-number

                                                                                                                                4.    ip address ip-address subnet-mask

                                                                                                                                5.    exit

                                                                                                                                6.    ip default-gateway ip-address

                                                                                                                                7.    end


                                                                                                                              DETAILED STEPS
                                                                                                                                 Command or ActionPurpose
                                                                                                                                Step 1 enable


                                                                                                                                Example:
                                                                                                                                Device> enable
                                                                                                                                 

                                                                                                                                Enables privileged EXEC mode.

                                                                                                                                • Enter your password if prompted.
                                                                                                                                 
                                                                                                                                Step 2 configure terminal


                                                                                                                                Example:
                                                                                                                                Device# configure terminal
                                                                                                                                 

                                                                                                                                Enters global configuration mode.

                                                                                                                                 
                                                                                                                                Step 3 interface interface-type interface-number


                                                                                                                                Example:
                                                                                                                                Device(config)# interface vlan 1
                                                                                                                                
                                                                                                                                 

                                                                                                                                Specifies the interface (in this case, the VLAN) to which the IP information is assigned and enters interface configuration mode.

                                                                                                                                • Enter the interface type and interface number.
                                                                                                                                • VLAN 1 is the management VLAN, but you can configure any VLAN from IDs 1 to 1001.
                                                                                                                                 
                                                                                                                                Step 4 ip address ip-address subnet-mask

                                                                                                                                Example:
                                                                                                                                Device(config-if)# ip address 192.168.2.10 255.255.255.255 
                                                                                                                                 

                                                                                                                                Specifies the IP address.

                                                                                                                                • Enter the IP address and subnet mask.
                                                                                                                                 
                                                                                                                                Step 5 exit


                                                                                                                                Example:
                                                                                                                                Device(config-if)# exit
                                                                                                                                 

                                                                                                                                Returns to global configuration mode.

                                                                                                                                 
                                                                                                                                Step 6 ip default-gateway ip-address

                                                                                                                                Example:
                                                                                                                                Device(config)# ip default-gateway 192.168.2.20
                                                                                                                                 

                                                                                                                                Sets the IP address of the default device.

                                                                                                                                • Enter the IP address of the default device.
                                                                                                                                 
                                                                                                                                Step 7 end


                                                                                                                                Example:
                                                                                                                                Device(config)# end
                                                                                                                                
                                                                                                                                 

                                                                                                                                Returns to privileged EXEC mode.

                                                                                                                                 
                                                                                                                                Removing IP Information From a Device

                                                                                                                                Use the following procedure to remove the IP information (such as an IP address) from a device.


                                                                                                                                Note


                                                                                                                                Using the no ip address command in interface configuration mode disables the IP protocol stack and removes the IP information. Cluster members without IP addresses rely on the IP protocol stack being enabled.


                                                                                                                                SUMMARY STEPS

                                                                                                                                  1.    enable

                                                                                                                                  2.    configure terminal

                                                                                                                                  3.    interface interface-type interface-number

                                                                                                                                  4.    no ip address

                                                                                                                                  5.    end


                                                                                                                                DETAILED STEPS
                                                                                                                                   Command or ActionPurpose
                                                                                                                                  Step 1 enable


                                                                                                                                  Example:
                                                                                                                                  Device> enable
                                                                                                                                   

                                                                                                                                  Enables privileged EXEC mode.

                                                                                                                                  • Enter your password if prompted.
                                                                                                                                   
                                                                                                                                  Step 2 configure terminal


                                                                                                                                  Example:
                                                                                                                                  Device# configure terminal
                                                                                                                                   

                                                                                                                                  Enters global configuration mode.

                                                                                                                                   
                                                                                                                                  Step 3 interface interface-type interface-number


                                                                                                                                  Example:
                                                                                                                                  Device(config)# interface vlan 1
                                                                                                                                  
                                                                                                                                   

                                                                                                                                  Specifies the interface (in this case, the VLAN) to which the IP information is assigned and enters interface configuration mode.

                                                                                                                                  • Enter the interface type and interface number.
                                                                                                                                  • VLAN 1 is the management VLAN, but you can configure any VLAN from IDs 1 to 1001.
                                                                                                                                   
                                                                                                                                  Step 4 no ip address


                                                                                                                                  Example:
                                                                                                                                  Device(config-if)# no ip address
                                                                                                                                  
                                                                                                                                   

                                                                                                                                  Removes the IP address and subnet mask.

                                                                                                                                   
                                                                                                                                  Step 5 end


                                                                                                                                  Example:
                                                                                                                                  Device(config-if)# end
                                                                                                                                   

                                                                                                                                  Returns to privileged EXEC mode.

                                                                                                                                   
                                                                                                                                  What to Do Next

                                                                                                                                  DANGER

                                                                                                                                  If you are removing the IP address through a telnet session, your connection to the device will be lost .

                                                                                                                                  Specifying a Domain Name and Configuring the DNS

                                                                                                                                  Each unique IP address can have a host name associated with it. The Cisco software maintains an EXEC mode and related Telnet support operations. This cache speeds the process of converting names to addresses.

                                                                                                                                  IP defines a hierarchical naming scheme that allows a device to be identified by its location or domain. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, the FTP system, for example, is identified as ftp.cisco.com.

                                                                                                                                  To track domain names, IP has defined the concept of a domain name server (DNS), the purpose of which is to hold a cache (or database) of names mapped to IP addresses. To map domain names to IP addresses, you must first identify the host names and then specify a name server and enable the DNS, the Internet’s global naming scheme that uniquely identifies network devices.

                                                                                                                                  Specifying the Domain Name

                                                                                                                                  You can specify a default domain name that the software uses to complete domain name requests. You can specify either a single domain name or a list of domain names. When you specify a domain name, any IP host name without a domain name has that domain name appended to it before being added to the host table.

                                                                                                                                  Specifying a Name Server

                                                                                                                                  You can specify up to six hosts that can function as a name server to supply name information for the DNS.

                                                                                                                                  Enabling the DNS

                                                                                                                                  If your network devices require connectivity with devices in networks for which you do not control name assignment, you can assign device names that uniquely identify your devices within the entire internetwork. The Internet’s global naming scheme, the DNS, accomplishes this task. This service is enabled by default.

                                                                                                                                  Enabling Switched Port Analyzer

                                                                                                                                  You can monitor traffic on a given port by forwarding incoming and outgoing traffic on the port to another port in the same VLAN. A Switched Port Analyzer (SPAN) cannot monitor ports in a different VLAN, and a SPAN port must be a static-access port. Any number of ports can be defined as SPAN ports, and any combination of ports can be monitored. SPAN is supported for up to 2 sessions.

                                                                                                                                  Perform this task to enable SPAN.

                                                                                                                                  SUMMARY STEPS

                                                                                                                                    1.    enable

                                                                                                                                    2.    configure terminal

                                                                                                                                    3.    monitor session session-id {destination | source} {interface | vlan interface-id | vlan-id}} [, | - | both | tx | rx]

                                                                                                                                    4.    end


                                                                                                                                  DETAILED STEPS
                                                                                                                                     Command or ActionPurpose
                                                                                                                                    Step 1 enable


                                                                                                                                    Example:
                                                                                                                                    Device> enable
                                                                                                                                     

                                                                                                                                    Enables privileged EXEC mode.

                                                                                                                                    • Enter your password if prompted.
                                                                                                                                     
                                                                                                                                    Step 2 configure terminal


                                                                                                                                    Example:
                                                                                                                                    Device# configure terminal
                                                                                                                                     

                                                                                                                                    Enters global configuration mode.

                                                                                                                                     
                                                                                                                                    Step 3 monitor session session-id {destination | source} {interface | vlan interface-id | vlan-id}} [, | - | both | tx | rx]


                                                                                                                                    Example:
                                                                                                                                    Device(config)# 
                                                                                                                                    monitor session session-id {destination | source} {interface | vlan interface-id | vlan-id}} [, | - | both | tx | rx]
                                                                                                                                     

                                                                                                                                    Enables port monitoring for a specific session (“number”).

                                                                                                                                    • Optionally, supply a SPAN destination interface and a source interface.
                                                                                                                                     
                                                                                                                                    Step 4 end


                                                                                                                                    Example:
                                                                                                                                    Device(config)# end
                                                                                                                                    
                                                                                                                                     

                                                                                                                                    Returns to privileged EXEC mode.

                                                                                                                                     
                                                                                                                                    Disabling SPAN

                                                                                                                                    Perform this task to disable SPAN.

                                                                                                                                    SUMMARY STEPS

                                                                                                                                      1.    enable

                                                                                                                                      2.    configure terminal

                                                                                                                                      3.    no monitor session session-id

                                                                                                                                      4.    end


                                                                                                                                    DETAILED STEPS
                                                                                                                                       Command or ActionPurpose
                                                                                                                                      Step 1 enable


                                                                                                                                      Example:
                                                                                                                                      Device> enable
                                                                                                                                       

                                                                                                                                      Enables privileged EXEC mode.

                                                                                                                                      • Enter your password if prompted.
                                                                                                                                       
                                                                                                                                      Step 2 configure terminal


                                                                                                                                      Example:
                                                                                                                                      Device# configure terminal
                                                                                                                                       

                                                                                                                                      Enters global configuration mode.

                                                                                                                                       
                                                                                                                                      Step 3 no monitor session session-id

                                                                                                                                      Example:
                                                                                                                                      Device(config)# no monitor session
                                                                                                                                       
                                                                                                                                      37
                                                                                                                                       

                                                                                                                                      Disables port monitoring for a specific session.

                                                                                                                                       
                                                                                                                                      Step 4 end


                                                                                                                                      Example:
                                                                                                                                      Device(config)# end
                                                                                                                                       

                                                                                                                                      Returns to privileged EXEC mode.

                                                                                                                                       

                                                                                                                                      Managing the ARP Table

                                                                                                                                      To communicate with a device (on Ethernet, for example), the software first must determine the 48-bit MAC or local data link address of that device. The process of determining the local data link address from an IP address is called address resolution.

                                                                                                                                      The Address Resolution Protocol (ARP) associates a host IP address with the corresponding media or MAC addresses and VLAN ID. Taking an IP address as input, ARP determines the associated MAC address. Once a MAC address is determined, the IP-MAC address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network. Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol (SNAP). By default, standard Ethernet-style ARP encapsulation (represented by the arpa keyword) is enabled on the IP interface.

                                                                                                                                      When you manually add entries to the ARP table by using the CLI, you must be aware that these entries do not age and must be manually removed.

                                                                                                                                      Managing the MAC Address Tables

                                                                                                                                      This section describes how to manage the MAC address tables on the HWICs. The following topics are included:

                                                                                                                                      • Understanding MAC Addresses and VLANs
                                                                                                                                      • Changing the Address Aging Time
                                                                                                                                      • Configuring the Aging Time

                                                                                                                                      The device uses the MAC address tables to forward traffic between ports. All MAC addresses in the address tables are associated with one or more ports. These MAC tables include the following types of addresses:

                                                                                                                                      • Dynamic address--A source MAC address that the device learns and then drops when it is not in use.
                                                                                                                                      • Secure address--A manually entered unicast address that is usually associated with a secured port. Secure addresses do not age.
                                                                                                                                      • Static address--A manually entered unicast or multicast address that does not age and that is not lost when the device resets.

                                                                                                                                      The address tables list the destination MAC address and the associated VLAN ID, module, and port number associated with the address. The following shows an example of a list of addresses as they would appear in the dynamic, secure, or static address table.

                                                                                                                                      Device# show mac-address-table
                                                                                                                                      Destination Address  Address Type  VLAN  Destination Port
                                                                                                                                      -------------------  ------------  ----  --------------------
                                                                                                                                      000a.000b.000c          Secure      1      FastEthernet0/1/8
                                                                                                                                      000d.e105.cc70          Self        1      Vlan1
                                                                                                                                      00aa.00bb.00cc          Static      1      FastEthernet0/1/0
                                                                                                                                      

                                                                                                                                      All addresses are associated with a VLAN. An address can exist in more than one VLAN and have different destinations in each. Multicast addresses, for example, could be forwarded to port 1 in VLAN 1 and ports 9, 10, and 11 in VLAN 5.

                                                                                                                                      Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. An address can be secure in one VLAN and dynamic in another. Addresses that are statically entered in one VLAN must be static addresses in all other VLANs.

                                                                                                                                      Dynamic addresses are source MAC addresses that the device learns and then drops when they are not in use. Use the Aging Time field to define how long the device retains unseen addresses in the table. This parameter applies to all VLANs.

                                                                                                                                      Setting too short an aging time can cause addresses to be prematurely removed from the table. Then when the device receives a packet for an unknown destination, it floods the packet to all ports in the same VLAN as the receiving port. This unnecessary flooding can impact performance. Setting too long an aging time can cause the address table to be filled with unused addresses; it can cause delays in establishing connectivity when a workstation is moved to a new port.

                                                                                                                                      Perform this task to configure the dynamic address table aging time.

                                                                                                                                      SUMMARY STEPS

                                                                                                                                        1.    enable

                                                                                                                                        2.    configure terminal

                                                                                                                                        3.    mac-address-table aging-time seconds

                                                                                                                                        4.    end


                                                                                                                                      DETAILED STEPS
                                                                                                                                         Command or ActionPurpose
                                                                                                                                        Step 1 enable


                                                                                                                                        Example:
                                                                                                                                        Device> enable
                                                                                                                                         

                                                                                                                                        Enables privileged EXEC mode.

                                                                                                                                        • Enter your password if prompted.
                                                                                                                                         
                                                                                                                                        Step 2 configure terminal


                                                                                                                                        Example:
                                                                                                                                        Device# configure terminal
                                                                                                                                         

                                                                                                                                        Enters global configuration mode.

                                                                                                                                         
                                                                                                                                        Step 3 mac-address-table aging-time seconds

                                                                                                                                        Example:
                                                                                                                                        Device(config)# mac-address-table aging-time 30000
                                                                                                                                         

                                                                                                                                        Enters the number of seconds that dynamic addresses are to be retained in the address table.

                                                                                                                                        • Valid entries are from 10 to 1000000.
                                                                                                                                         
                                                                                                                                        Step 4 end


                                                                                                                                        Example:
                                                                                                                                        Device(config)# end
                                                                                                                                         

                                                                                                                                        Returns to privileged EXEC mode.

                                                                                                                                         

                                                                                                                                        Removing Dynamic Addresses

                                                                                                                                        Follow these steps to remove a dynamic address entry.

                                                                                                                                        SUMMARY STEPS

                                                                                                                                          1.    enable

                                                                                                                                          2.    configure terminal

                                                                                                                                          3.    no mac-address-table dynamic hw-addr

                                                                                                                                          4.    end


                                                                                                                                        DETAILED STEPS
                                                                                                                                           Command or ActionPurpose
                                                                                                                                          Step 1 enable


                                                                                                                                          Example:
                                                                                                                                          Device> enable
                                                                                                                                           

                                                                                                                                          Enables privileged EXEC mode.

                                                                                                                                          • Enter your password if prompted.
                                                                                                                                           
                                                                                                                                          Step 2 configure terminal


                                                                                                                                          Example:
                                                                                                                                          Device# configure terminal
                                                                                                                                           

                                                                                                                                          Enters global configuration mode.

                                                                                                                                           
                                                                                                                                          Step 3 no mac-address-table dynamic hw-addr

                                                                                                                                          Example:
                                                                                                                                          Device(config)# no mac-address-table dynamic 0100.5e05.0505
                                                                                                                                           

                                                                                                                                          Enters the MAC address to be removed from dynamic MAC address table.

                                                                                                                                           
                                                                                                                                          Step 4 end


                                                                                                                                          Example:
                                                                                                                                          Device(config)# end
                                                                                                                                          
                                                                                                                                           

                                                                                                                                          Returns to privileged EXEC mode.

                                                                                                                                           

                                                                                                                                          Adding Secure Addresses

                                                                                                                                          The secure address table contains secure MAC addresses and their associated ports and VLANs. A secure address is a manually entered unicast address that is forwarded to only one port per VLAN. If you enter an address that is already assigned to another port, the device reassigns the secure address to the new port.

                                                                                                                                          You can enter a secure port address even when the port does not yet belong to a VLAN. When the port is later assigned to a VLAN, packets destined for that address are forwarded to the port.


                                                                                                                                          Note


                                                                                                                                          When you change the VLAN ID for a port that is configured with a secure MAC address, you must reconfigure the secure MAC address to reflect the new VLAN association.


                                                                                                                                          Perform this task to add a secure address.

                                                                                                                                          SUMMARY STEPS

                                                                                                                                            1.    enable

                                                                                                                                            2.    configure terminal

                                                                                                                                            3.    mac-address-table secure address hw-addr interface interface-idvlan vlan-id

                                                                                                                                            4.    end


                                                                                                                                          DETAILED STEPS
                                                                                                                                             Command or ActionPurpose
                                                                                                                                            Step 1 enable


                                                                                                                                            Example:
                                                                                                                                            Device> enable
                                                                                                                                             

                                                                                                                                            Enables privileged EXEC mode.

                                                                                                                                            • Enter your password if prompted.
                                                                                                                                             
                                                                                                                                            Step 2 configure terminal


                                                                                                                                            Example:
                                                                                                                                            Device# configure terminal
                                                                                                                                             

                                                                                                                                            Enters global configuration mode.

                                                                                                                                             
                                                                                                                                            Step 3 mac-address-table secure address hw-addr interface interface-idvlan vlan-id

                                                                                                                                            Example:
                                                                                                                                            Device(config)# 
                                                                                                                                            mac-address-table secure address 0100.5e05.0505 interface 0/3/1 vlan vlan 1
                                                                                                                                             

                                                                                                                                            Enters the MAC address, its associated port, and the VLAN ID.

                                                                                                                                             
                                                                                                                                            Step 4 end


                                                                                                                                            Example:
                                                                                                                                            Device(config)# end
                                                                                                                                             

                                                                                                                                            Returns to privileged EXEC mode.

                                                                                                                                             

                                                                                                                                            Removing a Secure Address

                                                                                                                                            Perform this task to remove a secure address.

                                                                                                                                            SUMMARY STEPS

                                                                                                                                              1.    enable

                                                                                                                                              2.    configure terminal

                                                                                                                                              3.    no mac-address-table secure hw-addr vlan vlan-id

                                                                                                                                              4.    end


                                                                                                                                            DETAILED STEPS
                                                                                                                                               Command or ActionPurpose
                                                                                                                                              Step 1 enable


                                                                                                                                              Example:
                                                                                                                                              Device> enable
                                                                                                                                               

                                                                                                                                              Enables privileged EXEC mode.

                                                                                                                                              • Enter your password if prompted.
                                                                                                                                               
                                                                                                                                              Step 2 configure terminal


                                                                                                                                              Example:
                                                                                                                                              Device# configure terminal
                                                                                                                                               

                                                                                                                                              Enters global configuration mode.

                                                                                                                                               
                                                                                                                                              Step 3 no mac-address-table secure hw-addr vlan vlan-id

                                                                                                                                              Example:
                                                                                                                                              Device(config)# no mac-address-table secure address 0100.5e05.0505 vlan vlan 1
                                                                                                                                               

                                                                                                                                              Enters the secure MAC address, its associated port, and the VLAN ID to be removed.

                                                                                                                                               
                                                                                                                                              Step 4 end


                                                                                                                                              Example:
                                                                                                                                              Device(config)# end
                                                                                                                                               

                                                                                                                                              Returns to privileged EXEC mode.

                                                                                                                                               

                                                                                                                                              Configuring Static Addresses

                                                                                                                                              A static address has the following characteristics:

                                                                                                                                              • It is manually entered in the address table and must be manually removed.
                                                                                                                                              • It can be a unicast or multicast address.
                                                                                                                                              • It does not age and is retained when the device restarts.

                                                                                                                                              Because all ports are associated with at least one VLAN, the device acquires the VLAN ID for the address from the ports that you select on the forwarding map. A static address in one VLAN must be a static address in other VLANs. A packet with a static address that arrives on a VLAN where it has not been statically entered is flooded to all ports and not learned.

                                                                                                                                              Perform this task to add a static address.

                                                                                                                                              SUMMARY STEPS

                                                                                                                                                1.    enable

                                                                                                                                                2.    configure terminal

                                                                                                                                                3.    mac-address-table static hw-addr [interface] interface-id [vlan] vlan-id

                                                                                                                                                4.    end


                                                                                                                                              DETAILED STEPS
                                                                                                                                                 Command or ActionPurpose
                                                                                                                                                Step 1 enable


                                                                                                                                                Example:
                                                                                                                                                Device> enable
                                                                                                                                                 

                                                                                                                                                Enables privileged EXEC mode.

                                                                                                                                                • Enter your password if prompted.
                                                                                                                                                 
                                                                                                                                                Step 2 configure terminal


                                                                                                                                                Example:
                                                                                                                                                Device# configure terminal
                                                                                                                                                 

                                                                                                                                                Enters global configuration mode.

                                                                                                                                                 
                                                                                                                                                Step 3 mac-address-table static hw-addr [interface] interface-id [vlan] vlan-id

                                                                                                                                                Example:
                                                                                                                                                Device(config)# 
                                                                                                                                                mac-address-table static 0100.5e05.0505 interface 0/3/1 vlan vlan 1
                                                                                                                                                 

                                                                                                                                                Enters the static MAC address, the interface, and the VLAN ID of those ports.

                                                                                                                                                 
                                                                                                                                                Step 4 end


                                                                                                                                                Example:
                                                                                                                                                Device(config)# end
                                                                                                                                                
                                                                                                                                                 

                                                                                                                                                Returns to privileged EXEC mode.

                                                                                                                                                 

                                                                                                                                                Removing a Static Address

                                                                                                                                                Follow these steps to remove a static address.

                                                                                                                                                SUMMARY STEPS

                                                                                                                                                  1.    enable

                                                                                                                                                  2.    configure terminal

                                                                                                                                                  3.    no mac-address-table static hw-addr [interface] interface-id [vlan] vlan-id

                                                                                                                                                  4.    end


                                                                                                                                                DETAILED STEPS
                                                                                                                                                   Command or ActionPurpose
                                                                                                                                                  Step 1 enable


                                                                                                                                                  Example:
                                                                                                                                                  Device> enable
                                                                                                                                                   

                                                                                                                                                  Enables privileged EXEC mode.

                                                                                                                                                  • Enter your password if prompted.
                                                                                                                                                   
                                                                                                                                                  Step 2 configure terminal


                                                                                                                                                  Example:
                                                                                                                                                  Device# configure terminal
                                                                                                                                                   

                                                                                                                                                  Enters global configuration mode.

                                                                                                                                                   
                                                                                                                                                  Step 3 no mac-address-table static hw-addr [interface] interface-id [vlan] vlan-id

                                                                                                                                                  Example:
                                                                                                                                                  Device(config)# 
                                                                                                                                                  no mac-address-table static 0100.5e05.0505 interface 0/3/1 vlan vlan 
                                                                                                                                                   

                                                                                                                                                  Enters the static MAC address, the interface, and the VLAN ID of the port to be removed.

                                                                                                                                                   
                                                                                                                                                  Step 4 end


                                                                                                                                                  Example:
                                                                                                                                                  Device(config)# end
                                                                                                                                                  
                                                                                                                                                   

                                                                                                                                                  Returns to privileged EXEC mode.

                                                                                                                                                   

                                                                                                                                                  Clearing All MAC Address Tables

                                                                                                                                                  Perform this task to remove all MAC address tables.

                                                                                                                                                  SUMMARY STEPS

                                                                                                                                                    1.    enable

                                                                                                                                                    2.    clear mac-address-table

                                                                                                                                                    3.    end


                                                                                                                                                  DETAILED STEPS
                                                                                                                                                     Command or ActionPurpose
                                                                                                                                                    Step 1 enable


                                                                                                                                                    Example:
                                                                                                                                                    Device> enable
                                                                                                                                                     

                                                                                                                                                    Enables privileged EXEC mode.

                                                                                                                                                    • Enter your password if prompted.
                                                                                                                                                     
                                                                                                                                                    Step 2 clear mac-address-table


                                                                                                                                                    Example:
                                                                                                                                                    Device# clear mac-address-table
                                                                                                                                                     

                                                                                                                                                    Clears all MAC address tables.

                                                                                                                                                     
                                                                                                                                                    Step 3 end


                                                                                                                                                    Example:
                                                                                                                                                    Device# end
                                                                                                                                                    
                                                                                                                                                     

                                                                                                                                                    Exits privileged EXEC mode.

                                                                                                                                                     

                                                                                                                                                    Configuration Examples for EtherSwitch HWICs

                                                                                                                                                    Range of Interface Examples

                                                                                                                                                    Example: Single Range Configuration

                                                                                                                                                    The following example shows all Fast Ethernet interfaces on an HWIC-4ESW in slot 2 being reenabled:

                                                                                                                                                    Device(config)# interface range fastethernet 0/3/0 - 8
                                                                                                                                                    Device(config-if-range)# no shutdown
                                                                                                                                                    Device(config-if-range)#
                                                                                                                                                    *Mar  21 14:01:21.474: %LINK-3-UPDOWN: Interface FastEthernet0/3/0, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.490: %LINK-3-UPDOWN: Interface FastEthernet0/3/1, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.502: %LINK-3-UPDOWN: Interface FastEthernet0/3/2, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.518: %LINK-3-UPDOWN: Interface FastEthernet0/3/3, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.534: %LINK-3-UPDOWN: Interface FastEthernet0/3/4, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.546: %LINK-3-UPDOWN: Interface FastEthernet0/3/5, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.562: %LINK-3-UPDOWN: Interface FastEthernet0/3/6, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.574: %LINK-3-UPDOWN: Interface FastEthernet0/3/7, changed state to up
                                                                                                                                                    *Mar  21 14:01:21.590: %LINK-3-UPDOWN: Interface FastEthernet0/3/8, changed state to up
                                                                                                                                                    Device(config-if-range)#

                                                                                                                                                    Example: Range Macro Definition

                                                                                                                                                    The following example shows how to define an interface-range macro named enet_list to select Fast Ethernet interfaces 0/1/0 through 0/1/3:

                                                                                                                                                    Device(config)# define interface-range enet_list fastethernet 0/1/0 - 0/1/3 
                                                                                                                                                    
                                                                                                                                                    

                                                                                                                                                    The following example shows how to define an interface-range configuration mode using the interface-range macro enet_list:

                                                                                                                                                    Device(config)# interface-range
                                                                                                                                                      macro
                                                                                                                                                     enet_list
                                                                                                                                                     

                                                                                                                                                    Optional Interface Feature Examples

                                                                                                                                                    Example: Interface Speed

                                                                                                                                                    The following example shows how to set the interface speed to 100 Mbps on Fast Ethernet interface 0/3/7:

                                                                                                                                                    Device(config)# interface fastethernet 0/3/7
                                                                                                                                                    Device(config-if)# speed 100
                                                                                                                                                    

                                                                                                                                                    Example: Setting the Interface Duplex Mode

                                                                                                                                                    The following example shows how to set the interface duplex mode to full on Fast Ethernet interface 0/3/7:

                                                                                                                                                    Device(config)# interface fastethernet 0/3/7
                                                                                                                                                    Device(config-if)# duplex full
                                                                                                                                                    

                                                                                                                                                    Example: Adding a Description for an Interface

                                                                                                                                                    The following example shows how to add a description of Fast Ethernet interface 0/3/7:

                                                                                                                                                    Device(config)# interface fastethernet 0/3/7
                                                                                                                                                    Device(config-if)# description Link to root device
                                                                                                                                                    

                                                                                                                                                    Example: Stacking

                                                                                                                                                    The following example shows how to stack two HWICs.

                                                                                                                                                    Device(config)# interface FastEthernet 0/1/8
                                                                                                                                                    Device(config-if)# no shutdown
                                                                                                                                                    Device(config-if)# switchport stacking-partner interface FastEthernet 0/3/8
                                                                                                                                                    Device(config-if)# interface FastEthernet 0/3/8
                                                                                                                                                    Device(config-if)# no shutdown
                                                                                                                                                    

                                                                                                                                                    Note


                                                                                                                                                    In practice, the command switchport stacking-partner interface FastEthernet 0/partner-slot/partner-port needs to be executed for only one of the stacked ports. The other port will be automatically configured as a stacking port by the Cisco software. The command no shutdown, however, must be executed for both of the stacked ports.


                                                                                                                                                    Example: VLAN Configuration

                                                                                                                                                    The following example shows how to configure inter-VLAN routing:

                                                                                                                                                    Device> enable
                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# vlan 45
                                                                                                                                                    Device(config-vlan)# vlan 1
                                                                                                                                                    Device(config-vlan)# vlan 2
                                                                                                                                                    Device(config-vlan)# exit
                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# interface vlan 1
                                                                                                                                                    Device(config-if)# ip address 10.1.1.1 255.255.255.0
                                                                                                                                                    Device(config-if)# no shut
                                                                                                                                                    Device(config-if)# interface vlan 2
                                                                                                                                                    Device(config-if)# ip address 10.2.2.2 255.255.255.0
                                                                                                                                                    Device(config-if)# no shut
                                                                                                                                                    Device(config-if)# interface FastEthernet 0/1/0
                                                                                                                                                    Device(config-if)# switchport access vlan 1
                                                                                                                                                    Device(config-if)# interface Fast Ethernet 0/1/1
                                                                                                                                                    Device(config-if)# switchport access vlan 2
                                                                                                                                                    Device(config-if)# exit

                                                                                                                                                    Example: VLAN Trunking Using VTP

                                                                                                                                                    The following example shows how to configure the device as a VTP server:

                                                                                                                                                    Device# vlan database
                                                                                                                                                    Device(vlan)# vtp server
                                                                                                                                                    Setting device to VTP SERVER mode.
                                                                                                                                                    Device(vlan)# vtp domain Lab
                                                                                                                                                    _Network
                                                                                                                                                    Setting VTP domain name to Lab_Network
                                                                                                                                                    Device(vlan)# vtp password WATER
                                                                                                                                                    Setting device VLAN database password to WATER.
                                                                                                                                                    Device(vlan)# exit
                                                                                                                                                    APPLY completed.
                                                                                                                                                    Exiting....
                                                                                                                                                    Device# 
                                                                                                                                                    

                                                                                                                                                    The following example shows how to configure the device as a VTP client:

                                                                                                                                                    Device# vlan database
                                                                                                                                                    Device(vlan)# vtp client
                                                                                                                                                    Setting device to VTP CLIENT mode.
                                                                                                                                                    Device(vlan)# exit
                                                                                                                                                    In CLIENT state, no apply attempted.
                                                                                                                                                    Exiting....
                                                                                                                                                    Device# 
                                                                                                                                                    

                                                                                                                                                    The following example shows how to configure the device as VTP transparent:

                                                                                                                                                    Device# vlan database
                                                                                                                                                    Device(vlan)# vtp transparent
                                                                                                                                                    Setting device to VTP TRANSPARENT mode.
                                                                                                                                                    Device(vlan)# exit
                                                                                                                                                    APPLY completed.
                                                                                                                                                    Exiting....
                                                                                                                                                    Device# 

                                                                                                                                                    Spanning Tree Examples

                                                                                                                                                    Example: Configuring Spanning Tree Port Priority

                                                                                                                                                    The following example shows how to configure VLAN port priority on an interface:

                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# interface fastethernet 0/3/2
                                                                                                                                                    Device(config-if)# spanning-tree vlan 20 port priority 64
                                                                                                                                                    Device(config-if)# end
                                                                                                                                                    

                                                                                                                                                    The following example shows how to verify the configuration of VLAN 20 on an interface when it is configured as a trunk port:

                                                                                                                                                    Device#show spanning-tree vlan 20
                                                                                                                                                    
                                                                                                                                                     VLAN20 is executing the ieee compatible Spanning Tree protocol
                                                                                                                                                      Bridge Identifier has priority 32768, address 00ff.ff90.3f54
                                                                                                                                                      Configured hello time 2, max age 20, forward delay 15
                                                                                                                                                      Current root has priority 32768, address 00ff.ff10.37b7
                                                                                                                                                      Root port is 33 (FastEthernet0/3/2), cost of root path is 19
                                                                                                                                                      Topology change flag not set, detected flag not set
                                                                                                                                                      Number of topology flags 0 last change occurred 00:05:50 ago
                                                                                                                                                      Times: hold 1, topology change 35, notification 2
                                                                                                                                                         hello 2, max age 20, forward delay 15
                                                                                                                                                      Timers: hello 0, topology change 0, notification 0, aging 0
                                                                                                                                                     Port 33 (FastEthernet0/3/2) of VLAN20 is forwarding
                                                                                                                                                      Port path cost 18, Port priority 64, Port Identifier 64.33
                                                                                                                                                      Designated root has priority 32768, address 00ff.ff10.37b7
                                                                                                                                                      Designated bridge has priority 32768, address 00ff.ff10.37b7
                                                                                                                                                      Designated port id is 128.13, designated path cost 0
                                                                                                                                                      Timers: message age 2, forward delay 0, hold 0
                                                                                                                                                      Number of transitions to forwarding state: 1
                                                                                                                                                      BPDU: sent 1, received 175

                                                                                                                                                    Example: Configuring Spanning Tree Port Cost

                                                                                                                                                    The following example shows how to change the spanning tree port cost of a Fast Ethernet interface:

                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# interface fastethernet0/3/2
                                                                                                                                                    Device(config-if)# spanning-tree cost 18
                                                                                                                                                    Device(config-if)# end
                                                                                                                                                    Device#
                                                                                                                                                    Device# show run interface fastethernet0/3/2
                                                                                                                                                    Building configuration...
                                                                                                                                                    Current configuration: 140 bytes
                                                                                                                                                    !
                                                                                                                                                    interface FastEthernet0/3/2
                                                                                                                                                     switchport access vlan 20
                                                                                                                                                      no ip address
                                                                                                                                                      spanning-tree vlan 20 port-priority 64
                                                                                                                                                      spanning-tree cost 18
                                                                                                                                                    end
                                                                                                                                                    

                                                                                                                                                    The following example shows how to verify the configuration of a Fast Ethernet interface when it is configured as an access port:

                                                                                                                                                    Device# show spanning-tree interface fastethernet0/3/2
                                                                                                                                                    
                                                                                                                                                     Port 33 (FastEthernet0/3/2) of VLAN20 is forwarding
                                                                                                                                                      Port path cost 18, Port priority 64, Port Identifier 64.33
                                                                                                                                                      Designated root has priority 32768, address 00ff.ff10.37b7
                                                                                                                                                      Designated bridge has priority 32768, address 00ff.ff10.37b7
                                                                                                                                                      Designated port id is 128.13, designated path cost 0
                                                                                                                                                      Timers: message age 2, forward delay 0, hold 0
                                                                                                                                                      Number of transitions to forwarding state: 1
                                                                                                                                                      BPDU: sent 1, received 175

                                                                                                                                                    Example: Configuring the Bridge Priority of a VLAN

                                                                                                                                                    The following example shows how to configure the bridge priority of VLAN 20 to 33792:

                                                                                                                                                    Device# configure terminal 
                                                                                                                                                    Device(config)# spanning-tree vlan 20 priority 33792
                                                                                                                                                    Device(config)# end
                                                                                                                                                     

                                                                                                                                                    Example: Configuring Hello Time

                                                                                                                                                    The following example shows how to configure the hello time for VLAN 20 to 7 seconds:

                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# spanning-tree vlan 20 hello-time 7
                                                                                                                                                    Device(config)# end

                                                                                                                                                    Example: Configuring the Forward Delay Time for a VLAN

                                                                                                                                                    The following example shows how to configure the forward delay time for VLAN 20 to 21 seconds:

                                                                                                                                                    Device#configure terminal
                                                                                                                                                    Device(config)#spanning-tree vlan 20 forward-time 21
                                                                                                                                                    Device(config)#end

                                                                                                                                                    Example: Configuring the Maximum Aging Time for a VLAN

                                                                                                                                                    The following example shows how to configure the maximum aging time for VLAN 20 to 36 seconds:

                                                                                                                                                    Device#configure terminal
                                                                                                                                                    Device(config)#spanning-tree vlan 20 max-age 36
                                                                                                                                                    Device(config)#end

                                                                                                                                                    Example: Enabling Spanning Tree Protocol

                                                                                                                                                    The following example shows how to enable spanning tree protocol on VLAN 20:

                                                                                                                                                    Device# configure terminal 
                                                                                                                                                    Device(config)# spanning-tree vlan 20
                                                                                                                                                    Device(config)# end
                                                                                                                                                    Device#

                                                                                                                                                    Note


                                                                                                                                                    Because spanning tree is enabled by default, the show running command will not display the command you entered to enable spanning tree protocol.


                                                                                                                                                    The following example shows how to disable spanning tree protocol on VLAN 20:

                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# no spanning-tree vlan 20
                                                                                                                                                    Device(config)# end
                                                                                                                                                    Device#

                                                                                                                                                    Example: Configuring Spanning Tree Root Bridge

                                                                                                                                                    The following example shows how to configure the spanning tree root bridge for VLAN 10, with a network diameter of 4:

                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# spanning-tree vlan 10 root primary diameter 4
                                                                                                                                                    Device(config)# exit

                                                                                                                                                    Example: MAC Table Manipulation

                                                                                                                                                    The following example shows how to configure a static entry in the MAC address table:

                                                                                                                                                    Device(config)# mac-address-table static beef.beef.beef interface fastethernet 0/1/5
                                                                                                                                                    Device(config)# end
                                                                                                                                                    

                                                                                                                                                    The following example shows how to configure the port security in the MAC address table.

                                                                                                                                                    Device(config)# mac-address-table secure 0000.1111.2222 fastethernet 0/1/2 vlan 3
                                                                                                                                                    Device(config)# end
                                                                                                                                                    

                                                                                                                                                    Switched Port Analyzer (SPAN) Source Examples

                                                                                                                                                    Example: SPAN Source Configuration

                                                                                                                                                    The following example shows how to configure the SPAN session 1 to monitor bidirectional traffic from source interface Fast Ethernet 0/1/1:

                                                                                                                                                    Device(config)# monitor session 1 source interface fastethernet 0/1/1
                                                                                                                                                    

                                                                                                                                                    Example: SPAN Destination Configuration

                                                                                                                                                    The following example shows how to configure Fast Ethernet 0/3/7 interface as the destination for SPAN session 1:

                                                                                                                                                    Device(config)# monitor session 1 destination interface fastethernet 0/3/7
                                                                                                                                                    

                                                                                                                                                    Example: Removing Sources or Destinations from a SPAN Session

                                                                                                                                                    This following example shows interface Fast Ethernet 0/3/2 being removed as a SPAN source for SPAN session 1:

                                                                                                                                                    Device(config)# no monitor session 1 source interface fastethernet 0/3/2
                                                                                                                                                    

                                                                                                                                                    Example: IGMP Snooping

                                                                                                                                                    The following example shows the output from configuring IGMP snooping:

                                                                                                                                                    Device# show mac-address-table multicast igmp-snooping 
                                                                                                                                                    HWIC Slot: 1 
                                                                                                                                                    -------------- 
                                                                                                                                                        MACADDR     VLANID     INTERFACES 
                                                                                                                                                    0100.5e05.0505    1        Fa0/1/1
                                                                                                                                                    0100.5e06.0606    2
                                                                                                                                                    HWIC Slot: 3 
                                                                                                                                                    -------------- 
                                                                                                                                                        MACADDR     VLANID     INTERFACES 
                                                                                                                                                    0100.5e05.0505    1        Fa0/3/4
                                                                                                                                                    0100.5e06.0606    2        Fa0/3/0
                                                                                                                                                    Device# 
                                                                                                                                                    

                                                                                                                                                    The following is an example of output from the show running interface privileged EXEC command for VLAN 1:

                                                                                                                                                    Device# 
                                                                                                                                                    show running interface vlan 1 
                                                                                                                                                    Building configuration... 
                                                                                                                                                    Current configuration :82 bytes 
                                                                                                                                                    ! 
                                                                                                                                                    interface Vlan1 
                                                                                                                                                     ip address 192.168.4.90 255.255.255.0 
                                                                                                                                                     ip pim sparse-mode 
                                                                                                                                                    end 
                                                                                                                                                    Device# 
                                                                                                                                                    show running interface vlan 2
                                                                                                                                                     
                                                                                                                                                    Building configuration... 
                                                                                                                                                    Current configuration :82 bytes 
                                                                                                                                                    ! 
                                                                                                                                                    interface Vlan2 
                                                                                                                                                     ip address 192.168.5.90 255.255.255.0 
                                                                                                                                                     ip pim sparse-mode 
                                                                                                                                                    end 
                                                                                                                                                    Device# 
                                                                                                                                                    Device# show ip igmp group 
                                                                                                                                                    IGMP Connected Group Membership 
                                                                                                                                                    Group Address    Interface                Uptime    Expires   Last Reporter 
                                                                                                                                                    209.165.200.225 Vlan1                    01:06:40  00:02:20  192.168.41.101 
                                                                                                                                                    209.165.200.226 Vlan2                    01:07:50  00:02:17  192.168.5.90 
                                                                                                                                                    209.165.200.227 Vlan1                    01:06:37  00:02:25  192.168.41.100 
                                                                                                                                                    209.165.200.228 Vlan2                    01:07:40  00:02:21  192.168.31.100 
                                                                                                                                                    209.165.200.229 Vlan1                    01:06:36  00:02:22  192.168.41.101 
                                                                                                                                                    209.165.200.230 Vlan2                    01:06:39  00:02:20  192.168.31.101 
                                                                                                                                                    Device# 
                                                                                                                                                    Device# show ip mroute 
                                                                                                                                                    IP Multicast Routing Table 
                                                                                                                                                    Flags:D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - 
                                                                                                                                                    Connected, 
                                                                                                                                                           L - Local, P - Pruned, R - RP-bit set, F - Register flag, 
                                                                                                                                                           T - SPT-bit set, J - Join SPT, M - MSDP created entry, 
                                                                                                                                                           X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, 
                                                                                                                                                           U - URD, I - Received Source Specific Host Report 
                                                                                                                                                    Outgoing interface flags:H - Hardware switched 
                                                                                                                                                    Timers:Uptime/Expires 
                                                                                                                                                    Interface state:Interface, Next-Hop or VCD, State/Mode 
                                                                                                                                                    (*, 209.165.200.230), 01:06:43/00:02:17, RP 0.0.0.0, flags:DC 
                                                                                                                                                      Incoming interface:Null, RPF nbr 0.0.0.0 
                                                                                                                                                      Outgoing interface list: 
                                                                                                                                                        Vlan1, Forward/Sparse, 01:06:43/00:02:17 
                                                                                                                                                    (*, 209.165.200.226), 01:12:42/00:00:00, RP 0.0.0.0, flags:DCL 
                                                                                                                                                      Incoming interface:Null, RPF nbr 0.0.0.0 
                                                                                                                                                      Outgoing interface list: 
                                                                                                                                                        Vlan2, Forward/Sparse, 01:07:53/00:02:14 
                                                                                                                                                    (*, 209.165.200.227), 01:07:43/00:02:22, RP 0.0.0.0, flags:DC 
                                                                                                                                                      Incoming interface:Null, RPF nbr 0.0.0.0 
                                                                                                                                                      Outgoing interface list: 
                                                                                                                                                        Vlan1, Forward/Sparse, 01:06:40/00:02:22 
                                                                                                                                                        Vlan2, Forward/Sparse, 01:07:44/00:02:17 
                                                                                                                                                    

                                                                                                                                                    (*, 209.165.200.2282), 01:06:43/00:02:18, RP 0.0.0.0, flags:DC

                                                                                                                                                      Incoming interface:Null, RPF nbr 0.0.0.0 
                                                                                                                                                      Outgoing interface list: 
                                                                                                                                                        Vlan1, Forward/Sparse, 01:06:40/00:02:18 
                                                                                                                                                        Vlan2, Forward/Sparse, 01:06:43/00:02:16 
                                                                                                                                                    Device# 
                                                                                                                                                    

                                                                                                                                                    Example: Storm-Control

                                                                                                                                                    The following example shows how to enable bandwidth-based multicast suppression at 70 percent on Fast Ethernet interface 2:

                                                                                                                                                    Device> enable
                                                                                                                                                    Device# configure terminal
                                                                                                                                                    Device(config)# interface FastEthernet0/3/3
                                                                                                                                                    Device(config-if)# storm-control multicast threshold 70.0 30.0
                                                                                                                                                    Device(config-if)# end
                                                                                                                                                    Device# show interfaces FastEthernet0/3/3 counters storm-control
                                                                                                                                                    Interface  Filter State  Upper    Lower    Current
                                                                                                                                                    ---------  ------------  -----    -----    -------
                                                                                                                                                    Fa0/1/0    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/1/1    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/1/2    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/1/3    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/0    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/1    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/2    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/3    Forwarding     70.00%   30.00%  0.00%
                                                                                                                                                    Fa0/3/4    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/5    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/6    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/7    inactive      100.00%  100.00%  N/A
                                                                                                                                                    Fa0/3/8    inactive      100.00%  100.00%  N/A

                                                                                                                                                    Ethernet Switching Examples

                                                                                                                                                    Example: Subnets for Voice and Data

                                                                                                                                                    The following example shows how to configure separate subnets for voice and data on the EtherSwitch HWIC:

                                                                                                                                                    interface FastEthernet0/1/1
                                                                                                                                                     description DOT1Q port to IP Phone
                                                                                                                                                     switchport native vlan 50
                                                                                                                                                     switchport mode trunk
                                                                                                                                                     switchport voice vlan 150
                                                                                                                                                    interface Vlan 150
                                                                                                                                                    description voice vlan
                                                                                                                                                    ip address 
                                                                                                                                                    209.165.200.227
                                                                                                                                                     255.255.255.0
                                                                                                                                                    ip helper-address 
                                                                                                                                                    209.165.200.228
                                                                                                                                                     (See Note below)
                                                                                                                                                    interface Vlan 50
                                                                                                                                                    description data vlan
                                                                                                                                                    ip address 
                                                                                                                                                    209.165.200.220
                                                                                                                                                     255.255.255.0
                                                                                                                                                    

                                                                                                                                                    This configuration instructs the IP phone to generate a packet with an 802.1Q VLAN ID of 150 that has 802.1p value of 5 (default for voice bearer traffic).


                                                                                                                                                    Note


                                                                                                                                                    In a centralized CallManager deployment model, the DHCP server might be located across the WAN link. If so, an ip helper-address command pointing to the DHCP server should be included on the voice VLAN interface for the IP phone. This is done to obtain its IP address as well as the address of the TFTP server required for its configuration.


                                                                                                                                                    Be aware that Cisco software supports a DHCP server function. If this function is used, the EtherSwitch HWIC serves as a local DHCP server and a helper address would not be required.

                                                                                                                                                    Example: Inter-VLAN Routing

                                                                                                                                                    Configuring inter-VLAN routing is identical to the configuration on an EtherSwitch HWIC with an MSFC. Configuring an interface for WAN routing is consistent with other Cisco software platforms.

                                                                                                                                                    The following example provides a sample configuration:

                                                                                                                                                    interface Vlan 160
                                                                                                                                                     description voice vlan
                                                                                                                                                     ip address 10.6.1.1 255.255.255.0
                                                                                                                                                    interface Vlan 60
                                                                                                                                                     description data vlan
                                                                                                                                                     ip address 10.60.1.1 255.255.255.0
                                                                                                                                                    interface Serial0/3/0
                                                                                                                                                     ip address 172.3.1.2 255.255.255.0
                                                                                                                                                    

                                                                                                                                                    Note


                                                                                                                                                    Standard IGP routing protocols such as RIP, IGRP, EIGRP, and OSPF are supported on the EtherSwitch HWIC. Multicast routing is also supported for PIM dense mode, sparse mode and sparse-dense mode.


                                                                                                                                                    Example: Single Subnet Configuration

                                                                                                                                                    The EtherSwitch HWIC supports the use of an 802.1p-only option when configuring the voice VLAN. Using this option allows the IP phone to tag VoIP packets with a Cost of Service of 5 on the native VLAN, while all PC data traffic is sent untagged

                                                                                                                                                    The following example shows a single subnet configuration for the EtherSwitch HWIC:

                                                                                                                                                    Device# FastEthernet 0/1/2
                                                                                                                                                    description Port to IP Phone in single subnet
                                                                                                                                                     switchport access vlan 40
                                                                                                                                                    

                                                                                                                                                    The EtherSwitch HWIC instructs the IP phone to generate an 802.1Q frame with a null VLAN ID value but with an 802.1p value (default is COS of 5 for bearer traffic). The voice and data VLANs are both 40 in this example.

                                                                                                                                                    Example: Ethernet Ports on IP Phones with Multiple Ports

                                                                                                                                                    The following example illustrates the configuration for the IP phone:

                                                                                                                                                    interface FastEthernet0/x/x
                                                                                                                                                     switchport voice vlan x
                                                                                                                                                     switchport mode trunk
                                                                                                                                                    

                                                                                                                                                    The following example illustrates the configuration for the PC:

                                                                                                                                                    interface FastEthernet0/x/y
                                                                                                                                                     switchport mode access
                                                                                                                                                     switchport access vlan y

                                                                                                                                                    Note


                                                                                                                                                    Using a separate subnet, and possibly a separate IP address space, may not be an option for some small branch offices due to the IP routing configuration. If the IP routing can handle an additional subnet at the remote branch, you can use Cisco Network Registrar and secondary addressing.


                                                                                                                                                    Additional References for IEEE 802.1Q Tunneling

                                                                                                                                                    Related Documents

                                                                                                                                                    Related Topic

                                                                                                                                                    Document Title

                                                                                                                                                    Cisco IOS Commands

                                                                                                                                                    Cisco IOS Master Command List, All Releases

                                                                                                                                                    IP LAN switching commands: complete command syntax, command mode, defaults, usage guidelines, and examples

                                                                                                                                                    Cisco IOS LAN Switching Services Command Reference

                                                                                                                                                    Technical Assistance

                                                                                                                                                    Description

                                                                                                                                                    Link

                                                                                                                                                    The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

                                                                                                                                                    To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

                                                                                                                                                    Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

                                                                                                                                                    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

                                                                                                                                                    Feature Information for the Cisco HWIC-4ESW and the Cisco HWIC-D-9ESW EtherSwitch Cards

                                                                                                                                                    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

                                                                                                                                                    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

                                                                                                                                                    Table 3 Feature Information for the 4-Port Cisco HWIC-4ESW and the 9-Port Cisco HWIC-D-9ESW EtherSwitch High Speed WAN Interface Cards

                                                                                                                                                    Feature Name

                                                                                                                                                    Releases

                                                                                                                                                    Feature Information

                                                                                                                                                    4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high speed WAN interface cards (HWICs) hardware feature

                                                                                                                                                    12.3(8)T4

                                                                                                                                                    The 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high speed WAN interface cards (HWICs) hardware feature is supported on Cisco 1800 (modular), Cisco 2800, and Cisco 3800 series integrated services devices.

                                                                                                                                                    Cisco EtherSwitch HWICs are 10/100BASE-T Layer 2 Ethernet devices with Layer 3 routing capability. (Layer 3 routing is forwarded to the host and is not actually performed at the device.) Traffic between different VLANs on a device is routed through the device platform. Any one port on a Cisco EtherSwitch HWIC may be configured as a stacking port to link to another Cisco EtherSwitch HWIC or EtherSwitch network module in the same system. An optional power module can also be added to provide inline power for IP telephones. The HWIC-D-9ESW HWIC requires a double-wide card slot.