Manual Cisco Systems IE3010

892 pages 25.41 mb

Download

Go to site of 892

Prev Next

Summary

Cisco Systems IE3010 - page 1

Americas Hea dquarters Cisc o Syst ems , Inc . 170 West Ta sman Driv e San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 527-0883 Cisco IE 30 1 0 Switc h So ftwa r e Configuration Guide Cisco IOS R elease 12.2(53 )EZ No vember 20 1 0 Text Pa rt Numbe r: OL -23145-0 1 ...
Cisco Systems IE3010 - page 2

THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI O N, AND RECOMME NDATIONS IN T HIS MANUAL ARE BELI EVED TO BE ACCURATE BUT ARE P RESENTED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY P ...
Cisco Systems IE3010 - page 3

iii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CONTENTS Preface xxxii i Audienc e xxx iii Pur pose xx xiii Conv enti ons xxxiii Rela ted Publi cations xxxiv Obtain ing Documentat ion, Obt aining Su pport, and Secur ity Guideline s xxxv CHAPTER 1 Overview 1-1 Featur es 1-1 Ease-o f-Deployment and Ease-o f-Use F eatures 1-2 Perfo ...
Cisco Systems IE3010 - page 4

Cont ents iv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Disabl ing th e Command Hist ory Featur e 2-7 Using Edi ting Featu res 2-7 Enabli ng and Disablin g Editing Featu res 2-7 Editi ng Commands th rough Keystr okes 2-8 Editi ng Command Lin es that Wrap 2-9 Searc hin g and Filt erin g Out put of sho w and m ore Comman ds 2-10 ...
Cisco Systems IE3010 - page 5

Content s v Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Schedul ing a Reload of the Software I mage 3-2 1 Config uring a Schedu led Reloa d 3-21 Displa ying Scheduled Reload I nform ation 3-22 CHAPTER 4 Configur ing Cisco IOS Configur ation Engine 4-1 Underst anding Cisco Con f igurat ion Engi ne Software 4-1 Config uration Serv ...
Cisco Systems IE3010 - page 6

Cont ents vi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Other Considerati ons for Clu ster St andby Grou ps 5-9 Automa tic Recov ery of Cluste r Config uration 5-10 IP Ad dres ses 5-11 Hostname s 5-11 Passw or ds 5-12 SNMP Communi ty Str ings 5-12 TACACS+ a nd RADIUS 5-12 LRE Pr ofiles 5-13 Using th e CLI to Manage Sw itch Clus ...
Cisco Systems IE3010 - page 7

Content s vii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Managing the MAC Addre ss Tabl e 6-1 9 Buildi ng the Address Table 6-20 MAC Addresse s and VLANs 6-20 Defaul t MAC Address Table Configur atio n 6-21 Changin g the Address Aging Time 6-21 Removing Dynamic Addr ess Entries 6-22 Config uring MAC Address Change Notifica tion ...
Cisco Systems IE3010 - page 8

Cont ents viii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 CHAPTER 8 Configur ing SDM Templat es 8-1 Underst anding the SDM Templa tes 8-1 Config uring the Swit ch SDM Templ ate 8-2 SDM Templ ate Confi guratio n Guidelines 8-2 Setti ng the SDM Template 8-3 Displa ying the SDM Template s 8-4 CHAPTER 9 Configur ing Switch-Ba sed A ...
Cisco Systems IE3010 - page 9

Content s ix Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring RADIUS 9-27 Defaul t RADIUS Configurati on 9-27 Identi fying t he RADIUS Serv er Host 9-28 Config uring RADIUS Login Authen tication 9-30 Defini ng AAA Server Groups 9- 32 Config uring RADIUS Author ization for User Privil eged Acce ss and Networ k Services 9- ...
Cisco Systems IE3010 - page 10

Cont ents x Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring a CA Trustpo int 9-54 Config uring the Secu re HTTP Server 9-55 Config uring the Secu re HTTP Client 9-56 Displa ying Secure HTTP Ser ver and Client St atus 9-57 Config uring th e Swit ch for Secure C opy Protoc ol 9-57 Infor mation About Secur e Copy 9-58 CHAP ...
Cisco Systems IE3010 - page 11

Content s xi Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 802.1x Authenti cation with Wake-o n-LAN 10-2 6 802.1x Authent icati on with MAC Authe nticati on Bypass 10-26 802.1x User Distr ibutio n 10-28 802.1x User Distr ibutio n Confi guration Gui deline s 10-28 Netw ork Adm issio n Co ntro l La yer 2 802 .1x Vali dati on 10-29 F ...
Cisco Systems IE3010 - page 12

Cont ents xii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring 802.1 x User Dist ribution 10- 58 Config uring NAC Layer 2 802. 1x Validatio n 10-59 Config uring an Authent icator and a Suppl i cant Swi t ch with NEAT 10-60 Config uring NEAT with Auto Smartpo rts Macros 10-61 Config uring 802.1 x Authenti cation with Down ...
Cisco Systems IE3010 - page 13

Content s xiii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Customi z ing the Au thentic ation Proxy Web Pag es 11-1 3 Specif ying a Redirect ion URL for Success ful Login 11-15 Config uring an AAA Fail Pol icy 11-15 Config uring the Web- Based Authentica tion Parameter s 11-1 6 Config uring a Web Authen tication Loca l Banner 11 ...
Cisco Systems IE3010 - page 14

Cont ents xiv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Monitor ing and Mainta ining the In terfaces 12-26 Moni tori ng In terfa ce S tat us 12-26 Cleari ng and Resettin g Interface s and Coun ters 12-27 Shutti ng Down and Restar ting the I nterface 12-27 CHAPTER 13 Configur ing Smartports Macros 13-1 Underst anding Smartpor t ...
Cisco Systems IE3010 - page 15

Content s xv Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Changin g the Pruning -Eligi ble List 14-19 Config uring the Nativ e VLAN for Untagge d Traffi c 14-19 Config uring Tr unk P orts f or Load S harin g 14-20 Load S haring Usi ng S TP Po rt Pri orities 14-20 Load S haring Usi ng S TP Path Cost 14-22 Config uring VMPS 14-2 3 ...
Cisco Systems IE3010 - page 16

Cont ents xvi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Enabling VTP Pruni ng 15-14 Config uring VTP on a Per -Port Bas is 15-15 Adding a VT P Client Switch to a VTP Domai n 15-15 Moni tori ng V TP 15-1 6 CHAPTER 16 Configur ing Voice V LAN 16-1 Underst anding Voice VLAN 16 -1 Cisco I P Phone Voice Traff ic 16-2 Cisco I P Phon ...
Cisco Systems IE3010 - page 17

Content s xvii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Spannin g-Tree Confi gurati on Guid elines 17-12 Changin g the Spanning -Tree Mo de. 17-13 Disabl ing Spanning Tre e 17-14 Config uring the Root Switch 17-14 Config uring a Second ary Root Swi tch 17-16 Config uring Port Pr iorit y 17-16 Config uring Path Cos t 17-18 Con ...
Cisco Systems IE3010 - page 18

Cont ents xviii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 MSTP Confi gurati on Guidelines 18-1 4 Specif ying the MST Region Co nfigura tion and Enabli ng MSTP 18-15 Config uring the Root Switch 18-17 Config uring a Second ary Root Swi tch 18-18 Config uring Port Pr iorit y 18-19 Config uring Path Cos t 18-20 Config uring the S ...
Cisco Systems IE3010 - page 19

Content s xix Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CHAPTER 20 Configur ing Flex Links and the MAC Addre ss-Table Move Update Feat ure 20 -1 Underst anding Flex Lin ks and the MAC Addr ess-Table Move Updat e 20-1 Flex Link s 20-1 VLAN Flex Li nk Loa d Balanci ng and Suppor t 20-2 Flex L ink Mult icas t Fa st C onve rgen ce ...
Cisco Systems IE3010 - page 20

Cont ents xx Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring IP Sour ce Guar d 21-17 Defaul t IP Sour ce Guar d Configurat ion 21-17 IP So urce Guar d C onfi gurat ion Guide line s 21-17 Enabli ng IP Source Gua rd 21-18 Config uring IP Sour ce Guard for Static Hosts 21-19 Config uring IP Sour ce Guard for Static Hosts o ...
Cisco Systems IE3010 - page 21

Content s xxi Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring IGMP Snoop ing 23-6 Defaul t IGMP Snooping Co nfiguration 23-6 Enabli ng or Disab ling IGMP Sn ooping 23-7 Setti ng the Snooping Me thod 23-8 Config uring a Multi cast Router Po rt 23-9 Config uring a Host Sta ticall y to Join a Gr oup 23-10 Enabli ng IGMP Im ...
Cisco Systems IE3010 - page 22

Cont ents xxii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring a Prote cted Port 24-6 Config uring Port Bloc king 24-6 Defaul t Port Bloc king Conf igurat ion 24-7 Blocki ng Flooded Traf fic on an Inter face 24-7 Config uring Port Se curity 24-7 Underst anding Port Secu rity 24-8 Secure MAC Add r esses 24-8 Secu rity Vi ...
Cisco Systems IE3010 - page 23

Content s xxiii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CHAPTER 27 Configur ing UDLD 27-1 Underst anding UDLD 27-1 Modes of Oper ation 27-1 Methods t o Detect Unidire ctional Links 27-2 Config uring UDLD 27- 3 Defaul t UDLD Configurati on 27-4 Config uration Guidel ines 27-4 Enabli ng UDLD Global ly 27-5 Enabli ng UDLD on an ...
Cisco Systems IE3010 - page 24

Cont ents xxiv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Displa ying SPAN and RSPAN Stat us 28-2 2 CHAPTER 29 Configur ing RMON 29-1 Underst anding RMON 29-1 Config uring RMON 29-2 Defaul t RMON Configuration 29-3 Config uring RMON Alarms and Ev ents 29-3 Collec ting Grou p Hist ory Stati stics on an In terface 29-5 Collec tin ...
Cisco Systems IE3010 - page 25

Content s xxv Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring SNMP 31-6 Defau lt S NMP Conf igur atio n 31-6 SNMP Conf iguration Guidelines 31-6 Disabl ing th e SNMP Agent 31-7 Config uring Community St rings 31-8 Config uring SNMP Groups and Us ers 31-9 Config uring SNMP Notifi cations 31-11 Settin g t he C PU Th res h ...
Cisco Systems IE3010 - page 26

Cont ents xxvi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Applyi ng a MAC ACL to a Layer 2 Interface 32-26 Displ ayin g IPv4 ACL Con figur atio n 32 -28 CHAPTER 33 Configur ing QoS 33-1 Underst anding QoS 33-1 Basic QoS Model 33-3 Classi fication 33-4 Classi fication Base d on QoS ACLs 33-7 Classi fication Base d on Class Maps ...
Cisco Systems IE3010 - page 27

Content s xxvii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring the Tru st State on Ports within the QoS Domain 33-35 Config uring the CoS Va lue fo r an Inter f ace 33-3 7 Config uring a Trust ed Boundar y to Ensure Por t Secur ity 33-3 7 Enabli ng DSCP Tr ansparen cy Mode 33-39 Config uring the DSCP Trus t State on a ...
Cisco Systems IE3010 - page 28

Cont ents xxvii i Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 PAgP Int eraction wit h Other Fea t ures 34-5 Link Agg rega tion Cont rol Prot oco l 34-5 LACP Modes 34-6 LACP In teract ion with Other Fea tures 34-6 EtherC hannel On Mode 34-6 Load B alancing and F orwardi ng Methods 34-7 Config uring Ether Channels 34-8 Defaul t Et ...
Cisco Systems IE3010 - page 29

Content s xxix Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CHAPTER 36 Troubles hooting 36-1 Reco veri ng f rom a So ftwar e Fa ilur e 36-2 Recover ing from a Lost or Fo rgotten Passwor d 36-3 Reco veri ng f rom L ost Clu ster Mem ber C onn ect ivity 36-4 Preven ting Autonegoti ation Mismatche s 36-4 Troubl eshooting Power over E ...
Cisco Systems IE3010 - page 30

Cont ents xxx Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 APPENDI X A Supported MIBs A-1 MIB List A-1 Using FTP to Acces s the MIB Fil es A-3 APPENDI X B Working with the Cisco IOS Fil e System, Conf iguration Files , and Softwa re Images B-1 Work ing wit h the Fl ash File Sys tem B-1 Displa ying Availabl e File Systems B-1 Dete ...
Cisco Systems IE3010 - page 31

Content s xxxi Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Replac ing and R olling Back Conf igurat ions B-19 Underst anding Configu ration Replacemen t and Rollback B-19 Config uration Guidel ines B-20 Config uring the Conf igurat ion Archive B-21 Perfor ming a Configura tion Replacemen t or Rollback Oper ation B-2 1 Work ing w ...
Cisco Systems IE3010 - page 32

Cont ents xxxii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Inter face Comma nds C-4 Unsuppor ted Privile ged EXEC Co mmands C-4 Unsuppor ted Global Conf iguration Comman ds C-4 Unsuppor ted Interfac e Configurati on Commands C-4 IP SLA C-4 Unsuppor ted MPLS Heal th Monitor Commands C-4 Unsuppor ted Ethernet Gat ekeeper Regist r ...
Cisco Systems IE3010 - page 33

xxxii i Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Preface Audience This gui de is for the networkin g prof essiona l mana ging the IE 301 0 switc h. Bef ore us ing this guide, you should have e xperi ence work ing with t he Cisco IO S software and be fami liar with the concept s and termino logy o f Et hernet an d loca l are a ...
Cisco Systems IE3010 - page 34

xxxiv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Preface • Brace s and ve rtical bar s within squar e brack ets ([{ | }]) mean a req uired choic e within an optional elemen t. Inter acti ve ex amples use these con ventions: • T erminal sessions and system displays are in screen font. • Informa tion y ou ent er is in boldf ...
Cisco Systems IE3010 - page 35

xxxv Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Pre face • For more information abo ut the Network Admi s sion Control (N A C) features, see the Network Admission Contr o l Softwa r e Configuration Guide • These c ompatibility matrix d ocuments ar e a vailable f r om this Cisco.com site : http://www .cisco.com/en /US/produc ...
Cisco Systems IE3010 - page 36

xxxvi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Preface ...
Cisco Systems IE3010 - page 37

CH A P T E R 1-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 1 Overview This chapte r provide s these topics about the IE 3010 switch software: • Feat ures , page 1-1 • Defa ult Settin gs After I nitial Switch Conf iguration, pag e 1-1 1 • Network Configu ration E xamples, page 1-1 3 • Where to Go Next, page 1-14 In th is ...
Cisco Systems IE3010 - page 38

1-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s Ease -of-Dep loyme nt and Eas e-of-Use Featur es • Expre ss Setup for qu ickly co nfiguring a sw itch for the first ti me with basic IP inform ation, cont act inform ation, sw itch a nd T eln et pa sswords, an d Sim ple Netwo rk Mana gement Proto c ...
Cisco Systems IE3010 - page 39

1-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features – (Fo r CGMP de vices) CGMP for limitin g multica st traf fic to sp ecif ied end stati o ns and red ucing overall network traffic – (For IGMP devices) IGM P snooping f or forwardin g multimedia a nd multicast traff ic • IGMP rep ort suppre ssion for ...
Cisco Systems IE3010 - page 40

1-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s • Cisco IO S Configuration Engine (previously k nown to as the Cisco IOS CNS agen t)-—C onfiguration service aut omat es the deploym ent and m anagem ent of netwo rk devices and services . Y ou can automate initial conf igurations and conf igurat ...
Cisco Systems IE3010 - page 41

1-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features • In-band manage ment access for up to fiv e simult aneous, encr ypted Sec ure Sh ell (SSH ) conne ctions for multip le CLI-base d sessions o ver the netw ork • In-band manage ment access through SNMP V ersi ons 1, 2c, and 3 get and set reque sts • O ...
Cisco Systems IE3010 - page 42

1-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s – Root gua rd fo r preventing swit ches outsi de the n etwork c ore fro m becom ing the spa nning-t ree root – Loop gu ard for pr ev e nting alterna te or roo t ports fr om bec oming d esignat ed port s because of a failur e that leads t o a unid ...
Cisco Systems IE3010 - page 43

1-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features • Local web authe ntic ation b anner so t hat a cu stom bann er or an i mage file can be displa yed at a web authenti cation login s creen • MA C authentication by pass (MAB) aging timer to detect inacti ve ho sts that ha ve authen ticated after the y ...
Cisco Systems IE3010 - page 44

1-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s – 802.1x w ith wake-on-LAN to a llow dormant PCs to be powered o n based on the rece ipt of a specif ic Ethernet frame – 802.1 x readiness ch eck to dete rmine t he readine ss of connec ted end host s before configuring IEEE 8 02.1x on the switch ...
Cisco Systems IE3010 - page 45

1-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features • Support for IP source guar d on static ho sts. • RADIUS Change of Aut horization (CoA) to ch ange th e att rib utes o f a ce rtain sessi o n aft er it is authenti cated. When the re is a change in pol icy for a user o r user group in AAA, a d ministr ...
Cisco Systems IE3010 - page 46

1-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s – T r affi c -poli cing poli cies on the switc h port for ma naging how much of the port bandwidt h should be allocate d to a sp ecif ic traf fic flo w – If you conf igure multiple class maps for a hierarchical p o licy map, each class map can b ...
Cisco Systems IE3010 - page 47

1-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Default Settings After Initial Switch Configuration • Digital optical monitoring (DOM) to chec k status of X2 small form-f actor pluggable (SFP) modules Default Settings After Initial Switch Configurat ion The swi tch is d esigned for p lug-and -pla y opera tion ...
Cisco Systems IE3010 - page 48

1-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Default Set tings A fter Initial Sw itch Conf iguration – Auto-MDI X is enab led. F or more infor mation, se e Chap ter 12, “Configu ring Interfa ce Characte r istics. ” – Flo w con trol is of f. F or more in formation , see Cha pter 12, “C onfiguri ...
Cisco Systems IE3010 - page 49

1-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Network Configuration Examples • SP AN and RSP AN are disa bled. For mor e inform ation , see Chap ter 28, “C onfiguring SP AN and RSP AN. ” • RMON is di sabled. F or more info rmation, see Chapter 29, “Con figuring RM ON. ” • Syslog m essages a re e ...
Cisco Systems IE3010 - page 50

1-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Where to Go Nex t Bandwidt h alone is not the only c onsidera tion whe n designing you r network. As your netwo rk traffic profiles evolv e, con sider p roviding network se rvices that can sup port a pplicat ions f or voice a nd dat a inte gration, mul timedi ...
Cisco Systems IE3010 - page 51

CH A P T E R 2-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisc o IOS comm and-li ne in terface ( CLI) and how to use it to configure your IE3010 s witch.U nless otherw ise no ted, the term switc h refer s to a standa lone switch and to a swit ch stack. It cont ai ...
Cisco Systems IE3010 - page 52

2-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding Com mand M odes Ta b l e 2-1 describ es the mai n comm and modes, how to access each o ne, the prompt you see in that mode, and how to exit the mode. Th e exampl es in the tab le use the h ostname Switch . Ta b l e ...
Cisco Systems IE3010 - page 53

2-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Understa nding th e Help Syst em For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide fo r th is re lease . Understandin g the Help System Y ou can enter a qu esti on mark (?) at the s ystem prompt to ...
Cisco Systems IE3010 - page 54

2-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding A bbreviated Co mmand s Understandin g Abbreviated Commands Y o u ne ed to enter only enou gh ch aract ers for the sw itc h to re cogniz e the comma nd a s uni que. This e xample sho ws ho w to enter the show conf i ...
Cisco Systems IE3010 - page 55

2-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Unders tandin g CLI Err or Messages Understandin g CLI Error Messages Ta b l e 2-3 list s some e rror messages t hat y ou migh t enc ounter while using t he CLI to configure you r switch. Using Configuratio n Logging Y o u can log an d vie ...
Cisco Systems IE3010 - page 56

2-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Usin g Comma nd His tory Using Command History The software provides a histor y or rec ord of comma nds that you have enter ed. The co mman d history feature is particular ly useful for recal ling long or comple x commands or entr ...
Cisco Systems IE3010 - page 57

2-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Features Disabling th e Command Histor y Featu re The comman d history featu re is automatica lly enabled. Y ou can disable it for th e current te r minal session or for the c omman d line. These pr ocedure s are opti onal. ...
Cisco Systems IE3010 - page 58

2-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Editing C ommands throu gh Keystrok es Ta b l e 2-5 sho ws the ke ystrok es that you need to edit co mmand lines. Thes e ke ystrokes are optional . Ta b l e 2-5 Editing Comma nds throug h Ke ystrok es Capa ...
Cisco Systems IE3010 - page 59

2-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Features Editing C ommand Lines that Wrap Y o u can use a wrapa round feature for comma nds that extend beyond a si ngle line on the screen . When the cursor reaches the right mar gin, the command line shifts ten spaces to t ...
Cisco Systems IE3010 - page 60

2-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Searching and Filterin g Output of show and more Commands Searching and Filtering Output of show and more Commands Y ou can search and f ilter the output for show and more command s. This is useful whe n you need to sort through ...
Cisco Systems IE3010 - page 61

CH A P T E R 3-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 3 Assigning the Switch IP Address and Default Gateway This chap ter describe s ho w to creat e the initial switch co nfigur ation (f or e xampl e, assig ning the IP address an d default gatew ay infor matio n) for the IE 3010 swit ch by using a variety of automa tic and ...
Cisco Systems IE3010 - page 62

3-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Underst anding th e Boot Proce ss • Initial izes the compact flash file system on the syst em board. • Loads a default operating system soft ware i mage into m e mory and b oots up the switc h. The bo ot loader provi ...
Cisco Systems IE3010 - page 63

3-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Assigning Switch Inf ormation Y o u can assig n IP inform atio n through th e switch setu p progra m, throug h a DHCP server, or manually . Use the swi tch setup prog ram if you wa nt to b ...
Cisco Systems IE3010 - page 64

3-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion During DH CP-based a utoconfiguration , your switc h (DHCP cli ent) is auto matical ly configured at startup wi th IP addre ss informa tion an d a configurat ion file. W i th DHCP-base d a ...
Cisco Systems IE3010 - page 65

3-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information A DHCP client might recei ve off ers from multiple DHCP o r BOO TP servers and can ac cept any of the of fers; howe ver , the client usually accepts the f irst of fer it recei ves. The of ...
Cisco Systems IE3010 - page 66

3-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion After you install the switch in your network, the au to-image update feature starts. The do wnloaded conf iguration file is sa ve d in the running conf iguration of t he switch, a nd the n ...
Cisco Systems IE3010 - page 67

3-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information If you want the switch to rece iv e the configura tion file from a TFTP ser ver , you must configure the DHCP serv er with these leas e options : • TFTP se rver name (re quire d) • Boo ...
Cisco Systems IE3010 - page 68

3-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion Configuring the DNS The DH C P ser ver uses the D NS server to r esolve the TFTP serv er name t o an I P addr ess. Y ou must configure the T FTP ser ver nam e-to-I P addr ess m ap on the D ...
Cisco Systems IE3010 - page 69

3-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Obtaining Configurati on Files Depending on the av ailability o f the IP address and the co nf iguration file name in the DHCP r eserv ed lease, t h e switch o btains i ts configuratio n i ...
Cisco Systems IE3010 - page 70

3-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion Figur e 3-3 DHCP -Based A utoconfigur ation Netw ork E xample Ta b l e 3-2 sho ws the conf igurati on of the reserv ed leases on the DHCP se rver . DNS Ser ver Conf iguration The DNS serv ...
Cisco Systems IE3010 - page 71

3-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information ip host switchc 10.0.0.23 ip host switchd 10.0.0.24 DHCP Cli ent Conf iguration No conf iguration file is presen t o n Switch A through Switch D. Conf iguration Explanation In Figure 3-3 ...
Cisco Systems IE3010 - page 72

3-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion This e xample sho ws ho w to conf igure a switch as a DHCP serv er so th at it will do wnload a con fig ura - tion f ile: Switch# configure terminal Switch(config)# ip dhcp pool pool1 Swi ...
Cisco Systems IE3010 - page 73

3-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information This example shows ho w to co nfigure a switc h as a DHCP server so it downloads a con figuration file: Switch# config terminal Switch(config)# ip dhcp pool pool1 Switch(dhcp-config)# net ...
Cisco Systems IE3010 - page 74

3-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion This e xample uses a Layer 3 SVI interface on VLAN 99 to enable DHCP- based autoco nf iguration with a sav ed configurati on: Switch# configure terminal Switch(conf)# boot host dhcp Switc ...
Cisco Systems IE3010 - page 75

3-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Chec king and Savin g the Runni ng Co nfig ura tion T o remo ve th e switch IP addr ess, use th e no ip address interface con figurat ion comma nd. If yo u are remo ving the ad dress throu gh a T elnet session, y our ...
Cisco Systems IE3010 - page 76

3-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration interface VLAN1 ip address 172.20.137.50 255.255.255.0 no ip directed-broadcast ! ip default-gateway 172.20.137.1 ! ! snmp-server community private RW snmp-server community public R ...
Cisco Systems IE3010 - page 77

3-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Default Boot Configuration Ta b l e 3-3 sho ws the def ault boot- up conf igurati on. Automatically Downloadin g a Con figuration F ile Y o u can au tomatica lly download a co nfig ...
Cisco Systems IE3010 - page 78

3-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration T o return to the default setting , use the no boot conf ig-f ile global configur ation comm and. Booting Manua lly By def ault, the switch automatically boots u p; ho wev er , you ...
Cisco Systems IE3010 - page 79

3-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Booting a Specific Software Image By default, the switch attempts to automatic ally boot up the system using information in the BOO T en vironment va riable. I f this v ariable i s ...
Cisco Systems IE3010 - page 80

3-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration En v ironme nt variables stor e two ki nds of data: • Data that controls code , which does not read the Cisco IOS conf iguratio n f ile. Fo r ex ample, the nam e of a boot loader ...
Cisco Systems IE3010 - page 81

3-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Schedul ing a Reload of the Sof tware Image Scheduling a Re load of the Software Image Y ou can schedule a relo ad of the softw are image to occur o n the switch at a l ater time (for e xample, lat e at nigh t or dur ...
Cisco Systems IE3010 - page 82

3-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Proceed with reload? [confirm] T o cance l a pre viously schedule d reload , use th e r eload cance l p rivileged EXEC comm and. Displaying S chedu led Reload Information T o d ...
Cisco Systems IE3010 - page 83

CH A P T E R 4-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 4 Configuring Cisco IOS Configuration Engine This c hapter d escrib es how to configu re the f eatur e on the I E 3010 sw itch. Note For complete conf iguration informa tion for the Cisco Conf iguration Engi n e, go to http://www .cisco.com/en /US/products/sw/netmgtsw/ p ...
Cisco Systems IE3010 - page 84

4-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software Figur e 4-1 Configur ation Engine Ar chit ectur al Overvie w • Configuration Ser vice, page 4-2 • Ev ent Servic e, page 4-3 • What Y ou Should Know About the CNS IDs and ...
Cisco Systems IE3010 - page 85

4-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco Configuration Engine Software Event Servic e The Ci sco C onfiguration Engine uses t he Event Se rvice for re ceipt and g enerat ion of configurat ion e vents. The e vent agen t is on the switch an d facil ita ...
Cisco Systems IE3010 - page 86

4-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software DeviceID Each co nfigured swit ch parti cipati ng on the ev ent bus has a un ique DeviceID, w hich is ana logous to the switch source ad dress so that the switch can be targ et ...
Cisco Systems IE3010 - page 87

4-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco IOS Agents Understandin g Cisco IOS Agents The CNS e vent agent fe ature allo ws the switch to publish and subs cribe to ev ents on the e vent b us and works with the Cisc o IOS agent. Th e Cisco IOS agent fea ...
Cisco Systems IE3010 - page 88

4-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Incremental (Partial) Configur ation After t he ne twork i s runn ing, new serv ices c an b e adde d by usi ng the Cisco IOS a gent. Increm ent al (partia l) co nfigurations can be sent to the sw itch ...
Cisco Systems IE3010 - page 89

4-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Note For more informatio n about running the setup program and creating templ ates on the Config uration Engine , see the Cisc o Configuration En gine I nstallat ion and Setup Guide, 1. 5 for Li nux : ...
Cisco Systems IE3010 - page 90

4-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Beginn ing in pri vileged EXEC mode, follo w these steps to enable the CNS e vent agent on the switch: T o disabl e the CNS e ven t agent, use the no cns event { ip-address | hostna me } g lobal c onf ...
Cisco Systems IE3010 - page 91

4-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Enabling th e Cisco IOS C NS Agent After enabling th e CNS e vent a gent, star t the Cisco I OS CNS age nt on the switch. Y o u can e nable the Cisco IOS ag ent with the se comman ds: • The cns conf ...
Cisco Systems IE3010 - page 92

4-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 7 discover { c ontr oller contr ol ler-type | dlci [ subinterface subinterf ace-n umber ] | interface [ interface-typ e ] | line line-type } Specify the inte rface p a rameters in the CNS connec ...
Cisco Systems IE3010 - page 93

4-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents T o d isab le the C NS C isco IOS agent , use t he no cns conf ig initial { ip-address | hostname } gl obal configurati on c ommand. This e xample sho ws ho w to conf igure a n initial c onfiguratio ...
Cisco Systems IE3010 - page 94

4-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This e xample sho ws ho w to conf igure a n initial c onfiguratio n on a remote swi tch when the switch IP address is kn own. The Configura tion En gine I P addr ess is 172.28 .129.2 2. Switch(config ...
Cisco Systems IE3010 - page 95

4-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Displaying CNS Configuration Displaying CNS Configuration Ta b l e 4-2 Pr ivilege d EXEC sho w Commands Command Purpose show cns conf ig connections Displ ays the status of the C NS Cis co IOS a gent c onnect ions. show cns conf ...
Cisco Systems IE3010 - page 96

4-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Displaying CNS Con figuration ...
Cisco Systems IE3010 - page 97

CH A P T E R 5-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 5 Clustering Switches This ch apter pr ov ides the concepts an d procedures to creat e and mana ge IE 3010 switch clus ters. Y ou can create and manage switch cluste rs by using the comma nd-line i nterface (CLI) , or SNMP . For compl ete proce dures, see the o nline h e ...
Cisco Systems IE3010 - page 98

5-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Underst anding Swit ch Clusters • Managemen t of switches re gardless of their inter connection me dia and their p hysical lo cations. Th e switches can be i n the same locati on, or t hey can be di stributed ac ross a La yer 2 or Layer 3 (i f your c ...
Cisco Systems IE3010 - page 99

5-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Underst anding Sw itch Cl usters Cluster Command Switc h Characteristics A cluster co mmand switch must me et these req uirements : • It is running Cisco IOS Release 12.2(5 3)EZ or lat er . • It has an IP address . • It has Cisco Discovery Proto ...
Cisco Systems IE3010 - page 100

5-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster Note Catalyst 1900, Catalyst 282 0, Catalyst 2900 XL, Catalyst 2950, and Ca talyst 3500 XL candid ate a nd cl uster member switches m ust be conn ected throu gh the ir manage ment VLAN to the cluster com mand switch and stand ...
Cisco Systems IE3010 - page 101

5-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er • Discovery Through Different Mana gement V LANs, pa ge 5-7 • Discovery of Newly I nstalle d Switc hes, pag e 5- 8 Discovery Through CDP Hops By usin g CDP , a cluster comm and switc h can di sco ver switches up to se v ...
Cisco Systems IE3010 - page 102

5-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster Discovery Through Non-CDP-Capabl e and Noncluster-Capable Devices If a cluster command switch is connec ted to a non-CDP- capab le third-party hub ( such as a non -Cisco hub), it can di scov er cluster- enabled de vices conne ...
Cisco Systems IE3010 - page 103

5-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er Figur e 5-3 Disco very Thr ough Diff er ent VLANs Discovery Through Different M anagement VLANs Catalyst 2970, Catalyst 3550, Catalyst 3560, or Cata lyst 3750 cl uster c ommand swi tches ca n discover and mana ge clust er m ...
Cisco Systems IE3010 - page 104

5-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster Figur e 5-4 Disco very Thr ough Diff er ent Management V LANs with a Layer 3 Clus ter Command Sw i t ch Discovery of Newly Installed Switches T o join a cluster, the new , out -of-the-b ox switch mu st be conne cted to the cl ...
Cisco Systems IE3010 - page 105

5-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er Figur e 5-5 Disco very of New ly Installed Switc hes Virtual IP Addresses Y o u need t o assig n a uniqu e virtual IP add ress and gr oup num ber and na me to t he clu ster stand by group. This info rmation must b e conf ig ...
Cisco Systems IE3010 - page 106

5-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster • All stan dby-group memb ers must be member s of the clus ter . Note There is no limit to t he numbe r of switc hes that yo u can a ssign as st andby cluste r comman d switches. Howe ver , the total number of switch es in ...
Cisco Systems IE3010 - page 107

5-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er not forward cl uster-configu ration in forma tion to it. Th e active cluster c ommand swit ch only forwards clu ster-configurat ion infor mation to the standby cluste r comm and switc h. Y ou must therefo re reb uild the c ...
Cisco Systems IE3010 - page 108

5-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster If a sw itch r eceiv ed its hostnam e from the c luster comma nd swit ch, was re moved from a cluster, was then ad ded to a ne w cluster , and kept the s ame memb er number (such as 5 ), the switch o verwri tes the old hostn ...
Cisco Systems IE3010 - page 109

5-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Using the CLI to Manage Switch Clusters LRE P rofil es A configurati on confl ict occur s if a sw itch clust er has L ong-Reach E therne t (LRE ) switches t hat use bo th pri vate an d public pr ofile s. If one LRE switch in a cluster is assigned a pu ...
Cisco Systems IE3010 - page 110

5-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Using SNMP to Ma nage Sw itch Clusters Using SNMP to Manage Switc h Clusters When you first power on the sw itch, SN MP is en abled i f you e nter the IP infor matio n by using the setup program and accep t its p ropose d configura tion. I f you did n ...
Cisco Systems IE3010 - page 111

CH A P T E R 6-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 6 Administering the Switch This chap ter describes ho w to perform one -time operat io ns to admin ister the IE3010 switch. This chap ter consists of t h ese sectio ns: • Managin g the System Time and Date, page 6-1 • Configuring a System N ame a nd Prompt , page 6-1 ...
Cisco Systems IE3010 - page 112

6-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date The sy stem c lock can provide tim e to these s ervices: • User show comman ds • Logging and de bugging me ssages The syste m clock keeps tr ack of time internal ly based on Univ ersal Time Coordina ted (UTC ...
Cisco Systems IE3010 - page 113

6-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Figure 6-1 shows a typical netw o rk ex ample usin g NTP . Switch A is the NT P master, with Switches B, C, and D configured in NTP server mod e, in server associa tion with Switc h A. Switch E is co nfigure ...
Cisco Systems IE3010 - page 114

6-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Configuring NTP The switc h does not have a hardware-sup ported clo ck and cann ot funct ion as an NT P master clo ck to which p eers syn c hronize themselves when an e xternal NT P source is n ot a vailab le. T ...
Cisco Systems IE3010 - page 115

6-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP Authentication This pr oced ure must be c oordina ted w ith th e ad ministra tor of the N TP server ; the i nform ation you conf igure in this proced ure must be matched b y the server s used ...
Cisco Systems IE3010 - page 116

6-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Configuring NTP Associations An NTP associat ion ca n be a peer asso ciatio n (this switc h can eithe r synchroniz e to the othe r device or allow the other device to sync hronize to it), or it ca n be a server ...
Cisco Systems IE3010 - page 117

6-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP Broadcast Service The co mmunic ations between devices run ning NTP (k nown as associations ) are usua lly statically configured ; each device is giv en th e IP addresse s of al l devices wi ...
Cisco Systems IE3010 - page 118

6-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Beginning in privileged EXEC mode, follow these st eps to co nfigure the switc h to rec eiv e NTP broa dcast packets from c onnect ed peers: T o disa ble a n interfac e fro m receiving NT P broadc ast pac kets, ...
Cisco Systems IE3010 - page 119

6-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Creating an Access Group and A ssigning a B asic IP A ccess List Beginn ing in pri vileged EXEC mode, follo w these steps to control access to NTP servic es by using access lists: The ac cess group keywords ...
Cisco Systems IE3010 - page 120

6-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date T o remo ve acc ess contr ol to the switch NTP s ervices, use the no ntp access-group { query-only | serve -only | serve | peer } global con figuration com mand. This e xample sho ws how to confi gure the switc ...
Cisco Systems IE3010 - page 121

6-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The specif ied interface i s used for the source address for all packets sent to a ll destinations. I f a source address is to be u sed for a sp ecif ic associ ation, use th e sour ce keyword in t he ntp pe ...
Cisco Systems IE3010 - page 122

6-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Beginning in privileged EXEC mo de, fol low these steps to set th e system cloc k: This example shows ho w to ma nually set the system cl ock to 1:32 p.m . on July 23, 2001 : Switch# clock set 13:32:00 23 July ...
Cisco Systems IE3010 - page 123

6-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The minutes-of fset variab le in the clock ti mezone glob al con figuration c ommand is available for those cases wh ere a local time zone is a per centage of an hour dif ferent from UTC . F or ex ample, th ...
Cisco Systems IE3010 - page 124

6-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Configur ing a System Nam e and Prom pt Beginning in privileged EX EC mode, fol low these steps if summ er tim e in your area do es not foll ow a recurr ing patt ern (con figure the exact da te and tim e of the next summe r time ev ents) : The fi ...
Cisco Systems IE3010 - page 125

6-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Confi guring a S ystem Name and Prompt These sec tions co ntain this co nfiguration info rmat ion: • Default Syste m Name and Prom pt Configuration , page 6- 15 • Configuring a System N ame, page 6- 15 • Understa nding D NS, page 6-15 Defaul ...
Cisco Systems IE3010 - page 126

6-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Configur ing a System Nam e and Prom pt These sec tions co ntain this co nfiguration in format ion: • Default DN S Configuration, page 6-16 • Setting Up DNS, page 6-16 • Displayin g the DNS Configurati on, page 6-1 7 Default DNS Configur at ...
Cisco Systems IE3010 - page 127

6-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Creat ing a Bann er If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname that contai ns no periods (. ), a period fol lowed by the de fault domain na me is appende ...
Cisco Systems IE3010 - page 128

6-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Creating a Banner Configurin g a Mess age-of-the -Day Log in Bann er Y ou can create a single or mult iline message banner that appears on the screen when som eone logs in to the switch. Beginning in privileged EX EC mode, fol low these steps to ...
Cisco Systems IE3010 - page 129

6-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Configurin g a Login B anner Y o u can configure a login banner t o be di splaye d on all connec ted t ermina ls. Thi s bann er ap pears a fter the M O T D bann er and befo re the logi n pro mpt. Beginning i n pri ...
Cisco Systems IE3010 - page 130

6-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le These sec tions co ntain this co nfiguration in format ion: • Building t he Ad dress T a ble, pa ge 6-20 • MA C Addresses and VL ANs, page 6-20 • Default MAC Address T ab le Configuratio n, page 6-21 • Ch ...
Cisco Systems IE3010 - page 131

6-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e When pr iv ate VLAN s are co nfigured , ad dress le arnin g dep ends on the t ype of MAC addres s: • Dynami c MA C addresses lea r ned in one VLA N of a pri vate VLAN ar e replicate d in the associat ed VLANs . ...
Cisco Systems IE3010 - page 132

6-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le Removi ng Dynami c Addres s Entries T o re move all dynami c entr ies, use t he c lea r ma c ad dress- tab le dyn ami c comman d in pr i vilege d EXEC mode. Y ou can als o rem ov e a specif ic MA C address ( cl e ...
Cisco Systems IE3010 - page 133

6-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e T o disa ble M A C address -chan ge no tific ation traps, use the no s nmp-ser ver enable traps mac-notif ication change global configuration comma nd. T o disable the M A C address-c hange notif ication traps on ...
Cisco Systems IE3010 - page 134

6-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le Configuring MAC Addre ss Move Notification Traps When you configure M A C -move notification, an SN MP no tification is generated a nd se nt to the ne twork manageme nt system w henever a MA C address moves from ...
Cisco Systems IE3010 - page 135

6-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Configuring MAC Thresh old Notif ication Traps When you con figure MA C thr eshold notification, an SNM P noti fication is genera ted and sent to the network m anagem ent syste m when a M A C addre ss table thresh ...
Cisco Systems IE3010 - page 136

6-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le T o disable MA C address- threshold notif ication traps, use the no sn mp-se rver enab le trap s mac-not ification threshol d global configuratio n command . T o disable the MAC address- threshold notification fe ...
Cisco Systems IE3010 - page 137

6-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Beginning i n privileged EX EC mo de, follo w th ese steps to add a static addr ess: T o r emove st atic en tri es fr om th e addr es s tabl e, u se t he no mac address-table static mac-add r vlan vlan-i d [ inter ...
Cisco Systems IE3010 - page 138

6-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le • If you add a uni cast MA C address as a static address a nd conf igure unicast MA C address filte ring, the switc h eithe r adds the MA C addres s as a static ad dress or drop s pack ets with that MA C addres ...
Cisco Systems IE3010 - page 139

6-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Foll ow these g uidelines whe n disabling MA C address lear ning on a VL AN: • Use ca ution bef ore di sabling MAC addres s lear ning on a VLA N wi th a configured swit ch vir tual interfac e (SVI). Th e switch ...
Cisco Systems IE3010 - page 140

6-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the ARP Table Displaying A ddress Table Entries Y o u can displ ay the MAC address table by using one or more of the privileged EXEC comma nds describe d in Ta b l e 6-4 : Managing the ARP Ta ble T o co mmuni cate wi th a device (over E ...
Cisco Systems IE3010 - page 141

CH A P T E R 7-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 7 Configuring the Switch Alarms This chap ter describe s ho w to con fig ure alarm s for the IE 3 010 swit ch. This chap ter consists of these sec tions: • Understa nding IE 301 0 Switch Alarm s, page 7- 1 • Configuring IE 301 0 Ext ernal A larms , pag e 7- 4 • Con ...
Cisco Systems IE3010 - page 142

7-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Underst andin g IE 3010 Switch Ala rms Global Status Monitoring Ala rms The switc h processe s alarms re lated t o temper ature a nd power supply cond itions, re ferred to as glob al or fa cility alar ms. FCS Error Hyste resis Th reshold The ...
Cisco Systems IE3010 - page 143

7-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Understanding IE 3010 Switch Alarms Alarm p rofiles pr ovide a mech anism for yo u to enabl e or di sable alar m co nditions for a por t and associ ate the alarm co nditions with o ne or both ala rm relays. Y ou can also use ala rm prof iles t ...
Cisco Systems IE3010 - page 144

7-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Ex tern al Alarms • SNMP T raps SNMP is an appli cation-layer protoc ol that provid es a messa ge format fo r commun ication between manage rs an d ag ents. The SNM P sy stem consis ts of an S NMP man ager, an SN MP a ...
Cisco Systems IE3010 - page 145

7-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configurin g IE 3010 Externa l Alarms Beginning i n privileged E XEC mo de, follow these s teps to con figure alarm conta cts. T o delete the alarm descripti o n, enter the no alarm contact contac t-number description p rivileged EXEC co mmand ...
Cisco Systems IE3010 - page 146

7-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms ALARM CONTACT 3 Status: not asserted Description: flood sensor Severity: critical Trigger: closed ALARM CONTACT 4 Status: not asserted Description: Severity: critical Trigger: closed Configuring IE 3010 ...
Cisco Systems IE3010 - page 147

7-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configuring IE 3010 Switch Alarms Beginn ing in pri vileged EXEC mode, follo w these steps to associate th e po wer supply alarm to a rel ay: T o disab le the de fault power supply alar m, use the alarm facility power -supply disable gl obal c ...
Cisco Systems IE3010 - page 148

7-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms Beginning in privileged EX EC mode, fol low these steps to set the high temperature thresho ld: Use the no alarm f acility tempera tur e primary high thr e shold globa l configurat ion comman d to de let ...
Cisco Systems IE3010 - page 149

7-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configuring IE 3010 Switch Alarms Associating the Temperature Ala rms to a Relay By def ault, the primary tem perature alarm is as sociate d to the relay . Y ou can use the alarm facility temperatur e glob al configurat ion command to associat ...
Cisco Systems IE3010 - page 150

7-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms Configuring the FCS Bit Error Rate Alarm • Setting the FCS Error Threshold, pag e 7-10 • Setting the FCS Error Hysteresis Threshold, page 7-1 0 Setting the FCS Erro r Threshold The switch gen erates ...
Cisco Systems IE3010 - page 151

7-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configuring IE 3010 Switch Alarms Use t he no alarm facility fcs-hyster esis command to set the FCS error hyster esis threshold to its default va lu e. Note Th e show running conf ig comm and d isplay s any FCS err or hyst eresis t hat is not ...
Cisco Systems IE3010 - page 152

7-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms This e xample creates or modif ies the alarm p rof ile fas tE for the F ast Ethernet port with link-do wn ( alar mL ist I D 3) alarm enabled. T h e li nk-do wn alar m is connec ted t o the major r elay ...
Cisco Systems IE3010 - page 153

7-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Displaying I E 3010 Sw itch Alarms Status This exampl e det ach es an al arm profile na med fastE from a por t. Switch(config)# interface fastethernet 1/2 Switch(config-if)# no alarm profile fastE Enabling S NMP Trap s Use the snmp- server en ...
Cisco Systems IE3010 - page 154

7-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Displa ying IE 30 10 Swit ch Alarms S tatus ...
Cisco Systems IE3010 - page 155

CH A P T E R 8-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 8 Configuring SDM Templates Understandin g the SDM Templates Y ou can use SDM templates to c onfi gure system resources in th e switch to optim ize support for specif ic featu res, de pending on h ow the switc h is used in the n etwork. This swit ch offers two default te ...
Cisco Systems IE3010 - page 156

8-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 8 Configuring SDM T emplates Conf iguri ng t he Sw itch SDM Templa te Configuring the Switch SDM Template These sec tions co ntain this co nfiguration in format ion: • SDM T emplate Configu ration Guidelines, page 8-2 • Setting the SDM T emplate, page 8-3 SDM Template C ...
Cisco Systems IE3010 - page 157

8-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 8 Conf iguring SDM Te mplates Config uring the Swit ch SDM Templat e Setting the SDM Template Beginn ing in pri vileged EXEC mode, follo w th ese step s to use the SDM template to maximi ze feature usage: After the system rebo ots, you c an use the show sdm pr e fer pri vile ...
Cisco Systems IE3010 - page 158

8-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 8 Configuring SDM T emplates Display ing the SDM Templates Displaying the SDM Te mplates Use the show sdm pr efer pri vileged EXE C command with no parameters to di splay the a cti ve template. This is an example of output fro m the show sdm pr efer comman d, displayi ng th ...
Cisco Systems IE3010 - page 159

CH A P T E R 9-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 9 Configuring Switch-Based Authentication This c hapter describe s ho w to conf igure switch-b ased authenti cation on th e IE 3010 switch. This chap ter consists of t h ese sectio ns: • Pre ve nting Unauthorized Access to Y our Switch, page 9-1 • Protectin g Acce ss ...
Cisco Systems IE3010 - page 160

9-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds T o p revent unauth orized access into y our sw itch, you sho uld configure one or more of the se sec urity featu res : • At a minimum , you should co nfigure passwords and privileg ...
Cisco Systems IE3010 - page 161

9-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Default Password and Priv ilege Level Configuration Ta b l e 9-1 shows the d efault passwor d and p rivilege lev e l configurati on. Setting o r Changin g a Static Enab le Pa ssw ...
Cisco Systems IE3010 - page 162

9-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Protecting En able and E nable Secre t Passw ord s with Enc ryption T o provide an addi tional layer of security , particularly for passwo rds that cross the netw ork or that are stor ...
Cisco Systems IE3010 - page 163

9-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s If bo th the e nable and enable secre t passw ords are de fin ed, user s must enter the enab le secr et passw ord. Use th e level keyword to define a password fo r a sp ecific pr ...
Cisco Systems IE3010 - page 164

9-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds T o r e-ena ble pa ssword rec overy , use the servic e passwo r d-r ecovery global configuration com mand . Note Disa bling password recovery w ill not work i f you h ave set the swit ...
Cisco Systems IE3010 - page 165

9-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Configuring Us ername and P assword Pairs Y o u can co nfigure usern ame and pa ssword pairs, wh ich are loc ally stor ed on the switc h. Thes e pairs ar e assign ed to lines or ...
Cisco Systems IE3010 - page 166

9-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Configuring Multiple Privil ege Levels By default, the Cisco IO S software has two modes of passwor d security: use r EXEC and pr i v ileged EXEC. Y ou can co nfigure up to 1 6 hierar ...
Cisco Systems IE3010 - page 167

9-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s When y ou set a command to a p ri vilege le vel, all co mmand s whose synta x is a s ubset of that co mmand are al so set to that le vel. F or example, if you se t the sho w ip t ...
Cisco Systems IE3010 - page 168

9-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Logging into and Exiting a Privilege Level Beginn ing in pri vileged EXEC mode , follo w these steps to log in to a s pe cif i ed pr i vi le ge l e ve l an d t o ex it to a specified pri vi ...
Cisco Systems IE3010 - page 169

9-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Figur e 9-1 T ypical T A CA CS+ Netw ork Configur ation T A CA CS+, admin istered through the AAA securit y servic es, can provide these s ervices: • Authent ication— Provides com plete c ...
Cisco Systems IE3010 - page 170

9-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ The T ACA CS+ pr otocol pr ovides a uthenti cation b etween the swi tch an d the T ACA CS+ daem on, a nd it ensures conf identiality because all protocol exch anges between the switch and t ...
Cisco Systems IE3010 - page 171

9-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Configuring TACACS+ This se ction describe s how to configur e your switch to su pport T ACA CS+. At a minimu m, yo u must identify th e host or hosts maintainin g the T ACA CS+ daemon a nd d ...
Cisco Systems IE3010 - page 172

9-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Beginn ing in pr ivilege d EXEC m ode, follo w these st eps to ide ntify the I P host or host maintaining T A CACS+ server and optiona lly set th e encrypt ion key: T o remo ve th e specif ...
Cisco Systems IE3010 - page 173

9-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ authe nticate users; if that meth od fails t o respon d, the softwa re selec ts the next authe nticat ion me thod in the m ethod list. T his process c o ntinues until there is successful comm ...
Cisco Systems IE3010 - page 174

9-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o dis abl e AAA, us e the no aaa new-model glo bal configurat ion c omma nd. T o disabl e AA A authenti cation, use the no aaa auth entica tion log in { default | list-name } m ethod1 [ m ...
Cisco Systems IE3010 - page 175

9-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Beginn ing in pri vileged EXEC mode, follo w these steps to specify T A CA CS+ authorization for pri vileged EXEC access and netw ork ser vices: T o disa ble au thoriz ation , use t he no aaa ...
Cisco Systems IE3010 - page 176

9-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable The a aa acc ounting syst em guarant ee-first comman d guar an tees syste m ac count ing as th e firs t re cord, which i ...
Cisco Systems IE3010 - page 177

9-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS The RADIUS host is normally a multiuser system running RA DIUS server sof tware from Cisco (C isco Secure Ac cess Cont rol Server V e rsion 3.0 ), Livingston, Merit, Microso ft, or anot her so ...
Cisco Systems IE3010 - page 178

9-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Figur e 9-2 T r ansitioning from RADIU S t o T ACA CS+ Services RADIUS Operation When a user attem pts to log in and authenticate to a switch that is a ccess controlled by a RADIU S s erve r ...
Cisco Systems IE3010 - page 179

9-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS • CoA Request Comm ands, page 9-2 4 • Session Reauth entication, page 9-25 Overview A stan dard R ADIUS inte rface is typical ly used in a p ulled model where t h e req uest or iginates fr ...
Cisco Systems IE3010 - page 180

9-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Ta b l e 9-2 shows the IE TF attrib u tes are supported for this feature. Ta b l e 9-3 sho ws the pos sible v alues for the Er ror -Cause attrib ute. Precondit ions T o use the CoA inter fac ...
Cisco Systems IE3010 - page 181

9-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Session Id entificatio n For disconnect a nd CoA r equests targ eted at a particular se ssion, the swit ch locates the s essi on base d on one or more of the following attr ibutes: • Calling ...
Cisco Systems IE3010 - page 182

9-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS CoA Request Commands This section includes: • Session Reauthen tication • Session T ermination • CoA Discon nect-R eque st • CoA Request: Disable Host Port • CoA Request: Bounce- P ...
Cisco Systems IE3010 - page 183

9-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning w ith Cisc o IOS Relea se 12.2( 52)SE, the swi tch su pports th e co mman ds shown in Ta b l e 9-4 . Session Reau thentication The AAA server typically genera tes a session reauthent ...
Cisco Systems IE3010 - page 184

9-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS CoA Disc onnect-Request This co mman d is a st andard Discon nect- Reque st. Bec ause this co mmand i s session -orien ted, i t must be accom pani ed by one or more of the sessio n iden tifi ...
Cisco Systems IE3010 - page 185

9-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring RADIUS This se ction describe s how to c onfigure your switch to su pport R ADIUS. At a mini mum, y ou mus t identify the host or hosts that run the RADIUS ser v er software and de ...
Cisco Systems IE3010 - page 186

9-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Identifying the RADIUS Serve r Host Switch-t o-RADIUS-se rve r communic ation in volv es s e veral comp onents : • Hostn ame or IP addr ess • Authentic ation desti nation port • Accoun ...
Cisco Systems IE3010 - page 187

9-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, follow these steps to con figure p er-server RADI US ser ver comm unicatio n. This pr oced ure is requi red. T o remov e the specif ied RADIUS server , us ...
Cisco Systems IE3010 - page 188

9-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS This example shows ho w to con fi gure host 1 as the RA DIUS se rver and to use the default ports fo r both authenti cation and accoun ting: Switch(config)# radius-server host host1 Note Y o ...
Cisco Systems IE3010 - page 189

9-31 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Step 3 a aa au thenticati on logi n { default | list-name } method1 [ m ethod2. .. ] Create a login authen tication method list. • T o create a default list that is used when a named list i ...
Cisco Systems IE3010 - page 190

9-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o dis abl e AAA, us e the no aaa new-model glo bal configurat ion c omma nd. T o disabl e AA A authenti cation, use the no aaa auth entica tion log in { default | list-name } m ethod1 [ me ...
Cisco Systems IE3010 - page 191

9-33 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, follow these steps to d efine the AAA server g roup an d assoc iate a particu lar RADI US server with it : Command Purpose Step 1 configur e terminal Ente ...
Cisco Systems IE3010 - page 192

9-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o remov e the specif ied RADIUS server , use the no radius-serv er host ho stname | ip- addre ss glob al configurat ion comm and. T o remove a server group fro m the configur ation list, u ...
Cisco Systems IE3010 - page 193

9-35 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginn ing in pri vileged E XEC mode, follo w these steps to specif y RADIUS aut horizatio n for pri vileged EXEC a ccess and n etwork ser vices: T o disa ble au thoriz ation , use t he no aaa ...
Cisco Systems IE3010 - page 194

9-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if the AAA Server is Unreachable The a aa acc ounting syst em guarant ee-first comman d guar an tees syste m ac count ing as th e firs t re cord, which i ...
Cisco Systems IE3010 - page 195

9-37 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Pr ot ocol is a value of the Ci sco protoc ol attri bute for a parti cular type of aut horiza tion. Attribute and val ue are an app ropri ate attrib ute- v alue (A V) pair defined in the Ci sc ...
Cisco Systems IE3010 - page 196

9-38 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Note For a comp lete list of RADIUS attribute s or more info rmat ion about vendor-specific attri bute 26 , see th e “RADIUS Attrib utes” appendix in the Cisco IOS Secu rity Configuratio ...
Cisco Systems IE3010 - page 197

9-39 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring CoA on the Sw itch Beginning i n privileged E XEC mo de, follow these s teps to con figure CoA on a switc h. Thi s proce dure is required. T o disable AAA, use the no aaa new-model ...
Cisco Systems IE3010 - page 198

9-40 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch Acce ss wit h Kerberos Monitoring and Troubleshooting CoA Functionality Use t hese C isc o IOS commands to m onitor an d troublesho ot CoA fu nctionality on the switc h: • debug r adius • debug aaa coa • d ...
Cisco Systems IE3010 - page 199

9-41 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos Understand ing Kerber os Kerberos is a secret-key network a uthenti cation pro tocol , which was dev elope d at the Massa chusett s Institut e of T e chno logy (MIT ). It uses the Data Encr ...
Cisco Systems IE3010 - page 200

9-42 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch Acce ss wit h Kerberos Instan ce An auth orization le vel label f or K erberos principals. M o st K erberos princip als are of the form user@REALM (for ex ampl e, smith@EXAMPLE . COM). A K erberos prin cipal wit ...
Cisco Systems IE3010 - page 201

9-43 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos Kerberos Operation A Kerberos server ca n be a swit ch th at is configured as a netwo rk secur ity se rver and that can authe nticat e remote users by using the Kerberos pr otocol . Althoug ...
Cisco Systems IE3010 - page 202

9-44 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Configur ing the Switc h for Lo cal Authe ntication a nd Authori zation Authenticating t o Network Services This sect ion describes the th ird layer o f security through which a remote user must pass. The use r with a TGT must no w ...
Cisco Systems IE3010 - page 203

9-45 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o dis abl e AAA, us e the no aaa new-model glo bal configurati on c ommand. T o disabl e au thoriza tion, use the no aaa autho rization { network | exec } method1 globa l configura tion co ...
Cisco Systems IE3010 - page 204

9-46 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf iguri ng t he Sw itch f or Se cure Sh ell For SSH configuration examples, se e the “SSH Configura tion Ex amples ” secti on in the “C onfiguring Secure Shell” c h apter of the Cisco IOS Securit y Configuration Guide, C ...
Cisco Systems IE3010 - page 205

9-47 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell • The s witch sup port s the A dvanced En crypti on Stan dard ( AES) encr yption algori thm w ith a 128-bi t key , 192- bit key , or 2 56-bit key . H owe ver , symme tric c ipher AES to en ...
Cisco Systems IE3010 - page 206

9-48 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf iguri ng t he Sw itch f or Se cure Sh ell 3. Generate an RSA key pair fo r the switch , which automatically enab les SSH. F ollow th is proced ure only if you are conf iguring th e switch as an SSH ser ver . 4. Conf ig ure use ...
Cisco Systems IE3010 - page 207

9-49 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o return to the def ault SSH control p a rameters, use th e no ip ssh { ti meout | aut hentica tion-r etries } global configurat ion comm and. Displaying th e SSH Co nfiguration an d Statu ...
Cisco Systems IE3010 - page 208

9-50 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP For more infor mation abo u t these com mands, see th e “ Secure Shell Com mands ” se ction in the “Other Securit y Features ” chapte r of the Cisc o IOS Securi ty C ...
Cisco Systems IE3010 - page 209

9-51 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Understand ing Secure HT TP Servers a nd Clien ts On a sec ure HTTP c onnec tion, da ta to and f rom a n HTTP ser ver is en crypted before being sent over the Intern et. HTTP w i ...
Cisco Systems IE3010 - page 210

9-52 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP If a self-signed c e rtif icate h as been g enerated, this information is included in the ou tput of the sho w running-conf ig pri vileged EXEC com mand. Th is is a p artial ...
Cisco Systems IE3010 - page 211

9-53 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP The more secure and mo re compl ex CipherSuit es require slig htly more pro cessing time. This list defines the Ciphe rSuites support ed by th e switch and rank s them fr om fast ...
Cisco Systems IE3010 - page 212

9-54 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP Configuring a CA Trustpoint For secur e HTT P con necti ons, w e rec ommen d tha t you configure an off i cial CA tru stpoi nt. A CA trustp oint is more secure than a self - ...
Cisco Systems IE3010 - page 213

9-55 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Configuring the Secure HTTP Ser ver If you are using a cer tificate a uthori ty for cert ification, you sho uld use the previous pr ocedure to configure the CA tru stpoint on the ...
Cisco Systems IE3010 - page 214

9-56 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP Use th e no ip http server global configu ration c ommand to disabl e the standa rd HTT P server . Use the no ip http secur e-serv e r global co nfigurati on co mmand to dis ...
Cisco Systems IE3010 - page 215

9-57 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Config uring the Swit ch for Secu re Copy Pr otocol Use the no ip http client secure -trustpoint name to remove a clie n t trustpoint conf iguration. Use the no ip http client secur e-ciphersuite t o remove a pre viousl y configur ...
Cisco Systems IE3010 - page 216

9-58 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf iguri ng t he Sw itch f or Se cure Co py Prot ocol Information Abo ut Secure Copy T o con figure the Secur e Copy feature , you should unde rstand these conc epts. The b ehavior of SCP is si milar to tha t of remote c opy (rc ...
Cisco Systems IE3010 - page 217

CH A P T E R 10-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 10 Configuring IEEE 802.1x Port-Based Auth entic ation IEEE 8 02.1x port-ba sed auth entic ation p revents unau thoriz ed d e vice s (cli ents) from gainin g acce ss to the netw ork. The IE 3010 sw itch comm and refer ence and the “RADIUS Co mmands” section in the C ...
Cisco Systems IE3010 - page 218

10-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • 802.1x Accoun ting Attrib u te-V alue Pairs, page 10-15 • 802.1x Rea diness Check , page 10 -16 • 802.1x Authe ntication with VLAN Assignment, page 10- ...
Cisco Systems IE3010 - page 219

10-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion • Client —the device (workst ation) t hat req uests acce ss to the LAN and switc h servic es and respo nds to request s from the switch. The wor kstation must ...
Cisco Systems IE3010 - page 220

10-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • If the RADIUS authentic ation server is una va ilable (do wn) and inaccessible authentica tion bypa ss is enabled, the switch grants the client access to t ...
Cisco Systems IE3010 - page 221

10-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion After 802 .1x au then ticatio n using a RADIU S server is co nfigured, the swit ch uses ti mers ba sed on the Session -T imeout RADIUS attr ibute (Attribute[2 7 ] ...
Cisco Systems IE3010 - page 222

10-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Figur e 1 0-3 Messag e Exc hang e If 802. 1x au thentic atio n times out while wai ting for an EAPOL message exchange and M A C authenti cation b y pass is ena ...
Cisco Systems IE3010 - page 223

10-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion Authentic ation M anager In C isc o I OS Re l ea s e 1 2. 2 (4 6 )S E an d ea r li er, y ou could not use the same authorization methods, i ncluding CL I c om man ...
Cisco Systems IE3010 - page 224

10-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Per-User ACLs and Filter-Ids In rel eases e arlie r than Cisco IO S Rel ease 1 2.2(50 )SE, p er-user ACLs and filter Ids we re onl y suppo rted in single-hos t ...
Cisco Systems IE3010 - page 225

10-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion Authentication M anager CL I Commands The authenti cation-manager interf ace-conf iguration comman ds control all the auth entication methods, such as 802.1 x, MA ...
Cisco Systems IE3010 - page 226

10-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Beginnin g with Cisco IOS Release 12.2(55)SE, you can f ilter o ut verbose syst em messages generated by th e authentication manager . The fi ltered content t ...
Cisco Systems IE3010 - page 227

10-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion • auto —en ables 802.1x authe nticati on an d caus es the port t o begin in the unauth orized state, allowing only E APOL f rames t o be se nt an d re ceived ...
Cisco Systems IE3010 - page 228

10-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation The switch suppor ts multidomain au thenticatio n (MD A), which allo ws both a data de vice and a voice de vice, such as an IP Phone (Cisco or non-Cisco) , to ...
Cisco Systems IE3010 - page 229

10-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion • W e do not reco mmen d per-us er ACLs wit h an MD A-ena ble d port. An author ize d device w ith a per-user A CL poli cy might impa ct traffic on both t he p ...
Cisco Systems IE3010 - page 230

10-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation When a MA C addre ss mov es from one port to an othe r , the swi tch terminate s the authentic ated session on the ori g inal port a nd initiates a ne w authe ...
Cisco Systems IE3010 - page 231

10-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion The switc h does not log 802. 1x accou nting in format ion. Instea d, it sen ds this inform ation to the RADIUS se rver , which must be configured t o log accou ...
Cisco Systems IE3010 - page 232

10-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x R eadine ss Che ck The 802.1x readin ess check monitors 802.1x act iv ity on all the switch ports and displays infor mation about the devices connec te ...
Cisco Systems IE3010 - page 233

10-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion – If the VLA N configurat ion cha nge of one device re sults in ma tchin g the oth er device configured or assigned V LAN, then auth orization of all d e vices ...
Cisco Systems IE3010 - page 234

10-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation RADIUS su pport s per-user a ttributes, inc ludin g vendor-specific attri butes. Thes e vendor-specific attrib utes (VSAs) are in octet-string format an d are ...
Cisco Systems IE3010 - page 235

10-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion If no A CLs are down loaded dur ing 802.1x authen tication, th e switch applies the static d efault A CL on the port to the host. On a voice VL AN port conf igur ...
Cisco Systems IE3010 - page 236

10-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Note If you use a c ustom l ogo with w eb aut henti cation and it is st ored on an external server, the por t A C L must allo w access to the ext ernal serv e ...
Cisco Systems IE3010 - page 237

10-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion of eac h host for a uthent icati on. The VL AN ID co nfigured on the conn ected port is us ed fo r MAC authenti cation. By using VLAN I D-based MA C authentica t ...
Cisco Systems IE3010 - page 238

10-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Guest VLAN s are support ed on 802.1x ports in singl e-host or mu ltiple-h osts mode. Y ou can conf igure an y activ e VLAN e xcept an RSP A N VLAN, a priv at ...
Cisco Systems IE3010 - page 239

10-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion Restricte d VLAN s are supporte d only on 802.1x ports in sing le-host mod e and on Layer 2 por ts. Y ou can conf igur e any ac tiv e VLAN e xcept an RSP AN VLAN ...
Cisco Systems IE3010 - page 240

10-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Y ou can conf igure the cr itical port to reinitia lize hos ts and mo ve them o ut of th e critical VLAN when the RADIUS serv er is again a vailable . When th ...
Cisco Systems IE3010 - page 241

10-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion A v o ice VLAN p ort becom es acti ve when th ere is a link , and the de vice MA C address appears after th e first CDP message from t he IP phone . Cisco IP ph ...
Cisco Systems IE3010 - page 242

10-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • Port securi ty and a voice VLA N can be configur ed simult aneousl y on an 802.1x p ort tha t is in e ither single-h ost or multiple- ho sts mode. Port se ...
Cisco Systems IE3010 - page 243

10-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion a usernam e and password base d on the MA C address. If author ization succ eeds, t he switch gr ants the client acce ss to the netw ork. If auth orization f ail ...
Cisco Systems IE3010 - page 244

10-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x User Dis tribution Y o u can co nfigure 802.1x user distribution to load-ba lanc e users with the same group na me across multiple di ff erent VLAN s. ...
Cisco Systems IE3010 - page 245

10-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion Network Admission Control Lay er 2 802.1x Va lidation The switc h supports t he Network Admi ssion Cont rol (NA C) Laye r 2 802.1x validatio n, which che cks the ...
Cisco Systems IE3010 - page 246

10-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • Multipl e-hosts mode with open authen tication–A ny host can acc ess the network. • Multiple- a uthentica tion mode with open au thenticatio n–Simil ...
Cisco Systems IE3010 - page 247

10-31 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion • Host Author ization: Ensures that only traf fic from authorized hosts ( connecting to the switch wi th supplica nt) is a llowed on the network. The sw itches ...
Cisco Systems IE3010 - page 248

10-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation An IEEE 802.1x port in sing le-host mo de uses A CLs fro m the ACS to provide different levels of service to an IEEE 802.1x -authe nticat ed u ser . When the ...
Cisco Systems IE3010 - page 249

10-33 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring 802.1x Authentication These sec tions co ntain this co nfiguration info rmat ion: • Default 802.1 x Au thentic atio n Configurat ion, page 10 -34 • 802.1x Authent i ...
Cisco Systems IE3010 - page 250

10-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Default 802.1x Authen tication Configuration Ta b l e 10-4 shows the default 8 02.1x authe nticatio n con figuration. Ta b l e 1 0-4 Def ault 802.1x A uthentication Configuration ...
Cisco Systems IE3010 - page 251

10-35 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion 802.1x Authentication Co nfigura tion Gu idelines These sec tion has configu ration gui delines fo r these featur es: • 802.1 x Auth enticat ion, page 10 -35 • VLAN Assig nment ...
Cisco Systems IE3010 - page 252

10-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion – Ether Channel port —Do not con figure a p ort t hat i s an active or a no t-yet -active membe r of an Ether Channel as an 802.1 x port. If you try to enab le 802. 1x auth e ...
Cisco Systems IE3010 - page 253

10-37 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion MAC Authentication Bypass • Unless ot herwise state d, the MA C authenti cation bypass gu ideline s are the same as the 802.1x authenti cation gu idelines. F or more inf ormation ...
Cisco Systems IE3010 - page 254

10-38 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Beginn ing in p ri vileged EXEC mode, fo llo w these s teps to enable the 802.1 x readiness c h eck on the switch: This e xample sho ws how to enable a readi n ess chec k on a sw ...
Cisco Systems IE3010 - page 255

10-39 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginn ing in pri vileged EXEC mode, fo llo w these steps to enab le voice awar e 8 02.1x security: This exam ple shows how to configure the sw itch to shut down a ny VLAN on which ...
Cisco Systems IE3010 - page 256

10-40 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x Authentication T o conf ig ure 802.1x p ort-based authenticati o n, you must enab le authentica tion, author ization, and account ing (AAA) a nd specify the au ...
Cisco Systems IE3010 - page 257

10-41 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Step 7 Th e user disconne cts from the por t. Step 8 The switch sends a stop message to the accounting server . Beginning i n privileged E XEC mo de, follow these steps to c onfigu ...
Cisco Systems IE3010 - page 258

10-42 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring the Sw itch-to-RADIUS-Serv er Communication RADIUS se curity servers are identi fied by their ho stname or IP ad dress, hostname and specific UDP por t number s, or I ...
Cisco Systems IE3010 - page 259

10-43 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Y ou also need to config ure some settings on the RADI US server. These settings in clude the IP addre ss of the switch and the ke y string to be shared by both the serv er and the ...
Cisco Systems IE3010 - page 260

10-44 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o disa ble mul tiple ho sts on the port , use the no authe ntica tion host- mode or the no dot 1x host-mode multi-host interface con figurati on comm and. This e xample sho ws ...
Cisco Systems IE3010 - page 261

10-45 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o d isable peri odic r e-authe nticat ion, use the no au thenti catio n period ic or the no dot1x reauthenti catio n inter face configura tion co mman d. T o return t o the d efa ...
Cisco Systems IE3010 - page 262

10-46 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Changing the Quiet P eriod When the swi tch cannot authentic ate the c lient, the swi tch remains idle for a set peri od of time and then tries agai n. The d ot1x tim eout qu iet ...
Cisco Systems IE3010 - page 263

10-47 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o return to the defa ult retransmission time, use the no dot1x time out tx-p eriod in terface conf iguration comm and. This e xample sho ws how to set 60 as the number of seconds ...
Cisco Systems IE3010 - page 264

10-48 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion This e xample sho ws how to set 5 as the num ber of times that the switch sends an EAP-req uest/identit y reques t bef or e res tart ing t he auth ent icat ion p roce ss: Switch( ...
Cisco Systems IE3010 - page 265

10-49 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginn ing in pri vileged EXEC mode, fo llo w these steps to globally en able MA C move on the switch. This proc edure is option al. This exam ple sh ows ho w to globall y enable M ...
Cisco Systems IE3010 - page 266

10-50 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802. 1x Accounting Enabl ing A AA system accounting with 8 02.1x a ccounting a llows sy stem r eload e vents to be sent to the accou nting RA DIUS serv er for loggin ...
Cisco Systems IE3010 - page 267

10-51 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring a Guest VLAN When y ou conf igure a gues t VLAN, clients tha t are n ot 802.1x-cap able a r e put into t h e gues t VLAN when the serv er does not recei ve a response t ...
Cisco Systems IE3010 - page 268

10-52 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring a Restricted VLAN When yo u conf igure a restric ted VLAN on a switch, clien ts that ar e 802.1x -comp liant ar e moved into the restricte d VLAN when the authentica ...
Cisco Systems IE3010 - page 269

10-53 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginning i n privileged EXE C mode , foll ow these ste ps to c onfigure the maximu m num ber o f allowed authenti cation attempts. Th is p rocedure is optional. T o return to the ...
Cisco Systems IE3010 - page 270

10-54 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring the Inaccessible Authenticatio n Bypass Feature Y ou can con fig ure the i naccessibl e by pass f eature, also refe rred to as criti cal authentica tion or the AA A f ...
Cisco Systems IE3010 - page 271

10-55 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o return to the RADIUS server def ault settings, use the no radius- serv er dead-crite ria , the no radius-serv er deadtime , and the no radius-server host global configurat ion ...
Cisco Systems IE3010 - page 272

10-56 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Switch(config-if)# dot1x critical recovery action reinitialize Switch(config-if)# dot1x critical vlan 20 Switch(config-if)# end Configuring 802.1x Au thentication with WoL Beginn ...
Cisco Systems IE3010 - page 273

10-57 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring MAC Au thentication Bypass Beginn ing in pri vileged EXEC mode, follo w these steps to enable MA C authentica tion by pass. This procedur e is optional. T o disabl e MA ...
Cisco Systems IE3010 - page 274

10-58 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring 802.1x User Distribution Beginning in global configurat ion, f ollow these st eps to configure a VLAN group and to map a VL AN to it: This example shows ho w to confi ...
Cisco Systems IE3010 - page 275

10-59 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring NAC Layer 2 802.1x Validation Y o u can co nfigure NA C Layer 2 802. 1x validatio n, which is also refe rred to as 802.1x authen tica tion with a RADIUS serv er . Begin ...
Cisco Systems IE3010 - page 276

10-60 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring a n Authen ticator an d a Supplicant Switch with NEAT Configuring this fe ature r equire s that o ne switc h outside a wirin g closet is configur ed as a supp lica nt ...
Cisco Systems IE3010 - page 277

10-61 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This example shows how to config ure a sw itch as a sup plica nt: Switch# configure terminal Switch(config)# cisp enable Switch(config)# dot1x credentials test Switch(config)# user ...
Cisco Systems IE3010 - page 278

10-62 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Downloadable AC Ls The policie s take ef fect after cli ent authentication and the client IP addre ss addition to the I P de vice tracki ng table. The switch then app ...
Cisco Systems IE3010 - page 279

10-63 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This e xample sho ws ho w to conf igure a switch for a do wnloadable pol icy: Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# a ...
Cisco Systems IE3010 - page 280

10-64 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring VLAN ID-b ased MAC Authentication Beginning i n privileged EX EC mo de, fol low these s teps: Ther e is no show comm and to confirm the status of VLA N ID- based MAC ...
Cisco Systems IE3010 - page 281

10-65 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring Open1x Beginning i n privileged EX EC mo de: This exampl e shows ho w to configure open 1x on a po rt: Switch# configure terminal Switch(config)# interface gigabitether ...
Cisco Systems IE3010 - page 282

10-66 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o conf igure the por t as an 802 .1x port access en tity (P AE) authent icator , which enabl es 802 .1x on the port b ut does not allo w clients connected to the por t to be au ...
Cisco Systems IE3010 - page 283

10-67 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Displaying 802.1x Statistics and Status Displaying 802.1x Statistics and Status T o display 802.1x statistics for all ports, use the show dot1x all stat istics pri v ile ged EXEC co mmand. T o display 802 .1x statisti ...
Cisco Systems IE3010 - page 284

10-68 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Displ ayin g 802.1x S tat isti cs and St atus ...
Cisco Systems IE3010 - page 285

CH A P T E R 11-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 11 Configuring Web-Based Authentication This chapte r describe s ho w to conf igure web-ba sed authenticati on. It contains these sec tions: • Understa nding W eb-B ased Aut henticat ion, pa ge 11-1 • Configuring W eb-Based Auth entica tion, page 11-9 • Displaying ...
Cisco Systems IE3010 - page 286

11-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Device Roles W ith web-based authentic ation, the de vices in the network ha ve these specif ic roles: • Client —The device (wo rkstati on) that r eques ts access t o the LAN and the ser ...
Cisco Systems IE3010 - page 287

11-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion If the h ost IP is included i n the e xception list, the policy fr om the e xception list e n try is ap plied, an d the session is established. • Revie ws for authoriza tion bypass If th ...
Cisco Systems IE3010 - page 288

11-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Figur e 1 1 -2 A uthentication Successfu l Banner Y ou can a lso cu stomi ze the bann er , as s ho wn in Figure 11-3 . • Add a switch, router, or company name to the ba nner by using the i ...
Cisco Systems IE3010 - page 289

11-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figur e 1 1 -4 Login Scr een With N o Banner For more infor mation, see th e Cisco IOS Securi ty Comm and Refere nce and th e “C onfiguring a W e b Authe nticati on Loca l Banner ” sec ...
Cisco Systems IE3010 - page 290

11-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication • If you configure web pages for H TTP authe ntic ation, th ey must include the appro priate HT ML comm ands (fo r example, to set t he page tim e out, to set a hi dden password, or to con ...
Cisco Systems IE3010 - page 291

11-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Web-base d Authen tication In teractions with Other Fe atures • Port Security , page 11-7 • LAN Po rt IP , page 11-7 • Gateway IP , page 11-7 • A CL s, page 11-7 • Cont ext- Base ...
Cisco Systems IE3010 - page 292

11-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Context-Based Access Control W eb- based authe nticat ion c annot be c onfigured o n a Layer 2 port if conte xt-based access con trol (CBA C) is configured on the La yer 3 V LAN interfac e o ...
Cisco Systems IE3010 - page 293

11-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication Configuring Web -Based Authentication • Defa ult W eb-Based Authentication Config uration, page 11-9 • W eb- Based Authe nticat ion Configurati on Guidel ines and Restr iction s, page 11 - ...
Cisco Systems IE3010 - page 294

11-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication • Hosts tha t are more t han one hop away might exper ience traffic disruption if a n STP to pology change r esults in the host tr af fic arri ving on a di fferen t port. Th is occur s beca ...
Cisco Systems IE3010 - page 295

11-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication Authentication global absolute time is 0 minutes Authentication global init state time is 2 minutes Authentication Proxy Watch-list is disabled Authentication Proxy Rule Configuration Auth-pr ...
Cisco Systems IE3010 - page 296

11-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication T o conf igure the RADIUS serv er parameters , perform this task: When yo u conf igure the RADIUS ser ver paramete rs: • Specify the key string on a se parate comma nd lin e. • For key st ...
Cisco Systems IE3010 - page 297

11-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication This exampl e shows ho w to configure the RA DIUS server paramete rs on a switch: Switch(config)# ip radius source-interface Vlan80 Switch(config)# radius-server host 172.l20.39.46 test usern ...
Cisco Systems IE3010 - page 298

11-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication When conf iguring customize d authentica tion proxy web pages, follo w these guidelines: • T o enab le the custom web pages feat ure, specif y all four custom HTML f iles. If yo u specif y ...
Cisco Systems IE3010 - page 299

11-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication Specifying a Redirection UR L for Successful Login Y ou can spec ify a URL t o which t he user is redire cted after a u thenti cation, effect iv ely re placing the internal S ucce ss H TML pa ...
Cisco Systems IE3010 - page 300

11-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication This exam ple sh ows how to determ ine w hethe r any conn ected host s are in the A AA Down sta te: Switch# show ip admission cache Authentication Proxy Cache Client IP 209.165.201.11 Port 0, ...
Cisco Systems IE3010 - page 301

11-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Displaying Web-Based Authentication Status This exampl e shows ho w to configure a loca l banne r with the custom message My Switc h : Switch(config) configure terminal Switch(config)# aaa new-model Switch(config)# aaa ip auth-pro ...
Cisco Systems IE3010 - page 302

11-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Display ing Web- Base d Authent ication Status ...
Cisco Systems IE3010 - page 303

CH A P T E R 12-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 12 Configuring Interface Cha r acteristics This ch apt er defines th e type s of int erfaces on the IE 301 0 switch and d escrib es how to co nfigure them . The chapte r consists o f these sec tions: • Understa nding I nterfac e T ypes, page 12-1 • Using Interfac e ...
Cisco Systems IE3010 - page 304

12-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Port-Based VLANs A VLAN is a switched netwo rk that is logically segmente d by function, team, or application , without reg ard to the physical location of t he users. For more infor mati on about VL ...
Cisco Systems IE3010 - page 305

12-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es T wo ty pes of ac cess por ts are sup ported : • Static access ports are manually a ssigned to a VLAN . • VLAN m embersh ip o f dynami c ac cess por ts is le arne d thro ugh inc oming p acket ...
Cisco Systems IE3010 - page 306

12-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes For Layer 3 inter faces, you ma nuall y create th e logical interfac e by using the interface port-channel global co nfigurati on comma nd. Then you manual ly assign an i nterface to the Ethe rChanne ...
Cisco Systems IE3010 - page 307

12-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es mode. The powered device f irst boots up in low-power mode, con sumes less tha n 7 W , and negotiates to obtain en ough power to oper ate in high -power mode. The device chang es to high- po wer ...
Cisco Systems IE3010 - page 308

12-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes grants or de nies p ower . If th e re quest i s grant ed, t he s witch u pdates the p ower budget. I f th e reque st is denied, t he switch en sures that power to the po rt is turned off, genera tes ...
Cisco Systems IE3010 - page 309

12-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es For informat ion on c onfiguring a PoE p ort, see the “Conf iguring a Po wer Mana gement Mode on a PoE Port” sectio n on page 12 -20 . Power Monitoring and P ower Policing When policin g of t ...
Cisco Systems IE3010 - page 310

12-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Use the fir st or se cond method in the p revious list to man ually conf igure the cuto f f -po wer valu e b y ent erin g th e power inline consumption default watta ge or the power inline [ auto | s ...
Cisco Systems IE3010 - page 311

12-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface Configu ration Mode Connecting Interfaces De vices within a singl e VLAN ca n communicate directly through an y switch. Ports in dif ferent VLANs cannot exchange data withou t go ing th rough a ro uting device. W i ...
Cisco Systems IE3010 - page 312

12-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode Y o u can iden tify physi cal in terfaces by looki ng at the swit ch. Y ou can also use the show pri vile ged EXEC co mmands to d isplay i nformation a b out a sp ecif ic inte rface or all the i ...
Cisco Systems IE3010 - page 313

12-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface Configu ration Mode Beg i n ni n g i n pr ivi l eg ed E X EC mo d e , f o ll ow t h es e s te p s t o conf igure a range of interf aces with the same pa ram eter s: When usin g the interf ace range global configur ...
Cisco Systems IE3010 - page 314

12-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode • All inte rfaces defined in a range must be t he same type (all Fast Ethern et po rts, all Gi gabit Ethe rnet ports, all Ether Channel ports, or all VLANs), b ut you can enter multip le range ...
Cisco Systems IE3010 - page 315

12-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface Configu ration Mode When usin g the def ine interfac e-range global configuration co mmand , note thes e guide lines: • V alid entries for inte rface- range , d epen ding on port t ypes on the switc h: – vlan ...
Cisco Systems IE3010 - page 316

12-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Configuring Eth ernet Interfaces These sec tions co ntain this co nfiguration in format ion: • Defaul t Ethern et Interfa ce Configu ration, pa ge 12-14 • Setting the T ype of a Dual-Pur pose ...
Cisco Systems IE3010 - page 317

12-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Setting th e Type of a Dual-P urpose Uplink Po rt Some sw itches su pport d ual-purpo se upl ink po rts. By default, the sw itch d ynamicall y selec ts the interface type tha t first links up. Howev ...
Cisco Systems IE3010 - page 318

12-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s T o return to the default setting , use the medi a-typ e au to interf ace or the no media-type interf ace configurati on c ommands. e switch configur es both typ es to autonegoti ate speed an d du ...
Cisco Systems IE3010 - page 319

12-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces These sec tions descr ibe how to configure the i nterface speed and duplex mode : • Speed a nd Duplex C onfigurati on Gui deline s, pa ge 12 -17 • Setting the Inte rface Speed and Duplex Param e ...
Cisco Systems IE3010 - page 320

12-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Use the no spee d and no duplex interfa ce configur ation comman ds to return the interface to the default speed and duple x settings (autoneg otiate). T o return all inter face settings to the de ...
Cisco Systems IE3010 - page 321

12-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Note Ports on the switc h can recei v e, bu t not send, pause fra mes. Y o u use the fl owcont rol interfa ce conf iguration comman d to set the in terface ’ s ability to rec e ive pause fram es t ...
Cisco Systems IE3010 - page 322

12-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Auto-MDIX is e n abled b y default. When you e n able auto-MDI X, you must also set the in terface sp eed and duplex to auto so that the f eatur e ope rates corr ectly . Auto-MD IX is suppor ted o ...
Cisco Systems IE3010 - page 323

12-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Note Whe n you m ake PoE configurat ion ch anges , the port be ing configured d rops power . Depen ding on the new configuration, t he state of the othe r PoE por ts, and th e state of t he power bu ...
Cisco Systems IE3010 - page 324

12-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Budgeti ng Power for Devi ces Co nnecte d to a PoE P o rt When Cisco po were d de vices are co nnec ted to Po E ports, th e switch uses Cisco D isco very Pr otoc ol (CDP) to determin e the actual ...
Cisco Systems IE3010 - page 325

12-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces T o return to the default setting , use the no power inl ine consumption default global configura tion comm and. Beginning in privileged EXEC mo de, fol low these steps to co nf igur e a mount of po ...
Cisco Systems IE3010 - page 326

12-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Layer 3 Interfaces Use the no description i nter face configurat ion comm and to delete the de script ion. This exam ple sh ows how to add a descr iption o n a port a nd how to verif y the descr iption: Switch# config ...
Cisco Systems IE3010 - page 327

12-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Confi guring t he System MTU Frames sizes tha t can be recei ved b y the switch CPU ar e limited to 1998 b ytes, no matte r what v alue w as entered wit h the syste m mtu or system mtu jum bo comma nds. Al though fr ames th at are ...
Cisco Systems IE3010 - page 328

12-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es This exam ple sh ows the resp onse wh en yo u try to set Gigab it Eth ernet interfac es to an ou t-of-rang e number: Switch(config)# system mtu jumbo 25000 ^ % Invalid input detected at ...
Cisco Systems IE3010 - page 329

12-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces Clearing and Resetting In terfaces and Counters Ta b l e 12-5 lists the pri vilege d EXEC mode clear comman ds tha t you can us e to clear co unters and res et interf aces. T o c lea r the ...
Cisco Systems IE3010 - page 330

12-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es Use the no shutdown inter face configura tion comman d to rest art the interfa ce. T o verif y that an inte rface is disabled, e n ter the sho w interfaces pri vileged E XEC com mand. A ...
Cisco Systems IE3010 - page 331

CH A P T E R 13-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 13 Configuring Smartports Macros The I E 3010 swit ch com mand r eferen ce has co mmand synt ax and usag e info rmatio n. • Understa nding Sm artpor ts M acros, page 13- 1 • Configuring Smar tports M acros, pa ge 13 -1 • Display ing Smart ports Ma cros, page 13-5 ...
Cisco Systems IE3010 - page 332

13-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 13 C onfiguring Smart ports Macros Configuring Smartpor ts Macros Smartports Config uration Guidelin es • When a macro is applied g lobally to a switch or to a switch inte rface, a ll existing conf iguration on the interf ace is retain ed. This is helpfu l when applying ...
Cisco Systems IE3010 - page 333

13-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 3 Configuring Smartpor ts Macros Configuring Smartports Macros Applying Smartports Ma cros Beginning i n privileged E XEC mo de, follow these s teps to app ly a Smartpor ts mac ro: Command Purpose Step 1 s how par ser macr o Display the Cisco-defaul t Smartport s macros e ...
Cisco Systems IE3010 - page 334

13-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 13 C onfiguring Smart ports Macros Configuring Smartpor ts Macros Y o u can o nly delet e a global macro- appli ed configura tion on a sw itch by enteri ng the no vers ion of each comm and in the macro. Y ou can de lete a macro -appli ed configu ratio n on a po rt by en te ...
Cisco Systems IE3010 - page 335

13-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 3 Configuring Smartpor ts Macros Displaying Smartports Macros Displaying Smartports Macros T o displa y the Smartpo rts macr os, use one o r more of the pri vileged EXE C command s in Ta b l e 13-2 . Ta b l e 13-2 Com mands f or Display ing Smar tports Macros Command Purpo ...
Cisco Systems IE3010 - page 336

13-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 13 C onfiguring Smart ports Macros Displaying Smartpor ts Macros ...
Cisco Systems IE3010 - page 337

CH A P T E R 14-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 14 Configuring VLANs This c hapter describ es how to c onfigure norm al- range VL ANs (V LAN IDs 1 t o 100 5) and extended -range V LANs (VLAN IDs 1006 to 4094) o n the I E 3010 switch . It in clud es infor mati on about VLAN m embersh ip mode s, VLA N co nfiguration mo ...
Cisco Systems IE3010 - page 338

14-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Underst anding VL ANs Figure 14-1 shows an example of VL ANs segment ed into logica lly defined networks. Figur e 14-1 VLANs as Logica lly Defined N etwor ks VLANs are of ten associated with IP subnetw orks. For e xample, all the end statio ns in a par ...
Cisco Systems IE3010 - page 339

14-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Unde rsta ndin g VLAN s VLAN Port M embership M odes Y o u configure a por t to belong t o a VLAN by assigning a membersh ip mode tha t speci fies the kind of traf fic th e port carries and the number of VLANs to whic h it can belong. Ta b l e 14-1 list ...
Cisco Systems IE3010 - page 340

14-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Normal- Range VLA Ns Configuring Normal -Range VLANs Normal- range V LANs a re VL ANs with VLAN IDs 1 to 1005 . If the swi tch is in VT P server or VTP transparen t mod e, y ou can add, modi fy or r emove configura tions f or V LANs 2 to 1 ...
Cisco Systems IE3010 - page 341

14-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns These sec tions co ntain normal -ran ge VLAN configurat ion info rmati on: • T oken Ri ng VLA Ns, pa ge 14-5 • Normal -Range VLAN Con figuration Gu ideline s, page 14-5 • Conf iguri ng N ormal- Range VLAN s, pa ...
Cisco Systems IE3010 - page 342

14-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Normal- Range VLA Ns the network, this c ould crea te a loop in the n ew VLAN that would not be broken, pa rticul arly if t here are se veral adj acent switches that a ll have run out of spanni ng-tree in stances. Y ou can p re ve nt this ...
Cisco Systems IE3010 - page 343

14-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Creating or Modifyin g an Et hernet VLAN Each E therne t VLA N in the VLAN d ataba se has a uni que, 4- digit I D tha t ca n be a nu mber fr om 1 to 1001. V LAN IDs 1002 to 1005 are re served for T oken Ring and FD D ...
Cisco Systems IE3010 - page 344

14-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Normal- Range VLA Ns T o return the VLAN name to the def ault setting s, use the no name , no mtu , o r no r emote-spa n command s. This exampl e shows h ow to cre ate E therne t VL AN 2 0, na me it test20, and add it to the VL AN d atabas ...
Cisco Systems IE3010 - page 345

14-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Assigning S tatic-Ac cess Ports to a VLAN Y o u ca n assig n a s tatic-ac cess po rt to a VLAN witho ut having VTP globa lly p ropagat e VLAN conf iguration informatio n by disabling VT P (VTP transparent m o de). If ...
Cisco Systems IE3010 - page 346

14-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Extend ed-Range VLANs Configuring Ex tended-Range VLANs W i th VTP version 1 and versio n 2, whe n th e switc h is in V TP tran sparent mo de (VT P disabl ed), yo u can creat e extended-r ange VLANs (i n the rang e 1006 to 4094). VTP vers ...
Cisco Systems IE3010 - page 347

14-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Confi guring Extended- Range V LANs If the numb er o f VLA Ns on t he swi tch excee ds the max imum nu mber of sp anning- tree instan ces, we recommend that you configure the IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLA Ns to a si ...
Cisco Systems IE3010 - page 348

14-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Extend ed-Range VLANs Beginn ing in pri vileged EXEC mode, fo llo w these steps to create an extended -range VLAN: T o delete an ex tended- r ange VLAN , use the no vlan vlan -id glob al configura tion co mman d. The proc edure for assi g ...
Cisco Systems IE3010 - page 349

14-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Displaying VL ANs Beginn ing in pri vileged EXEC mode, follo w these steps to release a VLAN ID that is assigne d to an internal VL AN and to create an e xtended-range VLAN with th at ID: Displaying VLANs Use the show vlan privi leged EXEC command to d ...
Cisco Systems IE3010 - page 350

14-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks For more details about the show comman d opti ons and expl anati ons of outp ut fields, se e the comma nd refere nce fo r th is rel ease. Configuring VL AN Trunks These sect ions co ntain this co nceptu al in forma tion: • ...
Cisco Systems IE3010 - page 351

14-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s Note Th e switc h does not suppo rt Laye r 3 tru nks.The switch d oes supp ort Laye r 2 trun ks and Layer 3 VLAN interf aces, which provide equ iv alent capabilitie s. IEEE 802.1Q Configuration Considerations The IE EE 8 02. ...
Cisco Systems IE3010 - page 352

14-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Default Layer 2 Ethernet Inte rface VLAN Con figuratio n Ta b l e 14-5 shows the default L ayer 2 Et herne t inte rface V LAN configurati on. Configuring a n Ethern et Interface as a Trunk P ort Because t runk po rts send a n ...
Cisco Systems IE3010 - page 353

14-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s • W e rec omme nd that you configure no more than 2 4 trun k ports in PV ST mode an d no mor e than 4 0 trunk p orts in M ST m ode. • If you try to enabl e IEEE 802 .1x on a t runk por t, an err or message appear s, and ...
Cisco Systems IE3010 - page 354

14-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Switch(config-if)# end Defining the Allowed VLANs on a Trunk By default, a trunk port sends traf fic to and recei ves traf fic from all VL ANs. All VLAN IDs, 1 to 4094 , are al lowed o n each trun k. Ho wev er , you can remov ...
Cisco Systems IE3010 - page 355

14-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s T o return to the default allowed VLA N list of all V LANs, use the no switchport trunk allowed vlan interf ace config uration co mmand. This exam ple sh ows how to remove VLAN 2 from th e a llowed VLAN list on a p ort: Swit ...
Cisco Systems IE3010 - page 356

14-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Note Th e native VLAN can be assign ed any VLAN ID. For informa tion ab out IEEE 802.1Q con figuratio n issues , see the “IEE E 802.1 Q Configurati on Cons ide rations” s ecti on on pa ge 14-15 . Beginn ing in pri vileged ...
Cisco Systems IE3010 - page 357

14-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s Figure 14-2 shows two trunks conne cting suppo rted swi tches. In t his example, the switches ar e configured as f oll ows: • VLANs 8 thr ough 1 0 are assigne d a p ort pr iority of 16 on Trunk 1. • VLANs 3 thr ough 6 re ...
Cisco Systems IE3010 - page 358

14-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Load Sharing Using STP Path C ost Y o u can co nfigure paralle l trunks to sha re VLAN traffic by settin g different path costs on a trunk and associ ating the path costs wit h dif ferent sets of VLANs, blockin g dif ferent p ...
Cisco Systems IE3010 - page 359

14-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure the network sho wn in Figu re 14-3 : Configuring VMPS The VLA N Quer y Protocol (V QP) is u sed to suppor t dynami c-ac cess ports , which are not perma nently ass ...
Cisco Systems IE3010 - page 360

14-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS • “Troubleshoot ing Dynami c-Access Port VLAN Mem bership” secti on on page 14-29 • “VMPS Co nf igurat ion Ex ampl e” s ecti on on pa ge 14-29 Understand ing VMP S Each time t h e client switch recei ves the MA C address o ...
Cisco Systems IE3010 - page 361

14-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS If the link goes down on a dy namic -access por t, the p ort r eturns to an is olated st ate and do es not be long to a VLAN. An y hosts that come onlin e through the port are check ed again throug h the VQP with the VMPS before the po ...
Cisco Systems IE3010 - page 362

14-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS Configuring the VMPS Client Y o u con figure dynami c VLAN s by using t he VM PS (ser ver). The switch c an be a VMPS c lient; it ca nnot be a VMPS server . Entering the IP Address of the VMPS Y ou must f irst ente r the IP addres s o ...
Cisco Systems IE3010 - page 363

14-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS T o return an interf ace to its defaul t config uration, use the default interface interface-id interfa ce conf iguration command. T o retur n an interf ace to i ts default switchport mod e (dynamic a uto), use th e no switchport mode ...
Cisco Systems IE3010 - page 364

14-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS Changing the Retry Count Beginn ing in pri vileged EXEC mode, fo llo w these steps to chan ge the number of times that the swit ch attempt s to conta c t the VMPS befor e queryi ng the ne xt serv er: T o return the switch to its def a ...
Cisco Systems IE3010 - page 365

14-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS Troublesho oting Dyna mic-Acce ss Port V LAN Memb ership The VMPS shuts down a dynamic -access port unde r these cond itions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port. The VMPS shuts down t ...
Cisco Systems IE3010 - page 366

14-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS Figur e 14-4 Dynamic Po rt VLAN Membership Con figur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.20.26.150 172.20.26.151 Catalyst 6500 series switch A ...
Cisco Systems IE3010 - page 367

CH A P T E R 15-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 15 Configuring VTP This chapt er desc ribes how to use the V LAN Trunking Pr otocol ( VTP) and th e VLAN data base fo r managing VLANs with t he IE 3010 switch . For complete sy ntax a n d usag e info rmation for the co mmands u sed in this c hapter , see the command re ...
Cisco Systems IE3010 - page 368

15-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Underst anding VTP These sect ions co ntain this co nceptu al in forma tion: • The VTP Do main, pa ge 15-2 • VTP Modes, pa ge 15 -3 • VTP Ad vert is emen ts , page 15-3 • VTP V ersio n 2, pa ge 15 -4 • VTP V ersio n 3, pa ge 15 -4 • VTP Pruni ...
Cisco Systems IE3010 - page 369

15-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Understanding VTP VTP Mode s Y o u can co nfigure a supporte d switch to be in on e of the VTP mod es listed in Ta b l e 15 -1 . VTP Advertisements Each swi tch in the VTP domain sends period ic globa l configuratio n advertise ments f rom each trunk port ...
Cisco Systems IE3010 - page 370

15-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Underst anding VTP VTP adv ertiseme nts distrib ute this global d omain i nformation: • VTP domain na me • VTP configurati on revision number • Update id entity an d update timestamp • MD5 diges t VLAN conf iguratio n, incl uding maxi mum tr ansm ...
Cisco Systems IE3010 - page 371

15-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Understanding VTP hexadecima l forma t in the run ning configura tion. Y ou must reen ter the passwo rd if you enter a takeover comm and i n the domai n. W hen y ou ent er the s ecr et ke yword, you can di rectly co nf igure the password secret key . • ...
Cisco Systems IE3010 - page 372

15-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Underst anding VTP Figur e 15-1 Flooding T raf fic without VTP Pr uning Figure 15-2 shows a switched ne twork with VTP pruni ng enabled. The broadca st traff ic from Swit ch A is not fo rwa rded to Swi tches C, E, and F becaus e traf fic for the Red VLAN ...
Cisco Systems IE3010 - page 373

15-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP VTP pruning is not designed to func tion in VTP transparent mode . If one or more switches in the netwo rk are in VTP transpar ent mode , you should do one of the se: • T urn off VTP prun ing in the en tire network . • T urn off VTP pr ...
Cisco Systems IE3010 - page 374

15-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P VTP Configu ra tion Guidelines Y o u use t he vtp global con figuration c ommand to set the VTP pa ssword, th e version, the VTP file n ame, the interf ace pro viding updated VTP information, the domain name, and the mode, and to disab ...
Cisco Systems IE3010 - page 375

15-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP If you a re adding a ne w switch to a n existi n g netw o rk with VTP capab ility , the ne w switch learns the domain name only after the appli cable password ha s been configured on it. Cautio n When you c onfigure a VT P domain p assword ...
Cisco Systems IE3010 - page 376

15-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P Configuration R equirements When you configure V TP , you must configure a trunk port so t hat t he swit ch can send a nd rece ive VTP adve r tisements to and from other switches in the domain. For more infor mation, see th e “Confi ...
Cisco Systems IE3010 - page 377

15-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP Cautio n If all switches ar e operatin g in VTP client mode, do not con fig ure a VTP domain name. If you do, it is impossibl e to make ch anges to the VLA N configura tion o f that dom ain. T herefo re, ma ke sure you conf igure at least ...
Cisco Systems IE3010 - page 378

15-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P This e xample sho ws ho w to confi g ure the switch as a VT P server with the domain name eng_gr ou p and the password mypassword : Switch(config)# vtp domain eng_group Setting VTP domain name to eng_group. Switch(config)# vtp mode se ...
Cisco Systems IE3010 - page 379

15-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP Configuring a VTP Version 3 Primary Server Beginn ing in p ri vileged EXEC mode, fo llo w these steps o n a VTP ser ver to co nf igure it as a VTP primar y server (version 3 onl y), whi ch starts a takeover operation: This examp le shows ...
Cisco Systems IE3010 - page 380

15-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P Cautio n In VTP versio n 3, both the primary and seconda ry servers can e xist on an instance in the domain. For more information on VTP v ersion configur ation guideli n es, see the “VTP V ersion” se ction o n page 15-9 . Beginn ...
Cisco Systems IE3010 - page 381

15-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP Configur ing VTP on a Per-P ort Basi s W i th VTP version 3, y ou can enabl e or disa ble VTP on a per-port ba sis. Y ou can e nable VTP on ly on ports t hat a re in trunk mode. Incom ing and o utgoing VTP t raff ic a re blo cked, not for ...
Cisco Systems IE3010 - page 382

15-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Monito ring VTP After resetting the conf iguration re vision number , add the switch to the VTP domain. Note Y ou can u se the vt p mode transparent global con figuration com mand to disabl e VTP on the switch and then to change its VLAN inform ation wi ...
Cisco Systems IE3010 - page 383

CH A P T E R 16-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 16 Configuring Voic e VLAN This c hapter describe s how to c onfigure t he voice VL AN f eature o n th e IE 30 10 switc h. V o ice VL AN is referr ed to as a n auxil iary V LAN in so me Catalyst 6500 family switch do cumentation. Note For c omplete s yntax and usage in ...
Cisco Systems IE3010 - page 384

16-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 16 Configuring Voice V LAN Underst anding Voice VL AN Figure 16-1 shows one way to connect a Cisco 7960 IP Phon e. Figur e 16-1 Ci sco 7960 IP Phone Connected t o a Sw itch Cisco IP Phone Voice Traffic Y ou can conf igur e an access po rt with an atta ched Cisc o IP Phone ...
Cisco Systems IE3010 - page 385

16-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 6 Configuring Voice VLA N Configuring Voice VLAN Note Un tagged traffic from th e device a ttache d to t he Cisco I P Phone passes t hrou gh the phone unc hanged, regardless of the tr ust stat e of t he acce ss port on the phone. Configuring Vo ice VLAN These sec tions co ...
Cisco Systems IE3010 - page 386

16-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 16 Configuring Voice V LAN Configuring Voice VLAN • If the Cisc o IP Phone and a de v ice atta ched to the phone are in the same VLAN , the y must be in the same IP subnet . These condit ions indicate that they ar e in the same VLAN: – They both use IEEE 802.1p or un t ...
Cisco Systems IE3010 - page 387

16-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 6 Configuring Voice VLA N Configuring Voice VLAN Configuring Cisco IP Phone V oice Traffic Y o u can c onfigure a po rt conn ecte d to th e Cisco IP Phon e to se nd CDP pa ckets to t he phon e t o configure the wa y in which the ph one send s voice tr af fic. The p hone ca ...
Cisco Systems IE3010 - page 388

16-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 16 Configuring Voice V LAN Displa ying Vo ice VLAN T o return the port to its defa u lt setting, use the no s witchport v oice vlan interfa ce configurat io n comm and. Configuring the Priori ty of Incoming Data Frames Y o u can co nnect a PC or othe r data device to a Cis ...
Cisco Systems IE3010 - page 389

CH A P T E R 17-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 17 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protoc ol (STP) on port-ba sed VLANs on the IE 3010 switc h. The swit ch can use eithe r the per-VLAN spannin g-tree plus (PV ST+) prot ocol base d on the IE EE 802.1 D sta ndard a nd Ci s ...
Cisco Systems IE3010 - page 390

17-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures • Spanning- T ree Interop erability and Backw a rd Compatibi lity , page 17- 10 • STP and IEEE 802. 1Q Trunks, page 17- 10 • VLAN-Br idge Sp anning T r ee, page 17-10 For conf iguration in formation, se e th ...
Cisco Systems IE3010 - page 391

17-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures Spannin g-Tr ee Topology an d BPDUs The stable, ac tiv e spanning-tree topolog y of a switched network is controlled b y these elements: • The uni que bridge ID (sw itch p rior ity and MAC address) a ssociate d wi ...
Cisco Systems IE3010 - page 392

17-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures Bridge ID, Switch Priority , an d Extended Syste m ID The IE EE 80 2.1D standa rd requi res th at ea ch switc h has a n uni que bridge ident ifier (bri dge ID ), wh ich control s the select ion of the root switc h ...
Cisco Systems IE3010 - page 393

17-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures An interfac e mov es through these state s : • From initiali zation to blocking • From bl ocking to list ening or to disab led • From list ening to lea rning o r to di sabled • From le arning t o fo rwarding ...
Cisco Systems IE3010 - page 394

17-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures there is only one sw itch in the netwo rk, no exch ange occurs, the forwar d-delay timer expi res, and the interf ace mov e s to th e listening state. An inter face alw ays enter s the blocking st ate after switch ...
Cisco Systems IE3010 - page 395

17-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures Disabled State A Laye r 2 int erface in th e disab led state do es not parti cipa te in frame forwar ding or in the span ning tree. An interf ace in the disabled state is nonoperational. A disab led int erfac e perf ...
Cisco Systems IE3010 - page 396

17-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures Spanning Tree and Redun dant Conn ectiv ity Y o u can create a redun dant back bone w ith spa nning t ree by conne cting two switc h inte rfaces to anothe r device or to two different devices, as shown in Figure 1 ...
Cisco Systems IE3010 - page 397

17-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures Becau se each V LAN is a sepa rate spanning -tree instance , the switch acce lerates aging o n a per -VLAN basis . A spanni ng-tree rec onfi guration on one VLAN ca n cause the dynam ic addresse s learne d on that V ...
Cisco Systems IE3010 - page 398

17-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures Spanning-Tree Interoperability and Backward Compatibility Ta b l e 17-2 lists the interope rability and c ompatibility among the s upported s panning-tree mo des in a network. In a mi xed MSTP and PV ST+ n etwork ...
Cisco Systems IE3010 - page 399

17-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Configuring Sp anning-Tree Features These sec tions co ntain this co nfiguration info rmat ion: • Def ault Span ning -T ree Conf igura tion, page 17- 11 • Spanning -T ree Co nfiguration Guidel ines, pag e 17-12 ? ...
Cisco Systems IE3010 - page 400

17-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Spannin g-Tr ee Conf iguration Guideli nes If more VLAN s are def ined in the VTP than the re are spanni ng-t ree instanc es, you can enable PVST+ or rapid PVST+ on only 128 VLAN s on the switch . The remai ning VLA ...
Cisco Systems IE3010 - page 401

17-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Changing the Spa nning-Tree M ode. The sw itch s upports th ree spanning -tree mo des: PV ST+, rapi d PVST+, or MS TP . By default, the sw itch runs th e PVST+ protocol . Beginning in privileged EXEC mode, fo llow th ...
Cisco Systems IE3010 - page 402

17-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Disabling Sp anning Tree Spanning tree is enab led by defau lt on V LAN 1 and on all newly crea ted VL ANs up to the spannin g-tree limit specif ied in the “Suppo rted Spa nning-Tree Insta nces” sect ion on pa g ...
Cisco Systems IE3010 - page 403

17-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Note Th e ro ot swit ch fo r eac h span ning -tree instan ce shou ld be a ba ckbone or di stribution switch . Do not conf igure an acc ess switch as the span ning-tre e primar y root. Use the diameter ke ywo rd to sp ...
Cisco Systems IE3010 - page 404

17-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Configur ing a Second ary Roo t Switch When you con figure a switch as the secondary root, the switc h priori ty is modified from t he default value (32768 ) to 28672. Th e switc h is then l ikely to beco me the roo ...
Cisco Systems IE3010 - page 405

17-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure the port priority of an interf a ce. This proc edure is option al. Note Th e show spanning-tree inter face interface- id privileged EXEC comma nd ...
Cisco Systems IE3010 - page 406

17-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring Path Cost The spanni ng-tr ee path c ost defau lt value is derived from the med ia speed of an interfac e. If a loop occurs , spann ing tree u ses cost wh en sele cting an in terfa ce to put in the forw ...
Cisco Systems IE3010 - page 407

17-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures T o return to the default setting , use the no spanning-tree [ vlan vlan-id ] co st in terface co nfiguration comman d. For inf ormat ion on h ow to configure lo ad sha ring on t runk po rts by using spannin g-tree p ...
Cisco Systems IE3010 - page 408

17-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring S pannin g-Tree Timers Ta b l e 17-4 des cribes the tim ers that affect the entire spanning-tree perfor mance. The sectio ns that follo w pro vide the conf iguration steps. Configuring the Hello Time Y o ...
Cisco Systems IE3010 - page 409

17-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for a VLAN. Th is proc edure is opt ional . T o return to the de ...
Cisco Systems IE3010 - page 410

17-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Displaying the Spannin g-Tree Stat us Configuring the Transmit Hold -Count Y o u can co nfigure the BPDU burst size by changing th e transm it hold coun t value. Note Changing this parameter to a hi gher va lu e can ha ve a signif icant impact on CPU ut ...
Cisco Systems IE3010 - page 411

CH A P T E R 18-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 18 Configuring MSTP This chapte r describes ho w to configur e the Cisco impleme ntation of the IEEE 802.1s Multi ple STP (MSTP) on the IE 3010 switch. Note The multiple spanning-tree (MST) implementation is based on the IEEE 802.1s standard. The MS TP enables m ultiple ...
Cisco Systems IE3010 - page 412

18-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding MST P Understandin g MSTP MSTP , which uses RSTP for ra pid con vergence, enab les VLA Ns to be group ed into a spanning- tree instan ce, w ith ea ch insta nce havin g a s panning -tree topo logy inde pendent of other spanning -tree insta ...
Cisco Systems IE3010 - page 413

18-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Unde rsta ndi ng M STP The IST i s th e onl y sp ann ing- tree ins tan ce th at s ends and rec eives BPDU s. A ll o f th e ot her spann ing-t ree inst ance informat ion is contain ed in M-re cords, which are encapsula ted within MSTP BPDUs. B ecause the ...
Cisco Systems IE3010 - page 414

18-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding MST P The IST conne cts all the MSTP switches in the reg ion and appears as a subtree in the CIST that encom passes the e ntire swit ched d omain. The root of the sub tree is the CIST re gional root. The MST region appear s as a virtual s ...
Cisco Systems IE3010 - page 415

18-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Unde rsta ndi ng M STP IEEE 802.1s Terminology Some MS T naming con venti ons used in Cisco ’ s presta ndard implem entation hav e been change d to identify so me internal or r e gi onal parameters. These parameters are signif icant only within an MST ...
Cisco Systems IE3010 - page 416

18-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding MST P Bounda ry Ports In the Cisco pr estanda rd impl emen tation, a boundary po rt con nects an M ST region to a sin gle spanning-t ree region runn ing RSTP , to a single spanni ng-tree regi on running PVST+ or rapid PVST+ , or to ano th ...
Cisco Systems IE3010 - page 417

18-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Unde rsta ndi ng M STP • The bou ndary port is not the r oot por t of t he CIST r egional root— The MST I port s foll ow the state and role of the CIST port. Th e standard pro vides less informatio n, and it might be dif ficult to underst and why a n ...
Cisco Systems IE3010 - page 418

18-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding RSTP Figure 18-3 illustrates a u nidirection al link f ailure th at typically creates a b ridging l oop. Switch A is the root switch, and its BPDUs are lost on the link leading to switch B. RSTP and MST BPDUs include the role an d state o ...
Cisco Systems IE3010 - page 419

18-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Understa nding RST P Port Roles and the Active Topology The RST P provide s rapi d conv e rgence of the s panning tree by assigning port role s and by l earning the acti ve topology . The RSTP build s upon the IEEE 802. 1D STP to sele ct the switch with ...
Cisco Systems IE3010 - page 420

18-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding RSTP • Root po rts—If the R STP sel ects a new root port, it b locks t he old roo t port and i mmedi ately transit ions the new root port t o the forwar ding sta te. • Point-to-p oint links—If you connec t a p ort to another port ...
Cisco Systems IE3010 - page 421

18-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Understa nding RST P Synchronizatio n of Port R oles When th e switc h receives a proposal me ssage on one of its port s and tha t port is selec ted as the new root port, the RST P force s all other por ts to synchr onize with the new root inform ation ...
Cisco Systems IE3010 - page 422

18-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding RSTP Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IE EE 802 .1D BP DU fo rmat except that the p roto col vers ion is set to 2. A new 1- byte V ersion 1 Length f ield is set to zero, whi ...
Cisco Systems IE3010 - page 423

18-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Processing I nferior BPD U Informatio n If a d esignat ed por t rec eiv es an inferior BP DU (high er sw itch I D, hi gher pa th cost , and so for th th an currently stored for the p ort) with a designated p ort role, it imme ...
Cisco Systems IE3010 - page 424

18-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es • Configuring a Secondar y Root Switch, page 18- 18 (optional) • Conf iguring Port Priority , page 18-19 ( optional ) • Configuring Path Cost, page 18 -20 (o ptiona l) • Conf iguring the Switch Priority , page 18-21 ...
Cisco Systems IE3010 - page 425

18-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res • The switc h support s up to 65 MST in stance s. The num ber of VLA Ns that can be mapp ed to a part icu lar MST i nsta nce is un lim ite d. • PVST+, rapi d PVST+, and MSTP are supporte d, but only one version ca n be ac ...
Cisco Systems IE3010 - page 426

18-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es T o r eturn to th e defaul t MST region c onfiguratio n, u se the no spanning-tree mst conf iguration global conf iguration command. T o return to the default VLAN- to-insta nce map, use the no instance instance-id [ vl an v ...
Cisco Systems IE3010 - page 427

18-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res 0 1-9,21-4094 1 10-20 ------------------------------- Switch(config-mst)# exit Switch(config)# Configuring th e Root Switch The swi tch mainta ins a spannin g-tree in stance fo r the group of VL ANs mapped to it. A switch ID, ...
Cisco Systems IE3010 - page 428

18-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure a switch as the root switch. This procedur e is optional. T o return the switch to its def ault setting, use the no spanning-tree mst insta nce-id roo t ...
Cisco Systems IE3010 - page 429

18-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Beginning i n privileged EX EC mo de, fol low these s teps t o configure a swit ch as the se condary root switch. Th is procedure is option al. T o return the switch to its def ault setting, use the no spanning-tree mst insta ...
Cisco Systems IE3010 - page 430

18-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Note Th e show sp anning-t ree mst inte rface interface-id privileged EXEC comma nd displa ys informa tion only if the port is in a link- up opera tive state. Ot herwis e, you can use the show running-conf ig interface privi ...
Cisco Systems IE3010 - page 431

18-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Note Th e show sp anning-t ree mst inte rface interface-id privileged EXEC comma nd displa ys informa tion only for por ts that are in a link-up ope rative state. Other wise, you can use the show running-confi g privileged EX ...
Cisco Systems IE3010 - page 432

18-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Beginning in privileged EXEC mod e, fo llow these steps to con figure the switc h priori ty . This proced ure is optional. T o return the switch to its def ault setting, use the no spanning-tree mst instance-id priority glob ...
Cisco Systems IE3010 - page 433

18-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Configuring th e Forwarding-Dela y Time Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for all MST inst ance s. This procedure is optio nal. T o return the switch to its d ...
Cisco Systems IE3010 - page 434

18-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Configuring the Maxi mum-Hop Count Beginning i n privileged E XEC mo de, follow these steps to con figure th e ma ximum- hop c ount fo r all MST inst ance s. This procedure is optio nal. T o return the switch to its defau lt ...
Cisco Systems IE3010 - page 435

18-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Designatin g the Neighb or Type A top ology co uld co ntain both pres tandar d and IEEE 802.1 s standa rd com pliant devices. By defau lt, ports c an aut omati cally det ect pre stand ard device s, but they can st ill re ceiv ...
Cisco Systems IE3010 - page 436

18-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Displaying the MST Configu ration and Stat us Displaying the MST Configuration and Status T o displa y the spann ing-tr ee status , use one o r more of the p ri vileged EXE C command s in Ta b l e 18-5 : For informat ion about other keywords for t he s ...
Cisco Systems IE3010 - page 437

CH A P T E R 19-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 19 Configuring Optional Spannin g-Tree Features This ch apter d escrib es how to configur e optio nal spa nning-t ree fe atures on the IE 3010 sw itch. Y ou ca n configure a ll of t hese f eatur es when your sw itch is runn ing th e per-VLAN spannin g-tree plus (PV ST+) ...
Cisco Systems IE3010 - page 438

19-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Understand ing Port Fa st Port Fast immedia tely br ings an inte rface configured as an acces s or trunk port to the forward ing state from a blocki ng sta te, bypa ssin ...
Cisco Systems IE3010 - page 439

19-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanning- Tree Features At the interf ace lev el, you en able BPDU guard o n any port b y using the spanning-tr e e bpduguard enab le interface conf iguration command with out also e nabling th e Port ...
Cisco Systems IE3010 - page 440

19-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figur e 19-2 Switche s in a Hier arc hical Networ k If a switch loses co nnectivity , it begins using t he alterna te paths as soon as the spanni ng tree selec ts a new ...
Cisco Systems IE3010 - page 441

19-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanning- Tree Features Figur e 19-3 UplinkF ast Example Befor e Dir ect Link F ailur e If Switch C detects a link fa ilure on the currentl y activ e link L2 on the ro ot port (a dir ect link f ailur ...
Cisco Systems IE3010 - page 442

19-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures The swit ch tries to f ind if it has an alternat e path to t he root switch. I f the in ferior BPDU arri ves on a blocked inte rface, t he root port an d other b locked ...
Cisco Systems IE3010 - page 443

19-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanning- Tree Features Figur e 19-6 Backbon eF ast Example Aft er Indir ect Link F ailur e If a ne w switch is introdu ced into a shared-mediu m topology as show n in Figure 19- 7 , Back boneFa st is ...
Cisco Systems IE3010 - page 444

19-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Unders tanding Ro ot Guard The Laye r 2 network of a service provide r (SP) can in clude ma ny connectio ns to swit ches that ar e not owned by the SP . In su ch a topo ...
Cisco Systems IE3010 - page 445

19-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Understand ing Loop Guard Y o u ca n use l oop g uard t o p rev ent a lternat e or root po rts f rom bec oming designa ted po rts bec ause o f a failur e that leads to a unidir e ...
Cisco Systems IE3010 - page 446

19-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Optional Spa nning-Tree Co nfiguration Guid elines Y o u can co nfigure PortFast, BP DU guard , BPDU filtering, Et herC hannel guard, root guard, or loop guard if your swit ...
Cisco Systems IE3010 - page 447

19-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Note Y ou can use the spanning-tree portf ast default gl obal con figuratio n comma nd to glob ally en able the Port Fast featur e on all nont runking por ts. T o d isab le th e ...
Cisco Systems IE3010 - page 448

19-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features T o disab le BPDU gu ard, use the no spanning-tre e portfast bpduguard default global configurati on comm and. Y ou can ov erride the settin g of the no spanning-tr ee po r ...
Cisco Systems IE3010 - page 449

19-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Enabling Up linkFast for Us e with R edundan t Link s UplinkFas t can not be enab led on VLAN s that have been configured with a swi tch p riority . T o enab le UplinkF ast on a ...
Cisco Systems IE3010 - page 450

19-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Y o u can co nfigure the Backbone Fast feat ure for r apid PVST+ or f or the MS TP , but the featu re remai ns disabled (inac tive) until you change th e spanni ng-tr ee mo ...
Cisco Systems IE3010 - page 451

19-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Enabling R oot Guard Root gu ard e nable d on an int erface applie s to all th e VLA Ns to whi ch th e int erface belongs . Do not enable t h e root g uard on interf aces to be ...
Cisco Systems IE3010 - page 452

19-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Displaying the Spannin g-Tree Stat us T o g loball y dis able lo op guard , use the no spanning-tree loopguard default global c onfiguratio n command. Y ou can o verride the setting of the no spanning-tr ee loopguard de ...
Cisco Systems IE3010 - page 453

CH A P T E R 20-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 20 Configuring Flex Link s and the MAC Address-Table Move Update Feature This chapte r describes ho w to conf igure Flex Links, a pa ir of interfa ces o n the IE 3010 switch that provide a mu tual bac kup. It a lso descr ibes how to configure t he MAC address-table move ...
Cisco Systems IE3010 - page 454

20-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update Y o u configure Flex Link s on one Layer 2 interface (the activ e link) by assign ing anot her Laye r 2 interfac e as the Flex L ...
Cisco Systems IE3010 - page 455

20-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A ddre ss-T able Mov e Up date Figur e 20-2 VLAN Flex Links Load Balancing Configu ration Examp le Flex Link Multicast Fast Convergence Flex Link Multica ...
Cisco Systems IE3010 - page 456

20-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update Leaking IGMP Reports T o a chieve multicast tra ff i c conv ergence with minim al loss, a redund ant da ta path m ust be se t up ...
Cisco Systems IE3010 - page 457

20-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A ddre ss-T able Mov e Up date 1 228.1.5.1 igmp v2 Fa0/1, Fa0/2, Fa0/3 1 228.1.5.2 igmp v2 Fa0/1, Fa0/2, Fa0/3 When a host re sponds to th e genera l que ...
Cisco Systems IE3010 - page 458

20-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update because the FastEtherne t0/2 is bloc ked. When th e active link, FastEthernet0/ 1 goes down, the backu p port, FastEtherne t0/2, ...
Cisco Systems IE3010 - page 459

20-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-Table Mo ve Update Figur e 20-3 MAC A ddress -T able Mov e Updat e Example Configuring Flex Links and the MAC Address-Table Move Update These se ctions ...
Cisco Systems IE3010 - page 460

20-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate The pree mptio n dela y is 35 seconds. The MAC address-tabl e move update featur e is not configured on the sw itch. Configuratio ...
Cisco Systems IE3010 - page 461

20-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-Table Mo ve Update T o disabl e a Flex Link b ackup interf ace, us e the no switchport backup int erface i n terface-id interfac e configurati on c omm ...
Cisco Systems IE3010 - page 462

20-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate T o remo ve a pr eemption schem e, use the no switchport backup interface interface-id preemption mode interfa ce conf iguration ...
Cisco Systems IE3010 - page 463

20-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-Table Mo ve Update T o disabl e the VLAN load balancin g featur e, use the no switchport backup inte rface inter fa ce -id pref er vlan vlan-range int ...
Cisco Systems IE3010 - page 464

20-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate Vlans Preferred on Active Interface: 1-2,5-4094 Vlans Preferred on Backup Interface: 3-4 Preemption Mode : off Bandwidth : 10000 ...
Cisco Systems IE3010 - page 465

20-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-Table Mo ve Update This e xample sho ws how to confi gure an access sw itch to send MA C address- table mov e upda te messages: Switch(conf)# interfac ...
Cisco Systems IE3010 - page 466

20-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Monito ring Flex L inks and t he MAC Addr ess-T able Move Upd ate Monitoring Flex Link s and the MAC Address-Table Move Update Ta b l e 20-1 show s th e pri vileged EXEC commands for monito ring t ...
Cisco Systems IE3010 - page 467

CH A P T E R 21-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 21 Configuring DHCP Features and IP Source Guard Features This c hapter d escribes how to configure D HCP s nooping and o ption-82 data insertion, and t he DHC P server port- based a ddress a llocat ion fe atures o n the IE 30 10 switc h. It also d escribes how to confi ...
Cisco Systems IE3010 - page 468

21-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding DHCP Sn ooping • DHCP Sno oping, page 21-2 • Option- 82 Data Inse rtion, pa ge 21-4 • Cisco IOS DHCP Server Database, page 21-7 • DHCP Sno oping Bin ding Database , pag e 21-7 For informa ...
Cisco Systems IE3010 - page 469

21-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping When a s witc h re ceives a pa cket o n an untr usted int erface and t he int erface b elo ngs to a V LAN in which DHCP snoop ing is en abled, the swi tch compa res the so urce MAC addr ...
Cisco Systems IE3010 - page 470

21-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding DHCP Sn ooping Option-82 Data Insertion In resident ial, metr opolit an Ethern et-ac cess environments , DHCP can cen trally mana ge the IP ad dress assi gnmen ts for a l arg e num b er of subscr ...
Cisco Systems IE3010 - page 471

21-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping • The DH CP ser ver recei ves the pa cket. If the serv er is op tion-82-ca pable, it ca n use the r emote I D, the circuit ID, or both to assign IP addresses and impl ement policies, ...
Cisco Systems IE3010 - page 472

21-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding DHCP Sn ooping Figur e 21 -2 Suboption P ac ket F ormat s Figure 21-3 shows the packet fo rmats for user-configure d remote-I D and cir cuit-ID suboptions The switch uses these pa cket format s w ...
Cisco Systems IE3010 - page 473

21-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping Figur e 21 -3 User -Configur ed Suboption P ac k et For mats Cisco IOS DHC P Serv er Database Durin g the D HCP-based au toconf igurati on proc ess, the de signated D HCP ser ver uses t ...
Cisco Systems IE3010 - page 474

21-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng When re loading, the switch read s the b inding file to build the DH CP snoop ing bi nding da taba se. The switch u pdates th e f ile when the d atabase cha nges. When a swit ch lear ...
Cisco Systems IE3010 - page 475

21-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn ooping • Ena bling the Cisc o IOS DH CP Ser ver Data base , page 21- 14 • Ena bling the Cisc o IOS DH CP Ser ver Data base , page 21- 14 • Enablin g the DHCP Sno oping Bind ing Data base ...
Cisco Systems IE3010 - page 476

21-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng • Before co nfiguring the DHCP sn ooping inf ormatio n optio n on your switch, be sure to configure t he de vice that is actin g as the DHCP server . For e xample, you mu st speci ...
Cisco Systems IE3010 - page 477

21-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn ooping Configuring the DHCP Relay Agent Beginn ing in pri vileged EXEC mode, follo w these steps to enable the DHCP relay agent on the switch: T o disa ble t he DHCP server an d rela y agent, ...
Cisco Systems IE3010 - page 478

21-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng T o remo ve th e DHCP p acket for ward ing ad dress, use the no ip h elper -address addr ess inte rface configurati on c ommand. Enabling DHC P Snoo ping and Op tion 82 Beginning in ...
Cisco Systems IE3010 - page 479

21-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn ooping T o disab le DHCP snoopi ng, use the no ip dhcp snooping gl obal con figurati on comm and. T o disabl e DHCP snoo ping o n a VLAN or range of VLA Ns, use the no ip dhcp snooping vlan v ...
Cisco Systems IE3010 - page 480

21-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng This exampl e shows ho w to enable DH CP snooping gl oball y and on VLA N 10 and to co nfigure a rate limit of 1 00 packets per sec ond on a por t: Switch(config)# ip dhcp snooping ...
Cisco Systems IE3010 - page 481

21-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Displaying DHCP Snooping Information T o s top u sing the da tabas e ag ent a nd bindi ng files, u se the no ip dhcp snooping database glob al configurati on c ommand. T o rese t the t imeou t or de lay values, u ...
Cisco Systems IE3010 - page 482

21-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding IP So urce Gu ard Note Th e port ACL takes prece denc e ove r any router A C Ls or VL AN maps that affect the same interfa ce. The IP source bindi ng tab le bindin gs are lea rned by DHCP snoopi ...
Cisco Systems IE3010 - page 483

21-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard traff ic on nonrou ted Layer 2 interfaces. It filters traff ic based o n the DHCP snoopi ng bindi ng database and on manua lly con figured IP source bi ndings. Th e previous versi ...
Cisco Systems IE3010 - page 484

21-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard Static IP source binding can only be configured on switch port. • When IP sourc e guard with source IP filtering is enabled on an inte rface, DHCP snooping m ust be enabled on ...
Cisco Systems IE3010 - page 485

21-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard T o disable I P source guard wi th source I P address f iltering, use the no ip verify source interface configurati on c ommand. T o delete a static IP source b inding entry , use ...
Cisco Systems IE3010 - page 486

21-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard This e xample shows how to st op IPSG with static hosts on an interface. Switch(config-if)# no ip verify source Switch(config-if)# no ip device tracking max Command Purpose Step ...
Cisco Systems IE3010 - page 487

21-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard This exam ple sh ows how to enable IPSG w ith sta tic host s on a po rt. Switch(config)# ip device tracking Switch(config)# ip device tracking max 10 Switch(config-if)# ip verify ...
Cisco Systems IE3010 - page 488

21-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard This example shows how to enable I PSG for static ho sts with IP filters on a L ayer 2 access p ort and to verify the valid IP bindi ngs on the interface Gi0/3: Switch# configur ...
Cisco Systems IE3010 - page 489

21-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard 200.1.1.2 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 200.1.1.2 0001.0600.0000 8 GigabitEthernet0/1 INACTIVE 200.1.1.3 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 200.1.1.3 0001.060 ...
Cisco Systems IE3010 - page 490

21-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port Note Y ou must globa lly con figure the ip device tracking maximum limit-number int e rface co nf igurat ...
Cisco Systems IE3010 - page 491

21-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard This example shows ho w to enable IPSG fo r static hosts with IP filters on a priv a te VLAN host po rt: Switch(config)# vlan 200 Switch(config-vlan)# private-vlan primary Switch( ...
Cisco Systems IE3010 - page 492

21-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Display ing IP Source G uard Info rmation Displaying IP So urce Guard Information T o d isplay the IP source gua rd info rmati on, u se one or mo re of the privileged EX EC comm ands i n Ta b l e 21-3 : Unders ...
Cisco Systems IE3010 - page 493

21-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Config uring DHCP Server Port-Based Addr ess Allocat ion Default Port-Based Addres s Allocation Configuration By def ault, DHCP ser ver port-based address allo cation is d isabled. Port-Base d Address Allocatio n ...
Cisco Systems IE3010 - page 494

21-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Server Port-Base d Address Allocatio n not offered t o the client, and other clients are not ser ved by the p ool. By ent ering this com mand , users can configure a group of switc hes with D ...
Cisco Systems IE3010 - page 495

21-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Displa ying DHCP Ser ver Po rt-Based Address Allo cation ip dhcp subscriber-id interface-name ip dhcp excluded-address 10.1.1.1 10.1.1.3 ! ip dhcp pool dhcppool network 10.1.1.0 255.255.255.0 address 10.1.1.7 cli ...
Cisco Systems IE3010 - page 496

21-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Display ing DHCP Server Port-Base d Address Allocatio n ...
Cisco Systems IE3010 - page 497

CH A P T E R 22-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 22 Configuring Dynamic ARP Insp ection Note Th is chapte r describe s how to configure dynam ic Address R esolutio n Protoco l inspect ion (dyn amic ARP inspect ion) on the IE 3010 switc h. This featu re helps p re vent mali cious at tacks on t he swit ch b y not relayi ...
Cisco Systems IE3010 - page 498

22-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Underst anding D ynamic ARP I nspection Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet. Their IP and MAC address es are shown in pa re nth eses; fo r example, Ho st A us ...
Cisco Systems IE3010 - page 499

22-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Understa nding Dynami c ARP Inspection Interface Trust State s and Netw ork Security Dynamic AR P inspection associat es a trust state with each inter face o n the switch. P ack ets arri ving on trusted inter faces bypass all dynami ...
Cisco Systems IE3010 - page 500

22-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Underst anding D ynamic ARP I nspection running dynamic ARP inspection from swi tches not runni ng dyna mic ARP inspecti on swit ches. For conf iguration infor mation, see the “Configuri ng ARP A CLs for Non-D HCP Environments” ...
Cisco Systems IE3010 - page 501

22-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Configuring Dynamic ARP Inspe c tion These sec tions co ntain this co nfiguration info rmat ion: • Def ault Dyna mic AR P Inspec tion Conf igur ation, pa ge 22-5 • Dynamic ARP Inspection Con fig ...
Cisco Systems IE3010 - page 502

22-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection • Dynamic ARP inspectio n is not effective for host s co nnected to s witche s that d o not suppo rt dynami c ARP i nspec tion or that do n ot have this f eature enabl ed. Be caus e man- in-t ...
Cisco Systems IE3010 - page 503

22-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Configuring Dy namic ARP Insp ection in DHCP Environments This pro cedure shows how to configure dynamic ARP insp ecti on when two switches supp ort th is feat ure. Host 1 is connected to Switc h A, ...
Cisco Systems IE3010 - page 504

22-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o disa ble dyna mic ARP insp ecti on, use the no ip arp inspec t ion vlan vlan-range g lobal c onfigurati on command. T o return the in terfa ces to an u ntrust ed state, use the no ip arp in ...
Cisco Systems IE3010 - page 505

22-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Step 3 permit ip host sender-ip mac host sender-mac [ log ] Permit A RP pac kets from the sp ecified hos t (Host 2). • For sender-ip , enter the I P addr ess of Host 2. • For send er -mac , ente ...
Cisco Systems IE3010 - page 506

22-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o remov e the ARP A CL, use the no ar p access-list global c onfiguration c ommand. T o re move the ARP A CL attach ed to a VLAN, u se the no ip arp inspection f ilter ar p-acl- name vla n v ...
Cisco Systems IE3010 - page 507

22-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection T o return to the default ra te-limit conf iguratio n, use the no ip a rp inspect ion limit interface configurati on c ommand. T o disabl e erro r re covery for dynam ic A RP inspe ction, u se t he ...
Cisco Systems IE3010 - page 508

22-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Be ginning in pri vileged EXE C mode, fo llo w these steps to pe rform specif ic checks on in coming ARP packet s. This proced ure is optional. T o di sable ch ecking , use the no ip arp inspe ...
Cisco Systems IE3010 - page 509

22-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection If the log b uffer o ver flow s, it means that a log ev ent does not fit int o the log buf fer , and the display for the show ip arp inspection l og privileged EXEC comma nd is affected. A -- in th ...
Cisco Systems IE3010 - page 510

22-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Display ing Dyna mic ARP Insp ectio n Informat ion T o return to the defau lt log buf fer settings, use the no ip ar p inspection log-b uffer { entries | logs } global configurati on com mand. T o return to the defaul t VLAN log s ...
Cisco Systems IE3010 - page 511

22-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Displaying Dynamic ARP Inspection Information T o clear or display dynamic ARP inspec tion statistics, use the pri vileged EXEC commands in Ta b l e 22-3 : For t he show ip arp inspec tion statis tics c omma nd, th e sw itch in crem ...
Cisco Systems IE3010 - page 512

22-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Display ing Dyna mic ARP Insp ectio n Informat ion ...
Cisco Systems IE3010 - page 513

CH A P T E R 23-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 23 Configuring IGMP Sno oping and MVR This cha pter descr ibes how to configure Int ernet Group Ma nageme nt Proto col (IGMP) snooping on the IE 3010 switch, inc luding an appl ication of loca l IGMP snooping, Mult icast VLAN Re gistration (MVR). It also includes proced ...
Cisco Systems IE3010 - page 514

23-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping the switc h adds the host port numb er to the forwar ding table entry; when it rece i ves an IGMP Lea ve Group message from a host, it remo ves the host port from the table entr y . It also periodic ally d ...
Cisco Systems IE3010 - page 515

23-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping An IGMPv 3 switc h suppo rts Basic IGMPv 3 Snoopin g Support (BISS), which includes support for t he snooping feat ures on IGMPv 1 an d IGMPv 2 switc hes a nd for IGMPv 3 membe rship r eport message s. BISS ...
Cisco Systems IE3010 - page 516

23-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Router A sends a genera l quer y to th e switch , which forwar ds the qu ery to ports 2 t hroug h 5, whi ch are all members of the same VLAN. Host 1 wants to join multicast group 224.1.2.3 and multicasts a ...
Cisco Systems IE3010 - page 517

23-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Leaving a Multicast Group The router sends periodic multicast general querie s, and the switch forw ards these queries throug h all ports in the VLAN. Inte rested hosts respond to th e qu eries. If at least ...
Cisco Systems IE3010 - page 518

23-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping The swi tch uses IGMP report suppression to forwar d only one IGMP report pe r multicast r outer q uery to multicast de vices. When IGMP router supp ression is enabled (th e default), the switch sends the f irs ...
Cisco Systems IE3010 - page 519

23-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Enabling or Dis abling IGMP Sn ooping By default, IGM P snoopin g is global ly enab led on the swi tch. When gl oball y enab led or disable d, it is also enabled or disa bled in all existin g VLAN interf aces. ...
Cisco Systems IE3010 - page 520

23-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Setting th e Snoo ping M ethod Multic ast-c apable route r ports are added to th e for warding table f or every Layer 2 multicast entry . The switch learn s of such port s through one of these me thods: • Sno ...
Cisco Systems IE3010 - page 521

23-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring a Multi cast Router Port T o add a mult icast router port (a dd a static connection to a multicast rout er), use th e ip igmp snooping vlan mrouter global c onfiguratio n comma nd on t he swit ch. ...
Cisco Systems IE3010 - page 522

23-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring a Host Sta tically to Join a Group Hosts or La yer 2 port s normal ly join m ulticast groups dyna micall y , but you can also sta tically configure a host on an in terface . Beginn ing in pri vileg ...
Cisco Systems IE3010 - page 523

23-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping T o disabl e IGMP Imm ediate Lea ve on a VLA N, use the no ip igmp snooping vlan vlan- id immediate-lea ve glo bal c onfiguration comma nd. This exam ple sh ows how to enabl e I GMP Im media te Le ave on VLAN ...
Cisco Systems IE3010 - page 524

23-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configur ing TCN-Related Com mands These sec tions de scribe how to cont rol flood ed mult icast traff i c during a TCN event: • Controlling the Multic ast Flooding T ime After a TCN Event, page 23-12 • Re ...
Cisco Systems IE3010 - page 525

23-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Beginn ing in pri vileged EXEC mode, follo w these steps to enable the switch to send the global lea ve message whether or not it is the span ning-t ree ro ot: T o return to the def ault query solicitati o n, ...
Cisco Systems IE3010 - page 526

23-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf ig ure the VLAN in glob al conf ig uration mode . • Conf igure an IP a ddress on the ...
Cisco Systems IE3010 - page 527

23-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information This exam ple sh ows how to set th e IGM P snoop ing q uerier s ource add ress to 10.0.0. 64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)# end This ...
Cisco Systems IE3010 - page 528

23-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information T o d isplay IGMP snoopi ng info rmat ion, u se on e or more of th e privilege d EXEC comm ands in Ta b l e 23-4 . For more inform ation abou t the keywords and option s in these comm ands, see the ...
Cisco Systems IE3010 - page 529

23-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Understanding Multicast VLAN Registration Understandin g Multicast VLAN Registrati on Multica st VLA N R egistration (MVR) is d esigned for appli cations using w ide-sc ale d eploymen t of multic ast tr aff ic acro ss an Et hernet rin ...
Cisco Systems IE3010 - page 530

23-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Underst anding Mu lticas t VLAN Regi stratio n Figur e 23-3 Multicast VLAN Registr ation Example When a subscriber chan ges channels or turns of f the tele vision, the set-top box sends an IGMP leav e message for t he multica st stream ...
Cisco Systems IE3010 - page 531

23-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring MVR These messa ges dynamic ally re g ister f or streams of multicast traf fic in the m ulticast VL AN on the Layer 3 device. Sw itch B. T he ac cess laye r switch, Switc h A, m odifies the f orwarding behavior to allow th ...
Cisco Systems IE3010 - page 532

23-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Conf iguri ng MV R • Because MVR on the switch uses IP multicast ad dresses instead of MA C multicast addresses, aliased IP multicast addresses are allo wed on the switch. Ho wev er , if the switch i s interoperating with Ca talyst 3 ...
Cisco Systems IE3010 - page 533

23-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring MVR T o return the switc h to its defa ult settin gs, use the no mvr [ mode | group ip-ad dress | querytime | vl an ] global configurat ion comm ands. This e xample sho ws how to enable MVR, conf igure the group address, s ...
Cisco Systems IE3010 - page 534

23-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Conf iguri ng MV R T o return the interfa ce to its defau lt settings, use the no mvr [ type | immediate | vlan vlan-id | gr oup ] interf ace config uration co mmands. This exam ple sh ows how to con figure a port a s a r eceiver port, ...
Cisco Systems IE3010 - page 535

23-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Displaying MVR Information Displaying MVR Information Y ou can display MVR information for th e switch or for a sp ecif ied inter face. Beg inning in priv ilege d EXEC mode, use th e comm ands in Ta b l e 23-6 to display MVR configura ...
Cisco Systems IE3010 - page 536

23-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng IGMP f iltering is applicab le only to the dynamic lea rning of IP multicast group add resses, not static configurat ion. W i th the IGMP thro ttling feat ure, yo u ca n set t he maximu ...
Cisco Systems IE3010 - page 537

23-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling • permit : Spec ifie s that matching addr esses are p ermitted. • rang e : Specif ies a range of IP add r esse s for the pr of ile. Y ou ca n enter a single IP addres s or a range with a s ...
Cisco Systems IE3010 - page 538

23-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng Applying IGMP Profil es T o c ontrol access as defined i n an IGMP profile, u se th e ip igmp fil t er interf ace conf iguration command to apply the prof ile to the appropriate in terfa ...
Cisco Systems IE3010 - page 539

23-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling T o remov e the max imum group li mitation and ret urn to the def ault of no maximum, use th e no ip igmp max-groups interf ace con fig uration comm and. This exampl e shows ho w to limit to 2 ...
Cisco Systems IE3010 - page 540

23-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Displaying IGMP Filterin g and Thro ttling Configu ration Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure the throttling action when the maxim um numbe r of entrie s is in the f orwarding table : T o return to th ...
Cisco Systems IE3010 - page 541

CH A P T E R 24-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 24 Configuring Port-Base d Traffic Control This chap ter describe s ho w to conf igure the por t-based traf fic co ntrol fe atures on the IE 301 0 switch. Note For c omplete s yntax and usage in formation fo r the command s used in th is chapter , see the co mmand refer ...
Cisco Systems IE3010 - page 542

24-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Storm Control Storm cont rol use s one of th ese m ethods to measu re traf fic acti vity: • Bandwidth as a percentage of the tot al av ailable bandwid th of the port that can be use d by the broadca st, mul ticas t, o ...
Cisco Systems IE3010 - page 543

24-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Configuring Storm Control The com binat ion of th e storm-c ontrol suppressi on level and the 1-se cond ti me inter val controls t he way the storm control a lgorith m works. A highe r threshol d allows more packets t o pass throu ...
Cisco Systems IE3010 - page 544

24-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Storm Control Step 3 storm- contr ol { broadcast | multicast | unicast } level { leve l [ leve l- low ] | bps bps [ bps- low ] | pps pps [ pps-l ow ]} Configure b roadcast, multic ast, or unicast stor m control. By def ...
Cisco Systems IE3010 - page 545

24-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Configuring Protected Ports T o disabl e stor m contro l, use the no storm-contro l { broadcast | multicast | unicast } level interface configurati on c ommand. This exa mple shows how to ena ble un icast stor m c ontrol on a port ...
Cisco Systems IE3010 - page 546

24-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configur ing Port Block ing Do not co nf igure a pri vate-V LAN port as a protec ted por t. Do not co nfi gure a protecte d port as a priv at e-VLA N po rt. A priv ate- VLAN i solat ed po rt doe s n ot forwa rd tra ff i c to other ...
Cisco Systems IE3010 - page 547

24-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Default Port Blocki ng Configuration The default is to not b lock flooding o f unknown multicast and u nicast traff ic out o f a port, but to flood these pac kets to a ll ports. Blocking Flooded Tra ffi ...
Cisco Systems IE3010 - page 548

24-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security If a por t is conf igured as a secu re port and the maxi mum number of secu re MAC addresses is re ached, when the MA C ad dress of a statio n att empting to access the port is diff erent f rom a ny of the ...
Cisco Systems IE3010 - page 549

24-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity The stick y secure MA C addre sses do not automatically become part of the co nfig uration file , which is the startu p config uration used eac h time t h e swit ch restarts. If yo u sa ve the s tick y ...
Cisco Systems IE3010 - page 550

24-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Default Port Security Configuration Ta b l e 24-2 shows the def a ult port security con figurat io n for an interfac e . Port Secu rity Con figuration Guidelines Foll ow these g uidelines whe n conf iguri ...
Cisco Systems IE3010 - page 551

24-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity • When y ou enab le port secu rity on an i nterfac e that i s also conf igured with a voice V LAN, se t the maxim um allowed secur e addresse s on the por t to two. When the port is conne cted to a C ...
Cisco Systems IE3010 - page 552

24-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Enabling a nd Con figuring Port S ecurity Beginn ing in pri vileged EXE C mode, follo w these steps to restrict input to an interface b y limiting and identify ing MA C addresses of the stations allo wed ...
Cisco Systems IE3010 - page 553

24-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Step 7 s wit chpor t port -sec urity [viola tion { protec t | r estrict | shutdown | shutdown vlan }] (Optiona l) Set the vi olatio n mode, the action to be taken when a sec urity violatio n is detec t ...
Cisco Systems IE3010 - page 554

24-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Step 8 s witchport port-securit y [ mac-addre ss mac-address [ vlan { vlan-id | { access | voice }}] (Optional) Ent er a secure MA C address for the interface . Y ou can use this comman d to enter th e ma ...
Cisco Systems IE3010 - page 555

24-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity T o return the interfac e to the def a ult co ndition as not a secure port, use the no swit chport port-security interf ace config uration com mand. If you enter this co mmand when sticky learning is e ...
Cisco Systems IE3010 - page 556

24-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.0000.0001 vlan voice Switch(config-if)# switchport port-security ...
Cisco Systems IE3010 - page 557

24-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity T o disab le port secu rity agin g for all secur e addresse s on a port, use the no switchport port-security aging tim e interfac e conf iguratio n com mand. T o disa ble a ging f or o nly s taticall y ...
Cisco Systems IE3010 - page 558

24-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings Secur e addr esses that ar e lea rned on host port get au toma tica lly replic ated on asso ciat ed prim ary VLANs, and similar ly , secure add resses le arned o n pro miscuous po r ...
Cisco Systems IE3010 - page 559

CH A P T E R 25-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 25 Configuring CDP Note This chap ter de scribes ho w to con fi gure C isco Disco very P roto col (C DP) on the IE 30 10 swit ch. Fo r compl ete sy ntax an d usag e informat ion fo r the command s used in this c hapter , see the command reference for this releas e and t ...
Cisco Systems IE3010 - page 560

25-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 25 Conf iguring CDP Conf iguri ng CD P • The wir ed switch and the endpoi nts both se nd and rece iv e location i nform ation . For info rmation, go t o: http://www .cisco.com /en/US/docs/ios/n etmgmt/conf iguration/guide/nm_ cdp_disco ver .html. The switch supp orts CD ...
Cisco Systems IE3010 - page 561

25-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 5 Configuring CDP Configuring CDP Configuring the CD P Characteristics Y o u can co nfigure the fr equency of CDP upd ates , the amo unt of time t o hold the inf ormat ion bef ore discar ding it, an d whether or no t to send V e rsion-2 ad vertisem ents. Beginn ing in pri ...
Cisco Systems IE3010 - page 562

25-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 25 Conf iguring CDP Conf iguri ng CD P Beginning in privileged EX EC mod e, follow these steps to di sable t he CDP device disc overy capability: Beginn ing in pri vileged EXEC mode, follo w these steps to enable CDP when it ha s been disabled: This example shows how to e ...
Cisco Systems IE3010 - page 563

25-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 5 Configuring CDP Monitoring and Maintaining CDP Beginning i n privileged E XEC mo de, follow these s teps to ena ble C DP on a port w hen it has been disabled : This exam ple sh ows how to enable CDP on a po rt wh en i t has been di sable d. Switch# configure terminal Swi ...
Cisco Systems IE3010 - page 564

25-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 25 Conf iguring CDP Monito ring and Mai ntainin g CDP ...
Cisco Systems IE3010 - page 565

CH A P T E R 26-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 26 Configuring LLDP, LL DP-MED, and Wired Location Service This c hapter d escrib es how to configu re the L ink La yer Discovery Prot ocol ( LLDP), L LDP M edia Endpo int Discover y (LLD P-MED) and w ired loc ation se rvice on the IE 3010 IE 30 00 switc h. Note For c o ...
Cisco Systems IE3010 - page 566

26-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e • M anage ment add ress TL V These or ganizati onally specif ic LLDP TL Vs are als o adver tised to support LL DP-MED. • Port V LAN I D TL V (( IE ...
Cisco Systems IE3010 - page 567

26-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Unde rsta ndin g LLDP , LL DP-M ED, and Wi red Loca tion Servic e Y o u can ch ange pow er setti ngs by ente ring the power inline { aut o [ max max-watta ge ] | never | static [ max max-watta ge ] } interfa ce ...
Cisco Systems IE3010 - page 568

26-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Conf igurin g LLD P , LL DP-MED, and Wire d Locat ion Ser vic e • T ime in se conds since the sw itch de tected th e asso ciation Depending on the dev ice capabilitie s, the switch obtai ns this client informat ...
Cisco Systems IE3010 - page 569

26-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Configuratio n Guidelines • If the interf ace is conf igured as a tunnel port, LLDP is automatically disab led. • If you first configure a ne twork-po l ...
Cisco Systems IE3010 - page 570

26-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Conf igurin g LLD P , LL DP-MED, and Wire d Locat ion Ser vic e This exam ple sh ows how to globall y enabl e LLD P . Switch# configure terminal Switch(config)# lldp run Switch(config)# end This e xample sho ws h ...
Cisco Systems IE3010 - page 571

26-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Switch(config)# end Configurin g LLDP-M ED TL Vs By def ault, the switch only sends LLDP packe ts until it re cei ves LLDP-MED p ackets f r om the end de vi ...
Cisco Systems IE3010 - page 572

26-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Conf igurin g LLD P , LL DP-MED, and Wire d Locat ion Ser vic e Use the no form o f each command t o return to the default settin g . This example shows ho w t o configure VLA N 100 for voice appl ication wi th C ...
Cisco Systems IE3010 - page 573

26-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Configuring Location TLV an d Wired Loc ation Se rvice Beginning i n privileged E XEC mo de, follow these steps to con figure lo cation info rmation for a n ...
Cisco Systems IE3010 - page 574

26-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Monito ring and Mai ntainin g LLDP, LLDP-MED , and Wired Lo catio n Service Beginn ing in pri vile ged EXEC mode, follo w these steps to enable wired location service on the switch. Note Y our switc h must be ru ...
Cisco Systems IE3010 - page 575

26-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service show lldp neighbors [ interface- id ] [ detail ] Display inform ation abou t neighb ors , includ ing device type , inter face ty pe and numb ...
Cisco Systems IE3010 - page 576

26-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Monito ring and Mai ntainin g LLDP, LLDP-MED , and Wired Lo catio n Service ...
Cisco Systems IE3010 - page 577

CH A P T E R 27-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 27 Configuring UDLD This c hapter descri bes how to c onfigure t he Un iDirec tional Link D etect ion (U DLD) protoc ol on t he IE 3010 switch. Note For c omplete s yntax and usage in formation fo r the command s used in th is chapter , see the co mmand refere nce fo r ...
Cisco Systems IE3010 - page 578

27-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 27 Configuring UDLD Underst andin g UDLD In norm al mode, UDLD detect s a unidir ectiona l link whe n fib er stra nds in a fib er- optic port are misconnecte d and the Layer 1 mechanisms do no t detect this mi sconnection. If th e ports are co nnected correctl y b ut the t ...
Cisco Systems IE3010 - page 579

27-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 7 Configuring UD LD Configur ing UDLD If the dete ction window ends and no valid reply messa ge is received, the link mi ght shut down, dependi ng o n the UDLD mode . When UDL D is in n ormal mode, th e lin k might be c onsid ered undete rmine d and m ight n ot b e shut do ...
Cisco Systems IE3010 - page 580

27-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 27 Configuring UDLD Conf igurin g UDLD Default UDLD Configuration Ta b l e 27-1 shows the default U DLD configurati on. Configuratio n Guidelines These ar e the U DLD con figuration gui deli nes: • UDLD is not supp orted on A TM port s. • A UDLD- capable port can not d ...
Cisco Systems IE3010 - page 581

27-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 7 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vileged EXEC mode, follo w these steps to enable UDLD in the aggressi ve or nor mal mode a nd to se t th e co nfigurable m essag e time r on all fiber-optic p orts on the switch : T o d isab le ...
Cisco Systems IE3010 - page 582

27-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 27 Configuring UDLD Displa ying U DLD Sta tus Resetting an Interface Disabled by UDLD Beginn ing in pri vilege d EXEC mode, follo w these steps to reset all ports disabled by UDLD: Y o u can also br ing up the port by using these command s: • The shutdown inte rface conf ...
Cisco Systems IE3010 - page 583

CH A P T E R 28-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 28 Configuring SPAN and RSPAN This chap ter de scribe s ho w to conf igure Switche d Port Analyze r (SP AN) and Remot e SP AN (RSP AN ) on the IE 3010 switc h. Note For c omplete s yntax and usage in formation fo r the command s used in th is chapter , see the co mmand ...
Cisco Systems IE3010 - page 584

28-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N These sect ions co ntain this co nceptu al in forma tion: • Local SP AN, pa ge 28-2 • Remo te SP AN, pa ge 28-2 • SP AN and RSP AN Concepts a nd T ermino logy , page 28-3 • SP AN and RSP AN Interac tion ...
Cisco Systems IE3010 - page 585

28-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN Figur e 28-2 Example of R SP AN Configur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts an d terminology associat ed with SP AN and RSP AN co nfiguration. SPAN Sessions SP AN se ...
Cisco Systems IE3010 - page 586

28-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N An RSP AN so urce sessi on is v ery similar to a local SP AN session, excep t for where th e pack et stream is directe d . In an RSP AN source session , SP AN pa ckets are relabe led with th e RSP AN V L AN ID a ...
Cisco Systems IE3010 - page 587

28-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN • T r ans mit (T x) SP AN —Th e goal of tran smit (or egress ) SP AN is to monit or as mu ch as possib le a ll the p ackets sent by the source i nterface a fter all m odif ication an d proce ssing is performe d ...
Cisco Systems IE3010 - page 588

28-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N A sourc e port has th ese ch arac te ristic s: • It can be m onitored in multiple SP AN sessions. • Each s ource port can be configu red wit h a direc tion (i ngress, egress, o r both) to monit or . • It c ...
Cisco Systems IE3010 - page 589

28-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN Destination Port Each local SP AN session or RSP AN destination session must have a destina tion port (a lso called a monitoring port ) th at rece iv es a copy of traffic from the sour ce port s or VLANs an d sends ...
Cisco Systems IE3010 - page 590

28-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N RSPAN V LAN The RSP AN VLAN carrie s SP AN traf f ic betwe en RSP AN source and destin ation sessio ns. It has these special ch aracter istics: • All traf fi c in the RSP AN VLAN is al ways flood ed. • No MA ...
Cisco Systems IE3010 - page 591

28-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN A physical port th at belongs to an Et herChan nel group ca n be configured as a SP A N source port and still be a part of the Ether Ch annel . In this case, data from the ph y sical port is monitored as it particip ...
Cisco Systems IE3010 - page 592

28-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN Configuring Local SPAN These sec tions co ntain this co nfiguration in format ion: • SP AN Config uration Guidelin es, page 28-10 • Creati ng a Local SP AN Sessio n, page 28-11 • Creati n g a Local SP AN Sess ...
Cisco Systems IE3010 - page 593

28-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Creating a Local SPAN Session Beginnin g in priv ileg ed EXEC mode, follo w these steps to create a SP AN session and specify the source (monitor ed) p orts or VLAN s an d the destin ation (monitor ing) ports: Comm ...
Cisco Systems IE3010 - page 594

28-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete a SP AN session , use the no monitor se ssion session_num ber globa l configura tion comm and. T o r emove a source or desti nation port or VLA N from the SP AN sessio n, use the no monitor se ssion sess ...
Cisco Systems IE3010 - page 595

28-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN This example shows how to remov e any e xisting configuration on SP AN se ssion 2, configure SP AN session 2 to moni tor rec eiv e d traff ic on all ports belongi ng to VLAN s 1 throug h 3, and sen d it to destinat ...
Cisco Systems IE3010 - page 596

28-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete a SP AN session , use the no monitor se ssion session_num ber globa l configura tion comm and. T o r emove a source or desti nation port or VLA N from the SP AN sessio n, use the no monitor se ssion sess ...
Cisco Systems IE3010 - page 597

28-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o monitor all VLANs on the trunk port, use the no monitor session sessio n_num ber filt er global configurati on c ommand. This example shows how to remov e any e xisting configuration on SP AN se ssion 2, config ...
Cisco Systems IE3010 - page 598

28-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • Y ou can apply a n output ACL to RSP AN traf f ic to selecti vely f ilter or moni to r specif ic packe ts. Specify these A CLs on the RSP AN VLAN in the RSP AN sour ce switch es. • For RSP AN conf igurati on, ...
Cisco Systems IE3010 - page 599

28-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o remo ve the remote SP AN character istic from a VLAN and con v ert it back to a normal VLAN , use the no remote-span V LAN c onfigura tion comm and. This exam ple sh ows how to crea te RSP AN VLA N 901. Switch( ...
Cisco Systems IE3010 - page 600

28-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_n umber gl obal configurati on com mand. T o remove a source port or VLAN from th e SP AN sessio n, use the no monitor session sessio n_numbe r sour ce ...
Cisco Systems IE3010 - page 601

28-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o delete a SP AN session , use the no monitor se ssion session_num ber globa l configura tion comm and. T o re move a destinat ion por t from t he SP A N session, use the no monito r session session_num ber desti ...
Cisco Systems IE3010 - page 602

28-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor se ssion session_numb er global con figuration comman d. T o remove a destinati on port from the RSP AN sessi on, use the no monitor session session_num ber destinat ...
Cisco Systems IE3010 - page 603

28-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Specifying VLANs to Filter Beginning in privileged EXEC mo de, follow these steps t o configure the RSP AN source session to limit RSP AN sour ce traff ic to specific VLANs: T o monitor all VLANs on the trunk po rt ...
Cisco Systems IE3010 - page 604

28-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Display ing SPAN and RSPAN Status Displaying SPAN and RSPAN Status T o displ ay the curre nt SP AN or RS P AN configuration , use the show monitor u ser E XEC c omma nd. Y ou can also use t he show running-conf ig privileged EX EC comm and t ...
Cisco Systems IE3010 - page 605

CH A P T E R 29-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 29 Configuring RMON This ch apt er descr ibes how to configure Remote Network M oni toring (RMON ) on the IE 301 0 switch . RMON i s a standa rd m onitori ng specificati on that defines a se t of sta tistics a nd f unctions that can be exchanged between RMON-c omplian t ...
Cisco Systems IE3010 - page 606

29-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 29 Configuring RMON Conf igurin g RMON Figur e 29-1 Remote Mo nitor ing Example The switc h supports these RM ON groups (defined in RFC 1757) : • Statistics ( RMON group 1)—Collects E thernet statistic s (including Fast Ethernet and Giga bit Ethern et statist ics, depe ...
Cisco Systems IE3010 - page 607

29-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 29 Configur ing RMON Confi guring R MON • Collecting Group Histo ry Statisti cs on an Interface , page 29-5 (optional) • Collecting Group Eth ernet Statisti cs on an Interf ace, page 29-5 (o ptio nal) Default RMON Configuration RMON is disa bled by default ; no alarms or ...
Cisco Systems IE3010 - page 608

29-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 29 Configuring RMON Conf igurin g RMON T o disable an alarm, use the no rmon alar m number global configura tion com mand on each alarm you configured . Y ou canno t disa ble a t once all the a larms that yo u con figured. T o disa ble an event, use th e no rmo n event nu ...
Cisco Systems IE3010 - page 609

29-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 29 Configur ing RMON Confi guring R MON Collectin g Group Hist ory St atistics on an Interface Y o u must first configure RMON alar ms and events to displa y colle ction i nfor mation. Beginn ing in pri vileged EXE C mode, follo w these steps to co llect group history stati ...
Cisco Systems IE3010 - page 610

29-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 29 Configuring RMON Displa ying RMON Sta tus T o disa ble the coll ection of g roup E thernet st atistic s, use the no rmon collection stats inde x interf ace configurati on c ommand. This e x ample sho ws how to collec t RMON statistics for the o wner ro o t : Switch(conf ...
Cisco Systems IE3010 - page 611

CH A P T E R 30-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 30 Configuring System Message Logg ing This c hapter d escribes how to configure sy stem messa ge log ging on the IE 301 0 switch. Note For c omplete s yntax and us age in forma tion fo r the command s used in th is chapt er, see the Cisco IOS Configuration Fund amen ta ...
Cisco Systems IE3010 - page 612

30-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Y ou can access logg ed system messages b y using the switch co mmand-lin e interface (CLI ) or by savi ng them to a properly configured syslog server . The switch software sa ves syslog messa ge ...
Cisco Systems IE3010 - page 613

30-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Ta b l e 30-1 describes the elemen ts of syslog messages. This example shows a partial switch system message : 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LIN ...
Cisco Systems IE3010 - page 614

30-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Disabling M essag e Logging Message logging is enab led by defau lt. It must be enabled to send messages to any destinat io n other than the conso le. Wh en e nabled, log messages a re sent to a ...
Cisco Systems IE3010 - page 615

30-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Setting th e Mes sage Disp lay Destination Device If message lo gging is enabled, you can se nd messages to sp ecif ic loc ations in a ddition to the consol e. Beginning in privileged EX EC mode, ...
Cisco Systems IE3010 - page 616

30-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging The logging buffered g loba l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . T he b uf fer is circular , so ne wer messages over write older message s after the b uf ...
Cisco Systems IE3010 - page 617

30-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng T o disa ble synch ronizati on of unsolic ited message s and debug outpu t, use the no logg ing synchronous [l eve l severi ty-level | all ] [ limit number-of-buffers ] line configur ation command ...
Cisco Systems IE3010 - page 618

30-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging This example shows part of a logging displa y with the s e rvice timestamps l og uptime gl obal configurat ion c omma nd en abled: 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state ...
Cisco Systems IE3010 - page 619

30-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Note Specif ying a level ca uses me ssages at that lev el and nume rically l ower le vels to appear at the destinatio n. T o d isable logg ing to the co nsole, use the no logging console global co ...
Cisco Systems IE3010 - page 620

30-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Limiting Syslog Messages Sent to the History Table and to SNMP If you enable d syslog message traps to be sent to an SNMP network manage ment stati on by using the snmp-ser ver ena ble trap glob ...
Cisco Systems IE3010 - page 621

30-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Use th e show a rchive log config { all | number [ end- number ] | user username [ session number ] number [ end-numb er ] | statistics } [ provisioning ] pri vile ged EXEC c o mmand to display t ...
Cisco Systems IE3010 - page 622

30-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Logging Messages to a UNIX Syslog Daemo n Before yo u can send system log messages to a UNIX syslog server , you must con figure the syslog daemon on a UNIX ser ver . Thi s proc edure is o ption ...
Cisco Systems IE3010 - page 623

30-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Displaying the Logging Configuration T o remo ve a s yslog se rver , use th e no logging host global con figuratio n command , and spec ify the syslog server IP address. T o disabl e loggi ng to syslog servers, e nter the no logging ...
Cisco Systems IE3010 - page 624

30-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Display ing the Log ging Confi guration ...
Cisco Systems IE3010 - page 625

CH A P T E R 31-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 31 Configuring SNMP This chapter descri bes how to configure the Simple Network Ma nagement Protocol (SN MP) on the IE 3010 switch. Note For c omplete s yntax and usage in formation fo r the command s used in th is chapter , see the co mmand refere nce fo r th is rel ea ...
Cisco Systems IE3010 - page 626

31-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Underst anding SNM P • Using SNMP to Access MIB V ariables, page 31-4 • SNMP Notif ications, pag e 31-5 • SNMP ifIn dex MIB Object V alues , page 31 -5 SNMP Versio ns This sof tware re lease su pports t hese SN MP versions : • SNMPv1—Th e Sim ...
Cisco Systems IE3010 - page 627

31-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Underst andin g SNMP Ta b l e 31-1 identif ies the char acteristics of th e dif ferent comb inations of security models and le vels. Y o u must configur e the SNMP age nt to use the SNMP version support ed by the manage ment stat ion. Because an ag ent c ...
Cisco Systems IE3010 - page 628

31-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Underst anding SNM P SNMP Agen t Fun ctions The SNMP a g ent responds to SNMP manager requests as follows: • Get a MIB v ariable—The SNMP agent be gins this function in response to a request from the NMS. The agent r e trie ve s the value of the re ...
Cisco Systems IE3010 - page 629

31-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Underst andin g SNMP SNMP Notifications SNMP allo ws the swit ch to sen d notif ications to SN MP managers w h en par ticular e vents occur . SNMP notifications ca n be sent as tr aps or inform request s. In com mand synt ax, un less ther e is an option ...
Cisco Systems IE3010 - page 630

31-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Configuring SNMP • Default SNMP Con figuration, page 31-6 • SNMP Conf iguration Guidelin es, page 31-6 • Disablin g the SNMP Agent, page 31-7 • Conf igur ing C ommun ity Strin gs, page 31-8 • Configuring SNM P Groups and U ...
Cisco Systems IE3010 - page 631

31-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP When configur ing SNMP , follow these guide line s: • When configuring an SNMP group , do not specif y a notify view . The snmp -s erver ho st globa l configurat ion c omma nd au togene rates a notif y v iew for the user and then a dds ...
Cisco Systems IE3010 - page 632

31-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Configuring Community Strings Y o u use the SNM P com munity st ring t o define t he rela tionship betwee n the SNMP manage r and the agent. The co mmunity string ac ts like a passwor d to permit access to the agen t on the switch. ...
Cisco Systems IE3010 - page 633

31-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP Note T o disabl e acces s for an SNMP commun ity , set th e comm unity string fo r that communi ty to the n ull string (do not enter a value for th e communi ty string ). T o remov e a sp ecif ic community string, use the no s nmp- serve ...
Cisco Systems IE3010 - page 634

31-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Step 3 s nmp- server grou p gr o upnam e { v1 | v2c | v3 { auth | noauth | priv }} [ rea d re a d v i e w ] [ write writevi ew ] [ notify notifyview ] [ access access -list ] Configure a ne w SNMP gro up on the remote device. • F ...
Cisco Systems IE3010 - page 635

31-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP Configuring SNMP Notifications A trap manag er is a manageme nt station that re ceiv es and pr ocesses tr aps. T raps are s ystem alerts that the switc h gener ates whe n cert ain events occu r . By de fault, no trap ma nager is defined ...
Cisco Systems IE3010 - page 636

31-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Note Many comm ands use the word tra ps in the command synta x. Unless there is an option in the comma nd to select eith er traps or informs, th e key word traps refers to traps, informs, or both. Use the snmp-s erver host global c ...
Cisco Systems IE3010 - page 637

31-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP Note Th ough visi ble in the c ommand- line hel p strings, the fru-ctrl, inse rtion , and remo val ke ywords are no t supported. Y o u can use the snmp-server host glob al configurati on co mman d to a speci fic host to rec eiv e the no ...
Cisco Systems IE3010 - page 638

31-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Step 5 snmp-server host host-addr [ inf orms | traps ] [ v ersion { 1 | 2c | 3 { auth | noauth | priv }}] community-string [ notif ication-type ] Specif y the recipient of an SNMP trap operatio n. • Fo r host-addr , specify the n ...
Cisco Systems IE3010 - page 639

31-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP The snmp-ser ver hos t comman d specif ies which ho sts rec eive the notif ications. T he snmp-server enab le trap command global ly enables the mech anism for the speci fied notif ication (f or traps and informs ). T o e nable a ho st ...
Cisco Systems IE3010 - page 640

31-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Setting th e Agent C ontact and Location In formation Beginn ing in pri vileged EXEC mode, follo w these steps to set the system contact and locat ion o f the SNMP agen t so that these de scripti ons can be accesse d through t he c ...
Cisco Systems IE3010 - page 641

31-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP SNMP Examp les This example shows ho w to ena ble all versions of SN MP . The configurati on permi ts any SNMP manager to access all objects with read-only permissions usin g the community string public . This conf iguration does not ca ...
Cisco Systems IE3010 - page 642

31-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP inpu t and output stat istics, including the number o f ille gal community string entrie s, errors, and request ed variable s, use t he show snmp privileged EXEC c omma nd. Y ou al so can ...
Cisco Systems IE3010 - page 643

CH A P T E R 32-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 32 Configuring Network Security with ACLs This chapter de scribe s how to configure ne twork securi ty on the IE 3010 switch by using acce ss control lists (A CLs), also re ferred to as access lists. In thi s chapter , referen ces to IP A CLs are spe cif ic to IP V ersi ...
Cisco Systems IE3010 - page 644

32-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Underst andin g ACLs An ACL contains an or dered list of access contro l entri es (ACEs). Each A C E spe cifies permi t or deny and a set o f condition s the packet must satisfy in ord er to mat ch the A CE. The meaning of permit o ...
Cisco Systems IE3010 - page 645

32-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Figur e 32-1 Using A CLs to Control T raf fic t o a Netw or k When you apply a port A CL to a trunk port, the A C L f ilters traf fic on all VLA Ns present on the trunk port. When you apply a po rt ACL to a ...
Cisco Systems IE3010 - page 646

32-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Consid er acc ess list 10 2 , co nfi gured with these command s, applied t o three fr agmented pack ets: Switch(config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch(config)# access-list 102 d ...
Cisco Systems IE3010 - page 647

32-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs These are the steps to use IP A CLs on the switch: Step 1 Create a n A CL b y spec ifying an acc ess list nu m ber or nam e and the acc ess condition s. Step 2 Appl y the ACL to interfa ces or ter minal line ...
Cisco Systems IE3010 - page 648

32-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Access List Numbers The numbe r you use to denote your ACL sho ws th e type of access list that you ar e creating. Ta b l e 32-1 lists the ac cess-list number and corres ponding acces s list ty pe and sho ws ...
Cisco Systems IE3010 - page 649

32-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs The f irst pack et that trigge rs the A CL causes a logg ing me ssage r ight a way , and subsequent p acket s are collec ted over 5-minut e intervals befo re they app ear or logge d. Th e loggi ng message inc ...
Cisco Systems IE3010 - page 650

32-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Switch# show access-lists Standard IP access list 2 10 deny 171.69.198.102 20 permit any The switch alwa y s re writes the order o f standard a ccess lists so that entrie s with host matches and en tries wit ...
Cisco Systems IE3010 - page 651

32-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Beginn ing in pri vileged EXEC mode, fo llo w these steps to create an extended A CL: Command Purpos e Step 1 confi gure terminal Enter glob al co nfiguration mo de. Step 2a access-list acce ss-list-num ber { ...
Cisco Systems IE3010 - page 652

32-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs or access-list access- list-num ber { deny | permit } pr otoc ol any an y [ prec edence pr ecedence ] [ tos tos ] [ fragmen ts ] [ log ] [ log-input ] [ time-r ange ti me-range-na me ] [ dscp dscp ] In acce ...
Cisco Systems IE3010 - page 653

32-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Use the no access- list acc ess-list-number gl obal conf iguration comm and to delete the entire access list. Y o u ca nnot de lete i ndividual ACEs from numb ered access l ists. This e xample shows ho w to ...
Cisco Systems IE3010 - page 654

32-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs After an A CL is created, an y additions (poss ibly en tered from the termin al) are pl aced at the end of the list. Y ou cann ot selec ti vely add or re mov e access list entr ies from a numbered access li ...
Cisco Systems IE3010 - page 655

32-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs T o remo ve a name d stand ard A CL, use th e no ip access-list standard name gl obal configu ration comm and. Beginn ing in pri vileged EXEC mode, follo w these steps to create an e xtended A CL using names ...
Cisco Systems IE3010 - page 656

32-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs After y ou creat e an AC L, an y addit ions are plac ed at the en d of the list. Y ou cannot select i vely add A CL entrie s to a specif ic A C L. Ho wev er, you can use no permi t and no deny access-list c ...
Cisco Systems IE3010 - page 657

32-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure a time-range parameter for an A CL: Repeat the steps if you ha ve multiple items tha t you want in ef fect at dif f erent times. T o re ...
Cisco Systems IE3010 - page 658

32-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs This exampl e uses name d A CL s to perm it and deny the sa me traff ic. Switch(config)# ip access-list extended deny_access Switch(config-ext-nacl)# deny tcp any any time-range new_year_day_2006 Switch(con ...
Cisco Systems IE3010 - page 659

32-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Applying an IPv4 ACL to a Termin al Line Y o u can use numbered A CLs to cont rol access t o one or mor e termina l lines. Y ou canno t apply na med A CLs to lines. Y ou mu st set id entical rest riction s o ...
Cisco Systems IE3010 - page 660

32-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Note By default, t he route r sen ds Inte rnet C ontrol M essage Protocol (ICMP) unrea chable m essages when a packet is denied by an ac cess group. T hese a ccess- group d enied packets are not drop ped i ...
Cisco Systems IE3010 - page 661

32-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Hardware and Softw are Treatment of IP ACLs A CL processing is p rimarily acco mplished in ha rdware, b ut requires forw arding of so me traf fic flo ws to the CPU for so ftware processi ng. If the hardwa re ...
Cisco Systems IE3010 - page 662

32-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs For examp le, if you apply this A C L to an inte rfac e: permit tcp source source-wildcard destination destination-wildcard range 5 60 permit tcp source source-wildcard destination destination-wildcard rang ...
Cisco Systems IE3010 - page 663

32-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Figur e 32-2 Using Route r AC Ls to Control T raf fic This e xample uses a standard A CL to f ilter traf fic c o ming into Server B fr om a po rt, perm itting t raf f ic only f rom Ac counting ’ s so urce ...
Cisco Systems IE3010 - page 664

32-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Numbered ACLs In this e xample, net work 36.0.0.0 is a Class A netw ork whose second octet spec ifie s a subnet; that is, its subnet ma sk is 255.2 55.0.0 . The thi rd and fou rth oct ets of a netwo rk 36.0 ...
Cisco Systems IE3010 - page 665

32-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs The marketing _group A CL a llo ws an y TCP T elnet traf fic to the d estination ad dress and wi ldcard 171.6 9.0.0 0. 0.255.25 5 and denie s any othe r TC P traffic. It per mits I CMP tra ff i c, d enies UD ...
Cisco Systems IE3010 - page 666

32-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs In this example of a na med A CL , the Jo nes su bnet is not al lowed access: Switch(config)# ip access-list standard prevention Switch(config-std-nacl)# remark Do not allow Jones subnet through Switch(conf ...
Cisco Systems IE3010 - page 667

32-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls This i s a an exam ple of a lo g for an ext ended A C L: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 1 packet 01:25:14:%SEC-6-IPACCESSLOGDP:list ...
Cisco Systems IE3010 - page 668

32-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Creating Nam ed MAC Ext ended ACL s Use the no mac access-list extended name glob al conf iguration com mand to dele te the entir e AC L. Y ou can a lso d elete individual ACEs from nam ed MAC extende d A CLs. This exam ple sh ows ...
Cisco Systems IE3010 - page 669

32-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls • A Laye r 2 interf ace can ha ve only on e MA C access list . If you appl y a MA C access list to a Layer 2 interface that has a MA C A CL configu red, t he new ACL replaces the pr e vio ...
Cisco Systems IE3010 - page 670

32-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration Displaying IPv4 ACL Configuration Y o u ca n displ ay th e ACLs that are configured on t he swi tch, and you can displa y the ACLs that have been applied to interfa ces and VLANs. When y ou use ...
Cisco Systems IE3010 - page 671

CH A P T E R 33-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 33 Configuring QoS This chapte r describes ho w to conf igure quality of service (QoS) b y us ing automat ic Qo S (auto-QoS) comman ds or by using standa rd QoS comma nds on the IE 3010 switch. W it h QoS, you can provide preferent ial treatmen t to certain typ es of tr ...
Cisco Systems IE3010 - page 672

33-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS The cl assificati on is carr ied in t he IP packet heade r , using 6 bi ts from the depr ecat ed IP typ e of ser vice (T oS ) field to ca rry th e clas sificat ion ( class ) inf ormation. Classif ication c a n also b e carri ed in ...
Cisco Systems IE3010 - page 673

33-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS All swi tches and ro uters that a ccess the Inte rnet rely on the cla ss information to pro vide the s ame forwar ding treatm ent to pack ets with t h e same class in formation an d dif ferent treatment to pack ets with dif ferent cl ...
Cisco Systems IE3010 - page 674

33-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS pack ets to dif ferent thr eshol ds ba sed on the Qo S label. If the thr eshold is e xceed ed, th e pa cket i s dropped. For more infor mation, see t he “Q ueuei ng and Sc hedu ling Overv iew” section on page 33-13 . • Sched ...
Cisco Systems IE3010 - page 675

33-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS • Perfor m the classif ication base d on a config ured L ayer 2 MA C access co ntrol list (A CL), which c an examine the MA C source addr ess, the MAC destinati on address, and other fields. If no A C L is configured , the packe t ...
Cisco Systems IE3010 - page 676

33-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33-3 Classification Flo wcha rt 86834 Generate the DSCP based on IP precedence in pack et. Use the IP-precedence-to-DSCP map . Use the DSCP v alue to generate the QoS label. Assign def ault por t CoS. Ye s Ye s No No No Ye ...
Cisco Systems IE3010 - page 677

33-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Classification Based on QoS ACLs Y o u can u se IP standard , IP ext ended, or Laye r 2 MAC A C Ls to de fine a gr oup of pa ckets wit h the same char act eris tics ( class ). In the QoS conte xt, the permit and den y actions in the ...
Cisco Systems IE3010 - page 678

33-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS The po licy map can cont ain the police and polic e aggregate policy- map cla ss configurati on com mand s, which def ine the polic er , the bandwi dth limit ations of the t raff ic, and the actio n to tak e if the limits ar e exc ...
Cisco Systems IE3010 - page 679

33-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Policing on Physical Ports In policy m aps o n physic al por ts, y ou can create these types of pol icers: • Indi vidual—QoS applies th e bandwid th limits spe cif ied in the polic er separately to eac h matched traffic class. Y ...
Cisco Systems IE3010 - page 680

33-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33-4 Po licing and Mar king Flo wc hart o n Ph ysical P orts Policing on SVIs Note Be fore configuring a hi erarc hical pol icy map with ind i v idua l policers on an SVI, you must en able VLAN-based QoS on the physi cal ...
Cisco Systems IE3010 - page 681

33-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS When co nf iguring polic ing on an SVI, y ou can cr eate and conf igure a hie r archic al polic y map with t hese two le vels: • VLAN le ve l—Create this primary le vel by conf iguring class maps and classes that speci f y the p ...
Cisco Systems IE3010 - page 682

33-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Mapping T ables During Qo S processing, the switc h represe nts the pri ority of a ll traff ic (inclu ding non- IP traff ic) with a n QoS label base d on the DSCP or CoS value from the classification st age: • During classifica ...
Cisco Systems IE3010 - page 683

33-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Queuein g and S chedulin g Overview The swi tch has queue s at specif ic points to help pr ev ent congestio n as sho wn in Figure 33 -6 . Figur e 33-6 Ingr ess and Egr ess Queue Locatio n Because the tota l inboun d bandw idth of al ...
Cisco Systems IE3010 - page 684

33-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33-7 WTD and Queue Oper ation For more infor mation, see th e “Mappi ng DSCP or CoS V alu es to an Ingr ess Queue and Setti ng WTD Threshol ds” se ction on pa ge 33-65 , the “ Allocating Bu ffer Space to and Setti n ...
Cisco Systems IE3010 - page 685

33-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS The switch supports tw o conf igurable ingress queu es, which are service d by SRR in shared mode only . Ta b l e 33-1 descri bes the que ues. Y o u assign e ach pa cket that flows through the switch t o a que ue and to a thre shold ...
Cisco Systems IE3010 - page 686

33-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS SRR services the priority queue for its conf igured weight as specifi ed by the bandwidth ke yword in t he mls qos srr -queue input priority-queue qu eue- id bandwidth weight global configuratio n comma nd. Then, SRR shares the r ...
Cisco Systems IE3010 - page 687

33-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Buffer and Memory Allocation Y ou guarantee the a v ailability of buf fers, set drop thresholds , and conf igure the maximum memory allocati on for a queue-set by using the mls qos qu eue-set output qse t-id thr eshold queu e-id dr ...
Cisco Systems IE3010 - page 688

33-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS Y ou can combine t he commands d escribed in this secti o n to p rioritize t r af fi c by placing p acket s with particu lar DSC Ps or CoSs i nto ce rtain qu eues, by allocat ing a la rge queue size or by serv icing t he que ...
Cisco Systems IE3010 - page 689

33-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Y ou use auto-Q oS co mmand s to id entif y ports conne cted to Cisc o IP Pho nes and to devices run ning the Cisco Sof tPhone applicatio n. Y ou also use the co mmands to identify ports that recei ve tr usted tr af fic through an u ...
Cisco Systems IE3010 - page 690

33-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS Ta b l e 33-4 shows the genera ted aut o-QoS c onfiguration for t he egress q ueues. When you en able the auto -QoS feature on the f irst port, the se automat ic actions occu r: • QoS is glob ally en abled ( mls qos g loba ...
Cisco Systems IE3010 - page 691

33-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS When yo u enable auto-QoS by using the auto qos voip cisc o-phone , the auto qos voip cisco-softphone , or the auto qos voip trust interface co nf iguration c ommand, the sw itch automatic ally gene rates a QoS configurati on based ...
Cisco Systems IE3010 - page 692

33-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS The switch au tomatical ly maps DSCP va lues to an e gress queue and to a thre shol d ID. Switch(config)# no mls qos srr-queue output dscp-map Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 ...
Cisco Systems IE3010 - page 693

33-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS If you ent ered t he auto qos voip tr ust command , the switch automatical ly sets the ingress classif ication to trust the CoS va lue recei ved in the pack et on a nonrouted port by using the mls qos trust cos command or to trust t ...
Cisco Systems IE3010 - page 694

33-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS Effects of Auto-QoS on the Configuration When auto- QoS is enabled, the au to qos v oip interface configura tion co mmand and the ge nerated configurati on are adde d to the ru nning configu ration. The swi tch applie s the ...
Cisco Systems IE3010 - page 695

33-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS • T o take a dvantage of th e auto- QoS default s, you sho uld ena ble auto- QoS befor e you configure other QoS com mands. I f necessar y , you c an fine-tune t he QoS configurati on, but we r ecommend that you do so only a fter ...
Cisco Systems IE3010 - page 696

33-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS T o display the QoS co mmands that are automatically ge nerated when auto -QoS is e nabled or disabled, enter the deb u g auto qos pr ivileged EXEC comm and befor e enabl ing auto -QoS. For more informa tion, see th e debug ...
Cisco Systems IE3010 - page 697

33-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Auto-QoS Configuration Example This se ction describe s how you co uld im pleme nt auto- QoS in a net work, as shown in Fi gu re 33-11 . For optimum QoS perfo rmance, enable au to-QoS on all the de vices in the netw ork. Figur e 33- ...
Cisco Systems IE3010 - page 698

33-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Displa ying A uto-QoS I nform ation Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure the switch at the edge of the QoS domain to prior itize the V oIP traf fic ove r all other traf fic : Displaying Auto-Q oS Information T o di ...
Cisco Systems IE3010 - page 699

33-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS • show mls qos maps [ cos-dscp | cos-input-q | cos-output-q | dscp-cos | dscp-input-q | dscp-mutation | dscp-output-q | ip-prec-dsc p | policed-dscp ] • show mls qos input-queue • show running-conf ig For more infor m at ...
Cisco Systems IE3010 - page 700

33-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Default Ingress Queue Configu ration Ta b l e 33-6 shows the def ault ingress queue config uration when QoS is enabled. Ta b l e 33-7 shows the def ault CoS input queue threshold map when QoS is enable d. Ta b l e 33-8 sho ...
Cisco Systems IE3010 - page 701

33-31 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Ta b l e 33-10 shows the default CoS outpu t queue thre shold map when QoS is en abled. Ta b l e 33-11 shows the default DSCP outp ut queue threshold ma p when QoS is ena bled. Default Mapping Table Conf iguration The default ...
Cisco Systems IE3010 - page 702

33-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Standard QoS Co nfig uration Guidelines Before beginni ng the QoS configu ration, yo u should be aware of this informat ion in these sections: • “Qo S A C L Guide lines” sec tion on page 33-32 • “ Appl ying QoS o ...
Cisco Systems IE3010 - page 703

33-33 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS – After the hiera rchical policy map i s attached to an SVI, t he interf ace-le vel polic y map c annot be modified or removed from the hi erar chical policy map. A new interface- lev e l policy map also cannot be adde d to ...
Cisco Systems IE3010 - page 704

33-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Enabling Qo S Globally By default, QoS is disa bled on the sw itch. Beginn ing in pri vileged EXEC mode, follo w th ese steps to enab le QoS. This proced ure is required. T o disa ble Q oS, use the no mls qos global config ...
Cisco Systems IE3010 - page 705

33-35 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring Classification Using Port Trust States These sec tions descr ibe how to classify inco ming traffic b y usi ng port tr ust states. De pendin g on your network configura tion, you must perfor m one or more of these t ...
Cisco Systems IE3010 - page 706

33-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in p ri vilege d EXEC m o de, follo w these steps to conf ig ure the port to tr ust the classif ication of the traf fic that it re ceive s: T o return a port to its untrus ted state, use the no mls qos trust int ...
Cisco Systems IE3010 - page 707

33-37 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring the CoS Val ue for an Interface QoS assigns the CoS v alue specifi ed with the mls qos cos interfac e conf iguration command to unta g ged frames re ceived on trusted and unt rusted port s. Beginn ing in pri vilege ...
Cisco Systems IE3010 - page 708

33-38 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS the tel e phone is c o nnected to trust th e CoS la bels of a ll traf fic recei ved on th at port. Use the mls qos trust d scp interf ace config uration command to conf igure a ro uted po rt to whic h the telephone is conn ...
Cisco Systems IE3010 - page 709

33-39 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Enabling DSCP Transparency Mode The swi tch suppor ts the DSCP tr anspare n cy feature. It affect s only the DSC P fi eld of a pa cket at e gress. By def ault, DSCP transparen cy is di sabled. Th e switch modi fies the DSCP f ...
Cisco Systems IE3010 - page 710

33-40 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Figur e 33-13 DSCP -T r usted Stat e on a P ort Bor der ing Another QoS D omain Beginn ing in pr ivilege d EXEC m ode, follo w these steps to conf igure the DSCP- trusted state on a port and modi fy the D SCP-to-D SCP-muta ...
Cisco Systems IE3010 - page 711

33-41 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return a port to its non-trusted state, use the no mls qos trust interfa ce config uration command. T o return to the d efault D SC P-to-DSCP- mutation m ap v alues, use the no mls qos map dscp-mutation dscp -mut ation- na ...
Cisco Systems IE3010 - page 712

33-42 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Classifying Traffic by Using ACLs Y o u can cl assify IP tra ff i c by using IP sta ndard or IP extend ed ACLs; you can cla ssify non-I P traffic by usin g Layer 2 MA C A CLs. Beginn ing in pri vileged EXEC mode, follo w t ...
Cisco Systems IE3010 - page 713

33-43 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vileged EXEC mode, follo w th ese steps to create an IP extended A CL for IP traff ic: T o delete an acc ess list, use the no access-list access-list- number globa l configurat ion comma nd. This example show ...
Cisco Systems IE3010 - page 714

33-44 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mod e, follow these st eps to c reate a L ayer 2 M A C ACL for non-IP tra ff i c: T o delete an acc ess list, use the no mac access-list extended a ccess-list-name global configurat ion comm an ...
Cisco Systems IE3010 - page 715

33-45 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying Traffic by Using Class Ma ps Y o u use the class-map global conf iguration co mmand to name and to i solate a spe cific tra ff ic flo w (or class) f rom all o ther traf fic. The class map def ines the cr iteria to ...
Cisco Systems IE3010 - page 716

33-46 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-map-n ame global configuration comm and. T o delete an existing cla ss map, use th e no class-map [ match-all | match-any ] class-map-na me global conf igu ...
Cisco Systems IE3010 - page 717

33-47 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying, Policing, and Marking Traff ic on Physical Ports by Using Policy Maps Y o u can co nfigure a nonhi erarc hical pol icy map on a physica l port that specifies which traff ic class to act on. Actions can in clude tr ...
Cisco Systems IE3010 - page 718

33-48 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EX EC mode, fol low these steps t o create a no nhiera rchic al policy map: Command Purpose Step 1 configur e terminal E nter g lobal configuration mode . Step 2 c lass-map [ match-all | mat ch-any ...
Cisco Systems IE3010 - page 719

33-49 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 5 trust [ cos | dscp | ip-prece dence ] Configure the trust state , which QoS uses to ge nerate a CoS- based or DSCP-based QoS lab el. Note This co mmand is mutuall y exclusi ve with the set command withi n the sam e poli ...
Cisco Systems IE3010 - page 720

33-50 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-map-n ame global configuration comm and. T o delete an existing cla ss map, use th e no class cla ss-map-name poli cy-map configurati on comm and. T o retu ...
Cisco Systems IE3010 - page 721

33-51 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-ext-mac)# exit Switch(config)# class-map macclass1 Switch(config-cmap)# match access-group maclist1 Switch(config-cmap)# exit Switch(config)# policy-map macpolicy1 Switch(config-pmap)# class macclass1 Switch(conf ...
Cisco Systems IE3010 - page 722

33-52 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS • The hi erarchic al policy map is attached to th e SVI and a ff ects al l traff ic belong ing to the VL AN. The action s specif ied in the VLAN-l evel p olicy map af fect the traf fic belon ging to the SVI. Th e police ...
Cisco Systems IE3010 - page 723

33-53 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 5 exit Re turn to glob al co nfiguration mo de. Step 6 c lass-map [ match-all | mat ch-any ] class-m ap-name Creat e an interfac e-level class map, and e nter cla ss-map co nfigurati on mode. By defau lt, no class maps a ...
Cisco Systems IE3010 - page 724

33-54 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Step 12 police rate-bps burst-byte [ exce ed-action { drop | policed-dscp- transmit }] Def ine an indiv idual policer for the classif ied traf fic. By defau lt, no pol icer i s defined. For info rmati on on t he n umber of ...
Cisco Systems IE3010 - page 725

33-55 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 17 tr ust [ co s | dscp | ip-pr ecedence ] Conf igure the trust state, whi ch QoS uses to genera te a CoS-base d or DSCP-based QoS lab el. Note This co mmand is mutuall y exclusi ve with the set command withi n the sam e ...
Cisco Systems IE3010 - page 726

33-56 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-map-n ame global configuration comm and. T o delete an existing cla ss map, use th e no cl ass class-map-na me policy-map configur ation comm and. T o retu ...
Cisco Systems IE3010 - page 727

33-57 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap)# class-map cm-2 Switch(config-pmap-c)# match ip dscp 2 Switch(config-pmap-c)# service-policy port-plcmap-1 Switch(config-pmap)# exit Switch(config-pmap)# class-map cm-3 Switch(config-pmap-c)# match ip dscp ...
Cisco Systems IE3010 - page 728

33-58 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o r emove the specified aggr egate pol icer from a pol icy map, use the no police agg regate aggr e gate- polic er-name policy m ap configu ratio n mode. T o delet e an aggregat e po licer and it s parame ters, use the n ...
Cisco Systems IE3010 - page 729

33-59 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate transmit1 Switch(config-pmap-c)# exit Switch(config-pmap)# class ipclass2 Switch(config-pmap-c)# set dscp 56 Switch(config-pmap-c)# police aggregate tra ...
Cisco Systems IE3010 - page 730

33-60 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the def ault map, use the no mls qos c os-dscp glo bal configuration com mand. This exa mple shows ho w to modify and display the CoS-to-DSCP map: Switch(config)# mls qos map cos-dscp 10 15 20 25 30 35 40 45 ...
Cisco Systems IE3010 - page 731

33-61 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pr ivilege d EXEC m ode, follo w these steps to modify the I P- precede nce-to-DSCP ma p. This proc edure is option al. T o return to the def ault map, use the no mls qos i p-prec-dscp global con figuration co mm ...
Cisco Systems IE3010 - page 732

33-62 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the def ault map, use the no mls qos polic ed-dscp glob al conf iguration command. This exam ple sh ows ho w to map DSCP 50 to 57 t o a ma rked-down DSCP value of 0: Switch(config)# mls qos map policed-dscp 5 ...
Cisco Systems IE3010 - page 733

33-63 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mo de, foll ow these s teps to modif y the DSCP-to- CoS map. This procedur e is optional. T o return to the def ault map, use the no mls qos dsc p-cos glo bal c onfiguration comma nd. This exam ple ...
Cisco Systems IE3010 - page 734

33-64 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mo de, foll ow these steps to mod ify the DSCP-t o-DS CP-mutati on map . This proc edure is option al. T o return to the def ault map, use the no mls qos dsc p-mutation d scp-m utation -name gl ...
Cisco Systems IE3010 - page 735

33-65 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Note In the above DSCP-to- DSCP-m utati on map, t he mutat ed values are shown in the bod y of the matrix. Th e d1 colum n specif ies the most-signif icant digit of the o riginal D SCP; the d 2 ro w specif ies the least-signif ...
Cisco Systems IE3010 - page 736

33-66 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXE C mode , follow these step s to map D SCP or CoS values to a n ingress que ue and to set WT D thre sholds. T his pro cedure is opt ional. T o ret urn to th e default Co S input que ue thresho ld ...
Cisco Systems IE3010 - page 737

33-67 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS This exampl e shows ho w to map DSCP values 0 to 6 to ingres s queue 1 an d to thresh old 1 with a dro p thresho ld of 50 p ercent. It m aps DSC P values 20 to 2 6 to in gress queu e 1 a nd to th reshold 2 with a drop thr esho ...
Cisco Systems IE3010 - page 738

33-68 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pri vileged EXEC mode, follo w these steps to allocate bandwid th between the ingr ess queues. This p rocedur e i s optio nal. T o return to the default setting , use the no mls qos srr -queue input bandwidth ...
Cisco Systems IE3010 - page 739

33-69 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mod e, follow these steps to configure the pri ority queue. T his proc edure is optional. T o return to the default setting , use the no mls qos srr -queue input priority-queue queu e-id global con ...
Cisco Systems IE3010 - page 740

33-70 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS These sec tions co ntain this co nfiguration in format ion: • Configuration Gu idelines, page 33-70 • Allo catin g Buffer Spac e to an d Sett ing WTD Th res holds for an Egre ss Q ueue- Set, page 33- 70 (optiona l) • ...
Cisco Systems IE3010 - page 741

33-71 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning i n privileged EXEC mode, follow these steps to configure the me mory al loca tion and to drop thresholds for a queue-se t. This procedure is optional. Command Purpose Step 1 configur e terminal Enter globa l configu ...
Cisco Systems IE3010 - page 742

33-72 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the de fault setting, use the no mls q os queue-set output qs et-i d bu ff e r s global confi gurati on comm and. T o return to the default WTD thresho ld perce ntage s, use the no mls qos queue-set output qs ...
Cisco Systems IE3010 - page 743

33-73 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXE C mode, follow thes e st eps to map DSCP or CoS values to an egress queu e and to a thr eshold ID . This procedur e is optio nal. T o r eturn to th e default DSCP output q ueue thresho ld m ap or th ...
Cisco Systems IE3010 - page 744

33-74 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Y o u can c onfigure the egre ss queu es for sha ped or shared w eights, or both . Use sha ping to smoot h bursty traffic or to provide a smoothe r output ov er time . For informa tion about shaped weights, see the “SRR ...
Cisco Systems IE3010 - page 745

33-75 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Note Th e egress queue de fault sett ings are suita ble fo r most situat ions. Y ou should change them onl y when you have a thorough understa nding of t he egress queue s and if these sett ings do not mee t your QoS solution. ...
Cisco Systems IE3010 - page 746

33-76 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o d isab le the egress expedit e qu eue, us e the no priority-queue out interfac e configurati on comma nd. This exam ple sho ws ho w to ena ble the e gress e xpedite q ueue wh en the SRR weight s are conf igured. The eg ...
Cisco Systems IE3010 - page 747

33-77 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Displaying Standard QoS Information This exam ple sh ows how to limit the ba ndwid th on a port to 8 0 per cent: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth limit 80 When yo u conf igure this comma nd to 8 0 perce ...
Cisco Systems IE3010 - page 748

33-78 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Display ing Standar d QoS Inform ation ...
Cisco Systems IE3010 - page 749

CH A P T E R 34-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 34 Configuring EtherC hannels and Link-State Tracking This c hapter d escrib es how to configu re Et herChann els on the I E 3010 switch . Ethe rChanne l provide s fault-to lerant hi gh-speed links bet ween sw itches, ro uter s, and ser vers. Y ou can use it to incre as ...
Cisco Systems IE3010 - page 750

34-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding Et herChan nels EtherChann el Overview An EtherCh annel c onsists of individual Fast Ethernet or Giga bit Ether net links bundled int o a single logical lin k as shown in Figure 34 -1 . Figur e 34-1 T ...
Cisco Systems IE3010 - page 751

34-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els If a link within an Eth erChannel fai ls, traf fic pre viously carried o ver that failed link mo ves to the remaining links wi th in the EtherChannel. If traps are enabl ed on the switch, ...
Cisco Systems IE3010 - page 752

34-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding Et herChan nels After y o u conf igure an Eth erChannel , config uration change s applied to th e port- channel int erfac e apply to all the physica l p orts assigned to the por t-channel inte rface . ...
Cisco Systems IE3010 - page 753

34-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els Use the silent mode when the switch is connected to a devi ce that is not P AgP-cap able and seldom, if e ver , send s pack ets. An e xampl e of a silent par tner is a file serve r or a pa ...
Cisco Systems IE3010 - page 754

34-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding Et herChan nels LACP Modes Ta b l e 34-2 shows the user-configurab le Ethe rChan nel L A CP mode s for t he c hannel-group interface configurati on c ommand. Both the acti ve and passive LA CP modes e ...
Cisco Systems IE3010 - page 755

34-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els Cautio n Y o u should use ca re whe n using the on mode. Thi s is a m anua l configurat ion, a nd po rts on bo th ends of the Ether Chann el must have the same configurat ion. If t he grou ...
Cisco Systems IE3010 - page 756

34-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els single-M A C -address device, sourc e-base d forwarding on t he switch EtherCha nnel en sures that t he switch use s all av a ilab le bandw idth to the router . Th e rout er is co nfigure ...
Cisco Systems IE3010 - page 757

34-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels Note Make su re tha t the ports are correctl y con fig ured. For more infor mation, see the “E therChannel Conf iguration Guidelin es” sect ion on pa ge 34-9 . Note After you co nf igure ...
Cisco Systems IE3010 - page 758

34-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els • When a group is first cr eated, all ports follo w the parameters set for the f irst port to be added to the group. If you change the co nfiguration of one of the se parame ters, you ...
Cisco Systems IE3010 - page 759

34-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels Beginning in privileged EX EC mo de, fol low these s teps to a ssign a Laye r 2 Ether net por t to a La yer 2 Ether Channel . This procedure is requ ired. Command Purpose Step 1 configur e t ...
Cisco Systems IE3010 - page 760

34-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els T o r emove a p ort fr om t he Eth erCha nnel group, use the no channel-group interfac e configurati on comm and. This exam ple sho ws ho w to con fi gure an Eth erCha nnel on a s witch. ...
Cisco Systems IE3010 - page 761

34-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels Switch(config-if-range)# end This exam ple sho ws ho w to con fi gure an Eth erCha nnel on a s witch. I t assigns two ports as s tatic-a ccess ports in VLAN 10 to cha nnel 5 with t he LACP m ...
Cisco Systems IE3010 - page 762

34-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els Configuring the PAgP Le arn Meth od and Priority Network devices are classi fied as P AgP physical lea rners or agg regate-por t lear ners. A device is a physical learner if it learns ad ...
Cisco Systems IE3010 - page 763

34-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels T o return the priority to its default setting, u se the no pagp port-priorit y inte r face conf iguration command. T o return the learning method to it s default setting, use the no pagp le ...
Cisco Systems IE3010 - page 764

34-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els Determ ining whi ch p orts ar e act i ve a nd whi ch are hot sta ndby is a t wo-step p rocedur e. First t he sy stem with a numerica lly lowe r system priority and system-id is placed in ...
Cisco Systems IE3010 - page 765

34-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Displaying EtherC hannel , PAgP, and LACP Status Note If LA CP is not able to aggrega te all the ports that are compatible (for e xample, the remote system might ha ve mor e restricti ve hardware lim itations), all the ...
Cisco Systems IE3010 - page 766

34-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding L ink-State Tracking Y o u ca n cle ar LACP channe l-group inf ormati on and traffic coun ters by usi ng the clear lacp { channel -gr oup -numb er counter s | counters } pri vile ged EXEC comma nd. F ...
Cisco Systems IE3010 - page 767

34-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understanding Link-State Tracking – Switch B provides se condar y links to server 1 and server 2 thr ough link- state gro up 1. Port 1 is connec ted to ser ver 1, an d port 2 is co nnec ted to server 2 . Port 1 and p ...
Cisco Systems IE3010 - page 768

34-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing Link-S tate Tracki ng Figur e 34-4 T ypical Link-Stat e T racking C onfiguration Configuring Link -State Tracking • Default Lin k-Sta te T r acking Configurati on, page 34-20 • Link-St ate Tracking ...
Cisco Systems IE3010 - page 769

34-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Configuring Link-State Tracking Link-State Tracking C onfiguratio n Guidelines Follow these guideli nes to avoid configuration pr oblems: • An interfa ce that is defined as an upstr eam int erface c annot also be def ...
Cisco Systems IE3010 - page 770

34-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing Link-S tate Tracki ng Displaying L ink-S tate Trac king Sta tus Use the show link state gr oup command to display the li n k-state g roup infor mation. Ent er this comman d wi thout keywords t o displ ...
Cisco Systems IE3010 - page 771

CH A P T E R 35-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 35 Configuring Cisco IOS IP SLAs Operations This ch apter descr ibes how to us e Cisco I OS IP Serv ice Level Agreem ents (SLAs) on the IE 3010 sw itch. Cisco I P SLAs is a part of Cisco I OS softwa re that allo ws Cisco custo m ers to an alyze IP s ervic e le vels for ...
Cisco Systems IE3010 - page 772

35-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As options such as sour ce and de stinatio n IP address, User Datagram Pr otocol (UDP)/T CP port num bers, a type of se r vice (T oS) b yte (including Dif ferentiat e d Service s Code Point [ DSC ...
Cisco Systems IE3010 - page 773

35-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Understa nding Ci sco IOS IP SLAs Using Cisco IOS IP SLAs to Measure Netw ork Per formance Y o u ca n use I P SL As to monito r th e perfo rman ce b etween any ar ea in the n etwork— core, distri bution, and edg e—wi thout d ...
Cisco Systems IE3010 - page 774

35-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As IP SLAs Res ponder an d IP SLAs Co ntrol Protocol The IP SLAs respond er is a component em bedded in the dest ination Cisco de vice that allo ws the system to antici p ate and re spond to IP S ...
Cisco Systems IE3010 - page 775

35-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Understa nding Ci sco IOS IP SLAs Figur e 35-2 Cisco IOS IP SLAs Res ponder Time Stam ping An addi tional benef it of the two t ime stamps a t the tar get de vice is the ab ility to t rack one-way d e lay , jitter , and di recti ...
Cisco Systems IE3010 - page 776

35-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions • One-way mean op inion sco re (MOS) • One-w ay latenc y An IP SLAs thresh old viola tion can also t rigger anothe r IP SLAs opera tion for further ana lysis. For exa mple, the fr equency coul ...
Cisco Systems IE3010 - page 777

35-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Note that no t all of the IP SLAs c ommands or ope rations de scribe d in this guide ar e suppor ted on the switch. Th e switch supports IP servi ce lev el analysis by usin g UDP jitter , UDP ec ...
Cisco Systems IE3010 - page 778

35-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions T o disab le the IP SLA s respon der , enter the no ip sla responder global configurat ion co mman d. This exa mple sho ws ho w to conf igure the de vice as a responder for th e UDP jitter IP SLAs ...
Cisco Systems IE3010 - page 779

35-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Note Before you co nf igure a UDP jitter operat io n on t he source de vice, you must e nable the IP SLAs responde r on the ta rget device (the oper ation al target). Beginning in privileged EXE ...
Cisco Systems IE3010 - page 780

35-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions T o disable the IP SLAs operat io n, enter the no ip sla ope ratio n-number global co nfigurati on comm and. This e xample sho ws ho w to confi g ure a U DP jitter IP SLAs o peration: Switch(conf ...
Cisco Systems IE3010 - page 781

35-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Schedule: Operation frequency (seconds): 30 Next Scheduled Start Time: Pending trigger Group Scheduled : FALSE Randomly Scheduled : FALSE Life (seconds): 3600 Entry Ageout (seconds): never Recu ...
Cisco Systems IE3010 - page 782

35-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions T o disa ble the IP SL As opera tion, ent er the no ip sla oper ation- numb er glob al con figuration c ommand. This example shows how to configure an ICMP ec ho IP SLAs op erat ion : Switch(conf ...
Cisco Systems IE3010 - page 783

35-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Monitoring IP SLAs Operations Next Scheduled Start Time: Pending trigger Group Scheduled : FALSE Randomly Scheduled : FALSE Life (seconds): 3600 Entry Ageout (seconds): never Recurring (Starting Everyday): FALSE Status of entry ...
Cisco Systems IE3010 - page 784

35-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Monito ring IP SLAs Operations ...
Cisco Systems IE3010 - page 785

CH A P T E R 36-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 36 Troubleshooting This chapter descr ibes ho w to identify and resolv e software probl ems related to the Cisco IOS software on the IE 3010 switc h. Dependi ng on the nature of the pro blem, yo u can use t he comm and-l ine int erface (CLI), the dev ice manager to id e ...
Cisco Systems IE3010 - page 786

36-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Recovering f rom a Softwa re Failure Recovering fro m a Software Failure Switch software c an be c orru pted du ring an upgr ade, by downlo ading th e wr ong file to the swi tch, and by d eleting the im age f ile. In all of these cases, the switch does ...
Cisco Systems IE3010 - page 787

36-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Recoverin g from a Lost or For gotten Password Step 6 Press th e Express Setup b utton and at the same time, reconn ect the po wer cord to the switc h. Y ou can rele ase the Express Setup b u tton a second or t wo after t he L ED above port 1 go es off. ...
Cisco Systems IE3010 - page 788

36-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Recovering f rom Lost Clust er Member Conn ectivity Step 2 Con nect your PC or lapt op to the por t wi th th e blinki ng g reen L ED. The SETU P LED and the swit ch downlink port LED st op blinking and stay solid green. Step 3 Press an d hold the Expr e ...
Cisco Systems IE3010 - page 789

36-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubleshooting Power over Ethernet Switch Ports Troubleshooting Power over Ethernet Switch Ports These sec tions descr ibe how to troublesho ot Power ov e r Ethern et (PoE) por ts. Disabled Port Caused by Power L o ss If a p owered device (such as a C i ...
Cisco Systems IE3010 - page 790

36-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Monitorin g SFP Modu le Status error -disable d stat e. After the elapsed interv al, the switch bring s the interf ace out o f the error -disabled state and retries th e operation. Fo r more information about the err disa bl e recovery command , see the ...
Cisco Systems IE3010 - page 791

36-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using Layer 2 Tr aceroute Understand ing Layer 2 T raceroute The Lay er 2 tra cerou te feat ure al lows the swit ch to id entif y the physic al pat h that a packet takes fr om a source device to a destin ation device. La yer 2 trace route sup ports only ...
Cisco Systems IE3010 - page 792

36-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Using I P Trac eroute • When multipl e dev ices are at tached to one port t h rough hubs ( for e xample, multip le CDP neighbor s are de tecte d on a por t), t he Lay er 2 tracero ute fe ature is not supp orted. When more than one CDP neighb or is det ...
Cisco Systems IE3010 - page 793

36-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using IP Traceroute T o learn when a datagram rea ches its destination, tr aceroute sets the UDP d estination port number in the datagram to a v ery large v alue that the destination host is unlik ely to be using. When a host recei ves a datagram d estin ...
Cisco Systems IE3010 - page 794

36-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Usin g TDR T o end a trace in progr ess, enter the escap e sequen ce ( Ctrl- ^ X by default ). Simu ltaneousl y press and release th e Ctrl , Shift , and 6 keys and then p ress the X ke y . Using TDR These se ctions conta in this i nformation: • Unde ...
Cisco Systems IE3010 - page 795

36-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using Debug C o mmands Using Debug Commands These sec tions explains how you use debug comma nds t o diag nose and r esolve i nterne tworkin g problems: • Enab ling De bugging o n a Spe cific Feat ure, pa ge 36- 11 • Enab ling All -System Diag nosti ...
Cisco Systems IE3010 - page 796

36-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Using the s how platfo rm forward Co mmand Enabling All-Sy stem Diag nostics Beginn ing in pr iv ilege d EXEC mode, enter this command to enable a ll-system diag nostics: Switch# debug all Cautio n Because debugging ou tput ta kes priori ty over other ...
Cisco Systems IE3010 - page 797

36-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using the show platf orm forw ard Comma nd This is an example of the out put from the s how p l at for m fo rw a rd com mand on port 1 in VLA N 5 when the packe t enteri ng tha t port is addr essed to unknown MAC addresses. T he pac ket should be floode ...
Cisco Systems IE3010 - page 798

36-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Using t he c rashinfo Files ========================================== Egress:Asic 3, switch 1 Output Packets: ------------------------------------------ Packet 1 Lookup Key-Used Index-Hit A-Data OutptACL 50_0D020202_0D010101-00_40000014_000A0000 01FFE ...
Cisco Systems IE3010 - page 799

36-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubl esho oting Tab les Extend ed cra shinf o files are kep t in this direct ory o n the flash file system: flash:/crashinf o_ext/. The filena mes ar e cras hinfo _ext_ n wh ere n is a se quen ce num ber . Y o u can co nfigure the sw itch to not creat ...
Cisco Systems IE3010 - page 800

36-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Troubles hooting Tables 140 8820183 4942081 1784 0.63% 0.37% 0.30% 0 HRPC qos request 100 3427318 16150534 212 0.47% 0.14% 0.11% 0 HRPC pm-counters 192 3093252 14081112 219 0.31% 0.14% 0.11% 0 Spanning Tree 143 8 37 216 0.15% 0.01% 0.00% 0 Exec ... < ...
Cisco Systems IE3010 - page 801

36-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubl esho oting Tab les Troublesho oting Pow er over Etherne t (PoE) Figur e 36-1 Po wer Ov er Ether net T roub leshooting Scenar ios Symp tom or problem Po ssib le caus e and so lutio n No PoE on only one po rt. T rouble is on only one switc h port. ...
Cisco Systems IE3010 - page 802

36-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Troubles hooting Tables No PoE on a ll port s or a group of p orts. T rouble is on all switch por ts. Nonpowered Et hern et devices canno t esta blish an Ethern et l ink on any por t, an d PoE devices do not power on. If there is a continuo us, intermi ...
Cisco Systems IE3010 - page 803

36-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubl esho oting Tab les Cisco IP Phone disconn ects or re sets. After working norma lly , a Cisco phone or wireless access point inter mittently reload s or d iscon nects from PoE . V erify all ele ctrica l connec tions fr om the switch to the powered ...
Cisco Systems IE3010 - page 804

36-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Troubles hooting Tables ...
Cisco Systems IE3010 - page 805

A- 1 Cisco IE 3010 Switch S o ftware Conf iguration Gui de OL-23145-01 APPENDIX A Supported MIBs This appendix lists the su pported manageme nt informatio n base (MIBs) for th is release on the IE 3010 switch . It contains the se section s: • MIB List, pa ge A-1 • Usin g F TP to Acce ss th e M IB Fil es , pag e A-3 MIB List • BRIDGE-MIB Note ...
Cisco Systems IE3010 - page 806

A- 2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendi x A Supported MI Bs MIB List • CISCO- IGM P-FIL T ER-M IB • CISCO-IMAGE-MIB • CISCO IP-ST A T -MIB • CISCO- L2L3 -INT ERF ACE-CON FIG-M IB • CISCO-LAG-MIB • CISCO-M A C-A UTH-BYP ASS • CISCO-MAC-NO TIFICA TION-M IB • CISCO- MEM OR Y -POOL -MIB • CISCO-NA ...
Cisco Systems IE3010 - page 807

A-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix A Supported M IBs Using FTP to Access the MIB Files • OLD-CISCO- INTERF A CES-MIB • OLD-CISCO- IP-MIB • OLD-CISCO- SYS-MIB • OLD-CISC O-TCP-MIB • OLD-CISCO- TS-MIB • RFC1213-MIB (Fun ctionality is as per the agent capabilities specified in the CISCO-RFC1 213-C ...
Cisco Systems IE3010 - page 808

A- 4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendi x A Supported MI Bs Using FTP to Acces s the MIB Files ...
Cisco Systems IE3010 - page 809

B-1 Cisco IE 3010 Switch S o ftware Conf iguration Gui de OL-23145-01 APPENDIX B Working with the Cisco IOS File System, Configuration Files, an d Software Images This a ppendix descri bes how to m anipul ate the IE 30 10 switc h fla sh file syste m, how to co py configurati on files, and how to arc hiv e (uploa d and download) so ftware i mages t ...
Cisco Systems IE3010 - page 810

B-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System - - network rw scp: - - network rw https: - - opaque ro cns: Switch# Detecting an Unsup ported SD Flas h Memo ry Card When th e switc h start s and de ...
Cisco Systems IE3010 - page 811

B-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System SD Flash Memory Card LED Setting the Def ault File System Ta b l e B-1 SD Flash Me mory Card LE D Col or Sy stem Sta tus Off / blinki ng g reen SD fl ...
Cisco Systems IE3010 - page 812

B-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System Y ou can specif y the f ile system or dir ectory tha t the system use s as t h e def ault f ile system b y using the cd filesystem: pri vileged EXEC co ...
Cisco Systems IE3010 - page 813

B-5 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Creating and Removi ng Directorie s Beginning i n privileged E XEC mode, follow th ese s teps to c rea te an d remove a d irect ory: T o delete a dir ...
Cisco Systems IE3010 - page 814

B-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System Some in valid co mbin ation s of source and dest inatio n exist. Specificall y , you cannot copy th ese comb inat ion s: • From a runni ng configurat ...
Cisco Systems IE3010 - page 815

B-7 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System Creating a tar File T o create a tar file and writ e f iles into it, use this priv ileged EXEC command: ar chive tar /cr eate dest inat ion -url flas ...
Cisco Systems IE3010 - page 816

B-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System image-name / image-name .bin (610856 bytes) image-name /info (219 bytes) This exam ple sh ows how to display o nly the /html dire ctory and its content ...
Cisco Systems IE3010 - page 817

B-9 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files <output truncated> Working with Configuration Files This sec tion describ es ho w to create, lo ad, and m aintain co nfig uration f iles. Configu ...
Cisco Systems IE3010 - page 818

B-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files some comm ands in th e existing configurati on might no t be repla ced or negated. In this ca se, the re sulting conf iguration f ile i s a mi xture of ...
Cisco Systems IE3010 - page 819

B-11 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -p -s /tftpboot Make sure tha t the /et c/services fi le contains this line: tftp 69/udp Note Y ou ...
Cisco Systems IE3010 - page 820

B-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Uploading the Configurati on File By Using TFTP T o uplo ad a c o nf igura tion f ile from a swi tch to a TFTP server f or storage, follo w thes e step ...
Cisco Systems IE3010 - page 821

B-13 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files If the server has a di recto ry structur e, the co nfigurati on file is written t o or copi ed from the director y associ ated with the userna me on t ...
Cisco Systems IE3010 - page 822

B-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files This exam ple shows how to copy a c onfiguration file named host1-c onfg from th e neta dmin1 directory on the remot e server w ith a n IP a ddress of 1 ...
Cisco Systems IE3010 - page 823

B-15 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files This exam ple shows how to copy t he running configura tion file na med switch2-conf g to the netadmin1 directo ry on the rem ote ho st wi th an IP ad ...
Cisco Systems IE3010 - page 824

B-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files The RC P requires a client t o send a re mote user name with each RCP requ est to a ser ver . When you c opy a conf iguration fil e from the switch to a ...
Cisco Systems IE3010 - page 825

B-17 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Downloading a Configura tion File By Using RCP Beginning in privileged EXEC mode , follow these steps to download a configuration file by using RCP: T ...
Cisco Systems IE3010 - page 826

B-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Uploading a Configuration File By Using RCP Beginn ing in pr i vilege d EXEC m ode, follo w these st eps to uplo ad a conf iguration f ile by usin g RCP ...
Cisco Systems IE3010 - page 827

B-19 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files Clearing the Startup Con figuration File T o c lear the co ntent s of your startup configur ation, use the erase n vram: or the erase startup- config ...
Cisco Systems IE3010 - page 828

B-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Replac ing a Configuration The con figure replac e pr ivileged EXEC comma nd repla ces the ru nning configu ration wit h any sav e d configurat ion file ...
Cisco Systems IE3010 - page 829

B-21 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files • When usin g the conf igure r eplace comm and, you m ust spec ify a saved configurati on a s the replace ment configurat ion file f or the runn ing ...
Cisco Systems IE3010 - page 830

B-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es Working with So ftware Images This se ction descri bes how to a rchive (download an d upl oad) sof tware image files, whic h cont ain t he syst em soft war ...
Cisco Systems IE3010 - page 831

B-23 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Note Instead of u sing the copy pri vile ged EXEC comm and or the ar chiv e tar privileged EXEC comm and, we recomm end u sing the archive downl oad-s w a ...
Cisco Systems IE3010 - page 832

B-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es stacking_number: x info_end: version_suffix: xxxx version_directory:image-name image_system_type_id:0x00000000 image_name:image-nameB.bin ios_image_file_siz ...
Cisco Systems IE3010 - page 833

B-25 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Make sure tha t the /et c/services fi le contains this line: tftp 69/udp Note Y ou must restar t the inetd dae m on after m o difying the /etc/inetd.conf ...
Cisco Systems IE3010 - page 834

B-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es The do wnload algorithm veri fies that the image is appropria te f or the switch model and that enough DRAM is prese nt, or it abor ts the proce ss and repo ...
Cisco Systems IE3010 - page 835

B-27 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Uploading an Image File By Using TFTP Y ou can upload a n image f rom the switc h to a TFTP ser ver . Y ou can later d o wnload this image to the switch o ...
Cisco Systems IE3010 - page 836

B-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es Preparing to Download or Uploa d an Image File By Using FTP Y o u can co py images files to or from an FTP server . The FTP prot ocol r equires a cli ent to ...
Cisco Systems IE3010 - page 837

B-29 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Downloading an Image File By Using FTP Y ou can do wnload a n ew imag e f ile and ov erwrite the current ima ge or k eep the c urrent im age. Beginning in ...
Cisco Systems IE3010 - page 838

B-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es The do wnload algorithm veri fies that the image is appropria te f or the switch model and that enough DRAM is prese nt, or it abor ts the proce ss and repo ...
Cisco Systems IE3010 - page 839

B-31 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Beginn ing in p ri vilege d EXEC m o de, follo w these steps to upload an image t o an FTP se rver: The archi ve upload-sw comman d builds an imag e file ...
Cisco Systems IE3010 - page 840

B-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es Note Instead of u sing the copy pri vile ged EXEC comm and or the ar chiv e tar privileged EXEC comm and, we recomm end u sing the archive downl oad-s w and ...
Cisco Systems IE3010 - page 841

B-33 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images • When yo u upload an image to the RCP to the server , it must be proper ly conf igured to acc ept the RCP write reque st from the use r on the switch. ...
Cisco Systems IE3010 - page 842

B-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es The do wnload algorithm veri fies that the image is appropria te f or the switch model and that enough DRAM is prese nt, or it abor ts the proce ss and repo ...
Cisco Systems IE3010 - page 843

B-35 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Beginn ing in pri vileged EXEC mode, follo w these steps to upload an image to an RCP serv er: The archiv e upload-sw pr i vile ged EXEC com mand bu ilds ...
Cisco Systems IE3010 - page 844

B-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es ...
Cisco Systems IE3010 - page 845

C-1 Cisco IE 3010 Switch S o ftware Conf iguration Gui de OL-23145-01 APPENDIX C Unsupported Co mmands in Cisco IOS Rele ase 12 .2(53)EZ This app e ndix lists som e of the command-line interf ace (CLI) comm ands that ap p ear when you enter the question ma rk (?) at the I E 3010 switch p rompt but are n ot su pported i n this re lease, e ither b ec ...
Cisco Systems IE3010 - page 846

C-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ Access Control Li sts Access Control Lists Unsupporte d Privileged E XEC Commands acces s-en able [ host ] [ time out m inutes ] access- templa te [ access-list-number | name ] [ dynamic-na me ] [ sour ce ] [ destina ...
Cisco Systems IE3010 - page 847

C-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(53)E Z Boot Loade r Commands Unsupporte d Interface Configuration Commands arp probe ip probe pr oxy Boot Loader Commands Unsupporte d Global Con figuratio n Commands boot buffers ize Debug Commands Unsupporte d Privileg ...
Cisco Systems IE3010 - page 848

C-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ Interface Co mmands Interface Command s Unsupporte d Privileged E XEC Commands show in terfac es [ interface-id | vlan vlan -id ] [ crb | fair-queue | irb | mac-accounting | pr ecedence | irb | random-detect | rate - ...
Cisco Systems IE3010 - page 849

C-5 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(53)E Z Miscell aneous show ma c-addr ess-table interf ace show mac-addr ess-table multicast show mac-addr ess-table notif ication show mac-addr ess-table static show mac-addr ess-table vlan show mac address-table multica ...
Cisco Systems IE3010 - page 850

C-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ NetF low Co mma nds NetFlow Commands Unsupporte d Global Con figuratio n Commands ip flow-ag gregation cac he ip flow -cach e ent ries ip flow-e xport Network Address Translation (NAT) Commands Unsupporte d Privilege ...
Cisco Systems IE3010 - page 851

C-7 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(53)E Z SNMP aaa a uthen ticati on fe a tu r e default line aaa nas port extended radius-serv er attribute nas-port radius-serv er configur e radius-serv er extended-portnames SNMP Unsupporte d Global Con figuratio n Comm ...
Cisco Systems IE3010 - page 852

C-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ VLAN Unsupported Us er EXEC C ommands show running-conf ig vlan show vlan if index vlan database Unsupporte d VLAN Databa se Co mmands vtp vlan ...
Cisco Systems IE3010 - page 853

IN-1 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 INDEX A AAA dow n po licy, N AC La yer 2 I P val idatio n 1-8 abbrev iati ng comm ands 2-4 acces s-class comma nd 32-17 acces s contr ol entries See ACEs access-de nied r espons e, VM PS 14-24 access group s applyi ng IPv4 AC Ls to inte rface s 32-18 Layer 2 32-18 Layer 3 32-18 ac ...
Cisco Systems IE3010 - page 854

Index IN-2 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 MAC exte nded 32-25, 33-44 matc hing 32-5, 32-18 monitori ng 32-28 named, IPv4 32-12 number pe r QoS class map 33-32 QoS 33-7, 33-42 resequenc ing entr ies 32-12 standard IP, configur ing for QoS cla ssification 33-42 standa rd IPv4 crea ting 32-7 matc hing cri teria 32-5 s ...
Cisco Systems IE3010 - page 855

Inde x IN-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 open1x 10-29 RADIUS key 9-28 login 9-30 TACACS+ defined 9-11 key 9-13 login 9-14 See also por t-based au then ticatio n authenti cation co mpatibility with Catal yst 6000 switch es 10-8 authenti cation failed V LAN See rest ricted VLAN authe nticat ion mana ger CLI co mmand ...
Cisco Systems IE3010 - page 856

Index IN-4 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 See DHCP snooping binding da tabase blocking packe ts 24-6 booting boot loa der, f unction of 3-2 boot pr ocess 3-1 manually 3-18 spe cif ic im a ge 3-19 boot loader acce ssing 3-19 describe d 3-2 enviro nment variab les 3-19 pr ompt 3-19 trap- door mech anism 3-2 BPDU erro ...
Cisco Systems IE3010 - page 857

Inde x IN-5 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Cisco IOS IP SLAs 35-1 Cisco Secur e ACS attribute -value pairs for downlo adable ACLs 10-20 attribute -value pairs for redirect URL 10-20 Cisco Sec ure ACS configura tion gui de 10-61 CiscoWorks 200 0 1-3, 31-4 CISP 10-31 CIST reg ional r oot See MSTP CIST root See MSTP ci ...
Cisco Systems IE3010 - page 858

Index IN-6 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 even t se rvice 4-3 embedde d agent s describe d 4-5 enab ling a utoma ted c onfig uratio n 4-6 enabli ng configur ation ag ent 4-9 enab lin g eve nt agen t 4-7 manageme nt funct ions 1-4 CoA Request Comman ds 9-24 comm and-l ine i nte rfac e See CLI comm and m odes 2-1 com ...
Cisco Systems IE3010 - page 859

Inde x IN-7 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 configur ing port- based auth enticatio n violat io n modes 10-39 to 10-40 config-vlan mode 2-2 conflicts, c o nfigurati on 36-4 connec tions, se cure remote 9-46 connec tivity proble ms 36-6, 36-8 consistenc y checks in VTP Version 2 15-4 console port, conn ecting to 2-10 ...
Cisco Systems IE3010 - page 860

Index IN-8 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 TACACS+ 9-13 UDLD 27-4 VLAN, La yer 2 Ethe rnet interfa ces 14-16 VLANs 14-6 VMPS 14-25 voice VL AN 16-3 VTP 15-7 default gatew ay 3-15 default web-base d authe nticat ion confi gurat ion 802.1 X 11-9 deleting V LANs 14-8 denial- of- servic e atta ck 24-1 descri ption co mm ...
Cisco Systems IE3010 - page 861

Inde x IN-9 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 DHCP sno oping accep ting untru sted pac kets form e dge switch 21-3, 21-13 binding d atabase See DHCP snooping binding da tabase config urati on guideli nes 21-9 default confi guration 21-9 displaying bind ing table s 21-15 messag e exchange pro cess 21-4 option 82 data in ...
Cisco Systems IE3010 - page 862

Index IN- 10 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 usin g the devi ce mana ger or Netw ork Assistant B-23 DSCP 1-9, 33-2 DSCP input queue threshold map for QoS 33-15 DSCP output que ue thres hold map for QoS 33-17 DSCP-to-CoS ma p for QoS 33-62 DSCP-t o-DSC P-m utation map for Qo S 33-63 DSCP tra nsp aren cy 33-39 DTP 1-6 ...
Cisco Systems IE3010 - page 863

Inde x IN- 11 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 E editing featu res ena bling and disab ling 2-7 keystro kes us ed 2-8 wrapped l ines 2-9 ELIN l ocation 26-3 enab le pass word 9-4 enable secret password 9-4 enab lin g SNM P t rap s 7-13 encrypt ion, Ci pherSuite 9-52 encrypt ion f or pa ssword s 9-4 enviro nment va ria ...
Cisco Systems IE3010 - page 864

Index IN- 12 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 extend ed sys tem I D MSTP 18-17 STP 17-4, 17-14 Extensib le Authen ticat ion Protocol over LAN 10-1 F fa0 inter face 1-5 fallback br idging VLAN-brid ge STP 17-10 Fast Converge nce 20-3 FCS bi t error ra te ala rm config uring 7-10 defined 7-3 FCS error hysteresis thresh ...
Cisco Systems IE3010 - page 865

Inde x IN- 13 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 prep aring the server B -13 uploadin g B-14 image fi les deleting old i mage B- 30 dow nloa ding B-2 9 prep aring the server B-28 uploadin g B-30 G genera l quer y 20-5 Gene rating IGMP Re port s 20-3 get-bulk -requ est operati on 31-3 get-next -req uest op erati on 31-3, ...
Cisco Systems IE3010 - page 866

Index IN- 14 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 See RSTP IEEE 8 02.1x See port -based auth entication IEEE 8 02.3a d See E therCha nnel IEEE 802. 3x flow co ntrol 12-18 ifIndex v alues, SNMP 31-5 IFS 1-4 IGMP configur able leave timer describe d 23-5 enab lin g 23-11 flooded multicast tra ffic controllin g the length o ...
Cisco Systems IE3010 - page 867

Inde x IN- 15 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 interfac es auto-M DIX, c onfiguri ng 12-19 config urati on guideli nes duplex and spe ed 12-17 config uring proc edure 12-10 coun ters, cle aring 12-27 default confi guration 12-14 describe d 12-23 descript ive na me, addi ng 12-23 displaying inf ormati on abou t 12-26 f ...
Cisco Systems IE3010 - page 868

Index IN- 16 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 describe d 35-4 response time 35-4 sc hedu ling 35-5 SNMP support 35-2 supporte d metrics 35-2 threshold monitoring 35-6 UDP jitter operation 35-8 IP source gua rd and 802.1x 21-18 and DHCP sno oping 21-15 and Ethe rChan nels 21-18 and port se curit y 21-18 and pr ivate V ...
Cisco Systems IE3010 - page 869

Inde x IN- 17 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 See KDC L LACP See E therCha nnel Layer 2 fra mes, classi fica tion wit h CoS 33-2 Layer 2 interfac es, default co nfiguration 12-14 Layer 2 trac erou te and AR P 36-7 and CD P 36-7 broa dcast tra ffic 36-7 describe d 36-7 IP addresse s and sub nets 36-7 MAC addresses and ...
Cisco Systems IE3010 - page 870

Index IN- 18 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 MAB inactiv ity timer default setting 10-34 range 10-37 MAC/PHY c onfigur ation st atus TLV 26-2 MAC addr esses aging tim e 6-21 and VLAN association 6-20 building the address tab le 6-20 default confi guration 6-21 disabli ng learnin g on a VLAN 6-29 discoveri ng 6-30 di ...
Cisco Systems IE3010 - page 871

Inde x IN- 19 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 maximu m number of a llowed de vices, port-base d authenti cation 10-37 MDA config urati on guideli nes 10-12 to 10-13 describe d 1-7, 10-12 exceptions with authentica tion process 10-5 member ship mod e, VLAN por t 14-3 member swit ch automatic d iscovery 5-4 defined 5-1 ...
Cisco Systems IE3010 - page 872

Index IN- 20 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 MST region 18-15 neighbo r type 18-25 path cost 18-20 port priority 18-19 root switch 18-17 seco ndary r o ot s witch 18-18 switch p riority 18-21 CST defined 18-3 operati ons betwee n regions 18-3 default confi guration 18-14 defau lt option al feature config urat ion 19 ...
Cisco Systems IE3010 - page 873

Inde x IN- 21 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 multicas t VLAN 23-17 Multicast VLAN Regi stration See MVR multidomain authentica tion See MDA multiopera tions schedu ling, IP SL As 35-5 multiple au thenticatio n 10-13 multiple au thenticatio n mode config uring 10-43 MVR and address aliasing 23-20 and IGMP v3 23-20 co ...
Cisco Systems IE3010 - page 874

Index IN- 22 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 enab ling b roadca st messa ges 6-7 peer 6-6 server 6-6 default confi guration 6-4 displaying t he configur ation 6-11 overvi ew 6-2 restr icting access creatin g an access grou p 6-9 disabling NT P services pe r interfac e 6-10 source IP add ress, config uring 6-10 strat ...
Cisco Systems IE3010 - page 875

Inde x IN- 23 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 power ne gotiatio n exte nsions t o CDP 12-4 standards suppor ted 12-4 static mode 12-6 troublesh ooting 36-5 policed-DSCP map for QoS 33-61 policers config uring for eac h matched traff ic class 33-47 for mo re tha n one tr affic class 33-57 describe d 33-3 displaying 33 ...
Cisco Systems IE3010 - page 876

Index IN- 24 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 guideline s 10-36 initiation and message exchange 10-5 magic p acket 10-26 maximu m number of a llowed de vices per por t 10-37 method lists 10-40 multiple au thenticatio n 10-13 per-use r ACLs AAA aut h orization 10-40 config uration t asks 10-18 describe d 10-17 RADIUS ...
Cisco Systems IE3010 - page 877

Inde x IN- 25 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 and pr ivate VLANs 24-17 and QoS tru sted bound ary 33-37 config uring 24-12 default confi guration 24-10 describe d 24-7 displaying 24-18 enab lin g 24-17 on trunk por ts 24-13 sticky l earning 24-8 violatio ns 24-9 with ot her fe ature s 24-10 port-shut down respon se, ...
Cisco Systems IE3010 - page 878

Index IN- 26 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 basic mo del 33-3 classification class maps, de scribed 33-7 defined 33-3 DSCP trans par ency , de scri bed 33-39 flowch art 33-6 forwar ding tre atmen t 33-3 in fram es and pa ckets 33-2 IP ACLs, described 33-5, 33-7 MAC A CLs , descr ibed 33-5, 33-7 option s for IP tra ...
Cisco Systems IE3010 - page 879

Inde x IN- 27 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 limiting bandwidth on e gress interface 33-76 mappin g table s CoS-to-DSCP 33-59 displaying 33-77 DSCP-to-CoS 33-62 DSCP-t o-DSC P-mut ation 33-63 IP-pr ecedence-to -DSCP 33-60 policed-DSCP 33-61 types of 33-12 mar ked- dow n actio ns 33-49, 33-54 markin g, desc ribed 33- ...
Cisco Systems IE3010 - page 880

Index IN- 28 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 of inter faces 12-11 rapid co nverg ence 18-9 rapid per- VLAN spann ing-tr ee plus See rapid PVST + rapid PVST+ describe d 17-9 IEEE 802.1Q trunking inter operability 17-10 instances supported 17-9 Rapid Span ning Tree Proto col See RSTP rcomma nd comm and 5-13 RCP config ...
Cisco Systems IE3010 - page 881

Inde x IN- 29 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 default confi guration 29-3 displaying status 29-6 enab ling alarms and ev ents 29-3 groups suppor ted 29-2 overvi ew 29-1 statistics collec ting g roup Ethe rnet 29-5 collec ting g roup hi story 29-5 support fo r 1-10 root gu ard describe d 19-8 enab lin g 19-15 support ...
Cisco Systems IE3010 - page 882

Index IN- 30 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 config uring 8-2 Secure Copy Pr otocol Secure Digital fla sh memory card See SD f lash memory car d secu re HTTP client config uring 9-56 displaying 9-57 secure HTTP server config uring 9-55 displaying 9-57 secure MAC addresses deleting 24-15 maximu m number of 24-9 types ...
Cisco Systems IE3010 - page 883

Inde x IN- 31 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 in- band mana gemen t 1-5 in clusters 5-12 informs and tr ap keyw ord 31-11 describe d 31-5 differ ence s fro m tra ps 31-5 disabling 31-15 enab lin g 31-15 limiting access by T FTP servers 31-16 limiting system log messages to NMS 30-10 manage r function s 1-3, 31-3 mana ...
Cisco Systems IE3010 - page 884

Index IN- 32 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 config uring shaped weights on e gress queue s 33-73 shared weights on egress queues 33-74 shared weights on ingress queu es 33-67 describe d 33-14 shaped mode 33-14 shar ed mo de 33-14 support fo r 1-10 SSH config uring 9-47 crypto graph ic softwa re image 9-45 describe ...
Cisco Systems IE3010 - page 885

Inde x IN- 33 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 BPDU guard describe d 19-2 disabling 19-12 enab lin g 19-11 BPDU mes sage exchange 17-3 config urati on guideli nes 17-12, 19-10 config uring forwar d-dela y time 17-21 hello time 17-20 maximu m aging tim e 17-21 path cost 17-18 port priority 17-16 root switch 17-14 seco ...
Cisco Systems IE3010 - page 886

Index IN- 34 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 unexpec ted b ehavio r 17-14 shutdown Po rt Fast-enable d port 19-2 status, displaying 17-22 superior BPDU 17-3 timers, de scribed 17-20 UplinkFast describe d 19-3 enab lin g 19-13 VLAN-brid ge 17-10 stratum, NTP 6-2 success response, VMPS 14-24 summ er t ime 6-13 Sun Net ...
Cisco Systems IE3010 - page 887

Inde x IN- 35 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 accoun ting, de fined 9-11 authe nticat ion, de fined 9-11 author izatio n, define d 9-11 config uring accoun ting 9-17 authenti cation key 9-13 author izat ion 9-16 login a uthenticati on 9-14 default confi guration 9-13 displaying the c onfigur ation 9-18 identify ing t ...
Cisco Systems IE3010 - page 888

Index IN- 36 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 blocking floode d 24-7 frag mented 32-3 unfragm ented 32-3 traffic polic ing 1-10 traffic suppr ession 24-1 transmit hol d-co unt see STP transp arent mode, VTP 15-3 trap- door mech anism 3-2 traps configurin g MAC address notification 6-22, 6-24, 6-25 con figu rin g mana ...
Cisco Systems IE3010 - page 889

Inde x IN- 37 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 status, displaying 27- 6 support fo r 1-5 UDP jitter , configu ring 35-9 UDP jitter operation, IP SLA s 35-8 unautho rized port s with IEEE 802.1x 10-10 unicast MAC address filter ing 1-4 and add ing static addresses 6-28 and br oadcast MAC addres ses 6-27 and CPU packets ...
Cisco Systems IE3010 - page 890

Index IN- 38 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 VLAN Quer y Protocol See VQP VLANs adding 14-7 adding to VL AN datab ase 14-7 aging dyn amic ad dresse s 17-9 allowe d on trunk 14-18 and sp anning- tree in stance s 14-2, 14-6, 14-10 config urati on guidel ines, ex tend ed-r ange VLANs 14-10 config urati on guideli nes, ...
Cisco Systems IE3010 - page 891

Inde x IN- 39 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 VTP adding a cl ient to a d omain 15-15 advertisements 14-16, 15-3 and exte nded -rang e VLAN s 14-2, 15-1 and nor mal-rang e VLA Ns 14-2, 15-1 client mode, confi guring 15-11 configuratio n guideline s 15-8 requir ements 15-10 saving 15-8 config urati on requir ements 15 ...
Cisco Systems IE3010 - page 892

Index IN- 40 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 ...

Manufacturer Cisco Systems Category Switch

Documents that we receive from a manufacturer of a Cisco Systems IE3010 can be divided into several groups. They are, among others:
- Cisco Systems technical drawings
- IE3010 manuals
- Cisco Systems product data sheets
- information booklets
- or energy labels Cisco Systems IE3010
All of them are important, but the most important information from the point of view of use of the device are in the user manual Cisco Systems IE3010.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Cisco Systems IE3010, service manual, brief instructions and user manuals Cisco Systems IE3010. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Cisco Systems IE3010.

Similar manuals

Cisco Systems WS-X6066-SLB-APC

28 pages
Cisco Systems 4900 Series

142 pages
Cisco Systems 3560

36 pages
Cisco Systems ME 6500

14 pages

A complete manual for the device Cisco Systems IE3010, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Cisco Systems IE3010 by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Cisco Systems IE3010.

A complete Cisco Systems manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Cisco Systems IE3010 - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Cisco Systems IE3010, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Cisco Systems IE3010, that we can find in the current document
3. Tips how to use the basic functions of the device Cisco Systems IE3010 - which should help us in our first steps of using Cisco Systems IE3010
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Cisco Systems IE3010
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Cisco Systems IE3010 in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Cisco Systems IE3010?

Use the form below

If you did not solve your problem by using a manual Cisco Systems IE3010, ask a question using the form below. If a user had a similar problem with Cisco Systems IE3010 it is likely that he will want to share the way to solve it.

Manual Cisco Systems IE3010

Summary

Cisco Systems IE3010 - page 1

Cisco Systems IE3010 - page 2

Cisco Systems IE3010 - page 3

Cisco Systems IE3010 - page 4

Cisco Systems IE3010 - page 5

Cisco Systems IE3010 - page 6

Cisco Systems IE3010 - page 7

Cisco Systems IE3010 - page 8

Cisco Systems IE3010 - page 9

Cisco Systems IE3010 - page 10

Cisco Systems IE3010 - page 11

Cisco Systems IE3010 - page 12

Cisco Systems IE3010 - page 13

Cisco Systems IE3010 - page 14

Cisco Systems IE3010 - page 15

Cisco Systems IE3010 - page 16

Cisco Systems IE3010 - page 17

Cisco Systems IE3010 - page 18

Cisco Systems IE3010 - page 19

Cisco Systems IE3010 - page 20

Cisco Systems IE3010 - page 21

Cisco Systems IE3010 - page 22

Cisco Systems IE3010 - page 23

Cisco Systems IE3010 - page 24

Cisco Systems IE3010 - page 25

Cisco Systems IE3010 - page 26

Cisco Systems IE3010 - page 27

Cisco Systems IE3010 - page 28

Cisco Systems IE3010 - page 29

Cisco Systems IE3010 - page 30

Cisco Systems IE3010 - page 31

Cisco Systems IE3010 - page 32

Cisco Systems IE3010 - page 33

Cisco Systems IE3010 - page 34

Cisco Systems IE3010 - page 35

Cisco Systems IE3010 - page 36

Cisco Systems IE3010 - page 37

Cisco Systems IE3010 - page 38

Cisco Systems IE3010 - page 39

Cisco Systems IE3010 - page 40

Cisco Systems IE3010 - page 41

Cisco Systems IE3010 - page 42

Cisco Systems IE3010 - page 43

Cisco Systems IE3010 - page 44

Cisco Systems IE3010 - page 45

Cisco Systems IE3010 - page 46

Cisco Systems IE3010 - page 47

Cisco Systems IE3010 - page 48

Cisco Systems IE3010 - page 49

Cisco Systems IE3010 - page 50

Cisco Systems IE3010 - page 51

Cisco Systems IE3010 - page 52

Cisco Systems IE3010 - page 53

Cisco Systems IE3010 - page 54

Cisco Systems IE3010 - page 55

Cisco Systems IE3010 - page 56

Cisco Systems IE3010 - page 57

Cisco Systems IE3010 - page 58

Cisco Systems IE3010 - page 59

Cisco Systems IE3010 - page 60

Cisco Systems IE3010 - page 61

Cisco Systems IE3010 - page 62

Cisco Systems IE3010 - page 63

Cisco Systems IE3010 - page 64

Cisco Systems IE3010 - page 65

Cisco Systems IE3010 - page 66

Cisco Systems IE3010 - page 67

Cisco Systems IE3010 - page 68

Cisco Systems IE3010 - page 69

Cisco Systems IE3010 - page 70

Cisco Systems IE3010 - page 71

Cisco Systems IE3010 - page 72

Cisco Systems IE3010 - page 73

Cisco Systems IE3010 - page 74

Cisco Systems IE3010 - page 75

Cisco Systems IE3010 - page 76

Cisco Systems IE3010 - page 77

Cisco Systems IE3010 - page 78