-
Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25)EW
-
Index
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch for the First Time
-
Configuring Interfaces
-
Checking Port Status and Connectivity
-
Configuring Supervisor Engine Redundancy using RPR and SSO
-
Environmental Monitoring and Power Management
-
Configuring Power over Ethernet
-
Managing a Network of Switches
-
Understanding and Configuring VLANs
-
Configuring Dynamic VLAN Membership
-
Configuring Layer 2 Ethernet Interfaces
-
Configuring SmartPort Macros
-
Understanding and Configuring STP
-
Configuring STP Features
-
Understanding and Configuring Multiple Spanning Trees
-
Understanding and Configuring EtherChannel
-
Configuring IGMP Snooping and Filtering
-
Configuring 802.1Q and Layer 2 Protocol Tunneling
-
Understanding and Configuring CDP
-
Configuring UDLD
-
Configuring Unidirectional Ethernet
-
Configuring Layer 3 Interfaces
-
Configuring Cisco Express Forwarding
-
Understanding and Configuring IP Multicast
-
Configuring Policy-Based Routing
-
Understanding and Configuring VTP
-
Configuring VRF-lite
-
Configuring QoS
-
Configuring Voice Interfaces
-
Understanding and Configuring 802.1X Port-Based Authentication
-
Configuring Port Security
-
Configuring DHCP Snooping and IP Source Guard
-
Understanding and Configuring Dynamic ARP Inspection
-
Configuring Network Security with ACLs
-
Configuring Private VLANs
-
Port Unicast and Multicast Flood Blocking
-
Configuring Port-Based Traffic Control
-
Configuring SPAN and RSPAN
-
Configuring NetFlow Statistics Collection
-
Acronyms
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V -
Index
Numerics
10/100 autonegotiation feature, forced4-7
802.10 SAID (default)10-4
802.1Q
trunks14-6
tunneling
compatibility with other features19-5
defaults19-4
described19-2
tunnel ports with other features19-6
802.1Q VLANs
encapsulation12-3
trunk restrictions12-5
802.1s
802.1w
802.1X
802.1X authentication
for guest VLANs31-6
RADIUS accounting31-7
with port security31-6
with VLAN assignment31-5
with voice VLAN ports31-10
802.3ad
A
abbreviating commands2-5
access control entries
access list filtering, SPAN enhancement39-13
access ports
and Layer 2 protocol tunneling19-9
configuring12-8
access VLANs12-6
accounting
configuring for 802.1X31-16
ACEs
ACLs35-2
Ethernet35-2
IP35-2
Layer 4 operation restrictions35-8
ACLs
ACEs35-2
and SPAN39-5
and TCAM programming35-6
applying on routed packets35-21
applying on switched packets35-20
compatibility on the same switch35-3
configuring with VLAN maps35-20
CPU impact35-9
hardware and software support35-5
IP, matching criteria for port ACLs35-4
MAC extended35-11
matching criteria for router ACLs35-3
port
and voice VLAN35-4
defined35-2
limitations35-4
processing35-9
types supported35-2
acronyms, list ofA-1
active queue management29-13
addresses
adjacency tables
description24-2
displaying statistics24-9
advertisements, VTP
alarms
major7-2
minor7-2
asymmetrical links, and 802.1Q tunneling19-4
audiencexxi
authentication
See also port-based authentication
authentication server
defined31-3
RADIUS server31-3
authorized and unauthorized ports31-4
authorized ports with 802.1X31-4
autoconfiguration3-2
automatic QoS
autonegotiation feature
forced 10/100Mbps4-7
Auto-QoS
configuring29-16
auto-sync command6-8
B
BackboneFast
adding a switch (figure)15-2
and MST16-2
configuring15-15
link failure (figure)15-7, 15-8
not supported MST16-2
understanding15-6
BGP1-8
routing session with multi-VRF CE28-6
blocking packets37-1
blocking state (STP)
RSTP comparisons (table)16-4
boot bootldr command3-24
boot command3-21
boot fields
See configuration register boot fields
boot system flash command3-21
Border Gateway Protocol
boundary ports
description16-6
BPDU Guard
and MST16-2
configuring15-12
overview15-4
BPDUs
and media speed14-2
pseudobridges and16-5
what they contain14-3
bridge ID
bridge priority (STP)14-16
bridge protocol data units
broadcast storm control
disabling38-4
BSR
configuration example25-21
burst rate29-44
burst size29-27
C
candidate switch
defined9-12
requirements9-12
See also command switch and member switch
cautions for passwords
encrypting3-16
TACACS+3-15
CDP
and trusted boundary29-25
configuration20-2
displaying configuration20-3
enabling on interfaces20-3
Layer 2 protocol tunneling19-7
maintaining20-3
monitoring20-3
cdp enable command20-3
CEF
adjacency tables24-2
configuring load balancing24-7
displaying statistics24-8
enabling24-6
hardware switching24-4
load balancing24-6
overview24-1
software switching24-4
CGMP
overview18-1
channel-group group command17-7, 17-10
Cisco Discovery Protocol
Cisco Express Forwarding
Cisco Group Management Protocol
Cisco IOS NSF-awareness support6-2
Cisco IP Phones
configuring30-2
Cisco IP phones
sound quality30-1
CIST
description16-2
class-map command29-28
class of service
clear cdp counters command20-4
clear cdp table command20-3
clear counters command4-14
clearing
IP multicast table entries25-20
clear ip flow stats command40-8
CLI
accessing2-1
backing out one level2-5
getting commands2-5
history substitution2-3
managing clusters9-13
modes2-5
monitoring environments39-1
ROM monitor2-6
software basics2-4
clients
in 802.1X authentication31-2
clustering switches
command switch characteristics9-11, 9-12
and VTY9-12
managing
through CLI9-13
overview9-11
planning considerations
CLI9-13
command-line processing2-3
command modes2-5
commands
listing2-5
command switch
requirements9-11
common and internal spanning tree
common spanning tree
community ports
description36-1
community VLANs
and SPAN features36-4
configure as a PVLAN36-5
description36-1
config-register command3-22
config terminal command3-9
configuration files
obtaining with DHCP3-6
saving3-10
configuration register
boot fields
listing value3-22
modifying3-21
configuring3-19
settings at startup3-20
configure terminal command3-22, 4-2
console configuration mode2-5
console port
disconnecting user sessions5-5
monitoring user sessions5-4
copy running-config startup-config command3-10
copy system:running-config nvram:startup-config command3-24
CoS
configuring port value29-41
definition29-3
figure29-2
overriding on Cisco IP Phones30-3
priority30-3
CoS-to-DSCP maps29-46
counters
clearing MFIB25-20
clearing on interfaces4-14
CPU port sniffing39-10
CST
description16-5
IST and16-2
MST and16-2
customer edge devices28-2
D
default configuration
802.1X31-12
auto-QoS29-16
IGMP filtering18-17
Layer 2 protocol tunneling19-9
multi-VRF CE28-3
SPAN and RSPAN39-6
default gateway
configuring3-11
verifying configuration3-11
default ports
and support for 802.1X authentication31-13
description command4-9
detecting unidirectional links21-1
DHCP-based autoconfiguration
client request message exchange3-3
configuring
client side3-2
DNS3-5
relay device3-5
server-side3-3
TFTP server3-4
example3-7
lease options
for IP address information3-4
for receiving the configuration file3-4
overview3-2
relationship to BOOTP3-2
DHCP snooping
configuring33-3
default configuration33-3
displaying binding tables33-10
displaying configuration33-10
enabling33-4
enabling on private VLAN33-5
enabling the database agent33-6
overview33-1
Snooping database agent33-2
DHCP Snooping Database Agent
adding to the database (example)33-9
enabling (example)33-6
overview33-2
reading from a TFTP file (example)33-8
Differentiated Services Code Point values
DiffServ architecture, QoS29-2
disabled state
RSTP comparisons (table)16-4
disabling
broadcast storm control38-4
disconnect command5-5
DNS
and DHCP-based autoconfiguration3-5
documentation
organizationxxi
relatedxxiii
double-tagged packets
802.1Q tunneling19-2
Layer 2 protocol tunneling19-9
drop threshold for Layer 2 protocol packets19-9
DSCP maps29-45
DSCP-to-CoS maps
configuring29-47
DSCP values
configuring maps29-45
configuring port value29-42
definition29-3
IP precedence29-2
mapping markdown29-23
mapping to transmit queues29-43
DTP
VLAN trunks and12-3
duplex command4-8
duplex mode
configuring interface4-7
Dynamic Host Configuration Protocol snooping
dynamic port VLAN membership
limit on hosts11-9
reconfirming11-7
troubleshooting11-9
Dynamic Trunking Protocol
E
EAP frame
request/identity31-3
response/identity31-3
EAP frames
changing retransmission time31-20
exchanging (figure)31-4
setting retransmission number31-21
EAPOL frames
802.1X authentication and31-2
OTP authentication, example (figure)31-4
start31-3
edge ports
description16-7
EGP
overview1-8
EIGRP
overview1-8
Embedded CiscoView
displaying information9-16
installing and configuring9-14
overview9-13
enable mode2-5
encapsulation types12-3
Enhanced Interior Gateway Routing Protocol
environmental monitoring
LED indications7-2
SNMP traps7-2
supervisor engine7-2
switching modules7-2
using CLI commands7-1
EtherChannel
channel-group group command17-7, 17-10
configuration guidelines17-5
configuring Layer 217-9
configuring Layer 317-6
interface port-channel command17-7
lacp system-priority
command example17-12
modes17-3
overview17-1
PAgP
Understanding17-3
physical interface configuration17-7
port-channel interfaces17-2
port-channel load-balance command17-12
ports, 802.1X authentication not supported in31-13
removing17-14
removing interfaces17-13
explicit host tracking
enabling18-8
extended range VLANs
Extensible Authentication Protocol over LAN31-2
Exterior Gateway Protocol
F
FastDrop
clearing entries25-20
displaying entries25-19
overview25-10
FIB
description24-2
filtering
in a VLAN35-12
non-IP traffic35-11
flags25-11
Flash memory
configuring router to boot from3-24
loading system images from3-23
security precautions3-23
flooded traffic, blocking37-2
forward-delay time (STP)
configuring14-18
forwarding information base
G
gateway
global configuration mode2-5
Guest-VLANs
configure with 802.1X31-17, 31-18
H
hardware and software ACL support35-5
hardware switching24-5
hello time (STP)
configuring14-17
history
CLI2-3
hop counts
configuring MST bridges16-7
host
configuring host statically18-8
limit on dynamic port11-9
Hot Standby Routing Protocol
HSRP
description1-6
hw-module module num power command7-15
I
ICMP
enabling5-10
ping5-5
running IP traceroute5-7
time exceeded messages5-7
IDS
using with SPAN and RSPAN39-2
IEEE 802.1s
IEEE 802.1w
IEEE 802.3ad
IGMP
description25-3
enabling25-13
explicit host tracking18-3, 18-8
immediate-leave processing18-3
overview18-1
IGMP filtering
configuring18-17
default configuration18-17
described18-16
monitoring18-20
IGMP groups
setting the maximum number18-19
IGMP profile
applying18-18
configuration mode18-17
configuring18-17
IGMP snooping
configuration guidelines18-4
enabling18-5
IP multicast and25-4
monitoring18-11
overview18-1
IGRP
description1-8
immediate-leave processing
enabling18-7
IGMP
ingress packets, SPAN enhancement39-12
inline power
configuring on Cisco IP phones30-4
Intelligent Power Management8-5
interface port-channel command17-7
interface range command4-4
interface range macro command4-5
interfaces
adding descriptive name4-9
clearing counters4-14
configuring4-2
configuring ranges4-4
displaying information about4-13
Layer 2 modes12-4
maintaining4-13
monitoring4-13
naming4-9
numbers4-2
overview4-1
restarting4-14
Interior Gateway Routing Protocol
Internet Control Message Protocol
Internet Group Management Protocol
Inter-Switch Link encapsulation
Intrusion Detection System
IP
configuring default gateway3-11
configuring static routes3-11
displaying statistics24-8
flow switching cache40-8
IP addresses
candidate or member9-12
command switch9-12
ip cef command24-6
ip flow-aggregation cache destination-prefix command40-10
ip flow-aggregation cache prefix command40-10
ip flow-aggregation cache source-prefix command40-10
ip flow-export command40-8
ip icmp rate-limit unreachable command5-11
ip igmp profile command18-17
ip igmp snooping tcn flood command18-10
ip igmp snooping tcn flood query count command18-10
ip igmp snooping tcn query solicit command18-11
IP information
assigned
through DHCP-based autoconfiguration3-2
ip load-sharing per-destination command24-7
ip local policy route-map command26-5
ip mask-reply command5-12
IP multicast
clearing table entries25-20
configuring25-12
default configuration25-13
displaying PIM information25-15
displaying the routing table information25-16
enabling25-13
enabling dense-mode PIM25-14
enabling sparse-mode25-14
features not supported25-12
hardware forwarding25-8
monitoring25-15
overview25-1
routing protocols25-2
software forwarding25-8
See also Auto-RP; IGMP; PIM; RP; RPF
ip multicast-routing command25-13
IP phones
automatic classification and queueing29-16
configuring voice ports30-2
See Cisco IP Phones30-1
trusted boundary for QoS29-24
ip pim command25-14
ip pim dense-mode command25-14
ip pim sparse-dense-mode command25-15
ip policy route-map command26-4
ip redirects command5-11
ip route-cache flow command40-7
IP routing tables
deleting entries25-20
IP Source Guard
configuring33-11
configuring on private VLANs33-12
overview33-10
IP statistics
displaying24-8
IP traceroute
executing5-7
overview5-7
IP unicast
displaying statistics24-8
ip unreachables command5-10
IPX
redistribution of route information with EIGRP1-8
ISL
encapsulation12-3
trunking with 802.1Q tunneling19-4
isolated ports
description36-1
isolated VLANs
description36-1
IST
description16-2
master16-7
MST regions and16-2
J
jumbo frames
and ethernet ports4-11
configuring MTU sizes for4-12
ports and linecards that support4-10
VLAN interfaces4-11
K
keyboard shortcuts2-3
L
l2protocol-tunnel command19-11
labels
definition29-3
LACP
system ID17-4
Layer 2 access ports12-8
Layer 2 frames
classification with CoS29-2
Layer 2 interfaces
assigning VLANs10-8
configuring12-5
configuring as PVLAN host ports36-8
configuring as PVLAN promiscuous ports36-7
configuring as PVLAN trunk ports36-9
defaults12-5
disabling configuration12-9
modes12-4
show interfaces command12-7
Layer 2 interface type
resetting36-12
setting36-12
Layer 2 protocol tunneling
configuring19-9
default configuration19-9
defined19-7
guidelines19-10
Layer 2 switching
overview12-1
Layer 2 Traceroute
and ARP5-9
and CDP5-8
described5-8
host-to-host paths5-8
IP addresses and subnets5-9
MAC addresses and VLANs5-9
multicast traffic5-9
multiple devices on a port5-9
usage guidelines5-8
Layer 2 trunks
configuring12-6
overview12-3
Layer 3 packets
classification methods29-2
Layer 4 port operations
configuration guidelines35-8
restrictions35-8
LEDs
description (table)7-2
listening state (STP)
RSTP comparisons (table)16-4
load balancing
configuring for CEF24-7
configuring for EtherChannel17-12
per-destination24-7
login timer
changing5-4
logoutwarning command5-4
loop guard
and MST16-2
configuring15-9
overview15-2
M
MAC addresses
allocating14-5
building tables12-2
convert dynamic to sticky secure32-2
displaying5-3
displaying in DHCP snooping binding table33-10
in ACLs35-11
sticky32-2
sticky secure, adding32-2
MAC extended access lists35-11
macros
main-cpu command6-8
mapping
DSCP markdown values29-23
DSCP values to transmit queues29-43
mapping tables
configuring DSCP29-45
described29-13
mask destination command40-10
mask source command40-10
match ip address command26-3
maximum aging time (STP)
configuring14-18
member switch
defined9-11
managing9-13
requirements9-12
metro tags19-2
MFIB
CEF25-5
displaying25-18
overview25-11
modules
checking status5-1
powering down7-15
monitoring
802.1Q tunneling19-12
ACL information35-28
IGMP filters18-20
IGMP snooping18-11
Layer 2 protocol tunneling19-12
multi-VRF CE28-11
tunneling19-12
VLAN filters35-19
VLAN maps35-19
M-record16-2
MST
and multiple spanning trees1-4, 16-2
boundary ports16-6
BPDUs16-2
configuration parameters16-5
configuring16-9
displaying configurations16-13
edge ports16-7
enabling16-9
hop count16-7
instances
configuring parameters16-12
description16-2
number supported16-5
interoperability with PVST+16-2
link type16-7
master16-7
message age16-7
restrictions16-8
to-SST interoperability16-4
MSTP
M-record16-2
M-tree16-2
M-tree16-2
MTU size
configuring4-12
default10-4
multicast
multicast packets
blocking37-2
multicast routers
displaying routing tables25-16
flood suppression18-9
Multicast Storm Control
overview38-6
suppression on WS-X401438-7
suppression on WS-X401638-6
multiple forwarding paths1-4, 16-2
Multiple Spanning Tree
multiple VPN routing/forwarding
multi-VRF CE
components28-3
configuration example28-7
default configuration28-3
defined28-1
displaying28-11
monitoring28-11
network components28-3
packet-forwarding process28-3
N
native VLAN
and 802.1Q tunneling19-4
specifying12-6
NetFlow
aggregation
minimum mask,default value40-10
destination-prefix aggregation
configuration (example)40-15
minimum mask, configuring40-10
IP
flow switching cache40-8
prefix aggregation
configuration (example)40-13
minimum mask, configuring40-10
source-prefix aggregation
minimum mask, configuring40-10
switching
configuration (example)40-11
configuring40-7
exporting cache entries40-8
statistics40-8
NetFlow statistics
caveats on supervisor40-6
configuring collection40-6
implementing collection40-6
overview of collection40-1
Network Assistant
and VTY9-12
configure
display configuration9-9
enable communication with switch9-4
enable inter-cluster communication9-7
connect to a device9-10
default configuration9-3
installation requirements9-2
installing9-3
launch9-10
overview of CLI commands9-4
software and hardware requirements9-2
understanding9-2
network fault tolerance1-4, 16-2
network management
configuring20-1
Next Hop Resolution Protocol
NFFC/NFFC II
IGMP snooping and18-4
NHRP
support1-8
non-IP traffic filtering35-11
non-RPF traffic
description25-9
in redundant configurations (figure)25-10
nonvolatile random-access memory
normal-range VLANs
NSF-awareness support6-2
NVRAM
saving settings3-10
O
OIR
overview4-13
online insertion and removal
Open Shortest Path First
operating system images
OSPF
area concept1-7
description1-7
P
packets
modifying29-15
software processed
and QoS29-15
packet type filtering
overview39-14
SPAN enhancement39-14
PAgP
understanding17-3
passwords
configuring enable password3-14
configuring enable secret password3-14
encrypting3-15
recovering lost enable password3-18
setting line password3-14
setting TACACS+3-15
PBR (policy-based routing)
configuration (example)26-5
enabling26-3
features26-2
overview26-1
route maps26-2
when to use26-2
per-port and VLAN Access Control List33-10
Per-VLAN Rapid Spanning Tree14-6
enabling14-20
overview14-6
PE to CE routing, configuring28-6
PIM
configuring dense mode25-14
configuring sparse mode25-14
displaying information25-15
displaying statistics25-20
enabling sparse-dense mode25-14, 25-15
overview25-3
PIM-DM25-3
PIM-SM25-3
ping
executing5-6
overview5-5
PoE8-7
configuring power consumption for single device8-4
configuring power consumption for switch8-4
power consumption for powered devices
Intelligent Power Management8-5
overview8-3
supported cabling topology8-5
powering down a module7-15
power management modes8-1
show interface status8-6
point-to-point
in 802.1X authentication (figure)31-2, 31-8
police command29-32
policed-DSCP map29-46
policers
description29-5
types of29-9
policies
policing
policy-map command29-29, 29-31
policy maps
attaching to interfaces29-34
configuring29-30
port ACLs
and voice VLAN35-4
defined35-2
limitations35-4
Port Aggregation Protocol
port-based authentication
802.1X with voice VLAN31-10
changing the quiet period31-19
client, defined31-2
configuration guidelines31-13
configure 802.1X accounting31-16
configure switch-to-RADIUS server communication31-15
configure with Guest-VLANs31-17, 31-18
configuring Guest-VLAN31-15
configuring manual re-authentication of a client31-19
controlling authorization state31-4
default configuration31-12
described31-2
device roles31-2
disabling31-14
displaying statistics31-22
enabling31-13
enabling multiple hosts31-21
enabling periodic re-authentication31-18
encapsulation31-2
initiation and message exchange31-3
method lists31-13
ports not supported31-4
resetting to default values31-22
setting retransmission number31-21
setting retransmission time31-20
topologies, supported31-10
using with port security31-6
with VLAN assignment31-5
port-based QoS features
port-channel interfaces
creating17-6
overview17-2
port-channel load-balance
command17-12
command example17-12
port-channel load-balance command17-12
port cost (STP)
configuring14-15
PortFast
and MST16-2
BPDU filter, configuring15-12
configuring or enabling15-11
overview15-3
PortFast BPDU filtering
and MST16-2
enabling15-12
overview15-4
port priority
configuring MST instances16-12
configuring STP14-13
ports
blocking37-1
checking status5-2
community