Gebruiksaanwijzing /service van het product IE3010 van de fabrikant Cisco Systems
Ga naar pagina of 892
Americas Hea dquarters Cisc o Syst ems , Inc . 170 West Ta sman Driv e San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 527-0883 Cisco IE 30 1 0 Switc h So ftwa r e Configuration Guide Cisco IOS R elease 12.
THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI O N, AND RECOMME NDATIONS IN T HIS MANUAL ARE BELI EVED TO BE ACCURATE BUT ARE P RESENTED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED.
iii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CONTENTS Preface xxxii i Audienc e xxx iii Pur pose xx xiii Conv enti ons xxxiii Rela ted Publi cations xxxiv Obtain ing Documentat .
Cont ents iv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Disabl ing th e Command Hist ory Featur e 2-7 Using Edi ting Featu res 2-7 Enabli ng and Disablin g Editing Featu res 2-7 E.
Content s v Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Schedul ing a Reload of the Software I mage 3-2 1 Config uring a Schedu led Reloa d 3-21 Displa ying Scheduled Reload I nfor.
Cont ents vi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Other Considerati ons for Clu ster St andby Grou ps 5-9 Automa tic Recov ery of Cluste r Config uration 5-10 IP Ad dres ses.
Content s vii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Managing the MAC Addre ss Tabl e 6-1 9 Buildi ng the Address Table 6-20 MAC Addresse s and VLANs 6-20 Defaul t MAC Address.
Cont ents viii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 CHAPTER 8 Configur ing SDM Templat es 8-1 Underst anding the SDM Templa tes 8-1 Config uring the Swit ch SDM Templ ate 8-.
Content s ix Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring RADIUS 9-27 Defaul t RADIUS Configurati on 9-27 Identi fying t he RADIUS Serv er Host 9-28 Config uring RADIUS.
Cont ents x Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring a CA Trustpo int 9-54 Config uring the Secu re HTTP Server 9-55 Config uring the Secu re HTTP Client 9-56 Displ.
Content s xi Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 802.1x Authenti cation with Wake-o n-LAN 10-2 6 802.1x Authent icati on with MAC Authe nticati on Bypass 10-26 802.1x User Distr ibutio n 10-28 802.1x User Distr ibutio n Confi guration Gui deline s 10-28 Netw ork Adm issio n Co ntro l La yer 2 802 .
Cont ents xii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring 802.1 x User Dist ribution 10- 58 Config uring NAC Layer 2 802. 1x Validatio n 10-59 Config uring an Authent icator and a Suppl i cant Swi t ch with NEAT 10-60 Config uring NEAT with Auto Smartpo rts Macros 10-61 Config uring 802.
Content s xiii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Customi z ing the Au thentic ation Proxy Web Pag es 11-1 3 Specif ying a Redirect ion URL for Success ful Login 11-15 Con.
Cont ents xiv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Monitor ing and Mainta ining the In terfaces 12-26 Moni tori ng In terfa ce S tat us 12-26 Cleari ng and Resettin g Interf.
Content s xv Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Changin g the Pruning -Eligi ble List 14-19 Config uring the Nativ e VLAN for Untagge d Traffi c 14-19 Config uring Tr unk .
Cont ents xvi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Enabling VTP Pruni ng 15-14 Config uring VTP on a Per -Port Bas is 15-15 Adding a VT P Client Switch to a VTP Domai n 15-1.
Content s xvii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Spannin g-Tree Confi gurati on Guid elines 17-12 Changin g the Spanning -Tree Mo de.
Cont ents xviii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 MSTP Confi gurati on Guidelines 18-1 4 Specif ying the MST Region Co nfigura tion and Enabli ng MSTP 18-15 Config uring .
Content s xix Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CHAPTER 20 Configur ing Flex Links and the MAC Addre ss-Table Move Update Feat ure 20 -1 Underst anding Flex Lin ks and th.
Cont ents xx Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring IP Sour ce Guar d 21-17 Defaul t IP Sour ce Guar d Configurat ion 21-17 IP So urce Guar d C onfi gurat ion Gui.
Content s xxi Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring IGMP Snoop ing 23-6 Defaul t IGMP Snooping Co nfiguration 23-6 Enabli ng or Disab ling IGMP Sn ooping 23-7 Se.
Cont ents xxii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Config uring a Prote cted Port 24-6 Config uring Port Bloc king 24-6 Defaul t Port Bloc king Conf igurat ion 24-7 Blocki .
Content s xxiii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CHAPTER 27 Configur ing UDLD 27-1 Underst anding UDLD 27-1 Modes of Oper ation 27-1 Methods t o Detect Unidire ctional L.
Cont ents xxiv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Displa ying SPAN and RSPAN Stat us 28-2 2 CHAPTER 29 Configur ing RMON 29-1 Underst anding RMON 29-1 Config uring RMON 29.
Content s xxv Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring SNMP 31-6 Defau lt S NMP Conf igur atio n 31-6 SNMP Conf iguration Guidelines 31-6 Disabl ing th e SNMP Agent.
Cont ents xxvi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Applyi ng a MAC ACL to a Layer 2 Interface 32-26 Displ ayin g IPv4 ACL Con figur atio n 32 -28 CHAPTER 33 Configur ing Qo.
Content s xxvii Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Config uring the Tru st State on Ports within the QoS Domain 33-35 Config uring the CoS Va lue fo r an Inter f ace 33-3 .
Cont ents xxvii i Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 PAgP Int eraction wit h Other Fea t ures 34-5 Link Agg rega tion Cont rol Prot oco l 34-5 LACP Modes 34-6 LACP In tera.
Content s xxix Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 CHAPTER 36 Troubles hooting 36-1 Reco veri ng f rom a So ftwar e Fa ilur e 36-2 Recover ing from a Lost or Fo rgotten Pas.
Cont ents xxx Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 APPENDI X A Supported MIBs A-1 MIB List A-1 Using FTP to Acces s the MIB Fil es A-3 APPENDI X B Working with the Cisco IOS.
Content s xxxi Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Replac ing and R olling Back Conf igurat ions B-19 Underst anding Configu ration Replacemen t and Rollback B-19 Config ur.
Cont ents xxxii Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Inter face Comma nds C-4 Unsuppor ted Privile ged EXEC Co mmands C-4 Unsuppor ted Global Conf iguration Comman ds C-4 Un.
xxxii i Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Preface Audience This gui de is for the networkin g prof essiona l mana ging the IE 301 0 switc h.
xxxiv Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Preface • Brace s and ve rtical bar s within squar e brack ets ([{ | }]) mean a req uired choic e within an optional elemen t. Inter acti ve ex amples use these con ventions: • T erminal sessions and system displays are in screen font.
xxxv Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Pre face • For more information abo ut the Network Admi s sion Control (N A C) features, see the Network Admission Contr o l Softwa r e Configuration Guide • These c ompatibility matrix d ocuments ar e a vailable f r om this Cisco.
xxxvi Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Preface.
CH A P T E R 1-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 1 Overview This chapte r provide s these topics about the IE 3010 switch software: • Feat ures , page 1-1 • Defa ult .
1-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s Ease -of-Dep loyme nt and Eas e-of-Use Featur es • Expre ss Setup for qu ickly co nfiguring a sw i.
1-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features – (Fo r CGMP de vices) CGMP for limitin g multica st traf fic to sp ecif ied end stati o ns and red ucin.
1-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s • Cisco IO S Configuration Engine (previously k nown to as the Cisco IOS CNS agen t)-—C onfiguration service aut omat es the deploym ent and m anagem ent of netwo rk devices and services .
1-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features • In-band manage ment access for up to fiv e simult aneous, encr ypted Sec ure Sh ell (SSH ) conne ction.
1-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s – Root gua rd fo r preventing swit ches outsi de the n etwork c ore fro m becom ing the spa nning-.
1-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features • Local web authe ntic ation b anner so t hat a cu stom bann er or an i mage file can be displa yed at a.
1-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s – 802.1x w ith wake-on-LAN to a llow dormant PCs to be powered o n based on the rece ipt of a specif ic Ethernet frame – 802.1 x readiness ch eck to dete rmine t he readine ss of connec ted end host s before configuring IEEE 8 02.
1-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Features • Support for IP source guar d on static ho sts. • RADIUS Change of Aut horization (CoA) to ch ange th e att rib utes o f a ce rtain sessi o n aft er it is authenti cated.
1-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Feature s – T r affi c -poli cing poli cies on the switc h port for ma naging how much of the port bandwidt.
1-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Default Settings After Initial Switch Configuration • Digital optical monitoring (DOM) to chec k status of X2 sm.
1-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Default Set tings A fter Initial Sw itch Conf iguration – Auto-MDI X is enab led. F or more infor mation, se e Chap ter 12, “Configu ring Interfa ce Characte r istics.
1-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 Overview Network Configuration Examples • SP AN and RSP AN are disa bled. For mor e inform ation , see Chap ter 28, “C onfiguring SP AN and RSP AN. ” • RMON is di sabled.
1-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Ch apter 1 Ov erv iew Where to Go Nex t Bandwidt h alone is not the only c onsidera tion whe n designing you r network.
CH A P T E R 2-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisc o IOS comm and-li ne in terface ( CLI) and how to use it to configure your IE3010 s witch.U nless otherw ise no ted, the term switc h refer s to a standa lone switch and to a swit ch stack.
2-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding Com mand M odes Ta b l e 2-1 describ es the mai n comm and modes, how to access each o ne, the prompt you see in that mode, and how to exit the mode.
2-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Understa nding th e Help Syst em For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide fo r th is re lease .
2-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Underst anding A bbreviated Co mmand s Understandin g Abbreviated Commands Y o u ne ed to enter only enou gh ch aract ers for the sw itc h to re cogniz e the comma nd a s uni que.
2-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Unders tandin g CLI Err or Messages Understandin g CLI Error Messages Ta b l e 2-3 list s some e rror messages t hat y ou migh t enc ounter while using t he CLI to configure you r switch.
2-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Usin g Comma nd His tory Using Command History The software provides a histor y or rec ord of comma nds that you have enter ed.
2-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Features Disabling th e Command Histor y Featu re The comman d history featu re is automatica lly enabled. Y ou can disable it for th e current te r minal session or for the c omman d line.
2-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Using E diting Feature s Editing C ommands throu gh Keystrok es Ta b l e 2-5 sho ws the ke ystrok es that you need to edit co mmand lines.
2-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 Using the Comma nd-Line In terface Using Edit ing Features Editing C ommand Lines that Wrap Y o u can use a wrapa round feature for comma nds that extend beyond a si ngle line on the screen .
2-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 2 Usi ng th e Com ma nd-L ine I nter fac e Searching and Filterin g Output of show and more Commands Searching and Filtering Output of show and more Commands Y ou can search and f ilter the output for show and more command s.
CH A P T E R 3-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 3 Assigning the Switch IP Address and Default Gateway This chap ter describe s ho w to creat e the initial switch co nfig.
3-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Underst anding th e Boot Proce ss • Initial izes the compact flash file system on the syst em board. • Loads a default operating system soft ware i mage into m e mory and b oots up the switc h.
3-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Assigning Switch Inf ormation Y o u can assig n IP inform atio n through th e switch setu p progra m, throug h a DHCP server, or manually .
3-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion During DH CP-based a utoconfiguration , your switc h (DHCP cli ent) is auto matical ly configured at startup wi th IP addre ss informa tion an d a configurat ion file.
3-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information A DHCP client might recei ve off ers from multiple DHCP o r BOO TP servers and can ac cept any of the of fers; howe ver , the client usually accepts the f irst of fer it recei ves.
3-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion After you install the switch in your network, the au to-image update feature starts.
3-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information If you want the switch to rece iv e th.
3-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion Configuring the DNS The DH C P ser ver uses the D NS server to r esolve the TFTP serv er name t o an I P addr ess.
3-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information Obtaining Configurati on Files Dependi.
3-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion Figur e 3-3 DHCP -Based A utoconfigur ation Netw ork E xample Ta b l e 3-2 sho ws the conf igurati on of the reserv ed leases on the DHCP se rver .
3-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information ip host switchc 10.0.0.23 ip host switchd 10.0.0.24 DHCP Cli ent Conf iguration No conf iguration file is presen t o n Switch A through Switch D.
3-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion This e xample sho ws ho w to conf igu.
3-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Assigning Switch Information This example shows ho w to co nfigure.
3-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Informat ion This e xample uses a Layer 3 SVI inte.
3-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Chec king and Savin g the Runni ng Co nfig ura tion T o remo ve th e switch IP addr ess, use th e no ip address interface con figurat ion comma nd.
3-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration interface VLAN1 ip address 172.20.137.50 255.255.255.0 no ip directed-broadcast ! ip default-gateway 172.
3-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Default Boot Configuration Ta b l e 3-3 sho ws the def ault boot- up conf igurati on.
3-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration T o return to the default setting , use the no boot conf ig-f ile global configur ation comm and.
3-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Modifying the Startup Configuration Booting a Specific Software Image By default, the switch attempts to automatic ally boot up the system using information in the BOO T en vironment va riable.
3-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g the Startup Conf iguration En v ironme nt variables stor e two ki nds of data: • Data that controls code , which does not read the Cisco IOS conf iguratio n f ile.
3-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Default Gatewa y Schedul ing a Reload of the Sof tware Image Scheduling a Re load o.
3-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Reload of the Software Image Proceed with reload? [confirm] T o cance l a pre viously schedule d reload , use th e r eload cance l p rivileged EXEC comm and.
CH A P T E R 4-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 4 Configuring Cisco IOS Configuration Engine This c hapter d escrib es how to configu re the f eatur e on the I E 3010 sw itch. Note For complete conf iguration informa tion for the Cisco Conf iguration Engi n e, go to http://www .
4-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software Figur e 4-1 Configur ation.
4-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco Configuration Engine Software Event Servic e The Ci sco C onfiguration Engine uses t he Event Se rvice for re ceipt and g enerat ion of configurat ion e vents.
4-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Underst anding Cisco Configurat ion Engin e Software DeviceID Each co nfigured .
4-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Understanding Cisco IOS Agents Understandin g Cisco IOS Agents The CNS e vent agent fe ature allo ws the switch to publish and subs cribe to ev ents on the e vent b us and works with the Cisc o IOS agent.
4-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Incremental (Partial) Configur ation After t he ne twork i s runn ing, new serv ices c an b e adde d by usi ng the Cisco IOS a gent.
4-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Note For more informatio n about running the setup program and creating templ ates on the Config uration Engine , see the Cisc o Configuration En gine I nstallat ion and Setup Guide, 1.
4-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Beginn ing in pri vileged EXEC mode, follo w these.
4-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents Enabling th e Cisco IOS C NS Agent After enabling th e CNS e vent a gent, star t the Cisco I OS CNS age nt on the switch.
4-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Step 7 discover { c ontr oller contr ol ler-type .
4-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Configuring Cisco IOS Agents T o d isab le the C NS C isco IOS agent , use t he no cns conf ig initial { ip-address | hostname } gl obal configurati on c ommand.
4-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents This e xample sho ws ho w to conf igure a n initial c onfiguratio n on a remote swi tch when the switch IP address is kn own.
4-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configurat ion Engin e Displaying CNS Configuration Displaying CNS Configuration Ta b l e 4-2 Pr ivilege d EXEC sho w Commands Command Purpose show cns conf ig connections Displ ays the status of the C NS Cis co IOS a gent c onnect ions.
4-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 4 Configuring Cisco IOS Configuration Engine Displaying CNS Con figuration.
CH A P T E R 5-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 5 Clustering Switches This ch apter pr ov ides the concepts an d procedures to creat e and mana ge IE 3010 switch clus ters. Y ou can create and manage switch cluste rs by using the comma nd-line i nterface (CLI) , or SNMP .
5-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Underst anding Swit ch Clusters • Managemen t of switches re gardless of their inter connection me dia and their p hysical lo cations.
5-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Underst anding Sw itch Cl usters Cluster Command Switc h Characteristics A cluster co mmand switch must me et these req uirements : • It is running Cisco IOS Release 12.
5-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster Note Catalyst 1900, Catalyst 282 0, Catalyst 2900 XL, Catalyst 2950, and Ca.
5-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er • Discovery Through Different Mana gement V LANs, pa ge 5-7 • Discove.
5-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster Discovery Through Non-CDP-Capabl e and Noncluster-Capable Devices If a clus.
5-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er Figur e 5-3 Disco very Thr ough Diff er ent VLANs Discovery Through Diffe.
5-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster Figur e 5-4 Disco very Thr ough Diff er ent Management V LANs with a Layer .
5-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er Figur e 5-5 Disco very of New ly Installed Switc hes Virtual IP Addresses Y o u need t o assig n a uniqu e virtual IP add ress and gr oup num ber and na me to t he clu ster stand by group.
5-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster • All stan dby-group memb ers must be member s of the clus ter . Note There is no limit to t he numbe r of switc hes that yo u can a ssign as st andby cluste r comman d switches.
5-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Planni ng a Swi tch Clust er not forward cl uster-configu ration in forma tion to it. Th e active cluster c ommand swit ch only forwards clu ster-configurat ion infor mation to the standby cluste r comm and switc h.
5-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Planning a Sw itch Cluster If a sw itch r eceiv ed its hostnam e from the c luster comma nd swit ch, .
5-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 5 Clus tering Switche s Using the CLI to Manage Switch Clusters LRE P rofil es A configurati on confl ict occur s if a sw itch clust er has L ong-Reach E therne t (LRE ) switches t hat use bo th pri vate an d public pr ofile s.
5-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 5 Clustering Switches Using SNMP to Ma nage Sw itch Clusters Using SNMP to Manage Switc h Clusters When you first power on the sw itch, SN MP is en abled i f you e nter the IP infor matio n by using the setup program and accep t its p ropose d configura tion.
CH A P T E R 6-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 6 Administering the Switch This chap ter describes ho w to perform one -time operat io ns to admin ister the IE3010 switch.
6-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date The sy stem c lock can provide tim e to these s ervices: • .
6-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Figure 6-1 shows a typical netw o rk ex ample usin g NTP . Switch A is the NT P master, with Switches B, C, and D configured in NTP server mod e, in server associa tion with Switc h A.
6-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Configuring NTP The switc h does not have a hardware-sup ported clo ck and cann ot funct ion as an NT P master clo ck to which p eers syn c hronize themselves when an e xternal NT P source is n ot a vailab le.
6-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP Authentication This pr oced ure must be c.
6-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Configuring NTP Associations An NTP associat ion ca n be a pe.
6-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Configuring NTP Broadcast Service The co mmunic ations be.
6-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Beginning in privileged EXEC mode, follow these st eps to co .
6-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te Creating an Access Group and A ssigning a B asic IP A cce.
6-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date T o remo ve acc ess contr ol to the switch NTP s ervices, use the no ntp access-group { query-only | serve -only | serve | peer } global con figuration com mand.
6-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The specif ied interface i s used for the source address for all packets sent to a ll destinations.
6-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the Syste m Time and Date Beginning in privileged EXEC mo de, fol low these steps to set th e system cloc k: This example shows ho w to ma nually set the system cl ock to 1:32 p.
6-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Mana gi ng th e S ystem Tim e an d Da te The minutes-of fset variab le in the clock ti mezone glob al con figuration c ommand is available for those cases wh ere a local time zone is a per centage of an hour dif ferent from UTC .
6-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Configur ing a System Nam e and Prom pt Beginning in privileged EX EC mode, fol low these steps .
6-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Confi guring a S ystem Name and Prompt These sec tions co ntain this co nfiguration info rmat ion.
6-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Configur ing a System Nam e and Prom pt These sec tions co ntain this co nfiguration in format i.
6-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Creat ing a Bann er If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname that contai ns no periods (.
6-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Creating a Banner Configurin g a Mess age-of-the -Day Log in Bann er Y ou can create a single or mult iline message banner that appears on the screen when som eone logs in to the switch.
6-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Configurin g a Login B anner Y o u can configure a login banner t o be di splaye d on all connec ted t ermina ls. Thi s bann er ap pears a fter the M O T D bann er and befo re the logi n pro mpt.
6-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le These sec tions co ntain this co nfiguration in format ion: .
6-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e When pr iv ate VLAN s are co nfigured , ad dress le arnin g dep ends on the t ype of MAC addres s: • Dynami c MA C addresses lea r ned in one VLA N of a pri vate VLAN ar e replicate d in the associat ed VLANs .
6-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le Removi ng Dynami c Addres s Entries T o re move all dynami c entr ies, use t he c lea r ma c ad dress- tab le dyn ami c comman d in pr i vilege d EXEC mode.
6-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e T o disa ble M A C address -chan ge no tific ation traps, use the no s nmp-ser ver enable traps mac-notif ication change global configuration comma nd.
6-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le Configuring MAC Addre ss Move Notification Traps When you conf.
6-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Configuring MAC Thresh old Notif ication Traps When you con fig.
6-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le T o disable MA C address- threshold notif ication traps, use the no sn mp-se rver enab le trap s mac-not ification threshol d global configuratio n command .
6-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Beginning i n privileged EX EC mo de, follo w th ese steps to a.
6-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the MAC A ddress Tab le • If you add a uni cast MA C address as a static address a n.
6-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 6 Administer ing the Switch Managin g the MAC Ad dress Tabl e Foll ow these g uidelines whe n disabling MA C address lear ning on a VL AN: • Use ca ution bef ore di sabling MAC addres s lear ning on a VLA N wi th a configured swit ch vir tual interfac e (SVI).
6-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 6 Administering the Switch Managin g the ARP Table Displaying A ddress Table Entries Y o u can displ ay the MAC address tab.
CH A P T E R 7-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 7 Configuring the Switch Alarms This chap ter describe s ho w to con fig ure alarm s for the IE 3 010 swit ch.
7-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Underst andin g IE 3010 Switch Ala rms Global Status Monitoring Ala rms The switc h processe s alarms re lated t o temper ature a nd power supply cond itions, re ferred to as glob al or fa cility alar ms.
7-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Understanding IE 3010 Switch Alarms Alarm p rofiles pr ovide a mech anism for yo u to enabl e or di sable alar m co nditions for a por t and associ ate the alarm co nditions with o ne or both ala rm relays.
7-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Ex tern al Alarms • SNMP T raps SNMP is an appli cation-layer protoc ol that provid es a messa ge format fo r commun ication between manage rs an d ag ents.
7-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configurin g IE 3010 Externa l Alarms Beginning i n privileged E XEC mo de, follow these s teps to con figure alarm conta cts.
7-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms ALARM CONTACT 3 Status: not asserted Description: flo.
7-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configuring IE 3010 Switch Alarms Beginn ing in pri vileged EXEC mode, follo w these steps to.
7-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms Beginning in privileged EX EC mode, fol low these ste.
7-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configuring IE 3010 Switch Alarms Associating the Temperature Ala rms to a Relay By def ault, the primary tem perature alarm is as sociate d to the relay .
7-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms Configuring the FCS Bit Error Rate Alarm • Setting.
7-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Configuring IE 3010 Switch Alarms Use t he no alarm facility fcs-hyster esis command to set the FCS error hyster esis threshold to its default va lu e.
7-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Conf iguring I E 3010 Sw itch Ala rms This e xample creates or modif ies the alarm p rof ile fas tE for the F ast Ethernet port with link-do wn ( alar mL ist I D 3) alarm enabled.
7-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 7 Configuring the Switch Ala rms Displaying I E 3010 Sw itch Alarms Status This exampl e det ach es an al arm profile na med fastE from a por t.
7-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 7 C onfiguring the Switch Alarms Displa ying IE 30 10 Swit ch Alarms S tatus.
CH A P T E R 8-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 8 Configuring SDM Templates Understandin g the SDM Templates Y ou can use SDM templates to c onfi gure system resources in th e switch to optim ize support for specif ic featu res, de pending on h ow the switc h is used in the n etwork.
8-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 8 Configuring SDM T emplates Conf iguri ng t he Sw itch SDM Templa te Configuring the Switch SDM Template These sec tions co.
8-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 8 Conf iguring SDM Te mplates Config uring the Swit ch SDM Templat e Setting the SDM Template Beginn ing in pri vileged EXEC m.
8-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 8 Configuring SDM T emplates Display ing the SDM Templates Displaying the SDM Te mplates Use the show sdm pr efer pri vileged EXE C command with no parameters to di splay the a cti ve template.
CH A P T E R 9-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 9 Configuring Switch-Based Authentication This c hapter describe s ho w to conf igure switch-b ased authenti cation on th e IE 3010 switch.
9-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds T o p revent unauth orized access.
9-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Default Password and Priv ilege Level Configuration Ta b l e 9-1 shows the d efault passwor d and p rivilege lev e l configurati on.
9-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Protecting En able and E nable Se.
9-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s If bo th the e nable and enable secre t passw ords are de fin ed, user s must enter the enab le secr et passw ord.
9-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds T o r e-ena ble pa ssword rec overy , use the servic e passwo r d-r ecovery global configuration com mand .
9-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s Configuring Us ername and P assword Pairs Y o u can co nfigure usern ame and pa ssword pairs, wh ich are loc ally stor ed on the switc h.
9-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Configuring Multiple Privil ege Levels By default, the Cisco IO S software has two modes of passwor d security: use r EXEC and pr i v ileged EXEC.
9-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Prote cti ng Ac cess to Pri vile ged EXEC Comm and s When y ou set a command to a p ri vilege le vel, all co mmand s whose synta x is a s ubset of that co mmand are al so set to that le vel.
9-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Logging into and Exiting a Privilege Le.
9-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Figur e 9-1 T ypical T A CA CS+ Netw ork .
9-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ The T ACA CS+ pr otocol pr ovides a uth.
9-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Configuring TACACS+ This se ction describe s how to configur e your switch to su pport T ACA CS+.
9-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ Beginn ing in pr ivilege d EXEC m ode, .
9-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ authe nticate users; if that meth od fails t o respon d, the softwa re selec ts the next authe nticat ion me thod in the m ethod list.
9-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controlling Sw itch Acce ss with TACA CS+ T o dis abl e AAA, us e the no aaa new-model glo bal configurat ion c omma nd.
9-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Beginn ing in pri vileged EXEC mode, foll.
9-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if .
9-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS The RADIUS host is normally a multiuser system running RA DIUS server sof tware from Cisco (C isco Secure Ac cess Cont rol Server V e rsion 3.
9-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Figur e 9-2 T r ansitioning from RADIU S.
9-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS • CoA Request Comm ands, page 9-2 4 • .
9-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Ta b l e 9-2 shows the IE TF attrib u tes are supported for this feature. Ta b l e 9-3 sho ws the pos sible v alues for the Er ror -Cause attrib ute.
9-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Session Id entificatio n For disconnect a .
9-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS CoA Request Commands This section includ.
9-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning w ith Cisc o IOS Relea se 12.2( 52)SE, the swi tch su pports th e co mman ds shown in Ta b l e 9-4 .
9-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS CoA Disc onnect-Request This co mman d is a st andard Discon nect- Reque st.
9-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring RADIUS This se ction describe s how to c onfigure your switch to su pport R ADIUS.
9-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Identifying the RADIUS Serve r Host Swit.
9-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, follow these steps to con figure p er-server RADI US ser ver comm unicatio n.
9-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS This example shows ho w to con fi gure h.
9-31 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Step 3 a aa au thenticati on logi n { default | list-name } method1 [ m ethod2. .. ] Create a login authen tication method list.
9-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o dis abl e AAA, us e the no aaa new-model glo bal configurat ion c omma nd.
9-33 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginning i n privileged E XEC mo de, foll.
9-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS T o remov e the specif ied RADIUS server , use the no radius-serv er host ho stname | ip- addre ss glob al configurat ion comm and.
9-35 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Beginn ing in pri vileged E XEC mode, foll.
9-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Establishing a Session with a Router if .
9-37 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Pr ot ocol is a value of the Ci sco protoc ol attri bute for a parti cular type of aut horiza tion.
9-38 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch A ccess w ith RADIUS Note For a comp lete list of RADIUS attr.
9-39 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring CoA on the Sw itch Beginning i n privileged E XEC mo de, follow these s teps to con figure CoA on a switc h.
9-40 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch Acce ss wit h Kerberos Monitoring and Troubleshooting CoA Fun.
9-41 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos Understand ing Kerber os Kerberos is a secret-key network a uthenti cation pro tocol , which was dev elope d at the Massa chusett s Institut e of T e chno logy (MIT ).
9-42 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Controllin g Switch Acce ss wit h Kerberos Instan ce An auth orization le vel label f or K erberos principals. M o st K erberos princip als are of the form user@REALM (for ex ampl e, smith@EXAMPLE .
9-43 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos Kerberos Operation A Kerberos server ca n be a swit ch th at is configured as a netwo rk secur ity se rver and that can authe nticat e remote users by using the Kerberos pr otocol .
9-44 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Configur ing the Switc h for Lo cal Authe ntication a nd Authori zation Authenticating t o Network Services This sect ion describes the th ird layer o f security through which a remote user must pass.
9-45 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o dis abl e AAA, us e the no aaa new-model glo bal configurati on c ommand.
9-46 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf iguri ng t he Sw itch f or Se cure Sh ell For SSH configuration examples, se.
9-47 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell • The s witch sup port s the A dvanced En crypti on Stan dard ( AES) encr yption algori thm w ith a 128-bi t key , 192- bit key , or 2 56-bit key .
9-48 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf iguri ng t he Sw itch f or Se cure Sh ell 3. Generate an RSA key pair fo r the switch , which automatically enab les SSH. F ollow th is proced ure only if you are conf iguring th e switch as an SSH ser ver .
9-49 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o return to the def ault SSH control p a rameters, use th e no ip ssh { ti meout | aut hentica tion-r etries } global configurat ion comm and.
9-50 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP For more infor mation a.
9-51 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Understand ing Secure HT TP Servers a nd Clien ts On a sec ure HTTP c onnec tion, da ta to and f rom a n HTTP ser ver is en crypted before being sent over the Intern et.
9-52 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP If a self-signed c e rtif icate h as been g enerated, this information is included in the ou tput of the sho w running-conf ig pri vileged EXEC com mand.
9-53 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP The more secure and mo re compl ex CipherSuit es require slig htly more pro cessing time.
9-54 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP Configuring a CA Trustpoint For secur e HTT P con necti ons, w e rec ommen d tha t you configure an off i cial CA tru stpoi nt.
9-55 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Configuring the Switch for Secure Socket Layer HTTP Configuring the Secure HTTP .
9-56 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf igurin g the Sw itch for Sec ure Sock et Laye r HTTP Use th e no ip http server global configu ration c ommand to disabl e the standa rd HTT P server .
9-57 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 9 Configuring Sw itch-Ba sed Auth entication Config uring the Swit ch for Secu re Copy Pr otocol Use the no ip http client secure -trustpoint name to remove a clie n t trustpoint conf iguration.
9-58 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 9 Configuring Switch-Based Authentication Conf iguri ng t he Sw itch f or Se cure Co py Prot ocol Information Abo ut Secure Copy T o con figure the Secur e Copy feature , you should unde rstand these conc epts.
CH A P T E R 10-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 10 Configuring IEEE 802.1x Port-Based Auth entic ation IEEE 8 02.1x port-ba sed auth entic ation p revents unau thoriz ed d e vice s (cli ents) from gainin g acce ss to the netw ork.
10-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • 802.1x Accoun ting Attrib u te-V alue Pairs, page 10-15 • 802.
10-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion • Client —the device (workst ation) t hat req uests acce ss to the LAN and switc h servic es and respo nds to request s from the switch.
10-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.
10-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.
10-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Per-User ACLs and Filter-Ids In rel eases e arlie r than Cisco IO S Rel ease 1 2.
10-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion Authentication M anager CL I Commands The authenti cation-manager interf ace-conf iguration comman ds control all the auth entication methods, such as 802.
10-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Beginnin g with Cisco IOS Release 12.2(55)SE, you can f ilter o ut verbose syst em messages generated by th e authentication manager .
10-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.
10-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion • W e do not reco mmen d per-us er ACLs wit h an MD A-ena ble d port.
10-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.
10-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x R eadine ss Che ck The 802.1x readin ess check monitors 802.
10-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.
10-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation RADIUS su pport s per-user a ttributes, inc ludin g vendor-specific attri butes.
10-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion If no A CLs are down loaded dur ing 802.1x authen tication, th e switch applies the static d efault A CL on the port to the host.
10-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802.
10-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion of eac h host for a uthent icati on. The VL AN ID co nfigured on the conn ected port is us ed fo r MAC authenti cation.
10-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Guest VLAN s are support ed on 802.1x ports in singl e-host or mu ltiple-h osts mode.
10-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion Restricte d VLAN s are supporte d only on 802.1x ports in sing le-host mod e and on Layer 2 por ts.
10-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation Y ou can conf igure the cr itical port to reinitia lize hos ts and mo ve them o ut of th e critical VLAN when the RADIUS serv er is again a vailable .
10-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion A v o ice VLAN p ort becom es acti ve when th ere is a link , and the de vice MA C address appears after th e first CDP message from t he IP phone .
10-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • Port securi ty and a voice VLA N can be configur ed simult aneousl y on an 802.
10-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion a usernam e and password base d on the MA C address. If author ization succ eeds, t he switch gr ants the client acce ss to the netw ork.
10-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation 802.1x User Dis tribution Y o u can co nfigure 802.1x user distribution to load-ba lanc e users with the same group na me across multiple di ff erent VLAN s.
10-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion Network Admission Control Lay er 2 802.1x Va lidation The switc h supports t he Network Admi ssion Cont rol (NA C) Laye r 2 802.
10-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation • Multipl e-hosts mode with open authen tication–A ny host can acc ess the network.
10-31 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Underst anding I EEE 802.1x Port-Base d Authenticat ion • Host Author ization: Ensures that only traf fic from authorized hosts ( connecting to the switch wi th supplica nt) is a llowed on the network.
10-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Underst andin g IEEE 802. 1x Port-Ba sed Au thentic ation An IEEE 802.1x port in sing le-host mo de uses A CLs fro m the ACS to provide different levels of service to an IEEE 802.
10-33 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring 802.1x Authentication These sec tions co ntain this co nfiguration info rmat ion: • Default 802.
10-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Default 802.1x Authen tication Configuration Ta b l e 10-4 shows the default 8 02.
10-35 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion 802.1x Authentication Co nfigura tion Gu idelines These sec tion has configu ration gui delines fo r these featur es: • 802.
10-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion – Ether Channel port —Do not con figure a p ort t hat i s an active or a no t-yet -active membe r of an Ether Channel as an 802.
10-37 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion MAC Authentication Bypass • Unless ot herwise state d, the MA C authenti cation bypass gu ideline s are the same as the 802.
10-38 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-39 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginn ing in pri vileged EXEC mode, fo llo w these steps to enab le voice awar e 8 02.
10-40 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-41 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Step 7 Th e user disconne cts from the por t. Step 8 The switch sends a stop message to the accounting server .
10-42 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-43 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Y ou also need to config ure some settings on the RADI US server.
10-44 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o disa ble mul tiple ho sts on the port , use the no authe ntica tion host- mode or the no dot 1x host-mode multi-host interface con figurati on comm and.
10-45 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o d isable peri odic r e-authe nticat ion, use the no au thenti catio n period ic or the no dot1x reauthenti catio n inter face configura tion co mman d.
10-46 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Changing the Quiet P eriod When the swi tch cannot authentic ate the c lient, the swi tch remains idle for a set peri od of time and then tries agai n.
10-47 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o return to the defa ult retransmission time, use the no dot1x time out tx-p eriod in terface conf iguration comm and.
10-48 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-49 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginn ing in pri vileged EXEC mode, fo llo w these steps to globally en able MA C move on the switch.
10-50 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-51 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring a Guest VLAN When y ou conf igure a gues t VLAN, clients tha t are n ot 802.
10-52 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring a Restricted VLAN When yo u conf igure a restric ted VLAN on a switch, clien ts that ar e 802.
10-53 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Beginning i n privileged EXE C mode , foll ow these ste ps to c onfigure the maximu m num ber o f allowed authenti cation attempts.
10-54 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-55 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion T o return to the RADIUS serve.
10-56 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Switch(config-if)# dot1x critical recovery action reinitialize Switch(config-if)# dot1x critical vlan 20 Switch(config-if)# end Configuring 802.
10-57 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring MAC Au thentication Bypass Beginn ing in pri vileged EXEC mode, follo w these steps to enable MA C authentica tion by pass.
10-58 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-59 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring NAC Layer 2 802.1x Validation Y o u can co nfigure NA C Layer 2 802. 1x validatio n, which is also refe rred to as 802.
10-60 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-61 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This example shows how to conf.
10-62 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion Configuring Downloadable AC Ls The policie s take ef fect after cli ent authentication and the client IP addre ss addition to the I P de vice tracki ng table.
10-63 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion This e xample sho ws ho w to conf igure a switch for a do wnloadable pol icy: Switch# config terminal Enter configuration commands, one per line.
10-64 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802.
10-65 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Configur ing 802.1x Auth enticat ion Configuring Open1x Beginning i.
10-66 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Configur ing 802. 1x Auth enticat ion T o conf igure the por t as an 802 .1x port access en tity (P AE) authent icator , which enabl es 802 .
10-67 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 0 Configuring IEEE 80 2.1x Port-B ased Authe ntication Displaying 802.1x Statistics and Status Displaying 802.1x Statistics and Status T o display 802.1x statistics for all ports, use the show dot1x all stat istics pri v ile ged EXEC co mmand.
10-68 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 10 Conf iguring IEEE 802.1x Por t-Based Aut hentication Displ ayin g 802.
CH A P T E R 11-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 11 Configuring Web-Based Authentication This chapte r describe s ho w to conf igure web-ba sed authenticati on.
11-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Device Roles W ith web-based authentic a.
11-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion If the h ost IP is included i n the e xception list, the policy fr om the e xception list e n try is ap plied, an d the session is established.
11-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Figur e 1 1 -2 A uthentication Successfu l Banner Y ou can a lso cu stomi ze the bann er , as s ho wn in Figure 11-3 .
11-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Figur e 1 1 -4 Login Scr een With N o .
11-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication • If you configure web pages for H TTP.
11-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Underst anding Web- Based Auth enticat ion Web-base d Authen tication In teractio.
11-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Underst anding Web -Based A uthen tication Context-Based Access Control W eb- based.
11-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication Configuring Web -Based Authentication • .
11-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication • Hosts tha t are more t han one hop away might exper ience traffic disruption if a n STP to pology change r esults in the host tr af fic arri ving on a di fferen t port.
11-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication Authentication global absolute time is 0 .
11-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication T o conf igure the RADIUS serv er parameters , perform this task: When yo u conf igure the RADIUS ser ver paramete rs: • Specify the key string on a se parate comma nd lin e.
11-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication This exampl e shows ho w to configure the RA DIUS server paramete rs on a switch: Switch(config)# ip radius source-interface Vlan80 Switch(config)# radius-server host 172.
11-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication When conf iguring customize d authentica tion proxy web pages, follo w these guidelines: • T o enab le the custom web pages feat ure, specif y all four custom HTML f iles.
11-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Config uring Web-Based Auth entication Specifying a Redirection UR L for Success.
11-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Configur ing Web- Base d Authent ication This exam ple sh ows how to determ ine w hethe r any conn ected host s are in the A AA Down sta te: Switch# show ip admission cache Authentication Proxy Cache Client IP 209.
11-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 1 Configuring Web-Base d Authe nticati on Displaying Web-Based Authentication Status This exampl e shows ho w to configure.
11-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 11 Configuring Web-Based Authentication Display ing Web- Base d Authent ication Status.
CH A P T E R 12-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 12 Configuring Interface Cha r acteristics This ch apt er defines th e type s of int erfaces on the IE 301 0 switch and d escrib es how to co nfigure them .
12-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Port-Based VLANs A VLAN is a switched netwo rk that is logically segmente d by function, team, or application , without reg ard to the physical location of t he users.
12-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es T wo ty pes of ac cess por ts are sup ported : • Static access ports are manually a ssigned to a VLAN .
12-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes For Layer 3 inter faces, you ma nuall y create th e logical interfac e by using the interface port-channel global co nfigurati on comma nd.
12-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es mode. The powered device f irst boots up in low-power mode, con sumes less tha n 7 W , and negotiates to obtain en ough power to oper ate in high -power mode.
12-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes grants or de nies p ower .
12-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Unde rsta ndi ng In ter face Typ es For informat ion on c onfiguring a PoE p ort, see the “Conf iguring a Po wer Mana gement Mode on a PoE Port” sectio n on page 12 -20 .
12-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Underst anding In terface Ty pes Use the fir st or se cond method in the p revious.
12-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface Configu ration Mode Connecting Interfaces De vices within a singl e VLAN ca n communicate directly through an y switch.
12-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode Y o u can iden tify physi cal in terfaces by looki ng at the swit ch.
12-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface Configu ration Mode Beg i n ni n g i n pr ivi l eg ed E X EC mo.
12-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Using I nterface Configu ration Mode • All inte rfaces defined in a range must .
12-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Using Inte rface Configu ration Mode When usin g the def ine interfac e-range gl.
12-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Configuring Eth ernet Interfaces These sec tio.
12-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Setting th e Type of a Dual-P urpose Uplink Po rt Some sw itches su pport d ual-purpo se upl ink po rts.
12-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s T o return to the default setting , use the medi a-typ e au to interf ace or the no media-type interf ace configurati on c ommands.
12-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces These sec tions descr ibe how to configure the i.
12-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Use the no spee d and no duplex interfa ce configur ation comman ds to return the interface to the default speed and duple x settings (autoneg otiate).
12-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Note Ports on the switc h can recei v e, bu t not send, pause fra mes.
12-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Auto-MDIX is e n abled b y default. When you e n able auto-MDI X, you must also set the in terface sp eed and duplex to auto so that the f eatur e ope rates corr ectly .
12-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces Note Whe n you m ake PoE configurat ion ch anges , the port be ing configured d rops power .
12-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Ethern et Interface s Budgeti ng Power for Devi ces Co nnecte d to a.
12-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Configuring Ethernet Interfaces T o return to the default setting , use the no power inl ine consumption default global configura tion comm and.
12-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Configur ing Layer 3 Interfaces Use the no description i nter face configurat ion comm and to delete the de script ion.
12-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Confi guring t he System MTU Frames sizes tha t can be recei ved b y the switch CPU ar e limited to 1998 b ytes, no matte r what v alue w as entered wit h the syste m mtu or system mtu jum bo comma nds.
12-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es This exam ple sh ows the resp onse .
12-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 2 Configuring Interfac e Charact eristics Monitoring and Maintaining the Interfaces Clearing and Resetting In terfaces and Counters Ta b l e 12-5 lists the pri vilege d EXEC mode clear comman ds tha t you can us e to clear co unters and res et interf aces.
12-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 12 Configuring Interface Characteristics Monito ring and Mai ntainin g the Interfac es Use the no shutdown inter face configura tion comman d to rest art the interfa ce. T o verif y that an inte rface is disabled, e n ter the sho w interfaces pri vileged E XEC com mand.
CH A P T E R 13-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 13 Configuring Smartports Macros The I E 3010 swit ch com mand r eferen ce has co mmand synt ax and usag e info rmatio n.
13-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 13 C onfiguring Smart ports Macros Configuring Smartpor ts Macros Smartports Config uration Guidelin es • When a macro is applied g lobally to a switch or to a switch inte rface, a ll existing conf iguration on the interf ace is retain ed.
13-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 3 Configuring Smartpor ts Macros Configuring Smartports Macros Applying Smartports Ma cros Beginning i n privileged E XEC m.
13-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 13 C onfiguring Smart ports Macros Configuring Smartpor ts Macros Y o u can o nly delet e a global macro- appli ed configura tion on a sw itch by enteri ng the no vers ion of each comm and in the macro.
13-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 3 Configuring Smartpor ts Macros Displaying Smartports Macros Displaying Smartports Macros T o displa y the Smartpo rts macr os, use one o r more of the pri vileged EXE C command s in Ta b l e 13-2 .
13-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 13 C onfiguring Smart ports Macros Displaying Smartpor ts Macros.
CH A P T E R 14-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 14 Configuring VLANs This c hapter describ es how to c onfigure norm al- range VL ANs (V LAN IDs 1 t o 100 5) and extended -range V LANs (VLAN IDs 1006 to 4094) o n the I E 3010 switch .
14-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Underst anding VL ANs Figure 14-1 shows an example of VL ANs segment ed into logica lly defined networks. Figur e 14-1 VLANs as Logica lly Defined N etwor ks VLANs are of ten associated with IP subnetw orks.
14-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Unde rsta ndin g VLAN s VLAN Port M embership M odes Y o u configure a por t to belong t o a VLAN by assigning a membersh ip mode tha t speci fies the kind of traf fic th e port carries and the number of VLANs to whic h it can belong.
14-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Normal- Range VLA Ns Configuring Normal -Range VLANs Normal- range V LANs a re VL ANs with VLAN IDs 1 to 1005 .
14-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns These sec tions co ntain normal -ran ge VLAN configurat ion info r.
14-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Normal- Range VLA Ns the network, this c ould crea te a loop in the n ew VLAN that would not be broken, pa rticul arly if t here are se veral adj acent switches that a ll have run out of spanni ng-tree in stances.
14-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Creating or Modifyin g an Et hernet VLAN Each E therne t VLA N in the VLAN d ataba se has a uni que, 4- digit I D tha t ca n be a nu mber fr om 1 to 1001.
14-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Normal- Range VLA Ns T o return the VLAN name to the def ault setting s, use the no name , no mtu , o r no r emote-spa n command s.
14-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng Nor mal-R ang e VLA Ns Assigning S tatic-Ac cess Ports to a VLAN Y o u ca n assig n a s tatic-ac cess po rt to a VLAN witho ut having VTP globa lly p ropagat e VLAN conf iguration informatio n by disabling VT P (VTP transparent m o de).
14-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Extend ed-Range VLANs Configuring Ex tended-Range VLANs W i th VTP version 1 and versio n 2, whe n th e switc h is in V TP tran sparent mo de (VT P disabl ed), yo u can creat e extended-r ange VLANs (i n the rang e 1006 to 4094).
14-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Confi guring Extended- Range V LANs If the numb er o f VLA Ns on t he swi tch excee ds the max imum nu mber of sp anning- tree instan ces, we recommend that you configure the IEEE 802.
14-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing Extend ed-Range VLANs Beginn ing in pri vileged EXEC mode, fo llo w these steps to create an extended -range VLAN: T o delete an ex tended- r ange VLAN , use the no vlan vlan -id glob al configura tion co mman d.
14-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Displaying VL ANs Beginn ing in pri vileged EXEC mode, follo w these steps to release a VLAN ID that i.
14-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks For more details about the show comman d opti ons and expl anati ons of outp ut fields, se e the comma nd refere nce fo r th is rel ease.
14-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s Note Th e switc h does not suppo rt Laye r 3 tru nks.The switch d oes supp ort Laye r 2 trun ks and Layer 3 VLAN interf aces, which provide equ iv alent capabilitie s.
14-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Default Layer 2 Ethernet Inte rface VLAN Con figuratio n Ta b l e 14-5 shows the default L ayer 2 Et herne t inte rface V LAN configurati on.
14-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s • W e rec omme nd that you configure no more than 2 4 trun k ports in PV ST mode an d no mor e than 4 0 trunk p orts in M ST m ode.
14-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Switch(config-if)# end Defining the Allowed VLANs on a Trunk By default, a trunk port sends traf fic to and recei ves traf fic from all VL ANs.
14-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s T o return to the default allowed VLA N list of all V LANs, use the no switchport trunk allowed vlan interf ace config uration co mmand.
14-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Note Th e native VLAN can be assign ed any VLAN ID. For informa tion ab out IEEE 802.1Q con figuratio n issues , see the “IEE E 802.
14-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Config uri ng V LAN Trunk s Figure 14-2 shows two trunks conne cting suppo rted swi tches. In t his example, the switches ar e configured as f oll ows: • VLANs 8 thr ough 1 0 are assigne d a p ort pr iority of 16 on Trunk 1.
14-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configur ing VLAN Tr unks Load Sharing Using STP Path C ost Y o u can co nfigure paralle l trunks to .
14-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure the network s.
14-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS • “Troubleshoot ing Dynami c-Access Port VLAN Mem bership” secti on on page 14.
14-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS If the link goes down on a dy namic -access por t, the p ort r eturns to an is olated st ate and do es not be long to a VLAN.
14-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS Configuring the VMPS Client Y o u con figure dynami c VLAN s by using t he VM PS (ser ver). The switch c an be a VMPS c lient; it ca nnot be a VMPS server .
14-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS T o return an interf ace to its defaul t config uration, use the default interface interface-id interfa ce conf iguration command.
14-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS Changing the Retry Count Beginn ing in pri vileged EXEC mode, fo llo w these steps t.
14-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 4 Configuring VLANs Configuring VMPS Troublesho oting Dyna mic-Acce ss Port V LAN Memb ership The VMPS shuts down a dynamic -access port unde r these cond itions: • The VMPS is in secure mode, and it does not allo w the host to connect to the port.
14-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 14 Configuring VLANs Configuring VMPS Figur e 14-4 Dynamic Po rt VLAN Membership Con figur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.
CH A P T E R 15-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 15 Configuring VTP This chapt er desc ribes how to use the V LAN Trunking Pr otocol ( VTP) and th e VLAN data base fo r managing VLANs with t he IE 3010 switch .
15-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Underst anding VTP These sect ions co ntain this co nceptu al in forma tion: • The VTP Do main, pa ge .
15-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Understanding VTP VTP Mode s Y o u can co nfigure a supporte d switch to be in on e of the VTP mod es listed in Ta b l e 15 -1 .
15-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Underst anding VTP VTP adv ertiseme nts distrib ute this global d omain i nformation: • VTP domain na .
15-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Understanding VTP hexadecima l forma t in the run ning configura tion. Y ou must reen ter the passwo rd if you enter a takeover comm and i n the domai n. W hen y ou ent er the s ecr et ke yword, you can di rectly co nf igure the password secret key .
15-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Underst anding VTP Figur e 15-1 Flooding T raf fic without VTP Pr uning Figure 15-2 shows a switched ne twork with VTP pruni ng enabled.
15-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP VTP pruning is not designed to func tion in VTP transparent mode . If one or more switches in the netwo rk are in VTP transpar ent mode , you should do one of the se: • T urn off VTP prun ing in the en tire network .
15-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P VTP Configu ra tion Guidelines Y o u use t he vtp global con figuration c ommand to s.
15-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP If you a re adding a ne w switch to a n existi n g netw o rk with VTP capab ility , the ne w switch learns the domain name only after the appli cable password ha s been configured on it.
15-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P Configuration R equirements When you configure V TP , you must configure a trunk port so t hat t he swit ch can send a nd rece ive VTP adve r tisements to and from other switches in the domain.
15-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP Cautio n If all switches ar e operatin g in VTP client mode, do not con fig ure a VTP domain name. If you do, it is impossibl e to make ch anges to the VLA N configura tion o f that dom ain.
15-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P This e xample sho ws ho w to confi g ure the switch as a VT P server with the domain name eng_gr ou p and the password mypassword : Switch(config)# vtp domain eng_group Setting VTP domain name to eng_group.
15-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP Configuring a VTP Version 3 Primary Server Beginn ing in p ri vileged EXEC mode, fo llo .
15-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Conf iguri ng VT P Cautio n In VTP versio n 3, both the primary and seconda ry servers can e xist on an instance in the domain. For more information on VTP v ersion configur ation guideli n es, see the “VTP V ersion” se ction o n page 15-9 .
15-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 5 Configuring VTP Configuring VTP Configur ing VTP on a Per-P ort Basi s W i th VTP version 3, y ou can enabl e or disa ble VTP on a per-port ba sis. Y ou can e nable VTP on ly on ports t hat a re in trunk mode.
15-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 15 Configuring VTP Monito ring VTP After resetting the conf iguration re vision number , add the switch to the VTP domain.
CH A P T E R 16-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 16 Configuring Voic e VLAN This c hapter describe s how to c onfigure t he voice VL AN f eature o n th e IE 30 10 switc h. V o ice VL AN is referr ed to as a n auxil iary V LAN in so me Catalyst 6500 family switch do cumentation.
16-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 16 Configuring Voice V LAN Underst anding Voice VL AN Figure 16-1 shows one way to connect a Cisco 7960 IP Phon e.
16-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 6 Configuring Voice VLA N Configuring Voice VLAN Note Un tagged traffic from th e device a ttache d to t he Cisco I P Phone passes t hrou gh the phone unc hanged, regardless of the tr ust stat e of t he acce ss port on the phone.
16-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 16 Configuring Voice V LAN Configuring Voice VLAN • If the Cisc o IP Phone and a de v ice atta ched to the phone are in the same VLAN , the y must be in the same IP subnet .
16-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 6 Configuring Voice VLA N Configuring Voice VLAN Configuring Cisco IP Phone V oice Traffic Y o u can c onfigure a po rt conn ecte d to th e Cisco IP Phon e to se nd CDP pa ckets to t he phon e t o configure the wa y in which the ph one send s voice tr af fic.
16-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 16 Configuring Voice V LAN Displa ying Vo ice VLAN T o return the port to its defa u lt setting, use the no s witchport v oice vlan interfa ce configurat io n comm and.
CH A P T E R 17-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 17 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protoc ol (STP) on port-ba sed VLANs on the IE 3010 switc h. The swit ch can use eithe r the per-VLAN spannin g-tree plus (PV ST+) prot ocol base d on the IE EE 802.
17-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures • Spanning- T ree Interop erability and Backw a rd Compatibi lity , page 17- 10 • STP and IEEE 802.
17-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures Spannin g-Tr ee Topology an d BPDUs The stable, ac tiv e spanning.
17-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures Bridge ID, Switch Priority , an d Extended Syste m ID The IE EE 80 2.
17-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures An interfac e mov es through these state s : • From initiali za.
17-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures there is only one sw itch in the netwo rk, no exch ange occurs, the forwar d-delay timer expi res, and the interf ace mov e s to th e listening state.
17-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures Disabled State A Laye r 2 int erface in th e disab led state do es not parti cipa te in frame forwar ding or in the span ning tree.
17-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures Spanning Tree and Redun dant Conn ectiv ity Y o u can create a .
17-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Unders tanding Spanni ng-Tree Fe atures Becau se each V LAN is a sepa rate spanning -tree instance , the switch acce lerates aging o n a per -VLAN basis .
17-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Underst anding Spa nning- Tree Fea tures Spanning-Tree Interoperability and Backward Compatibility Ta b l e 17-2 lists the interope rability and c ompatibility among the s upported s panning-tree mo des in a network.
17-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Configuring Sp anning-Tree Features These sec tions co ntain this .
17-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Spannin g-Tr ee Conf iguration Guideli nes If more VLAN s are def ined in the VTP than the re are spanni ng-t ree instanc es, you can enable PVST+ or rapid PVST+ on only 128 VLAN s on the switch .
17-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Changing the Spa nning-Tree M ode. The sw itch s upports th ree spanning -tree mo des: PV ST+, rapi d PVST+, or MS TP .
17-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Disabling Sp anning Tree Spanning tree is enab led by defau lt on.
17-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Note Th e ro ot swit ch fo r eac h span ning -tree instan ce shou ld be a ba ckbone or di stribution switch . Do not conf igure an acc ess switch as the span ning-tre e primar y root.
17-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Configur ing a Second ary Roo t Switch When you con figure a switch as the secondary root, the switc h priori ty is modified from t he default value (32768 ) to 28672.
17-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure the port priority of an interf a ce. This proc edure is option al.
17-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring Path Cost The spanni ng-tr ee path c ost defau lt value is derived from the med ia speed of an interfac e.
17-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures T o return to the default setting , use the no spanning-tree [ vlan vlan-id ] co st in terface co nfiguration comman d.
17-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Configur ing Spannin g-Tree Feat ures Configuring S pannin g-Tree Timers Ta b l e 17-4 des cribes the tim ers that affect the entire spanning-tree perfor mance.
17-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 7 Configuring STP Confi guring Spanni ng-Tree Fe atures Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for a VLAN.
17-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 17 Configuring STP Displaying the Spannin g-Tree Stat us Configuring the Transmit Hold -Count Y o u can co nfigure the BPDU burst size by changing th e transm it hold coun t value.
CH A P T E R 18-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 18 Configuring MSTP This chapte r describes ho w to configur e the Cisco impleme ntation of the IEEE 802.1s Multi ple STP (MSTP) on the IE 3010 switch. Note The multiple spanning-tree (MST) implementation is based on the IEEE 802.
18-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding MST P Understandin g MSTP MSTP , which uses RSTP for ra pid con vergence, enab les VLA N.
18-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Unde rsta ndi ng M STP The IST i s th e onl y sp ann ing- tree ins tan ce th at s ends and rec eives BPDU s. A ll o f th e ot her spann ing-t ree inst ance informat ion is contain ed in M-re cords, which are encapsula ted within MSTP BPDUs.
18-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding MST P The IST conne cts all the MSTP switches in the reg ion and appears as a subtree in the CIST that encom passes the e ntire swit ched d omain.
18-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Unde rsta ndi ng M STP IEEE 802.1s Terminology Some MS T naming con venti ons used in Cisco ’ s presta ndard implem entation hav e been change d to identify so me internal or r e gi onal parameters.
18-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding MST P Bounda ry Ports In the Cisco pr estanda rd impl emen tation, a boundary po rt con .
18-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Unde rsta ndi ng M STP • The bou ndary port is not the r oot por t of t he CIST r egional root— The MST I port s foll ow the state and role of the CIST port.
18-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding RSTP Figure 18-3 illustrates a u nidirection al link f ailure th at typically creates a b ridging l oop. Switch A is the root switch, and its BPDUs are lost on the link leading to switch B.
18-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Understa nding RST P Port Roles and the Active Topology The RST P provide s rapi d conv e rgence of the s panning tree by assigning port role s and by l earning the acti ve topology .
18-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding RSTP • Root po rts—If the R STP sel ects a new root port, it b locks t he old roo t port and i mmedi ately transit ions the new root port t o the forwar ding sta te.
18-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Understa nding RST P Synchronizatio n of Port R oles When th e switc h receives a proposal me ssage on .
18-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Underst anding RSTP Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IE EE 802 .1D BP DU fo rmat except that the p roto col vers ion is set to 2.
18-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Processing I nferior BPD U Informatio n If a d esignat ed por t rec eiv es .
18-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es • Configuring a Secondar y Root Switch, page 18- 18 (optional) • Conf .
18-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res • The switc h support s up to 65 MST in stance s. The num ber of VLA Ns that can be mapp ed to a part icu lar MST i nsta nce is un lim ite d.
18-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es T o r eturn to th e defaul t MST region c onfiguratio n, u se the no spanning-tree mst conf iguration global conf iguration command.
18-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res 0 1-9,21-4094 1 10-20 ------------------------------- Switch(config-mst)# exit Switch(config)# Configuring th e Root Switch The swi tch mainta ins a spannin g-tree in stance fo r the group of VL ANs mapped to it.
18-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure a switch as the root switch. This procedur e is optional.
18-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Beginning i n privileged EX EC mo de, fol low these s teps t o configure a swit ch as the se condary root switch. Th is procedure is option al.
18-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Note Th e show sp anning-t ree mst inte rface interface-id privileged EXEC comma nd displa ys informa tion only if the port is in a link- up opera tive state.
18-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Note Th e show sp anning-t ree mst inte rface interface-id privileged EXEC comma nd displa ys informa tion only for por ts that are in a link-up ope rative state.
18-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Beginning in privileged EXEC mod e, fo llow these steps to con figure the switc h priori ty .
18-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Configuring th e Forwarding-Dela y Time Beginning i n privileged E XEC mode, follow these ste ps to c onfigure t he forwarding -del ay ti me for all MST inst ance s.
18-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Configur ing MSTP Featur es Configuring the Maxi mum-Hop Count Beginning i n privileged E XEC mo de, follow these steps to con figure th e ma ximum- hop c ount fo r all MST inst ance s.
18-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 8 Configuring MSTP Confi guring MSTP Featu res Designatin g the Neighb or Type A top ology co uld co ntain both pres tandar d and IEEE 802.
18-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 18 Configuring MSTP Displaying the MST Configu ration and Stat us Displaying the MST Configuration and Status T o displa y.
CH A P T E R 19-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 19 Configuring Optional Spannin g-Tree Features This ch apter d escrib es how to configur e optio nal spa nning-t ree fe atures on the IE 3010 sw itch.
19-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Understand ing Port.
19-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanning- Tree Features At the interf ace lev el, .
19-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Figur e 19-2 Switch.
19-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanning- Tree Features Figur e 19-3 UplinkF ast E.
19-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures The swit ch tries to f ind if it has an alternat e path to t he root switch.
19-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Unders tandin g Optional Spanning- Tree Features Figur e 19-6 Backbon eF as.
19-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Underst anding O ptional Sp anning-Tre e Feat ures Unders tanding Ro ot Guard The Laye r 2 network of a service provide r (SP) can in clude ma ny connectio ns to swit ches that ar e not owned by the SP .
19-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Understand ing Loop Guard Y .
19-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Optional Spa nning-Tre.
19-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Note Y ou can use the spanning-tree portf ast default gl obal con figuratio n comma nd to glob ally en able the Port Fast featur e on all nont runking por ts.
19-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features T o disab le BPDU gu ard, use the no spanning-tre e portfast bpduguard default global configurati on comm and.
19-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Enabling Up linkFast for Us e with R edundan t Link s UplinkFas t can not be enab led on VLAN s that have been configured with a swi tch p riority .
19-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Configur ing Opti onal Spanni ng-Tree Features Y o u can co nfigure t.
19-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 1 9 Configuring Op tional Spa nning-Tree Features Confi guring Opt ional Spanning- Tree Features Enabling R oot Guard Root gu ard e nable d on an int erface applie s to all th e VLA Ns to whi ch th e int erface belongs .
19-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 19 Configu ring Optiona l Spann ing-Tr ee Featu res Displaying the Spannin g-Tree Stat us T o g loball y dis able lo op guard , use the no spanning-tree loopguard default global c onfiguratio n command.
CH A P T E R 20-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 20 Configuring Flex Link s and the MAC Address-Table Move Update Feature This chapte r describes ho w to conf igure Flex Links, a pa ir of interfa ces o n the IE 3010 switch that provide a mu tual bac kup.
20-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Underst andin g Flex Links and the M AC Addres .
20-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A d.
20-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Underst andin g Flex Links and the M AC Addres .
20-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Unde rsta ndin g Fle x L inks and the M AC A ddre ss-T able Mov e Up date 1 228.1.5.1 igmp v2 Fa0/1, Fa0/2, Fa0/3 1 228.
20-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Underst andin g Flex Links and the M AC Addres s-Tabl e Mov e Update because the FastEtherne t0/2 is bloc ked.
20-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-T.
20-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss-Tabl e Move U pdate The pree mptio n dela y is 35 seconds.
20-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-T.
20-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss.
20-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-.
20-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Configur ing Flex L inks and th e MAC Addre ss.
20-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 0 Configuring Fl ex Links an d the MAC A ddress-Ta ble Mo ve Update Featu re Configur ing Flex Links and th e MAC Address-.
20-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 20 Configurin g Flex Links and the MAC Addr ess-Table Move Updat e Feature Monito ring Flex L inks and t he MAC Addr ess-.
CH A P T E R 21-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 21 Configuring DHCP Features and IP Source Guard Features This c hapter d escribes how to configure D HCP s nooping and o ption-82 data insertion, and t he DHC P server port- based a ddress a llocat ion fe atures o n the IE 30 10 switc h.
21-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding DHCP Sn ooping • DHCP Sno oping, page 21-2 .
21-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping When a s witc h re ceives a pa cket.
21-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding DHCP Sn ooping Option-82 Data Insertion In re.
21-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping • The DH CP ser ver recei ves the pa cket.
21-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding DHCP Sn ooping Figur e 21 -2 Suboption P ac k.
21-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Understanding DHCP Snooping Figur e 21 -3 User -Configur ed Sub.
21-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng When re loading, the switch read s the b inding file to build the DH CP snoop ing bi nding da taba se.
21-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn ooping • Ena bling the Cisc o IOS DH CP .
21-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng • Before co nfiguring the DHCP sn ooping inf ormatio n optio n on your switch, be sure to configure t he de vice that is actin g as the DHCP server .
21-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn ooping Configuring the DHCP Relay Agent B.
21-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng T o remo ve th e DHCP p acket for ward ing ad dress, use the no ip h elper -address addr ess inte rface configurati on c ommand.
21-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guring DHCP Sn ooping T o disab le DHCP snoopi ng, use the no ip dhcp snooping gl obal con figurati on comm and.
21-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Snoopi ng This exampl e shows ho w to ena.
21-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Displaying DHCP Snooping Information T o s top u sing the da tabas e ag ent a nd bindi ng files, u se the no ip dhcp snooping database glob al configurati on c ommand.
21-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Underst anding IP So urce Gu ard Note Th e port ACL takes prece denc e ove r any router A C Ls or VL AN maps that affect the same interfa ce.
21-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard traff ic on nonrou ted Layer 2 interfaces. It filters traff ic based o n the DHCP snoopi ng bindi ng database and on manua lly con figured IP source bi ndings.
21-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard Static IP source binding can only be configured on switch port.
21-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard T o disable I P source guard wi th source I P address f iltering, use the no ip verify source interface configurati on c ommand.
21-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard This e xample shows how to st op IPSG with static hosts on an interface.
21-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard This exam ple sh ows how to enable IPSG w ith sta tic host s on a po rt.
21-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard This example shows how to e.
21-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard 200.1.1.2 0001.0600.0000 9 GigabitEthernet0/2 ACTIVE 200.1.1.2 0001.0600.0000 8 GigabitEthernet0/1 INACTIVE 200.
21-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Conf igurin g IP Sour ce Gu ard Configuring IP Source Guard.
21-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Confi guri ng IP S our ce G uard This example shows ho w to en.
21-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Display ing IP Source G uard Info rmation Displaying IP So .
21-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Config uring DHCP Server Port-Based Addr ess Allocat ion Default Port-Based Addres s Allocation Configuration By def ault, DHCP ser ver port-based address allo cation is d isabled.
21-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Configur ing DHCP Server Port-Base d Address Allocatio n not offered t o the client, and other clients are not ser ved by the p ool.
21-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 1 Configuring DH CP Features and IP Sou rce Guard Fe atures Displa ying DHCP Ser ver Po rt-Based Address Allo cation ip dhcp subscriber-id interface-name ip dhcp excluded-address 10.
21-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 21 Config uring DHCP Featur es and IP So urce Guard Featu res Display ing DHCP Server Port-Base d Address Allocatio n.
CH A P T E R 22-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 22 Configuring Dynamic ARP Insp ection Note Th is chapte r describe s how to configure dynam ic Address R esolutio n Protoco l inspect ion (dyn amic ARP inspect ion) on the IE 3010 switc h.
22-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Underst anding D ynamic ARP I nspection Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet.
22-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Understa nding Dynami c ARP Inspection Interface Trust State s and Netw ork Security Dynamic AR P inspection associat es a trust state with each inter face o n the switch.
22-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Underst anding D ynamic ARP I nspection running dynamic ARP inspection from swi tches not runni ng dyna mic ARP inspecti on swit ches.
22-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Configuring Dynamic ARP Inspe c tion These sec t.
22-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection • Dynamic ARP inspectio n is not effective for host s co nnected to s witche s that d o not suppo rt dynami c ARP i nspec tion or that do n ot have this f eature enabl ed.
22-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Configuring Dy namic ARP Insp ection in DHCP Environments This pro cedure shows how to configure dynamic ARP insp ecti on when two switches supp ort th is feat ure.
22-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o disa ble dyna mic ARP insp ecti on, use the no ip arp inspec t ion vlan vlan-range g lobal c onfigurati on command.
22-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection Step 3 permit ip host sender-ip mac host sender-mac [ log ] Permit A RP pac kets from the sp ecified hos t (Host 2).
22-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection T o remov e the ARP A CL, use the no ar p access-list global c onfiguration c ommand.
22-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection T o return to the default ra te-limit conf iguratio n, use the no ip a rp inspect ion limit interface configurati on c ommand.
22-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Configur ing Dynam ic ARP Insp ection Be ginning in pri vileged EXE C mode, fo llo w these steps to pe rform specif ic checks on in coming ARP packet s.
22-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Configuring Dynamic ARP Inspection If the log b uffer o ver flow s, it means that a log ev ent does not fit int o the log buf fer , and the display for the show ip arp inspection l og privileged EXEC comma nd is affected.
22-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Display ing Dyna mic ARP Insp ectio n Informat ion T o return to the defau lt log buf fer settings, use the no ip ar p inspection log-b uffer { entries | logs } global configurati on com mand.
22-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 2 Configuring Dy namic ARP In spectio n Displaying Dynamic ARP Inspection Information T o clear or display dynamic ARP ins.
22-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 22 Config uring Dynamic AR P Inspec tion Display ing Dyna mic ARP Insp ectio n Informat ion.
CH A P T E R 23-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 23 Configuring IGMP Sno oping and MVR This cha pter descr ibes how to configure Int ernet Group Ma nageme nt Proto col (IGMP) snooping on the IE 3010 switch, inc luding an appl ication of loca l IGMP snooping, Mult icast VLAN Re gistration (MVR).
23-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping the switc h adds the host port numb er to the forwar ding table entry; when it rece i ves an IGMP Lea ve Group message from a host, it remo ves the host port from the table entr y .
23-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping An IGMPv 3 switc h suppo rts Basic IGMPv 3 Snoopin g Support (BISS), which includes support for t he snooping feat ures on IGMPv 1 an d IGMPv 2 switc hes a nd for IGMPv 3 membe rship r eport message s.
23-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Underst anding IG MP Snoo ping Router A sends a genera l quer y to th e switch , which forwar ds the qu ery to ports 2 t hroug h 5, whi ch are all members of the same VLAN.
23-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Leaving a Multicast Group The router sends periodic multicast general querie s, and the switch forw ards these queries throug h all ports in the VLAN.
23-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping The swi tch uses IGMP report suppression to forwar d only one IGMP report pe r multicast r outer q uery to multicast de vices.
23-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Enabling or Dis abling IGMP Sn ooping By default, IGM P snoopin g is global ly enab led on the swi tch. When gl oball y enab led or disable d, it is also enabled or disa bled in all existin g VLAN interf aces.
23-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Setting th e Snoo ping M ethod Multic ast-c apable route r ports are added to th e for warding table f or every Layer 2 multicast entry .
23-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring a Multi cast Router Port T o add a mult icast router port (a dd a static connection to a multicast rout er), use th e ip igmp snooping vlan mrouter global c onfiguratio n comma nd on t he swit ch.
23-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring a Host Sta tically to Join a Group Hosts or La yer 2 port s normal ly join m ulticast groups dyna micall y , but you can also sta tically configure a host on an in terface .
23-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping T o disabl e IGMP Imm ediate Lea ve on a VLA N, use the no ip igmp snooping vlan vlan- id immediate-lea ve glo bal c onfiguration comma nd.
23-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configur ing TCN-Related Com mands These sec tions de scrib.
23-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Beginn ing in pri vileged EXEC mode, follo w these steps t.
23-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf ig ure the VLAN in glob al conf ig uration mode .
23-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information This exam ple sh ows how to set th e IGM P snoop ing q uerier s ource add ress to 10.0.0. 64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.
23-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Displaying IGMP Snooping Information T o d isplay IGMP snoopi ng info rmat ion, u se on e or more of th e privilege d EXEC comm ands in Ta b l e 23-4 .
23-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Understanding Multicast VLAN Registration Understandin g Multicast VLAN Registrati o.
23-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Underst anding Mu lticas t VLAN Regi stratio n Figur e 23-3 Multicast VLAN Registr at.
23-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring MVR These messa ges dynamic ally re g ister f or streams of multicast traf fic in the m ulticast VL AN on the Layer 3 device.
23-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Conf iguri ng MV R • Because MVR on the switch uses IP multicast ad dresses instead of MA C multicast addresses, aliased IP multicast addresses are allo wed on the switch.
23-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring MVR T o return the switc h to its defa ult settin gs, use the no mvr [ mode | group ip-ad dress | querytime | vl an ] global configurat ion comm ands.
23-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Conf iguri ng MV R T o return the interfa ce to its defau lt settings, use the no mvr [ type | immediate | vlan vlan-id | gr oup ] interf ace config uration co mmands.
23-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Displaying MVR Information Displaying MVR Information Y ou can display MVR information for th e switch or for a sp ecif ied inter face.
23-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng IGMP f iltering is applicab le only to the dynamic lea rning of IP multicast group add resses, not static configurat ion.
23-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling • permit : Spec ifie s that matching addr esses are p ermitted. • rang e : Specif ies a range of IP add r esse s for the pr of ile.
23-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Con figur ing IGM P Fil te ring and Thro ttli ng Applying IGMP Profil es T o c ontrol.
23-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 3 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling T o remov e the max imum group li mitation and ret urn to the def ault of no maximum, use th e no ip igmp max-groups interf ace con fig uration comm and.
23-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 23 Configuring IGMP Snooping and MVR Displaying IGMP Filterin g and Thro ttling Configu ration Beginn ing in pri vileged E.
CH A P T E R 24-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 24 Configuring Port-Base d Traffic Control This chap ter describe s ho w to conf igure the por t-based traf fic co ntrol fe atures on the IE 301 0 switch.
24-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Storm Control Storm cont rol use s one of th ese m ethods to measu re.
24-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Configuring Storm Control The com binat ion of th e storm-c ontrol suppressi on level and the 1-se cond ti me inter val controls t he way the storm control a lgorith m works.
24-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Storm Control Step 3 storm- contr ol { broadcast | multicast | unicast } level { leve l [ leve l- low ] | bps bps [ bps- low ] | pps pps [ pps-l ow ]} Configure b roadcast, multic ast, or unicast stor m control.
24-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Configuring Protected Ports T o disabl e stor m contro l, use the no storm-contro l { broadcast | multicast | unicast } level interface configurati on c ommand.
24-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configur ing Port Block ing Do not co nf igure a pri vate-V LAN port as a protec ted por t. Do not co nfi gure a protecte d port as a priv at e-VLA N po rt.
24-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Default Port Blocki ng Configuration The default is to not b lock flooding o f unknown multicast and u nicast traff ic out o f a port, but to flood these pac kets to a ll ports.
24-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security If a por t is conf igured as a secu re port and the max.
24-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity The stick y secure MA C addre sses do not automatically become part of the co nfig uration file , which is the startu p config uration used eac h time t h e swit ch restarts.
24-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Default Port Security Configuration Ta b l e 24-2 shows the def a ult port security con figurat io n for an interfac e .
24-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity • When y ou enab le port secu rity on an i nterfac e that i s also conf igured with a voice V LAN, se t the maxim um allowed secur e addresse s on the por t to two.
24-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Enabling a nd Con figuring Port S ecurity Beginn ing i.
24-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity Step 7 s wit chpor t port -sec urity [viola tion { .
24-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Step 8 s witchport port-securit y [ mac-addre ss mac-address [ vlan { vlan-id | { access | voice }}] (Optional) Ent er a secure MA C address for the interface .
24-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity T o return the interfac e to the def a ult co ndition as not a secure port, use the no swit chport port-security interf ace config uration com mand.
24-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Configuring Port Security Switch(config-if)# switchport port-security mac-address 0000.0000.0003 Switch(config-if)# switchport port-security mac-address sticky 0000.
24-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 4 Configuring Port-B ased Traff ic Control Confi guring Port Secu rity T o disab le port secu rity agin g for all secur e addresse s on a port, use the no switchport port-security aging tim e interfac e conf iguratio n com mand.
24-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 24 Configuring Port-Based Traffic Control Displaying Port-Base d Traffic Cont rol Settings Secur e addr esses that ar e le.
CH A P T E R 25-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 25 Configuring CDP Note This chap ter de scribes ho w to con fi gure C isco Disco very P roto col (C DP) on the IE 30 10 swit ch.
25-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 25 Conf iguring CDP Conf iguri ng CD P • The wir ed switch and the endpoi nts both se nd and rece iv e location i nform ation . For info rmation, go t o: http://www .cisco.
25-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 5 Configuring CDP Configuring CDP Configuring the CD P Characteristics Y o u can co nfigure the fr equency of CDP upd ates , the amo unt of time t o hold the inf ormat ion bef ore discar ding it, an d whether or no t to send V e rsion-2 ad vertisem ents.
25-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 25 Conf iguring CDP Conf iguri ng CD P Beginning in privileged EX EC mod e, follow these steps to di sable t he CDP device.
25-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 5 Configuring CDP Monitoring and Maintaining CDP Beginning i n privileged E XEC mo de, follow these s teps to ena ble C DP on a port w hen it has been disabled : This exam ple sh ows how to enable CDP on a po rt wh en i t has been di sable d.
25-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 25 Conf iguring CDP Monito ring and Mai ntainin g CDP.
CH A P T E R 26-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 26 Configuring LLDP, LL DP-MED, and Wired Location Service This c hapter d escrib es how to configu re the L ink La yer Discovery Prot ocol ( LLDP), L LDP M edia Endpo int Discover y (LLD P-MED) and w ired loc ation se rvice on the IE 3010 IE 30 00 switc h.
26-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Underst anding L LDP, LLDP- MED, and Wired Locat ion Servic e • M anage ment add ress TL V These or ganizati onally specif ic LLDP TL Vs are als o adver tised to support LL DP-MED.
26-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Unde rsta ndin g LLDP , LL DP-M ED, and Wi red Loca tion Serv.
26-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Conf igurin g LLD P , LL DP-MED, and Wire d Locat ion Ser vic .
26-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Configuratio n Guidelines • If the interf ace is conf igured as a tunnel port, LLDP is automatically disab led.
26-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Conf igurin g LLD P , LL DP-MED, and Wire d Locat ion Ser vic e This exam ple sh ows how to globall y enabl e LLD P .
26-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Switch.
26-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Conf igurin g LLD P , LL DP-MED, and Wire d Locat ion Ser vic e Use the no form o f each command t o return to the default settin g .
26-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Configuring LLDP, LLDP-MED, and Wired Location Service Config.
26-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Monito ring and Mai ntainin g LLDP, LLDP-MED , and Wired Lo catio n Service Beginn ing in pri vile ged EXEC mode, follo w these steps to enable wired location service on the switch.
26-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 6 Configuring LL DP, LLDP-M ED, and Wi red Loc ation Serv ice Monitoring and Maintaining LLDP, LLDP-MED, and Wired Locatio.
26-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 26 Configurin g LLDP, LLDP-MED, and Wired Location Ser vice Monito ring and Mai ntainin g LLDP, LLDP-MED , and Wired Lo c.
CH A P T E R 27-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 27 Configuring UDLD This c hapter descri bes how to c onfigure t he Un iDirec tional Link D etect ion (U DLD) protoc ol on t he IE 3010 switch.
27-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 27 Configuring UDLD Underst andin g UDLD In norm al mode, UDLD detect s a unidir ectiona l link whe n fib er stra nds in a fib er- optic port are misconnecte d and the Layer 1 mechanisms do no t detect this mi sconnection.
27-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 7 Configuring UD LD Configur ing UDLD If the dete ction window ends and no valid reply messa ge is received, the link mi ght shut down, dependi ng o n the UDLD mode .
27-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 27 Configuring UDLD Conf igurin g UDLD Default UDLD Configuration Ta b l e 27-1 shows the default U DLD configurati on. Configuratio n Guidelines These ar e the U DLD con figuration gui deli nes: • UDLD is not supp orted on A TM port s.
27-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 2 7 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vileged EXEC mode, follo w these steps to e.
27-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 27 Configuring UDLD Displa ying U DLD Sta tus Resetting an Interface Disabled by UDLD Beginn ing in pri vilege d EXEC mode,.
CH A P T E R 28-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 28 Configuring SPAN and RSPAN This chap ter de scribe s ho w to conf igure Switche d Port Analyze r (SP AN) and Remot e SP AN (RSP AN ) on the IE 3010 switc h.
28-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N These sect ions co ntain this co nceptu al in forma tion: •.
28-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN Figur e 28-2 Example of R SP AN Configur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts an d terminology associat ed with SP AN and RSP AN co nfiguration.
28-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N An RSP AN so urce sessi on is v ery similar to a local SP AN session, excep t for where th e pack et stream is directe d .
28-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN • T r ans mit (T x) SP AN —Th e goal of tran smit (or egress.
28-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N A sourc e port has th ese ch arac te ristic s: • It can be m onitored in multiple SP AN sessions. • Each s ource port can be configu red wit h a direc tion (i ngress, egress, o r both) to monit or .
28-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Understandi ng SPAN and R SPAN Destination Port Each local SP AN session or RSP AN destination .
28-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Understan ding SPAN and RSPA N RSPAN V LAN The RSP AN VLAN carrie s SP AN traf f ic betwe en RSP AN source and destin ation sessio ns. It has these special ch aracter istics: • All traf fi c in the RSP AN VLAN is al ways flood ed.
28-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN A physical port th at belongs to an Et herChan nel group ca n be configured as a SP A N source port and still be a part of the Ether Ch annel .
28-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN Configuring Local SPAN These sec tions co ntain this co nfigurat.
28-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Creating a Local SPAN Session Beginnin g in priv ileg ed EXEC mo.
28-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete a SP AN session , use the no monitor se ssion session_num ber globa l configura tion comm and.
28-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN This example shows how to remov e any e xisting configuration on.
28-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete a SP AN session , use the no monitor se ssion session_num ber globa l configura tion comm and.
28-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o monitor all VLANs on the trunk port, use the no monitor session sessio n_num ber filt er global configurati on c ommand.
28-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN • Y ou can apply a n output ACL to RSP AN traf f ic to selecti vely f ilter or moni to r specif ic packe ts. Specify these A CLs on the RSP AN VLAN in the RSP AN sour ce switch es.
28-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o remo ve the remote SP AN character istic from a VLAN and con v ert it back to a normal VLAN , use the no remote-span V LAN c onfigura tion comm and.
28-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session session_n umber gl obal configurati on com mand.
28-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN T o delete a SP AN session , use the no monitor se ssion session_num ber globa l configura tion comm and.
28-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Configuring SPAN and RSPAN T o delete an RSP AN session, use the no monitor se ssion session_numb er global con figuration comman d.
28-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSPAN Config uring SPAN a nd RS PAN Specifying VLANs to Filter Beginning in privileged EXEC mo de, f.
28-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 28 Configuring SPAN and RSP AN Display ing SPAN and RSPAN Status Displaying SPAN and RSPAN Status T o displ ay the curre nt SP AN or RS P AN configuration , use the show monitor u ser E XEC c omma nd.
CH A P T E R 29-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 29 Configuring RMON This ch apt er descr ibes how to configure Remote Network M oni toring (RMON ) on the IE 301 0 switch .
29-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 29 Configuring RMON Conf igurin g RMON Figur e 29-1 Remote Mo nitor ing Example The switc h supports these RM ON groups (de.
29-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 29 Configur ing RMON Confi guring R MON • Collecting Group Histo ry Statisti cs on an Interface , page 29-5 (optional) • .
29-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 29 Configuring RMON Conf igurin g RMON T o disable an alarm, use the no rmon alar m number global configura tion com mand on each alarm you configured . Y ou canno t disa ble a t once all the a larms that yo u con figured.
29-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 29 Configur ing RMON Confi guring R MON Collectin g Group Hist ory St atistics on an Interface Y o u must first configure RMON alar ms and events to displa y colle ction i nfor mation.
29-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 29 Configuring RMON Displa ying RMON Sta tus T o disa ble the coll ection of g roup E thernet st atistic s, use the no rmon collection stats inde x interf ace configurati on c ommand.
CH A P T E R 30-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 30 Configuring System Message Logg ing This c hapter d escribes how to configure sy stem messa ge log ging on the IE 301 0 switch.
30-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Y ou can access logg ed system messages b y using the switch co mmand-lin e interface (CLI ) or by savi ng them to a properly configured syslog server .
30-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Ta b l e 30-1 describes the elemen ts of syslog messages.
30-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Disabling M essag e Logging Message logging is enab led by defau lt. It must be enabled to send messages to any destinat io n other than the conso le.
30-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Setting th e Mes sage Disp lay Destination Device If message lo gging is enabled, you can se nd messages to sp ecif ic loc ations in a ddition to the consol e.
30-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging The logging buffered g loba l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer .
30-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng T o disa ble synch ronizati on of unsolic ited.
30-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging This example shows part of a logging displa y.
30-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Note Specif ying a level ca uses me ssages at that lev el and nume rically l ower le vels to appear at the destinatio n.
30-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Limiting Syslog Messages Sent to the History.
30-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Config uring System Mess age Loggi ng Use th e show a rchive log config { all | num.
30-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Configur ing System Message L ogging Logging Messages to a UNIX Syslog Daemo n Before yo u can send system log messages to a UNIX syslog server , you must con figure the syslog daemon on a UNIX ser ver .
30-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 0 Configuring Syste m Message L ogging Displaying the Logging Configuration T o remo ve a s yslog se rver , use th e no logging host global con figuratio n command , and spec ify the syslog server IP address.
30-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 3 0 Config uring Syst em Message Logging Display ing the Log ging Confi guration.
CH A P T E R 31-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 31 Configuring SNMP This chapter descri bes how to configure the Simple Network Ma nagement Protocol (SN MP) on the IE 3010 switch.
31-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Underst anding SNM P • Using SNMP to Access MIB V ariables, page 31-4 • SNMP Notif ications, pag e.
31-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Underst andin g SNMP Ta b l e 31-1 identif ies the char acteristics of th e dif ferent comb inations of security models and le vels. Y o u must configur e the SNMP age nt to use the SNMP version support ed by the manage ment stat ion.
31-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Underst anding SNM P SNMP Agen t Fun ctions The SNMP a g ent responds to SNMP manager requests as follows: • Get a MIB v ariable—The SNMP agent be gins this function in response to a request from the NMS.
31-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Underst andin g SNMP SNMP Notifications SNMP allo ws the swit ch to sen d notif ications to SN MP managers w h en par ticular e vents occur . SNMP notifications ca n be sent as tr aps or inform request s.
31-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Configuring SNMP • Default SNMP Con figuration, page 31-6 • SNMP Conf iguratio.
31-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP When configur ing SNMP , follow these guide line s: • When configuring an SNMP group , do not specif y a notify view .
31-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Configuring Community Strings Y o u use the SNM P com munity st ring t o define t he rela tionship betwee n the SNMP manage r and the agent.
31-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP Note T o disabl e acces s for an SNMP commun ity , set th e comm unity string fo r that communi ty to the n ull string (do not enter a value for th e communi ty string ).
31-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Step 3 s nmp- server grou p gr o upnam e { v1 | v2c | v3 { auth | noauth | priv }} [ rea d re a d v i e w ] [ write writevi ew ] [ notify notifyview ] [ access access -list ] Configure a ne w SNMP gro up on the remote device.
31-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP Configuring SNMP Notifications A trap manag er is a manageme nt station that re ceiv es and pr ocesses tr aps. T raps are s ystem alerts that the switc h gener ates whe n cert ain events occu r .
31-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Note Many comm ands use the word tra ps in the command synta x. Unless there is an option in the comma nd to select eith er traps or informs, th e key word traps refers to traps, informs, or both.
31-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP Note Th ough visi ble in the c ommand- line hel p strings, the fru-ctrl, inse rtion , and remo val ke ywords are no t supported.
31-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Step 5 snmp-server host host-addr [ inf orms | traps ] [ v ersion { 1 | 2c | 3 { auth | noauth | priv }}] community-string [ notif ication-type ] Specif y the recipient of an SNMP trap operatio n.
31-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP The snmp-ser ver hos t comman d specif ies which ho sts rec eive the notif ications. T he snmp-server enab le trap command global ly enables the mech anism for the speci fied notif ication (f or traps and informs ).
31-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Conf iguri ng SN MP Setting th e Agent C ontact and Location In formation Beginn ing in pri vileged E.
31-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 1 Configuring SNMP Configuring SNMP SNMP Examp les This example shows ho w to ena ble all versions of SN MP . The configurati on permi ts any SNMP manager to access all objects with read-only permissions usin g the community string public .
31-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 31 Co nfiguring SNMP Displaying SNMP Status Displaying SNMP Status T o display SNMP inpu t and output stat istics, including the number o f ille gal community string entrie s, errors, and request ed variable s, use t he show snmp privileged EXEC c omma nd.
CH A P T E R 32-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 32 Configuring Network Security with ACLs This chapter de scribe s how to configure ne twork securi ty on the IE 3010 switch by using acce ss control lists (A CLs), also re ferred to as access lists.
32-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Underst andin g ACLs An ACL contains an or dered list of access contro l entri es (ACEs). Each A C E spe cifies permi t or deny and a set o f condition s the packet must satisfy in ord er to mat ch the A CE.
32-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Unde rsta ndi ng AC Ls Figur e 32-1 Using A CLs to Control T raf fic t o a Netw or k When you apply a port A CL to a trunk port, the A C L f ilters traf fic on all VLA Ns present on the trunk port.
32-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Consid er acc ess list 10 2 , co nfi gured with these command s, applied t o three fr agmented pack ets: Switch(config)# access-list 102 permit tcp any host 10.
32-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs These are the steps to use IP A CLs on the switch: Step 1 Create a n A CL b y spec ifying an acc ess list nu m ber or nam e and the acc ess condition s.
32-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Access List Numbers The numbe r you use to denote your ACL sho ws th e type of access list that you ar e creating.
32-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs The f irst pack et that trigge rs the A CL causes a logg ing me ssage r ight a way , and subsequent p acket s are collec ted over 5-minut e intervals befo re they app ear or logge d.
32-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Switch# show access-lists Standard IP access list 2 10 deny 171.
32-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Beginn ing in pri vileged EXEC mode, fo llo w these steps to create an extended A CL: Command Purpos e Step 1 confi gure terminal Enter glob al co nfiguration mo de.
32-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs or access-list access- list-num ber { deny | permit } pr.
32-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Use the no access- list acc ess-list-number gl obal conf iguration comm and to delete the entire access list.
32-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs After an A CL is created, an y additions (poss ibly en tered from the termin al) are pl aced at the end of the list.
32-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs T o remo ve a name d stand ard A CL, use th e no ip access-list standard name gl obal configu ration comm and.
32-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs After y ou creat e an AC L, an y addit ions are plac ed at the en d of the list. Y ou cannot select i vely add A CL entrie s to a specif ic A C L.
32-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Beginn ing in pri vile ged EXEC mode, follo w these steps to conf igure a time-range parameter for an A CL: Repeat the steps if you ha ve multiple items tha t you want in ef fect at dif f erent times.
32-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs This exampl e uses name d A CL s to perm it and deny the sa me traff ic.
32-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Applying an IPv4 ACL to a Termin al Line Y o u can use numbered A CLs to cont rol access t o one or mor e termina l lines.
32-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Note By default, t he route r sen ds Inte rnet C ontrol M essage Protocol (ICMP) unrea chable m essages when a packet is denied by an ac cess group.
32-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Hardware and Softw are Treatment of IP ACLs A CL processing is p rimarily acco mplished in ha rdware, b ut requires forw arding of so me traf fic flo ws to the CPU for so ftware processi ng.
32-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs For examp le, if you apply this A C L to an inte rfac e:.
32-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs Figur e 32-2 Using Route r AC Ls to Control T raf fic Thi.
32-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs Numbered ACLs In this e xample, net work 36.0.0.0 is a Class A netw ork whose second octet spec ifie s a subnet; that is, its subnet ma sk is 255.
32-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Configuring IPv4 ACLs The marketing _group A CL a llo ws an y TCP T elnet traf fic to the d estination ad dress and wi ldcard 171.
32-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Conf iguring I Pv4 ACLs In this example of a na med A CL , the Jo nes su bnet is.
32-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls This i s a an exam ple of a lo g for an ext ended A C L: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.
32-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Creating Nam ed MAC Ext ended ACL s Use the no mac access-list extended name glob al conf iguration com mand to dele te the entir e AC L.
32-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 2 Configuring Netw ork Securit y with ACLs Creat ing N ame d MA C Ex tend ed AC Ls • A Laye r 2 interf ace can ha ve only on e MA C access list .
32-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 32 Configuring Network Security with ACLs Display ing IPv4 AC L Configu ration Displaying IPv4 ACL Configuration Y o u ca n displ ay th e ACLs that are configured on t he swi tch, and you can displa y the ACLs that have been applied to interfa ces and VLANs.
CH A P T E R 33-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 33 Configuring QoS This chapte r describes ho w to conf igure quality of service (QoS) b y us ing automat ic Qo S (auto-QoS) comman ds or by using standa rd QoS comma nds on the IE 3010 switch.
33-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS The cl assificati on is carr ied in t he IP packet heade r , using 6 bi ts from the depr ecat ed IP typ e of ser vice (T oS ) field to ca rry th e clas sificat ion ( class ) inf ormation.
33-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS All swi tches and ro uters that a ccess the Inte rnet rely on the cla ss informatio.
33-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS pack ets to dif ferent thr eshol ds ba sed on the Qo S label. If the thr eshold is e xceed ed, th e pa cket i s dropped. For more infor mation, see t he “Q ueuei ng and Sc hedu ling Overv iew” section on page 33-13 .
33-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS • Perfor m the classif ication base d on a config ured L ayer 2 MA C access co ntrol list (A CL), which c an examine the MA C source addr ess, the MAC destinati on address, and other fields.
33-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33-3 Classification Flo wcha rt 86834 Generate the DSCP based on IP precedence in pack et. Use the IP-precedence-to-DSCP map .
33-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Classification Based on QoS ACLs Y o u can u se IP standard , IP ext ended, or Laye r 2 MAC A C Ls to de fine a gr oup of pa ckets wit h the same char act eris tics ( class ).
33-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS The po licy map can cont ain the police and polic e aggregate policy- map cla ss.
33-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Policing on Physical Ports In policy m aps o n physic al por ts, y ou can create these types of pol icers: • Indi vidual—QoS applies th e bandwid th limits spe cif ied in the polic er separately to eac h matched traffic class.
33-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33-4 Po licing and Mar king Flo wc hart o n Ph ysical P orts Policing o.
33-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS When co nf iguring polic ing on an SVI, y ou can cr eate and conf igure a hie r ar.
33-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Mapping T ables During Qo S processing, the switc h represe nts the pri ority o.
33-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Queuein g and S chedulin g Overview The swi tch has queue s at specif ic points to help pr ev ent congestio n as sho wn in Figure 33 -6 .
33-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS Figur e 33-7 WTD and Queue Oper ation For more infor mation, see th e “Mappi .
33-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS The switch supports tw o conf igurable ingress queu es, which are service d by SRR in shared mode only . Ta b l e 33-1 descri bes the que ues.
33-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Underst andin g QoS SRR services the priority queue for its conf igured weight as specifi ed by the bandwidth ke yword in t he mls qos srr -queue input priority-queue qu eue- id bandwidth weight global configuratio n comma nd.
33-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Unde rsta ndi ng QoS Buffer and Memory Allocation Y ou guarantee the a v ailability of buf fers, set dr.
33-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS Y ou can combine t he commands d escribed in this secti o n to p rioritize.
33-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Y ou use auto-Q oS co mmand s to id entif y ports conne cted to Cisc o IP Pho nes and to devices run ning the Cisco Sof tPhone applicatio n.
33-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS Ta b l e 33-4 shows the genera ted aut o-QoS c onfiguration for t he egress q ueues.
33-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS When yo u enable auto-QoS by using the auto qos voip cisc o-phone , the auto qos v.
33-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS The switch au tomatical ly maps DSCP va lues to an e gress queue and to a thre shol d ID.
33-23 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS If you ent ered t he auto qos voip tr ust command , the switch automatical ly sets.
33-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS Effects of Auto-QoS on the Configuration When auto- QoS is enabled, the au to qos v oip interface configura tion co mmand and the ge nerated configurati on are adde d to the ru nning configu ration.
33-25 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS • T o take a dvantage of th e auto- QoS default s, you sho uld ena ble auto- QoS befor e you configure other QoS com mands.
33-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Conf iguri ng A uto -QoS T o display the QoS co mmands that are automatically ge nerated when auto -QoS is e nabled or disabled, enter the deb u g auto qos pr ivileged EXEC comm and befor e enabl ing auto -QoS.
33-27 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Configuring Auto-QoS Auto-QoS Configuration Example This se ction describe s how you co uld im pleme nt auto- QoS in a net work, as shown in Fi gu re 33-11 .
33-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Displa ying A uto-QoS I nform ation Beginn ing in pri vile ged EXEC mode, follo w these steps to co.
33-29 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS • show mls qos maps [ cos-dscp | cos-input-q | cos-output-q | dscp-cos | d.
33-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Default Ingress Queue Configu ration Ta b l e 33-6 shows the def ault ingress queue config uration when QoS is enabled. Ta b l e 33-7 shows the def ault CoS input queue threshold map when QoS is enable d.
33-31 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Ta b l e 33-10 shows the default CoS outpu t queue thre shold map when QoS is en abled. Ta b l e 33-11 shows the default DSCP outp ut queue threshold ma p when QoS is ena bled.
33-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Standard QoS Co nfig uration Guidelines Before beginni ng the QoS config.
33-33 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS – After the hiera rchical policy map i s attached to an SVI, t he interf ace-le vel polic y map c annot be modified or removed from the hi erar chical policy map.
33-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Enabling Qo S Globally By default, QoS is disa bled on the sw itch. Beginn ing in pri vileged EXEC mode, follo w th ese steps to enab le QoS.
33-35 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring Classification Using Port Trust States These sec tions descr ibe how to classify inco ming traffic b y usi ng port tr ust states.
33-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in p ri vilege d EXEC m o de, follo w these steps to conf ig .
33-37 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Configuring the CoS Val ue for an Interface QoS assigns the CoS v alue specifi ed with the mls qos cos interfac e conf iguration command to unta g ged frames re ceived on trusted and unt rusted port s.
33-38 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS the tel e phone is c o nnected to trust th e CoS la bels of a ll traf fic recei ved on th at port.
33-39 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Enabling DSCP Transparency Mode The swi tch suppor ts the DSCP tr anspare n cy feature. It affect s only the DSC P fi eld of a pa cket at e gress.
33-40 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Figur e 33-13 DSCP -T r usted Stat e on a P ort Bor der ing Another QoS .
33-41 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS T o return a port to its non-trusted state, use the no mls qos trust interfa ce config uration command.
33-42 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Classifying Traffic by Using ACLs Y o u can cl assify IP tra ff i c by using IP sta ndard or IP extend ed ACLs; you can cla ssify non-I P traffic by usin g Layer 2 MA C A CLs.
33-43 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pri vileged EXEC mode, follo w th ese steps to create an IP extended A CL for IP traff ic: T o delete an acc ess list, use the no access-list access-list- number globa l configurat ion comma nd.
33-44 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mod e, follow these st eps to c reate a L a.
33-45 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying Traffic by Using Class Ma ps Y o u use the class-map global conf iguration co mmand to name and to i solate a spe cific tra ff ic flo w (or class) f rom all o ther traf fic.
33-46 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-map-n ame global configuration comm and.
33-47 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Classifying, Policing, and Marking Traff ic on Physical Ports by Using Policy Maps Y o u can co nfigure a nonhi erarc hical pol icy map on a physica l port that specifies which traff ic class to act on.
33-48 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EX EC mode, fol low these steps t o create a no nhiera rchic al policy map: Command Purpose Step 1 configur e terminal E nter g lobal configuration mode .
33-49 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 5 trust [ cos | dscp | ip-prece dence ] Configure the trust state , which QoS uses to ge nerate a CoS- based or DSCP-based QoS lab el.
33-50 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-map-n ame global configuration comm and. T o delete an existing cla ss map, use th e no class cla ss-map-name poli cy-map configurati on comm and.
33-51 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-ext-mac)# exit Switch(config)# class-map macclass1 Switch(conf.
33-52 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS • The hi erarchic al policy map is attached to th e SVI and a ff ects al l traff ic belong ing to the VL AN. The action s specif ied in the VLAN-l evel p olicy map af fect the traf fic belon ging to the SVI.
33-53 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 5 exit Re turn to glob al co nfiguration mo de. Step 6 c lass-map [ match-all | mat ch-any ] class-m ap-name Creat e an interfac e-level class map, and e nter cla ss-map co nfigurati on mode.
33-54 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Step 12 police rate-bps burst-byte [ exce ed-action { drop | policed-dscp- transmit }] Def ine an indiv idual policer for the classif ied traf fic.
33-55 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Step 17 tr ust [ co s | dscp | ip-pr ecedence ] Conf igure the trust state, whi ch QoS uses to genera te a CoS-base d or DSCP-based QoS lab el.
33-56 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o delete an existin g polic y map, use the no policy-map poli cy-map-n ame global configuration comm and. T o delete an existing cla ss map, use th e no cl ass class-map-na me policy-map configur ation comm and.
33-57 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap)# class-map cm-2 Switch(config-pmap-c)# match ip dscp 2 S.
33-58 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o r emove the specified aggr egate pol icer from a pol icy map, use the no police agg regate aggr e gate- polic er-name policy m ap configu ratio n mode.
33-59 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Switch(config-pmap-c)# trust dscp Switch(config-pmap-c)# police aggregate tr.
33-60 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the def ault map, use the no mls qos c os-dscp glo bal configuration com mand.
33-61 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginn ing in pr ivilege d EXEC m ode, follo w these steps to modify the I P- precede nce-to-DSCP ma p. This proc edure is option al.
33-62 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the def ault map, use the no mls qos polic ed-dscp glob al conf iguration command.
33-63 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mo de, foll ow these s teps to modif y the DSCP-to- CoS map. This procedur e is optional. T o return to the def ault map, use the no mls qos dsc p-cos glo bal c onfiguration comma nd.
33-64 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXEC mo de, foll ow these steps to mod ify the DSCP-t o-DS CP-mutati on map . This proc edure is option al.
33-65 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Note In the above DSCP-to- DSCP-m utati on map, t he mutat ed values are shown in the bod y of the matrix.
33-66 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginning in privileged EXE C mode , follow these step s to map D SCP or CoS values to a n ingress que ue and to set WT D thre sholds.
33-67 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS This exampl e shows ho w to map DSCP values 0 to 6 to ingres s queue 1 an d to thresh old 1 with a dro p thresho ld of 50 p ercent.
33-68 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Beginn ing in pri vileged EXEC mode, follo w these steps to allocate bandwid th between the ingr ess queues. This p rocedur e i s optio nal.
33-69 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXEC mod e, follow these steps to configure the pri ority queue.
33-70 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS These sec tions co ntain this co nfiguration in format ion: • Configur.
33-71 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning i n privileged EXEC mode, follow these steps to configure the me mory al loca tion and to drop thresholds for a queue-se t.
33-72 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o return to the de fault setting, use the no mls q os queue-set output qs et-i d bu ff e r s global confi gurati on comm and.
33-73 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Beginning in privileged EXE C mode, follow thes e st eps to map DSCP or CoS values to an egress queu e and to a thr eshold ID .
33-74 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS Y o u can c onfigure the egre ss queu es for sha ped or shared w eights, or both . Use sha ping to smoot h bursty traffic or to provide a smoothe r output ov er time .
33-75 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Confi guring Standa rd QoS Note Th e egress queue de fault sett ings are suita ble fo r most situat ions. Y ou should change them onl y when you have a thorough understa nding of t he egress queue s and if these sett ings do not mee t your QoS solution.
33-76 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Configur ing Standar d QoS T o d isab le the egress expedit e qu eue, us e the no priority-queue out interfac e configurati on comma nd. This exam ple sho ws ho w to ena ble the e gress e xpedite q ueue wh en the SRR weight s are conf igured.
33-77 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 3 Configuring Qo S Displaying Standard QoS Information This exam ple sh ows how to limit the ba ndwid th on a port to 8 0 .
33-78 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapt er 33 Conf igur ing Q oS Display ing Standar d QoS Inform ation.
CH A P T E R 34-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 34 Configuring EtherC hannels and Link-State Tracking This c hapter d escrib es how to configu re Et herChann els on the I E 3010 switch . Ethe rChanne l provide s fault-to lerant hi gh-speed links bet ween sw itches, ro uter s, and ser vers.
34-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding Et herChan nels EtherChann el Overview An EtherCh annel c onsists of individual Fast Ethernet or Giga bit Ether net links bundled int o a single logical lin k as shown in Figure 34 -1 .
34-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els If a link within an Eth erChannel fai ls, traf fic pre viously carried o ver that failed link mo ves to the remaining links wi th in the EtherChannel.
34-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding Et herChan nels After y o u conf igure an Eth erChannel , config uration change s applied to th e port- channel int erfac e apply to all the physica l p orts assigned to the por t-channel inte rface .
34-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els Use the silent mode when the switch is connected to a devi ce that is not P AgP-cap able and seldom, if e ver , send s pack ets.
34-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding Et herChan nels LACP Modes Ta b l e 34-2 shows the user-configurab le Ethe rChan nel L A CP mode s for t he c hannel-group interface configurati on c ommand.
34-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understa nding Et herChann els Cautio n Y o u should use ca re whe n using the on mode. Thi s is a m anua l configurat ion, a nd po rts on bo th ends of the Ether Chann el must have the same configurat ion.
34-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els single-M A C -address device, sourc e-base d forwarding on t he switch EtherCha nnel en sures that t he switch use s all av a ilab le bandw idth to the router .
34-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels Note Make su re tha t the ports are correctl y con fig ured. For more infor mation, see the “E therChannel Conf iguration Guidelin es” sect ion on pa ge 34-9 .
34-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els • When a group is first cr eated, all ports follo w the parameters set for the f irst port to be added to the group.
34-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels Beginning in privileged EX EC mo de, fol low these s teps to a ssign a Laye r 2 Ether net por t to a La yer 2 Ether Channel .
34-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els T o r emove a p ort fr om t he Eth erCha nnel group, use the no channel-group interfac e configurati on comm and.
34-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels Switch(config-if-range)# end This exam ple sho ws ho w to con fi gure an Eth erCha nnel on a s witch.
34-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els Configuring the PAgP Le arn Meth od and Priority Network devices are classi fied as P AgP physical lea rners or agg regate-por t lear ners.
34-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Config uring EtherCh annels T o return the priority to its default setting, u se the no pagp port-priorit y inte r face conf iguration command.
34-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing EtherChann els Determ ining whi ch p orts ar e act i ve a nd whi ch are hot sta ndby is a t wo-step p rocedur e.
34-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Displaying EtherC hannel , PAgP, and LACP Status Note If LA CP is no.
34-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Underst anding L ink-State Tracking Y o u ca n cle ar LACP channe l-group inf ormati on and traffic coun ters by usi ng the clear lacp { channel -gr oup -numb er counter s | counters } pri vile ged EXEC comma nd.
34-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Understanding Link-State Tracking – Switch B provides se condar y links to server 1 and server 2 thr ough link- state gro up 1.
34-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing Link-S tate Tracki ng Figur e 34-4 T ypical Link-St.
34-21 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 4 Configuring EtherCh annels and Link-Stat e Tracking Configuring Link-State Tracking Link-State Tracking C onfiguratio n .
34-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapte r 34 Configu ring EtherChann els and Link-Sta te Track ing Configur ing Link-S tate Tracki ng Displaying L ink-S tate Trac king Sta tus Use the show link state gr oup command to display the li n k-state g roup infor mation.
CH A P T E R 35-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 35 Configuring Cisco IOS IP SLAs Operations This ch apter descr ibes how to us e Cisco I OS IP Serv ice Level Agreem ents (SLAs) on the IE 3010 sw itch.
35-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As options such as sour ce and de stinatio n .
35-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Understa nding Ci sco IOS IP SLAs Using Cisco IOS IP SLAs to Measure Netw ork .
35-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Unde rst and ing C isco IOS IP SL As IP SLAs Res ponder an d IP SLAs Co ntrol P.
35-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Understa nding Ci sco IOS IP SLAs Figur e 35-2 Cisco IOS IP SLAs Res ponder Ti.
35-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions • One-way mean op inion sco re (MOS) • One-w ay latenc y An IP SLAs thresh old viola tion can also t rigger anothe r IP SLAs opera tion for further ana lysis.
35-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Note that no t all of the IP SLAs c ommands or ope rations de scribe d in this guide ar e suppor ted on the switch.
35-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions T o disab le the IP SLA s respon der , enter the no ip sla responder global configurat ion co mman d.
35-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Note Before you co nf igure a UDP jitter operat io n on t he source de vice, you must e nable the IP SLAs responde r on the ta rget device (the oper ation al target).
35-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions T o disable the IP SLAs operat io n, enter the no ip sla ope ratio n-number global co nfigurati on comm and.
35-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Confi guring IP S LAs Operati ons Schedule: Operation frequency (seconds): 30.
35-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Configur ing IP SLAs Opera tions T o disa ble the IP SL As opera tion, ent er the no ip sla oper ation- numb er glob al con figuration c ommand.
35-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 35 Configur ing Cisco IOS IP SLA s Operation s Monitoring IP SLAs Operations Next Scheduled Start Time: Pending trigger Grou.
35-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 35 Configuring Cisco IOS IP SLAs Operations Monito ring IP SLAs Operations.
CH A P T E R 36-1 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 36 Troubleshooting This chapter descr ibes ho w to identify and resolv e software probl ems related to the Cisco IOS software on the IE 3010 switc h.
36-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Recovering f rom a Softwa re Failure Recovering fro m a Software Failure Switch software c an be c orru pted du ring an upgr ade, by downlo ading th e wr ong file to the swi tch, and by d eleting the im age f ile.
36-3 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Recoverin g from a Lost or For gotten Password Step 6 Press th e Express Setup b utton and at the same time, reconn ect the po wer cord to the switc h. Y ou can rele ase the Express Setup b u tton a second or t wo after t he L ED above port 1 go es off.
36-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Recovering f rom Lost Clust er Member Conn ectivity Step 2 Con nect your PC or lapt op to the por t wi th th e blinki ng g reen L ED. The SETU P LED and the swit ch downlink port LED st op blinking and stay solid green.
36-5 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubleshooting Power over Ethernet Switch Ports Troubleshooting Power over Ethernet Switch Ports These sec tions descr ibe how to troublesho ot Power ov e r Ethern et (PoE) por ts.
36-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Monitorin g SFP Modu le Status error -disable d stat e. After the elapsed interv al, the switch bring s the interf ace out o f the error -disabled state and retries th e operation.
36-7 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using Layer 2 Tr aceroute Understand ing Layer 2 T raceroute The Lay er 2 tra cerou te feat ure al lows the swit ch to id entif y the physic al pat h that a packet takes fr om a source device to a destin ation device.
36-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Using I P Trac eroute • When multipl e dev ices are at tached to one port t h rough hubs ( for e xample, multip le CDP neighbor s are de tecte d on a por t), t he Lay er 2 tracero ute fe ature is not supp orted.
36-9 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using IP Traceroute T o learn when a datagram rea ches its destination, tr aceroute sets the UDP d estination port number in the datagram to a v ery large v alue that the destination host is unlik ely to be using.
36-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Usin g TDR T o end a trace in progr ess, enter the escap e sequen ce ( Ctrl- ^ X by default ). Simu ltaneousl y press and release th e Ctrl , Shift , and 6 keys and then p ress the X ke y .
36-11 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using Debug C o mmands Using Debug Commands These sec tions explains how you use debug comma nds t o di.
36-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Using the s how platfo rm forward Co mmand Enabling All-Sy stem Diag nostics Beginn ing in pr iv ilege.
36-13 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Using the show platf orm forw ard Comma nd This is an example of the out put from the s how p l at for m fo rw a rd com mand on port 1 in VLA N 5 when the packe t enteri ng tha t port is addr essed to unknown MAC addresses.
36-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Using t he c rashinfo Files ========================================== Egress:Asic 3, switch 1 Output .
36-15 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubl esho oting Tab les Extend ed cra shinf o files are kep t in this direct ory o n the flash file system: flash:/crashinf o_ext/. The filena mes ar e cras hinfo _ext_ n wh ere n is a se quen ce num ber .
36-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Troubles hooting Tables 140 8820183 4942081 1784 0.63% 0.37% 0.30% 0 HRPC qos request 100 3427318 16150534 212 0.47% 0.14% 0.11% 0 HRPC pm-counters 192 3093252 14081112 219 0.
36-17 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubl esho oting Tab les Troublesho oting Pow er over Etherne t (PoE) Figur e 36-1 Po wer Ov er Ether net T roub leshooting Scenar ios Symp tom or problem Po ssib le caus e and so lutio n No PoE on only one po rt.
36-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Troubles hooting Tables No PoE on a ll port s or a group of p orts. T rouble is on all switch por ts. Nonpowered Et hern et devices canno t esta blish an Ethern et l ink on any por t, an d PoE devices do not power on.
36-19 Cisco IE 3010 Switch Software Configuration Guide OL-23145-01 Chapter 3 6 Troubleshooti ng Troubl esho oting Tab les Cisco IP Phone disconn ects or re sets. After working norma lly , a Cisco phone or wireless access point inter mittently reload s or d iscon nects from PoE .
36-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Chapter 36 Trouble shooting Troubles hooting Tables.
A- 1 Cisco IE 3010 Switch S o ftware Conf iguration Gui de OL-23145-01 APPENDIX A Supported MIBs This appendix lists the su pported manageme nt informatio n base (MIBs) for th is release on the IE 3010 switch .
A- 2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendi x A Supported MI Bs MIB List • CISCO- IGM P-FIL T ER-M IB • CISCO-IMAGE-MIB • CISCO IP-ST A T -MIB • CISCO- L2L3 -I.
A-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix A Supported M IBs Using FTP to Access the MIB Files • OLD-CISCO- INTERF A CES-MIB • OLD-CISCO- IP-MIB • OLD-CISCO- S.
A- 4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendi x A Supported MI Bs Using FTP to Acces s the MIB Files.
B-1 Cisco IE 3010 Switch S o ftware Conf iguration Gui de OL-23145-01 APPENDIX B Working with the Cisco IOS File System, Configuration Files, an d Software Images This a ppendix descri bes how to m an.
B-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System -.
B-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System.
B-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System Y.
B-5 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System.
B-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System Some in valid co mbin ation s of source and dest inatio n exist.
B-7 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with the Flash File System.
B-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith the Flash F ile System image-name / image-name .
B-9 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files <output truncated> Working with Configuration Files This sec tion describ es ho w to create, lo ad, and m aintain co nfig uration f iles.
B-10 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files some comm ands in th e existing configurati on might no t be repla ced or negated.
B-11 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files tftp dgram udp wait root /usr/etc/in.
B-12 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Up.
B-13 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files .
B-14 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Th.
B-15 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files .
B-16 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files The RC P requires a client t o send a re mote user name with each RCP requ est to a ser ver .
B-17 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files .
B-18 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Up.
B-19 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files .
B-20 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working w ith Configurati on Files Re.
B-21 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Configuration Files .
B-22 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es Workin.
B-23 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Note.
B-24 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es stacking_number: x info_end: version_suffix: xxxx version_directory:image-name image_system_type_id:0x00000000 image_name:image-nameB.
B-25 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Make sure tha t the /et c/services fi le contains this line: tftp 69/udp Note Y ou must restar t the inetd dae m on after m o difying the /etc/inetd.
B-26 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es The do.
B-27 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Uploading an Image File By Using TFTP Y ou can upload a n image f rom the switc h to a TFTP ser ver .
B-28 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es Preparing to Download or Uploa d an Image File By Using FTP Y o u can co py images files to or from an FTP server .
B-29 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Downloading an Image File By Using FTP Y ou can do wnload a n ew imag e f ile and ov erwrite the current ima ge or k eep the c urrent im age.
B-30 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es The do.
B-31 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Begi.
B-32 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es Note I.
B-33 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images • When yo u upload an image to the RCP to the server , it must be proper ly conf igured to acc ept the RCP write reque st from the use r on the switch.
B-34 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es The do.
B-35 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix B Working with th e Cisco IOS File Sy stem, Conf iguration F iles, and Softw are Images Working with Software Images Begi.
B-36 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix B W orking with the Cisco IOS File System, Configuration Files, an d Software Images Working wi th Software Imag es.
C-1 Cisco IE 3010 Switch S o ftware Conf iguration Gui de OL-23145-01 APPENDIX C Unsupported Co mmands in Cisco IOS Rele ase 12 .2(53)EZ This app e ndix lists som e of the command-line interf ace (CLI.
C-2 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ Access Control Li sts Access Control Lists Unsupporte d Privileged.
C-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(53)E Z Boot Loade r Commands Unsupporte d Interface Configuration Comm.
C-4 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ Interface Co mmands Interface Command s Unsupporte d Privileged E .
C-5 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(53)E Z Miscell aneous show ma c-addr ess-table interf ace show mac-add.
C-6 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ NetF low Co mma nds NetFlow Commands Unsupporte d Global Con figur.
C-7 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Append ix C Unsupported Com mand s in Cisco IOS Release 12 .2(53)E Z SNMP aaa a uthen ticati on fe a tu r e default line aaa nas por.
C-8 Cisco IE 3010 Swit ch Software Configu ration Guide OL-23145-01 Appendix C Un supported C ommands in Cisco IOS Release 12.2(53)EZ VLAN Unsupported Us er EXEC C ommands show running-conf ig vlan sh.
IN-1 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 INDEX A AAA dow n po licy, N AC La yer 2 I P val idatio n 1-8 abbrev iati ng comm ands 2-4 acces s-class comma nd 32-17 acces s con.
Index IN-2 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 MAC exte nded 32-25, 33-44 matc hing 32-5, 32-18 monitori ng 32-28 named, IPv4 32-12 number pe r QoS class map 33-32 QoS 33-.
Inde x IN-3 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 open1x 10-29 RADIUS key 9-28 login 9-30 TACACS+ defined 9-11 key 9-13 login 9-14 See also por t-based au then ticatio n auth.
Index IN-4 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 See DHCP snooping binding da tabase blocking packe ts 24-6 booting boot loa der, f unction of 3-2 boot pr ocess 3-1 manually.
Inde x IN-5 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 Cisco IOS IP SLAs 35-1 Cisco Secur e ACS attribute -value pairs for downlo adable ACLs 10-20 attribute -value pairs for redi.
Index IN-6 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 even t se rvice 4-3 embedde d agent s describe d 4-5 enab ling a utoma ted c onfig uratio n 4-6 enabli ng configur ation ag .
Inde x IN-7 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 configur ing port- based auth enticatio n violat io n modes 10-39 to 10-40 config-vlan mode 2-2 conflicts, c o nfigurati on .
Index IN-8 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 TACACS+ 9-13 UDLD 27-4 VLAN, La yer 2 Ethe rnet interfa ces 14-16 VLANs 14-6 VMPS 14-25 voice VL AN 16-3 VTP 15-7 default gatew ay 3-15 default web-base d authe nticat ion confi gurat ion 802.
Inde x IN-9 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 DHCP sno oping accep ting untru sted pac kets form e dge switch 21-3, 21-13 binding d atabase See DHCP snooping binding da t.
Index IN- 10 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 usin g the devi ce mana ger or Netw ork Assistant B-23 DSCP 1-9, 33-2 DSCP input queue threshold map for QoS 33-15 DSCP ou.
Inde x IN- 11 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 E editing featu res ena bling and disab ling 2-7 keystro kes us ed 2-8 wrapped l ines 2-9 ELIN l ocation 26-3 enab le pass.
Index IN- 12 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 extend ed sys tem I D MSTP 18-17 STP 17-4, 17-14 Extensib le Authen ticat ion Protocol over LAN 10-1 F fa0 inter face 1-5 .
Inde x IN- 13 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 prep aring the server B -13 uploadin g B-14 image fi les deleting old i mage B- 30 dow nloa ding B-2 9 prep aring the serv.
Index IN- 14 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 See RSTP IEEE 8 02.1x See port -based auth entication IEEE 8 02.3a d See E therCha nnel IEEE 802.
Inde x IN- 15 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 interfac es auto-M DIX, c onfiguri ng 12-19 config urati on guideli nes duplex and spe ed 12-17 config uring proc edure 12.
Index IN- 16 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 describe d 35-4 response time 35-4 sc hedu ling 35-5 SNMP support 35-2 supporte d metrics 35-2 threshold monitoring 35-6 UDP jitter operation 35-8 IP source gua rd and 802.
Inde x IN- 17 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 See KDC L LACP See E therCha nnel Layer 2 fra mes, classi fica tion wit h CoS 33-2 Layer 2 interfac es, default co nfigura.
Index IN- 18 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 MAB inactiv ity timer default setting 10-34 range 10-37 MAC/PHY c onfigur ation st atus TLV 26-2 MAC addr esses aging tim .
Inde x IN- 19 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 maximu m number of a llowed de vices, port-base d authenti cation 10-37 MDA config urati on guideli nes 10-12 to 10-13 des.
Index IN- 20 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 MST region 18-15 neighbo r type 18-25 path cost 18-20 port priority 18-19 root switch 18-17 seco ndary r o ot s witch 18-1.
Inde x IN- 21 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 multicas t VLAN 23-17 Multicast VLAN Regi stration See MVR multidomain authentica tion See MDA multiopera tions schedu lin.
Index IN- 22 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 enab ling b roadca st messa ges 6-7 peer 6-6 server 6-6 default confi guration 6-4 displaying t he configur ation 6-11 ove.
Inde x IN- 23 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 power ne gotiatio n exte nsions t o CDP 12-4 standards suppor ted 12-4 static mode 12-6 troublesh ooting 36-5 policed-DSCP.
Index IN- 24 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 guideline s 10-36 initiation and message exchange 10-5 magic p acket 10-26 maximu m number of a llowed de vices per por t .
Inde x IN- 25 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 and pr ivate VLANs 24-17 and QoS tru sted bound ary 33-37 config uring 24-12 default confi guration 24-10 describe d 24-7 .
Index IN- 26 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 basic mo del 33-3 classification class maps, de scribed 33-7 defined 33-3 DSCP trans par ency , de scri bed 33-39 flowch a.
Inde x IN- 27 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 limiting bandwidth on e gress interface 33-76 mappin g table s CoS-to-DSCP 33-59 displaying 33-77 DSCP-to-CoS 33-62 DSCP-t.
Index IN- 28 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 of inter faces 12-11 rapid co nverg ence 18-9 rapid per- VLAN spann ing-tr ee plus See rapid PVST + rapid PVST+ describe d 17-9 IEEE 802.
Inde x IN- 29 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 default confi guration 29-3 displaying status 29-6 enab ling alarms and ev ents 29-3 groups suppor ted 29-2 overvi ew 29-1.
Index IN- 30 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 config uring 8-2 Secure Copy Pr otocol Secure Digital fla sh memory card See SD f lash memory car d secu re HTTP client co.
Inde x IN- 31 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 in- band mana gemen t 1-5 in clusters 5-12 informs and tr ap keyw ord 31-11 describe d 31-5 differ ence s fro m tra ps 31-.
Index IN- 32 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 config uring shaped weights on e gress queue s 33-73 shared weights on egress queues 33-74 shared weights on ingress queu .
Inde x IN- 33 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 BPDU guard describe d 19-2 disabling 19-12 enab lin g 19-11 BPDU mes sage exchange 17-3 config urati on guideli nes 17-12,.
Index IN- 34 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 unexpec ted b ehavio r 17-14 shutdown Po rt Fast-enable d port 19-2 status, displaying 17-22 superior BPDU 17-3 timers, de.
Inde x IN- 35 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 accoun ting, de fined 9-11 authe nticat ion, de fined 9-11 author izatio n, define d 9-11 config uring accoun ting 9-17 au.
Index IN- 36 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 blocking floode d 24-7 frag mented 32-3 unfragm ented 32-3 traffic polic ing 1-10 traffic suppr ession 24-1 transmit hol d.
Inde x IN- 37 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 status, displaying 27- 6 support fo r 1-5 UDP jitter , configu ring 35-9 UDP jitter operation, IP SLA s 35-8 unautho rized port s with IEEE 802.
Index IN- 38 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01 VLAN Quer y Protocol See VQP VLANs adding 14-7 adding to VL AN datab ase 14-7 aging dyn amic ad dresse s 17-9 allowe d on .
Inde x IN- 39 Cisco IE 3010 Switch S oftware Configur ation Guide OL-23145-01 VTP adding a cl ient to a d omain 15-15 advertisements 14-16, 15-3 and exte nded -rang e VLAN s 14-2, 15-1 and nor mal-ran.
Index IN- 40 Cisco IE 3010 Switch S oftwa re Configura tion Guide OL-23145-01.
Een belangrijk punt na aankoop van elk apparaat Cisco Systems IE3010 (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Cisco Systems IE3010 heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Cisco Systems IE3010 vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Cisco Systems IE3010 leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Cisco Systems IE3010 krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Cisco Systems IE3010 bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Cisco Systems IE3010 kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Cisco Systems IE3010 . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.