-
Catalyst 3560 Switch Software Configuration Guide, Rel. 12.2(25)SEE
-
Index
-
Preface
-
Overview
-
Using the Command-Line Interface
-
Assigning the Switch IP Address and Default Gateway
-
Configuring Cisco IOS CNS Agents
-
Clustering Switches
-
Administering the Switch
-
Configuring SDM Templates
-
Configuring Switch-Based Authentication
-
Configuring IEEE 802.1x Port-Based Authentication
-
Configuring Interface Characteristics
-
Configuring Smartports Macros
-
Configuring VLANs
-
Configuring VTP
-
Configuring Private VLANs
-
Configuring Voice VLAN
-
Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
-
Configuring STP
-
Configuring MSTP
-
Configuring Optional Spanning-Tree Features
-
Configuring Flex Links
-
Configuring DHCP Features and IP Source Guard
-
Configuring Dynamic ARP Inspection
-
Configuring IGMP Snooping and MVR
-
Configuring Port-Based Traffic Control
-
Configuring CDP
-
Configuring UDLD
-
Configuring SPAN and RSPAN
-
Configuring RMON
-
Configuring System Message Logging
-
Configuring SNMP
-
Configuring Network Security with ACLs
-
Configuring QoS
-
Configuring EtherChannels
-
Configuring IP Unicast Routing
-
Configuring IPv6 Unicast Routing
-
Configuring IPv6 MLD Snooping
-
Configuring IPv6 ACLs
-
Configuring HSRP
-
Configuring IP Multicast Routing
-
Configuring MSDP
-
Configuring Fallback Bridging
-
Troubleshooting
-
Supported MIBs
-
Working with the Cisco IOS File System, Configuration Files, and Software Images
-
Unsupported Commands in Cisco IOS Release 12.2(25)SEE
-
Table Of Contents
A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X -
Index
A
AAA down policy with NAC Layer 2 IP validation 1-8
abbreviating commands 2-4
ABRs 34-24
AC (command switch) 5-10
access
templates 7-1
access-class command 31-19
access control entries
access-denied response, VMPS 12-28
access groups
applying IPv4 ACLs to interfaces 31-20
Layer 2 31-20
Layer 3 31-20
accessing
clusters, switch 5-13
command switches 5-11
member switches 5-13
switch clusters 5-13
access lists
access ports
and Layer 2 protocol tunneling 16-11
defined 10-3
in switch clusters 5-9
access template 7-1
accounting
with 802.1x 9-30
with IEEE 802.1x 9-9
with RADIUS 8-28
ACEs
and QoS 32-7
defined 31-2
Ethernet 31-2
IP 31-2
ACLs
ACEs 31-2
any keyword 31-12
applying
on bridged packets 31-38
on multicast packets 31-39
on routed packets 31-39
on switched packets 31-37
time ranges to 31-16
to IPv6 interfaces 37-8
to QoS 32-7
classifying traffic for QoS 32-43
comments in 31-18
compiling 31-21
extended IP
configuring for QoS classification 32-44
extended IPv4
creating 31-10
matching criteria 31-7
hardware and software handling 31-21
host keyword 31-12
ACLs (continued)IP
creating 31-7
fragments and QoS guidelines 32-33
implicit deny 31-9, 31-13, 31-15
implicit masks 31-9
matching criteria 31-7
undefined 31-20
IPv4
applying to interfaces 31-19
creating 31-7
matching criteria 31-7
named 31-14
numbers 31-8
terminal lines, setting on 31-18
unsupported features 31-7
IPv6
applying to interfaces 37-8
displaying 37-9
interactions with other features 37-4
limitations 37-3
matching criteria 37-3
named 37-3
precedence of 37-2
supported 37-2
unsupported features 37-3
Layer 4 information in 31-37
logging messages 31-8
named
IPv6 37-3
named, IPv4 31-14
names 37-4
number per QoS class map 32-33
precedence of 31-2
ACLs (continued)resequencing entries 31-14
router ACLs and VLAN map configuration guidelines 31-36
standard IP, configuring for QoS classification 32-43
standard IPv4
creating 31-9
matching criteria 31-7
support for 1-7
support in hardware 31-21
time ranges 31-16
types supported 31-2
unsupported features
IPv6 37-3
unsupported features, IPv4 31-7
using router ACLs with VLAN maps 31-36
VLAN maps
configuration guidelines 31-30
configuring 31-29
active links 20-1
active router 38-1
address aliasing 23-2
addresses
displaying the MAC address table 6-26
dynamic
accelerated aging 17-8
changing the aging time 6-21
default aging 17-8
defined 6-19
learning 6-20
removing 6-22
MAC, discovering 6-26
multicast
group address range 39-3
STP address management 17-8
addresses (continued)static
adding and removing 6-24
defined 6-19
Address Resolution Protocol
adjacency tables, with CEF 34-74
administrative distances
defined 34-85
OSPF 34-30
routing protocol defaults 34-76
advanced IP services image 35-1
advertisements
CDP 25-1
RIP 34-19
aggregatable global unicast addresses 35-3
aggregate addresses, BGP 34-57
aggregated ports
aggregate policers 32-58
aggregate policing 1-9
aging, accelerating 17-8
aging time
accelerated
for MSTP 18-23
MAC address table 6-21
maximum
alarms, RMON 28-3
allowed-VLAN list 12-21
area border routers
ARP
configuring 34-8
encapsulation 34-9
static cache configuration 34-8
table
address resolution 6-26
managing 6-26
ASBRs 34-24
AS-path filters, BGP 34-52
asymmetrical links, and IEEE 802.1Q tunneling 16-4
attributes, RADIUS
vendor-proprietary 8-30
vendor-specific 8-29
audience xxxix
authentication
EIGRP 34-39
HSRP 38-9
local mode with AAA 8-36
NTP associations 6-4
RADIUS
key 8-21
login 8-23
TACACS+
defined 8-11
key 8-13
login 8-14
See also port-based authentication
authentication failed VLAN
authentication keys, and routing protocols 34-86
authoritative time source, described 6-2
authorization
with RADIUS 8-27
authorized ports with IEEE 802.1x 9-7
autoconfiguration 3-3
automatic discovery
considerations
beyond a noncandidate device 5-7
brand new switches 5-9
connectivity 5-4
different VLANs 5-6
management VLANs 5-7
non-CDP-capable devices 5-6
noncluster-capable devices 5-6
routed ports 5-8
in switch clusters 5-4
automatic QoS
automatic recovery, clusters 5-10
auto-MDIX
configuring 10-19
described 10-19
autonegotiation
duplex mode 1-3
interface configuration guidelines 10-16
mismatches 42-11
autonomous system boundary routers
autonomous systems, in BGP 34-45
Auto-RP, described 39-5
autosensing, port speed 1-3
auxiliary VLAN
availability, features 1-6
B
BackboneFast
described 19-5
disabling 19-14
enabling 19-13
support for 1-6
backup interfaces
backup links 20-1
banners
configuring
login 6-19
message-of-the-day login 6-18
default configuration 6-17
when displayed 6-17
BGP
aggregate addresses 34-57
aggregate routes, configuring 34-57
CIDR 34-57
clear commands 34-61
community filtering 34-54
configuring neighbors 34-56
default configuration 34-43
described 34-42
enabling 34-45
monitoring 34-61
multipath support 34-49
neighbors, types of 34-45
path selection 34-49
peers, configuring 34-56
prefix filtering 34-53
resetting sessions 34-48
route dampening 34-60
route maps 34-51
route reflectors 34-59
routing domain confederation 34-58
routing session with multi-VRF CE 34-68
show commands 34-61
supernets 34-57
support for 1-10
Version 4 34-42
binding cluster group and HSRP group 38-11
binding database
address, DHCP server
See DHCP, Cisco IOS server database
DHCP snooping
See DHCP snooping binding database
bindings
address, Cisco IOS DHCP server 21-6
DHCP snooping database 21-7
IP source guard 21-15
binding table, DHCP snooping
See DHCP snooping binding database
blocking packets 24-6
booting
boot loader, function of 3-2
boot process 3-2
manually 3-13
specific image 3-13
boot loader
accessing 3-14
described 3-2
environment variables 3-14
prompt 3-14
trap-door mechanism 3-2
bootstrap router (BSR), described 39-5
Border Gateway Protocol
BPDU
error-disabled state 19-2
filtering 19-3
RSTP format 18-12
BPDU filtering
described 19-3
disabling 19-12
enabling 19-12
support for 1-6
BPDU guard
described 19-2
disabling 19-11
enabling 19-11
support for 1-6
bridged packets, ACLs on 31-38
bridge groups
bridge protocol data unit
broadcast flooding 34-16
broadcast packets
directed 34-13
flooded 34-13
broadcast storm-control command 24-4
C
cables, monitoring for unidirectional links 26-1
candidate switch
automatic discovery 5-4
defined 5-3
requirements 5-3
See also command switch, cluster standby group, and member switch
CA trustpoint
configuring 8-45
defined 8-43
caution, described xl
CDP
and trusted boundary 32-39
automatic discovery in switch clusters 5-4
configuring 25-2
default configuration 25-2
described 25-1
disabling for routing device25-3to 25-4
CDP (continued)enabling and disabling
on an interface 25-4
on a switch 25-3
Layer 2 protocol tunneling 16-8
monitoring 25-4
overview 25-1
power negotiation extensions 10-6
support for 1-5
transmission timer and holdtime, setting 25-2
updates 25-2
CEF
defined 34-74
enabling 34-74
IPv6 35-14
CGMP
as IGMP snooping learning method 23-9
clearing cached group entries 39-49
enabling server support 39-32
joining multicast group 23-3
overview 39-8
server support only 39-8
switch support of 1-4
CIDR 34-57
CipherSuites 8-44
Cisco 7960 IP Phone 15-1
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco Intelligence Engine 2100 Series Configuration Registrar
Cisco intelligent power management 10-6
Cisco IOS DHCP server
See DHCP, Cisco IOS DHCP server
Cisco IOS File System
Cisco Network Assistant
CIST regional root
CIST root
classless interdomain routing
classless routing 34-6
class maps for QoS
configuring 32-46
described 32-7
displaying 32-78
class of service
clearing interfaces 10-27
CLI
abbreviating commands 2-4
command modes 2-1
configuration logging 2-5
described 1-4
editing features
enabling and disabling 2-7
keystroke editing 2-7
wrapped lines 2-9
error messages 2-5
filtering command output 2-10
getting help 2-3
history
changing the buffer size 2-6
described 2-6
disabling 2-7
recalling commands 2-6
managing clusters 5-15
no and default forms of commands 2-4
client mode, VTP 13-3
clock
cluster requirements xli
clusters, switch
accessing 5-13
automatic discovery 5-4
automatic recovery 5-10
benefits 1-2
compatibility 5-4
described 5-1
LRE profile considerations 5-15
managing
through CLI 5-15
through SNMP 5-16
planning 5-4
planning considerations
automatic discovery 5-4
automatic recovery 5-10
CLI 5-15
host names 5-13
IP addresses 5-13
LRE profiles 5-15
passwords 5-14
RADIUS 5-15
TACACS+ 5-15
cluster standby group
and HSRP group 38-11
automatic recovery 5-12
considerations 5-11
defined 5-2
requirements 5-3
virtual IP address 5-11
CNS
Configuration Engine
configID, deviceID, hostname 4-3
configuration service 4-2
described 4-1
event service 4-3
embedded agents
described 4-5
enabling automated configuration 4-6
enabling configuration agent 4-9
enabling event agent 4-8
Coarse Wave Division Multiplexer
command-line interface
command modes 2-1
commands
abbreviating 2-4
no and default 2-4
commands, setting privilege levels 8-8
command switch
accessing 5-11
active (AC) 5-10
configuration conflicts 42-11
defined 5-2
passive (PC) 5-10
password privilege levels 5-16
priority 5-10
recovery
from command-switch failure 5-10, 42-7
from lost member connectivity 42-11
redundant 5-10
replacing
with another switch 42-9
with cluster member 42-8
requirements 5-3
standby (SC) 5-10
See also candidate switch, cluster standby group, member switch, and standby command switch
community list, BGP 34-55
community ports 14-2
community strings
for cluster switches 30-4
in clusters 5-14
overview 30-4
SNMP 5-14
compatibility, feature 24-11
config.text 3-12
configurable leave timer, IGMP 23-6
configuration, initial
defaults 1-12
Express Setup 1-2
See also getting started guide and hardware installation guide
configuration conflicts, recovering from lost member connectivity 42-11
configuration examples, network 1-14
configuration files
clearing the startup configuration B-18
creating using a text editor B-9
default name 3-12
deleting a stored configuration B-18
described B-8
downloading
automatically 3-12
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
guidelines for creating and using B-8
invalid combinations when copying B-5
limiting TFTP server access 30-16
obtaining with DHCP 3-7
password recovery disable considerations 8-5
specifying the filename 3-12
configuration files (continued)system contact and location information 30-15
types and location B-9
uploading
reasons for B-8
using FTP B-14
using RCP B-17
using TFTP B-11
configuration guidelines, multi-VRF CE 34-66
configuration logging 2-5
configuration settings, saving 3-10
configure terminal command 10-10
conflicts, configuration 42-11
connections, secure remote 8-38
connectivity problems 42-13, 42-14, 42-16
consistency checks in VTP Version 2 13-4
console port, connecting to 2-11
conventions
command xl
for examples xl
publication xl
text xl
corrupted software, recovery steps with Xmodem 42-2
CoS
in Layer 2 frames 32-2
override priority 15-6
trust priority 15-6
CoS input queue threshold map for QoS 32-16
CoS output queue threshold map for QoS 32-19
CoS-to-DSCP map for QoS 32-60
counters, clearing interface 10-27
crashinfo file 42-23
critical authentication, IEEE 802.1x 9-34
cryptographic software image
Kerberos 8-32
SSH 8-37
SSL 8-42
customer edge devices 34-63
CWDM SFPs 1-21
D
daylight saving time 6-13
debugging
enabling all system diagnostics 42-20
enabling for a specific feature 42-19
redirecting error message output 42-20
using commands 42-19
default commands 2-4
default configuration
802.1x 9-20
auto-QoS 32-21
banners 6-17
BGP 34-43
booting 3-12
CDP 25-2
DHCP 21-8
DHCP option 82 21-8
DHCP snooping 21-8
DHCP snooping binding database 21-9
DNS 6-16
dynamic ARP inspection 22-5
EIGRP 34-35
EtherChannel 33-9
Ethernet interfaces 10-14
fallback bridging 41-4
Flex Links 20-4
HSRP 38-5
IEEE 802.1Q tunneling 16-4
IGMP 39-27
IGMP filtering 23-25
IGMP snooping 23-7, 36-5, 36-6
IGMP throttling 23-25
initial switch information 3-3
IP addressing, IP routing 34-4
IP multicast routing 39-8
default configuration (continued)IP source guard 21-16
IPv6 35-9
Layer 2 interfaces 10-14
Layer 2 protocol tunneling 16-11
MAC address table 6-21
MAC address-table move update 20-4
MSDP 40-4
MSTP 18-14
multi-VRF CE 34-65
MVR 23-20
NTP 6-4
optional spanning-tree configuration 19-9
OSPF 34-25
password and privilege level 8-2
PIM 39-8
private VLANs 14-6
RADIUS 8-20
RIP 34-19
RMON 28-3
RSPAN 27-9
SDM template 7-3
SNMP 30-7
SPAN 27-9
SSL 8-44
standard QoS 32-31
STP 17-11
system message logging 29-3
system name and prompt 6-15
TACACS+ 8-13
UDLD 26-4
VLAN, Layer 2 Ethernet interfaces 12-19
VLANs 12-8
VMPS 12-29
voice VLAN 15-3
VTP 13-6
default networks 34-77
default routes 34-77
default routing 34-2
deleting VLANs 12-10
denial-of-service attack 24-1
description command 10-22
designing your network, examples 1-14
destination addresses
in IPv6 ACLs 37-6
destination addresses, in IPv4 ACLs 31-11
destination-IP address-based forwarding, EtherChannel 33-7
destination-MAC address forwarding, EtherChannel 33-7
detecting indirect link failures, STP 19-5
device B-18
device discovery protocol 25-1
device manager
benefits 1-2
in-band management 1-5
requirements xl
upgrading a switch B-18
DHCP
Cisco IOS server database
configuring 21-14
default configuration 21-9
described 21-6
enabling
relay agent 21-10
server 21-10
DHCP-based autoconfiguration
client request message exchange 3-4
configuring
client side 3-3
DNS 3-6
relay device 3-6
server side 3-5
server-side 21-10
TFTP server 3-5
example 3-8
DHCP-based autoconfiguration (continued)lease options
for IP address information 3-5
for receiving the configuration file 3-5
overview 3-3
relationship to BOOTP 3-4
support for 1-5
DHCP binding database
See DHCP snooping binding database
DHCP binding table
See DHCP snooping binding database
DHCP option 82
circuit ID suboption 21-5
configuration guidelines 21-9
default configuration 21-8
displaying 21-15
forwarding address, specifying 21-11
helper address 21-11
overview 21-3
packet format, suboption
circuit ID 21-5
remote ID 21-5
remote ID suboption 21-5
DHCP snooping
accepting untrusted packets form edge switch 21-3, 21-12
and private VLANs 21-13
binding database
See DHCP snooping binding database
configuration guidelines 21-9
default configuration 21-8
displaying binding tables 21-15
message exchange process 21-4
option 82 data insertion 21-3
trusted interface 21-2
untrusted interface 21-2
untrusted messages 21-2
DHCP snooping binding database
adding bindings 21-14
binding file
format 21-7
location 21-7
bindings 21-7
clearing agent statistics 21-15
configuration guidelines 21-10
configuring 21-14
default configuration 21-8, 21-9
deleting
binding file 21-14
bindings 21-15
database agent 21-14
described 21-7
displaying 21-15
binding entries 21-15
status and statistics 21-15
enabling 21-14
entry 21-7
renewing database 21-15
resetting
delay value 21-14
timeout value 21-14
DHCP snooping binding table
See DHCP snooping binding database
Differentiated Services architecture, QoS 32-2
Differentiated Services Code Point 32-2
Diffusing Update Algorithm (DUAL) 34-33
directed unicast requests 1-5
directories
changing B-3
creating and removing B-4
displaying the working B-3
discovery, clusters
Distance Vector Multicast Routing Protocol
distance-vector protocols 34-3
distribute-list command 34-85
DNS
and DHCP-based autoconfiguration 3-6
default configuration 6-16
displaying the configuration 6-17
in IPv6 35-4
overview 6-15
setting up 6-16
support for 1-5
documentation, related xl
document conventions xl
domain names
DNS 6-15
VTP 13-8
Domain Name System
dot1q-tunnel switchport mode 12-18
double-tagged packets
IEEE 802.1Q tunneling 16-2
Layer 2 protocol tunneling 16-10
downloading
configuration files
reasons for B-8
using FTP B-13
using RCP B-16
using TFTP B-10
image files
deleting old image B-22
reasons for B-19
using CMS 1-3
using FTP B-25
using RCP B-29
using TFTP B-21
using the device manager or Network Assistant B-18
drop threshold for Layer 2 protocol packets 16-11
DSCP input queue threshold map for QoS 32-16
DSCP output queue threshold map for QoS 32-19
DSCP-to-CoS map for QoS 32-63
DSCP-to-DSCP-mutation map for QoS 32-64
DSCP transparency 32-39
DUAL finite state machine, EIGRP 34-34
dual IPv4 and IPv6 templates 7-2, 35-1, 35-8
dual protocol stacks
configuring 35-12
IPv4 and IPv6 35-8
SDM templates supporting 35-8
DVMRP
autosummarization
configuring a summary address 39-46
disabling 39-48
connecting PIM domain to DVMRP router 39-39
enabling unicast routing 39-42
interoperability
with Cisco devices 39-37
with Cisco IOS software 39-7
mrinfo requests, responding to 39-41
neighbors
advertising the default route to 39-40
discovery with Probe messages 39-37
displaying information 39-41
prevent peering with nonpruning 39-44
rejecting nonpruning 39-43
overview 39-7
routes
adding a metric offset 39-48
advertising all 39-48
advertising the default route to neighbors 39-40
caching DVMRP routes learned in report messages 39-42
changing the threshold for syslog messages 39-45
deleting 39-49
displaying 39-50
favoring one over another 39-48
DVMRP (continued)routes (continued)
limiting the number injected into MBONE 39-45
limiting unicast route advertisements 39-37
routing table 39-7
source distribution tree, building 39-7
support for 1-10
tunnels
configuring 39-39
displaying neighbor information 39-41
dynamic access ports
characteristics 12-3
configuring 12-30
defined 10-3
dynamic addresses
dynamic ARP inspection
ARP cache poisoning 22-1
ARP requests, described 22-1
ARP spoofing attack 22-1
clearing
log buffer 22-15
statistics 22-15
configuration guidelines 22-6
configuring
ACLs for non-DHCP environments 22-8
in DHCP environments 22-6
log buffer 22-12
rate limit for incoming ARP packets 22-4, 22-10
default configuration 22-5
denial-of-service attacks, preventing 22-10
described 22-1
DHCP snooping binding database 22-2
displaying
ARP ACLs 22-14
configuration and operating state 22-14
log buffer 22-15
statistics 22-15
trust state and rate limit 22-14
dynamic ARP inspection (continued)error-disabled state for exceeding rate limit 22-4
function of 22-2
interface trust states 22-3
log buffer
clearing 22-15
configuring 22-12
displaying 22-15
logging of dropped packets, described 22-4
man-in-the middle attack, described 22-2
network security issues and interface trust states 22-3
priority of ARP ACLs and DHCP snooping entries 22-4
rate limiting of ARP packets
configuring 22-10
described 22-4
error-disabled state 22-4
statistics