- Preface
- Product Overview
- Basic Router Configuration
- Configuring Ethernet CFM and Y.1731 Performance Monitoring on Layer 3 Interfaces
- Configuring Power Management
- Configuring Security Features
- Configuring Secure Storage
- Configuring Backup Data Lines and Remote Management
- Configuring Ethernet Switches
- Configuring Voice Functionality
- Configuring the Serial Interface
- Configuring Wireless Devices
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Environmental and Power Management
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configuring Cisco Multimode G.SHDSL EFM/ATM
- Configuring VDSL2 Bonding and Single-Wire Pair
- Configuring Cisco IOx
- Deployment Scenarios
- Troubleshooting Cisco 800 Series Routers
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Index
- Switch Port Numbering and Naming
- Switch Port Mode
- Restrictions for the FE Switch
- Ethernet Switches
- Overview of SNMP MIBs
- Configuring Ethernet Switches
- Configuring VLANs
- Configuring Layer 2 Interfaces
- Configuring 802.1x Authentication
- Configuring Spanning Tree Protocol
- Configuring MAC Table Manipulation
- Configuring Cisco Discovery Protocol
- Configuring the Switched Port Analyzer
- Configuring Power Management on the Interface
- Configuring IP Multicast Layer 3 Switching
- Configuring IGMP Snooping
- Configuring Per-Port Storm Control
- Configuring Separate Voice and Data Subnets
- Managing the Switch
Configuring Ethernet Switches
This chapter gives an overview of configuration tasks for the following:
- 4-port Fast Ethernet (FE) switch on the Cisco 860, 880, and 890 integrated service routers (ISRs)
- Gigabit Ethernet (GE) switch on the Cisco 860VAE-K9
- Gigabit Ethernet (GE) switch that services the embedded wireless access point on the Cisco 860 and Cisco 880 series ISRs.
The FE switches are 10/100Base T Layer 2 Fast Ethernet switches. The GE switch is a 1000Base T Layer 2 Gigabit Ethernet switch. Traffic between different VLANs on a switch is routed through the router platform with the switched virtual interface (SVI).
Any switch port may be configured as a trunking port to connect to other Cisco Ethernet switches. An optional power module can be added to Cisco 880 series ISRs to provide inline power to two of the FE ports for IP telephones or external access points.
This chapter contains the following sections:
- Switch Port Numbering and Naming
- Switch Port Mode
- Restrictions for the FE Switch
- Ethernet Switches
- Overview of SNMP MIBs
- Configuring Ethernet Switches
Switch Port Numbering and Naming
The ports for Cisco 860, 880, and 890 ISRs are numbered as follows:
- The ports on the FE switch for the Cisco 860, 880, and 890 ISRs are numbered FE0 through FE3.
- The port on the GE switch for the 860VAE-K9 is numbered GE0.
- The port on the GE switch that services the embedded wireless access point on the Cisco 860 and Cisco 880 series ISRs is named and numbered Wlan-GigabitEthernet0.
Switch Port Mode
Prior to release 15.7(3)M, the default mode for the switch ports on Cisco 800 series routers was access. The command for the default switch port mode (access) is: switchport mode access
From release 15.7(3)M, dynamic truncking is the default switch port mode. The dynamic trunking mode on a switch port allows the switch to dynamically shift between the trunk or access mode based on the type of link that the communicating switch on the other side is trying to establish. The command for the default switch port mode (dynamic truncking) is: switchport mode dynamic auto
From release 15.7(3)M, you can also configure the switch ports of Cisco 800 series routers using the following CLI: switchport mode dynamic desirable
Restrictions for the FE Switch
The following restrictions apply to the FE switch:
- Ports of an FE switch must not be connected to any Fast Ethernet onboard port of the router.
- On Cisco 880 series ISRs, inline power is supported only on FE switch ports FE0 and FE1. Inline power is not supported on Cisco 860 series ISRs.
- VTP pruning is not supported.
- FE switch can support up to 200 secure MAC addresses.
Ethernet Switches
To configure Ethernet switches, you should understand the following concepts:
- VLANs and VLAN Trunk Protocol
- Inline Power
- Configuring 802.1x Authentication
- Configuring Spanning Tree Protocol
- Spanning Tree Protocol
- Cisco Discovery Protocol
- Switched Port Analyzer
- IGMP Snooping
- Storm Control
VLANs and VLAN Trunk Protocol
For information on the concepts of VLANs and VLAN Trunk Protocol (VTP), see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt1636nm.html#wp1047027
Inline Power
Inline power is not supported on the Cisco 860 series ISRs. On the Cisco 880 series ISRs, inline power can be supplied to Cisco IP phones or external access points on FE switch ports FE0 and FE1.
A detection mechanism on the FE switch determines whether it is connected to a Cisco device. If the switch senses that there is no power on the circuit, the switch supplies the power. If there is power on the circuit, the switch does not supply it.
You can configure the switch to never supply power to the Cisco device and to disable the detection mechanism.
The FE switch also provides support for powered devices compliant with IEEE 802.3af.
Configuring 802.1x Authentication
IEEE 802.1x port-based authentication defines a client-server-based access control and authentication protocol to prevent unauthorized clients from connecting to a LAN through publicly accessible ports.The authentication server authenticates each client connected to a switch port before allowing access to any switch or LAN services. Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication, normal traffic passes through the port.
With IEEE 802.1x authentication, the devices in the network have specific roles:
-
Supplicant—Device (workstation) that requests access to the LAN and switch services and responds to requests from the router. The workstation must be running IEEE 802.1x-compliant client software such as that offered in the Microsoft Windows XP operating system. (The supplicant is sometimes called the client.)
-
Supplicant—Device (workstation) that requests access to the LAN and switch services and responds to requests from the router. The workstation must be running IEEE 802.1x-compliant client software such as that offered in the Microsoft Windows XP operating system. (The supplicant is sometimes called the client.)
-
Authentication server—Device that performs the actual authentication of the supplicant. The authentication server validates the identity of the supplicant and notifies the router whether or not the supplicant is authorized to access the LAN and switch services. The Network Access Device (or Cisco ISR router in this instance) transparently passes the authentication messages between the supplicant and the authentication server, and the authentication process is carried out between the supplicant and the authentication server. The particular EAP method used will be decided between the supplicant and the authentication server (RADIUS server). The RADIUS security system with EAP extensions is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client and server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
-
Authenticator—Router that controls the physical access to the network based on the authentication status of the supplicant. The router acts as an intermediary between the supplicant and the authentication server, requesting identity information from the supplicant, verifying that information with the authentication server, and relaying a response to the supplicant. The router includes the RADIUS client, which is responsible for encapsulating and decapsulating the EAP frames and interacting with the authentication server.
For detailed information on how to configure 802.1x port-based authentication, see the following link:
Configuring Spanning Tree Protocol
Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Multiple active paths among end stations cause loops in the network. If a loop exists in the network, end stations might receive duplicate messages. Switches might also learn end-station MAC addresses on multiple Layer 2 interfaces. These conditions result in an unstable network. Spanning-tree operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.
-
Root—A forwarding port elected for the spanning-tree topology
-
Designated—A forwarding port elected for every switched LAN segment
-
Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree
-
Backup—A blocked port in a loopback configuration
The switch that has all of its ports as the designated role or as the backup role is the root switch. The switch that has at least one of its ports in the designated role is called the designated switch.Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path. Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at regular intervals. The switches do not forward these frames but use them to construct a loop-free path. BPDUs contain information about the sending switch and its ports, including switch and MAC addresses, switch priority, port priority, and path cost. Spanning tree uses this information to elect the root switch and root port for the switched network and the root port and designated port for each switched segment.
When two ports on a switch are part of a loop, the spanning-tree port priority and path cost settings control which port is put in the forwarding state and which is put in the blocking state. The spanning-tree port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed.
For detailed configuration information on STP see the following link:
The following example shows configuring spanning-tree port priority of a Gigabit Ethernet interface. If a loop occurs, spanning tree uses the port priority when selecting an interface to put in the forwarding state.
Router# configure terminal Router(config)# interface gigabitethernet 0/2 Router(config-if)# spanning-tree vlan 1 port-priority 64 Router(config-if)# end
The following example shows how to change the spanning-tree port cost of a Gigabit Ethernet interface. If a loop occurs, spanning tree uses cost when selecting an interface to put in the forwarding state.
Router#configure terminal Router(config)# interface gigabitethernet 0/2 Router(config-if)# spanning-tree cost 18 Router(config-if)# end
The following example shows configuring the bridge priority of VLAN 10 to 33792:
Router# configure terminal Router(config)# spanning-tree vlan 10 priority 33792 Router(config)# end
The following example shows configuring the hello time for VLAN 10 being configured to 7 seconds. The hello time is the interval between the generation of configuration messages by the root switch.
Router# configure terminal Router(config)# spanning-tree vlan 10 hello-time 4 Router(config)# end
The following example shows configuring forward delay time. The forward delay is the number of seconds an interface waits before changing from its spanning-tree learning and listening states to the forwarding state.
Router# configure terminal Router(config)# spanning-tree vlan 10 forward-time 21 Router(config)# end
The following example shows configuring maximum age interval for the spanning tree. The maximum-aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration.
Router# configure terminal Router(config)# spanning-tree vlan 20 max-age 36 Router(config)# end
The following example shows the switch being configured as the root bridge for VLAN 10, with a network diameter of 4.
Router# configure terminal Router(config)# spanning-tree vlan 10 root primary diameter 4 Router(config)# exit
Spanning Tree Protocol
For information on Spanning Tree Protocol, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt1636nm.html#wp1048458
Cisco Discovery Protocol
Cisco Discovery Protocol (CDP) runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers, and switches. CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols. With CDP, network management applications can learn the device type and the SNMP agent address of neighboring devices. This feature enables applications to send SNMP queries to neighboring devices.
CDP runs on all LAN and WAN media that support Subnetwork Access Protocol (SNAP). Each CDP-configured device sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain the time-to-live, or hold-time information, which indicates the length of time a receiving device should hold CDP information before discarding it.
Switched Port Analyzer
For information on Switched Port Analyzer, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt1636nm.html#wp1053663
IGMP Snooping
For information on IGMP Snooping, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt1636nm.html#wp1053727
IGMP Version 3
The Cisco 880 series ISRs support Version 3 of IGMP snooping.
IGMPv3 provides support for source filtering, which enables a multicast receiver host to signal to a router from which groups the receiver host is to receive multicast traffic, and from which sources this traffic is expected. Enabling the IGMPv3 feature with IGMP snooping on Cisco ISRs provides Basic IGMPv3 Snooping Support (BISS). BISS provides constrained flooding of multicast traffic in the presence of IGMPv3 hosts. This support constrains traffic to approximately the same set of ports as IGMPv2 snooping does with IGMPv2 hosts. The constrained flooding only considers the destination multicast address.
Storm Control
For information on storm control, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt1636nm.html#wp1051018
Overview of SNMP MIBs
Simple Management Network Protocol (SNMP) development and use is centered around the MIB. An SNMP MIB is an abstract database and it is a conceptual specification for information that a management application may read and modify in a certain form. This does not imply that the information is kept in the managed system in that same form. The SNMP agent translates between the internal data structures and formats of the managed system and the external data structures and formats defined for the MIB.
The SNMP MIB is conceptually a tree structure with conceptual tables. Cisco Layer 2 Switching Interface MIB is discussed in more detail in BRIDGE-MIB for Layer 2 Ethernet Switching. Relative to this tree structure, the term MIB is used in two ways. One definitions of MIB is, it is actually a MIB branch, usually containing information for a single aspect of technology, such as a transmission medium or a routing protocol. A MIB used in this sense is more accurately called a MIB module, and is usually defined in a single document. The other definition of a MIB is a collection of such branches. Such a collection might comprise, for example, all the MIB modules implemented by a given agent, or the entire collection of MIB modules defined for SNMP.
A MIB is a tree where the leaves are individual items of data called objects. An object may be, for example, a counter or a protocol status. MIB objects are also sometimes called variables.
BRIDGE-MIB for Layer 2 Ethernet Switching
The Layer 2 Ethernet Switching Interface BRIDGE-MIB is supported in the Cisco 887, 880, and 890 platforms. The BRIDGE-MIB enables the user to know the Media Access Control (MAC) addresses and spanning tree information of the Ethernet switch modules. The user can query the MIB agent using the SNMP protocol and get the details of Ethernet switch modules, such as MAC addresses, of each interface and spanning protocol information.
The Bridge-MIB uses the following approaches to get the Layer 2 BRIDGE-MIB information:
- Community-string-based approach
- Context-based approach
In the community string based approach, one community string is created for each VLAN. Based on the query, the respective VLAN MIB is displayed.
To get the BRIDGE-MIB details, use the snmp-server community public RW command in the configuration mode.
Router(config)# snmp-server community public RW
Use the following syntax to query the SNMP BRIDGE-MIB details:
snmpwalk -v2c <ip address of the ISR, ...> public .1.3.6.1.2.1.17 snmpwalk -v2c <ip address of the ISR, ...> public@2 .1.3.6.1.2.1.17 snmpwalk -v2c <ip address of the ISR, ...> public@3 .1.3.6.1.2.1.17
Note | When you create a VLAN ‘x’, the logical entity public@x is added. If you query with public community, the Layer 3 MIB is displayed. When you query with public@x, the Layer 2 MIB for VLAN ‘x’ is displayed. |
In the context based approach, the SNMP context mapping commands are used to display the values for Layer 2 interfaces. Each VLAN is mapped to a context. When the user queries with a context, the MIB displays the data for that specific VLAN, which is mapped to the context. In this approach, each VLAN is manually mapped to a context.
To get the BRIDGE-MIB details, use the following commands in the configuration mode:
Router(config)# Routersnmp-server group public v2c context bridge-group Router(config)# snmp-server community public RW Router(config)# snmp-server community private RW Router(config)# snmp-server context bridge-group Router(config)# snmp mib community-map public context bridge-group
Use the following syntax to query the SNMP BRIDGE-MIB details.
snmpwalk -v2c <ip address of the ISR, ...> public@1 .1.3.6.1.2.1.17 ?L2-MIB snmpwalk -v2c <ip address of the ISR, ...> private .1.3.6.1.2.1.17?L3-MIB
Note | When you query with the public community, the Layer 2 MIB is displayed. Use a private group for Layer 3 MIB. |
For more details to configure and retrieve the BRIDGE-MIB details, see:
MAC Address Notification
MAC address notification enables you to track users on a network by storing the MAC address activity on the switch. Whenever the switch learns or removes a MAC address, an SNMP notification can be generated and sent to the NMS. If you have many users coming and going from the network, you can set a trap interval time to bundle the notification traps and reduce network traffic. The MAC notification history table stores the MAC address activity for each hardware port for which the trap is enabled. MAC address notifications are generated for dynamic and secure MAC addresses; events are not generated for self addresses, multicast addresses, or other static addresses.
For more details to configure MAC address notification, see:
Configuring Ethernet Switches
See the following sections for configuration tasks for Ethernet switches:
- Configuring VLANs
- Configuring Layer 2 Interfaces
- Configuring 802.1x Authentication
- Configuring Spanning Tree Protocol
- Configuring MAC Table Manipulation
- Configuring Cisco Discovery Protocol
- Configuring the Switched Port Analyzer
- Configuring Power Management on the Interface
- Configuring IP Multicast Layer 3 Switching
- Configuring IGMP Snooping
- Configuring Per-Port Storm Control
- Configuring Separate Voice and Data Subnets
- Managing the Switch
Configuring VLANs
This section provides information on how to configure VLANs. The Cisco 860 series ISRs support two VLANs and the 860VAE series ISRs support five VLANs.The Cisco 880 series ISRs support eight VLANs.
Note | Cisco 866VAE-K9 and 867VAE-K9 routers have four Fast Ethernet (FE) switching ports and one Gigabit Ethernet (GE) switching port. |
VLANs on the FE and GE Switch Ports
To configure VLANs, perform these steps, beginning in configuration mode.
1.
interface
type
number
2.
shutdown
3.
switchport
access
vlan
vlan_id
4.
no
shutdown
5.
end
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | interface
type
number
Example: Router(config)# Interface fastethernet0 |
Selects the Fast Ethernet port to configure. |
Step 2 | shutdown
Example: Router(config-if)# shutdown |
(Optional) Shuts down the interface to prevent traffic flow until configuration is complete. |
Step 3 | switchport
access
vlan
vlan_id
Example: Router(config-if)# switchport access vlan 2 |
Creates instances of additional VLANs. Allowable values of vlan_id are 2 to 4094, except for reserved values of 1002 to 1005. |
Step 4 | no
shutdown
Example: Router(config-if)# no shutdown |
Enables the interface, changing its state from administratively down to administratively up. |
Step 5 | end
Example: Router(config-if)# end |
Exits configuration mode. |
For additional information, see the information at the following URL:
VLANs on the GE Port and GE ESW Port of Wireless APs
Because the GE port is an internal interface that services only the embedded access point of the router, it cannot be configured only with the switchport access vlan X command, where X is other than 1. It may, however, be configured in trunk mode. This may be done by performing the following steps, beginning in global configuration mode.
1.
interface
type
number
2.
switchport
mode
trunk
3.
switchport
access
vlan
vlan_id
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | interface
type
number
Example: Router(config)# Interface gigabitethernet0 |
Selects the Gigabit Ethernet port to configure. |
Step 2 | switchport
mode
trunk
Example: Router(config-if)# switchport mode trunk |
Places the port in trunk mode. |
Step 3 | switchport
access
vlan
vlan_id
Example: Router(config-if)# switchport access vlan 2 |
(Optional) Once the port is in trunk mode, it may be assigned a VLAN number other than 1. |
Configuring Layer 2 Interfaces
For information on how to configure Layer 2 interfaces, see the following URL:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1047041
The URL contains information on the following topics:
Configuring 802.1x Authentication
For information on how to configure 802.1x port-based authentication, see:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_8021x.html
The document contains information on the following topics:
- Understanding the default 802.1x configuration
- Enabling 802.1x authentication
- Configuring the switch-to-RADIUS-server comunication
- Enabling periodic reauthentication
- Changing the quiet period
- Changing the switch-to-client retransmission time
- Setting the switch-to-client frame-retransmission number
- Enabling multiple hosts
- Resetting the 802.1x configuration to default values
- Displaying 802.1x statistics and status
Note | When the ethernet switch port is configured with local session time out using the authentication timer reauthenticate seconds command, only the port will be reauthenticated for the authorized user. The user will not be prompted to a login page for central web authentication (CWA). If the user needs to be re-authenticated for central web authentication (CWA), use the authentication timer reauthenticate server seconds command. |
Configuring Spanning Tree Protocol
For information on how to configure Spanning Tree Protocol, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1047906
The document contains information on the following topics:
Configuring MAC Table Manipulation
For information on how to configure MAC table manipulation, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1048223
The document contains information on the following topics:
- Enabling known MAC address traffic
- Creating a static entry in the MAC address table
- Configuring the aging timer
- Verifying the aging time
Port Security
The topic of enabling known MAC address traffic deals with port security. Port security can be either static or dynamic.
Static port security allows the user to specify which devices are allowed access through a given switch port. The specification is done manually by placing allowed device MAC addresses in the MAC address table. Static port security is also known as MAC address filtering.
Dynamic port security is similar. However, instead of specifying the MAC address of the devices, the user specifies the maximum number of devices that is allowed on the port. If the maximum number specified is more than the number of MAC addresses specified manually, the switch learns the MAC address automatically, up to the maximum specified. If the maximum number specified is less than the number of MAC addresess already specified statically, an error message is produced.
The following command is used to specify static or dynamic port security.
Command |
Purpose |
---|---|
Router(config)# mac-address-table secure [mac-address | maximum maximum addresses] fastethernet interface-id [vlan vlan id] |
mac-address enables static port security. The maximum keyword enables dynamic port security. |
Configuring Cisco Discovery Protocol
For information on how to configure Cisco Discovery Protocol (CDP), see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1048365
The document contains information on the following topics:
Configuring the Switched Port Analyzer
For information on how to configure a switched port analyzer (SPAN) session, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1048473
The document contains information on the following topics:
Configuring Power Management on the Interface
For information on how to configure inline power for access points or Cisco IP phones, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1048551
Configuring IP Multicast Layer 3 Switching
For information on how to configure IP multicast Layer 3 switching, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1048610
The document contains information on the following topics:
Configuring IGMP Snooping
For information on how to configure IGMP snooping, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1048777
The document contains information on the following topics:
- Enabling or disabling IGMP snooping
- Enabling IGMP immediate-leave processing
- Statically configuring an interface to join a group
- Configuring a multicast router port
IGMP Version 3
In support of the IGMPv3 feature in Cisco IOS Release 12.4(15)T, the groups and count keywords were added to the show ip igmp snooping command, and the output of the show ip igmp snooping command was modified to include global information about IGMP snooping groups. Use the show ip igmp snooping command with the groups keyword to display the multicast table learned by IGMP snooping for all VLANs, or the show ip igmp snooping command with the groups keyword, vlan-id keyword, and vlan-id argument to display the multicast table learned by IGMP snooping for a specific VLAN. Use the show ip igmp snooping command with the groups and count keywords to display the number of multicast groups learned by IGMP snooping.
Configuring Per-Port Storm Control
For information on how to configure per-port storm control, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1049009
The document contains information on the following topics:
Configuring Separate Voice and Data Subnets
For information on how to configure separate voice and data subnets, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1049866
Managing the Switch
For information on management of the switch, see:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/esw_cfg.html#wp1049978
The document contains information on the following topics:
- Adding Trap Managers
- Configuring IP Information
- Enabling Switch Port Analyzer
- Managing the ARP Table
- Managing the MAC Address Tables
- Removing Dynamic Addresses
- Adding Secure Addresses
- Configuring Static Addresses
- Clearing all MAC Address Tables