Cisco ME 3400E Series Ethernet Access Switches Configuration Guide

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Cisco ME 3400E Ethernet Access Switch

Software Configuration Guide

Cisco IOS Release 12.2(58)SE

April 2011

Text Part Number: OL-16485-05

CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of

Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo,

Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step,

Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study,

LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way

to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship

between Cisco and any other company. (0711R)

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

iii

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CONTENTS

Preface xliii

Audience xliii

Purpose xliii

Conventions xliv

Related Publications xliv

Obtaining Documentation and Submitting a Service Request xlv

CHAPTER

1Overview 1-1

Features 1-1

Performance Features 1-2

Management Options 1-3

Manageability Features 1-3

Availability Features 1-5

VLAN Features 1-6

Security Features 1-7

Subscriber Security 1-7

Switch Security 1-7

Network Security 1-8

Quality of Service and Class of Service Features 1-9

Layer 2 Virtual Private Network Services 1-10

Layer 3 Features 1-10

Layer 3 VPN Services 1-11

Monitoring Features 1-11

Default Settings After Initial Switch Configuration 1-12

Network Configuration Examples 1-15

Multidwelling or Ethernet-to-the-Subscriber Network 1-16

Layer 2 VPN Application 1-17

Multi-VRF CE Application 1-18

Where to Go Next 1-19

CHAPTER

2Using the Command-Line Interface 2-1

Understanding Command Modes 2-1

Understanding the Help System 2-3

Understanding Abbreviated Commands 2-3

Contents

iv

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

Understanding no and default Forms of Commands 2-4

Understanding CLI Error Messages 2-4

Using Command History 2-4

Changing the Command History Buffer Size 2-5

Recalling Commands 2-5

Disabling the Command History Feature 2-5

Using Editing Features 2-6

Enabling and Disabling Editing Features 2-6

Editing Commands through Keystrokes 2-6

Editing Command Lines that Wrap 2-8

Searching and Filtering Output of show and more Commands 2-8

Accessing the CLI 2-9

Accessing the CLI through a Console Connection or through Telnet 2-9

CHAPTER

3Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1

Assigning Switch Information 3-2

Default Switch Information 3-3

Understanding DHCP-Based Autoconfiguration 3-3

DHCP Client Request Process 3-3

Understanding DHCP-based Autoconfiguration and Image Update 3-5

DHCP Autoconfiguration 3-5

DHCP Auto-Image Update 3-5

Limitations and Restrictions 3-5

Configuring DHCP-Based Autoconfiguration 3-6

DHCP Server Configuration Guidelines 3-6

Configuring the TFTP Server 3-7

Configuring the DNS 3-7

Configuring the Relay Device 3-8

Obtaining Configuration Files 3-8

Example Configuration 3-9

Configuring the DHCP Auto Configuration and Image Update Features 3-11

Configuring DHCP Autoconfiguration (Only Configuration File) 3-11

Configuring DHCP Auto-Image Update (Configuration File and Image) 3-12

Configuring the Client 3-13

Manually Assigning IP Information 3-14

Checking and Saving the Running Configuration 3-15

Configuring the NVRAM Buffer Size 3-17

Modifying the Startup Configuration 3-18

Contents

v

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

Default Boot Configuration 3-19

Automatically Downloading a Configuration File 3-19

Specifying the Filename to Read and Write the System Configuration 3-19

Booting Manually 3-20

Booting a Specific Software Image 3-20

Controlling Environment Variables 3-21

Scheduling a Reload of the Software Image 3-23

Configuring a Scheduled Reload 3-23

Displaying Scheduled Reload Information 3-24

CHAPTER

4Configuring Cisco IOS Configuration Engine 4-1

Understanding Cisco Configuration Engine Software 4-1

Configuration Service 4-2

Event Service 4-3

NameSpace Mapper 4-3

What You Should Know About the CNS IDs and Device Hostnames 4-3

ConfigID 4-3

DeviceID 4-4

Hostname and DeviceID 4-4

Using Hostname, DeviceID, and ConfigID 4-4

Understanding Cisco IOS Agents 4-5

Initial Configuration 4-5

Incremental (Partial) Configuration 4-6

Synchronized Configuration 4-6

Configuring Cisco IOS Agents 4-6

Enabling Automated CNS Configuration 4-6

Enabling the CNS Event Agent 4-7

Enabling the Cisco IOS CNS Agent 4-9

Enabling an Initial Configuration 4-9

Enabling a Partial Configuration 4-13

Upgrading Devices with Cisco IOS Image Agent 4-14

Prerequisites for the CNS Image Agent 4-14

Restrictions for the CNS Image Agent 4-14

Displaying CNS Configuration 4-15

CHAPTER

5Administering the Switch 5-1

Managing the System Time and Date 5-1

Understanding the System Clock 5-2

Understanding Network Time Protocol 5-2

Contents

vi

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

NTP Version 4 5-3

Configuring NTP 5-4

Default NTP Configuration 5-4

Configuring NTP Authentication 5-5

Configuring NTP Associations 5-6

Configuring NTP Broadcast Service 5-7

Configuring NTP Access Restrictions 5-8

Configuring the Source IP Address for NTP Packets 5-10

Displaying the NTP Configuration 5-11

Configuring Time and Date Manually 5-11

Setting the System Clock 5-11

Displaying the Time and Date Configuration 5-12

Configuring the Time Zone 5-12

Configuring Summer Time (Daylight Saving Time) 5-13

Configuring a System Name and Prompt 5-14

Default System Name and Prompt Configuration 5-15

Configuring a System Name 5-15

Understanding DNS 5-15

Default DNS Configuration 5-16

Setting Up DNS 5-16

Displaying the DNS Configuration 5-17

Creating a Banner 5-17

Default Banner Configuration 5-17

Configuring a Message-of-the-Day Login Banner 5-18

Configuring a Login Banner 5-19

Managing the MAC Address Table 5-19

Building the Address Table 5-20

MAC Addresses and VLANs 5-20

Default MAC Address Table Configuration 5-21

Changing the Address Aging Time 5-21

Removing Dynamic Address Entries 5-22

Configuring MAC Address Change Notification Traps 5-22

Configuring MAC Address Move Notification Traps 5-24

Configuring MAC Threshold Notification Traps 5-26

Adding and Removing Static Address Entries 5-27

Configuring Unicast MAC Address Filtering 5-28

Disabling MAC Address Learning on a VLAN 5-29

Displaying Address Table Entries 5-31

Managing the ARP Table 5-31

Contents

vii

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

6Configuring the Switch Alarms 6-1

Configuring External Alarms 6-1

Configuring Power Supply Alarms 6-3

Power-Supply-Missing Alarms 6-4

DC-Power-Supply Feed Alarms 6-4

CHAPTER

7Configuring SDM Templates 7-1

Understanding the SDM Templates 7-1

Dual IPv4 and IPv6 SDM Templates 7-2

Configuring the Switch SDM Template 7-3

Default SDM Template 7-3

SDM Template Configuration Guidelines 7-4

Setting the SDM Template 7-4

Displaying the SDM Templates 7-5

CHAPTER

8Configuring Switch-Based Authentication 8-1

Preventing Unauthorized Access to Your Switch 8-1

Protecting Access to Privileged EXEC Commands 8-2

Default Password and Privilege Level Configuration 8-2

Setting or Changing a Static Enable Password 8-3

Protecting Enable and Enable Secret Passwords with Encryption 8-3

Disabling Password Recovery 8-5

Setting a Telnet Password for a Terminal Line 8-6

Configuring Username and Password Pairs 8-6

Configuring Multiple Privilege Levels 8-7

Setting the Privilege Level for a Command 8-8

Changing the Default Privilege Level for Lines 8-9

Logging into and Exiting a Privilege Level 8-9

Controlling Switch Access with TACACS+ 8-10

Understanding TACACS+ 8-10

TACACS+ Operation 8-12

Configuring TACACS+ 8-12

Default TACACS+ Configuration 8-13

Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13

Configuring TACACS+ Login Authentication 8-14

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16

Starting TACACS+ Accounting 8-17

Establishing a Session with a Router if the AAA Server is Unreachable 8-17

Contents

viii

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

Displaying the TACACS+ Configuration 8-17

Controlling Switch Access with RADIUS 8-18

Understanding RADIUS 8-18

RADIUS Operation 8-19

Configuring RADIUS 8-21

Default RADIUS Configuration 8-21

Identifying the RADIUS Server Host 8-21

Configuring RADIUS Login Authentication 8-24

Defining AAA Server Groups 8-26

Configuring RADIUS Authorization for User Privileged Access and Network Services 8-28

Starting RADIUS Accounting 8-29

Establishing a Session with a Router if the AAA Server is Unreachable 8-29

Configuring Settings for All RADIUS Servers 8-30

Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-30

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-31

Configuring RADIUS Server Load Balancing 8-32

Displaying the RADIUS Configuration 8-32

Controlling Switch Access with Kerberos 8-33

Understanding Kerberos 8-33

Kerberos Operation 8-35

Authenticating to a Boundary Switch 8-35

Obtaining a TGT from a KDC 8-36

Authenticating to Network Services 8-36

Configuring Kerberos 8-36

Configuring the Switch for Local Authentication and Authorization 8-37

Configuring the Switch for Secure Shell 8-38

Understanding SSH 8-38

SSH Servers, Integrated Clients, and Supported Versions 8-38

Limitations 8-39

Configuring SSH 8-39

Configuration Guidelines 8-39

Setting Up the Switch to Run SSH 8-40

Configuring the SSH Server 8-41

Displaying the SSH Configuration and Status 8-41

Configuring the Switch for Secure Copy Protocol 8-42

Information About Secure Copy 8-42

Contents

ix

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

9Configuring IEEE 802.1x Port-Based Authentication 9-1

Understanding IEEE 802.1x Port-Based Authentication 9-1

Device Roles 9-2

Authentication Initiation and Message Exchange 9-3

Ports in Authorized and Unauthorized States 9-4

802.1x Accounting 9-5

802.1x Accounting Attribute-Value Pairs 9-5

802.1x Host Mode 9-6

802.1x Readiness Check 9-7

802.1x with Port Security 9-7

802.1x with VLAN Assignment 9-7

802.1x User Distribution 9-8

802.1x User Distribution Configuration Guidelines 9-8

802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT) 9-9

Guidelines 9-10

Common Session ID 9-10

Configuring IEEE 802.1x Authentication 9-11

Default 802.1x Configuration 9-11

802.1x Configuration Guidelines 9-12

Maximum Number of Allowed Devices Per Port 9-13

Configuring 802.1x Authentication 9-13

Configuring the Switch-to-RADIUS-Server Communication 9-14

Configuring 802.1x Readiness Check 9-16

Configuring 802.1x Violation Modes 9-17

Configuring Periodic Re-Authentication 9-17

Manually Re-Authenticating a Client Connected to a Port 9-18

Changing the Quiet Period 9-18

Changing the Switch-to-Client Retransmission Time 9-19

Setting the Switch-to-Client Frame-Retransmission Number 9-20

Setting the Re-Authentication Number 9-20

Configuring the Host Mode 9-21

Resetting the 802.1x Configuration to the Default Values 9-22

Configuring 802.1x Accounting 9-22

Configuring 802.1x User Distribution 9-23

Configuring an Authenticator and a Supplicant Switch with NEAT 9-24

Configuring NEAT with ASP 9-26

Displaying 802.1x Statistics and Status 9-26

Contents

x

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

10 Configuring Interfaces 10-1

Understanding Interface Types 10-1

UNI, NNI, and ENI Port Types 10-2

Port-Based VLANs 10-2

Switch Ports 10-3

Access Ports 10-4

Trunk Ports 10-4

Tunnel Ports 10-4

Routed Ports 10-5

Ethernet Management Port 10-5

Switch Virtual Interfaces 10-5

EtherChannel Port Groups 10-6

Dual-Purpose Ports 10-6

Connecting Interfaces 10-7

Using Interface Configuration Mode 10-8

Procedures for Configuring Interfaces 10-8

Configuring a Range of Interfaces 10-9

Configuring and Using Interface Range Macros 10-10

Using the Ethernet Management Port 10-12

Understanding the Ethernet Management Port 10-12

Supported Features on the Ethernet Management Port 10-14

Configuring the Ethernet Management Port 10-14

TFTP and the Ethernet Management Port 10-14

Configuring Ethernet Interfaces 10-15

Default Ethernet Interface Configuration 10-15

Configuring the Port Type 10-17

Configuring Interface Speed and Duplex Mode 10-18

Speed and Duplex Configuration Guidelines 10-18

Setting the Interface Speed and Duplex Parameters 10-19

Configuring a Dual-Purpose Port 10-21

Configuring IEEE 802.3x Flow Control 10-23

Configuring Auto-MDIX on an Interface 10-24

Adding a Description for an Interface 10-25

Configuring Layer 3 Interfaces 10-25

Configuring the System MTU 10-27

Monitoring and Maintaining the Interfaces 10-30

Monitoring Interface Status 10-30

Clearing and Resetting Interfaces and Counters 10-31

Shutting Down and Restarting the Interface 10-32

Contents

xi

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

11 Configuring Command Macros 11-1

Understanding Command Macros 11-1

Configuring Command Macros 11-1

Default Command Macro Configuration 11-2

Command Macro Configuration Guidelines 11-2

Creating Command Macros 11-3

Applying Command Macros 11-4

Displaying Command Macros 11-5

CHAPTER

12 Configuring VLANs 12-1

Understanding VLANs 12-1

Supported VLANs 12-3

Normal-Range VLANs 12-3

Extended-Range VLANs 12-4

VLAN Port Membership Modes 12-4

UNI-ENI VLANs 12-5

Creating and Modifying VLANs 12-7

Default Ethernet VLAN Configuration 12-7

VLAN Configuration Guidelines 12-8

Creating or Modifying an Ethernet VLAN 12-9

Assigning Static-Access Ports to a VLAN 12-11

Creating an Extended-Range VLAN with an Internal VLAN ID 12-12

Configuring UNI-ENI VLANs 12-12

Configuration Guidelines 12-12

Configuring UNI-ENI VLANs 12-13

Displaying VLANs 12-14

Configuring VLAN Trunks 12-14

Trunking Overview 12-15

IEEE 802.1Q Configuration Considerations 12-15

Default Layer 2 Ethernet Interface VLAN Configuration 12-16

Configuring an Ethernet Interface as a Trunk Port 12-16

Interaction with Other Features 12-16

Configuring a Trunk Port 12-17

Defining the Allowed VLANs on a Trunk 12-18

Configuring the Native VLAN for Untagged Traffic 12-19

Configuring Trunk Ports for Load Sharing 12-19

Load Sharing Using STP Port Priorities 12-20

Load Sharing Using STP Path Cost 12-21

Contents

xii

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

Configuring VMPS 12-23

Understanding VMPS 12-23

Dynamic-Access Port VLAN Membership 12-24

Default VMPS Client Configuration 12-25

VMPS Configuration Guidelines 12-25

Configuring the VMPS Client 12-25

Entering the IP Address of the VMPS 12-26

Configuring Dynamic-Access Ports on VMPS Clients 12-26

Reconfirming VLAN Memberships 12-27

Changing the Reconfirmation Interval 12-27

Changing the Retry Count 12-27

Monitoring the VMPS 12-28

Troubleshooting Dynamic-Access Port VLAN Membership 12-28

VMPS Configuration Example 12-28

CHAPTER

13 Configuring Private VLANs 13-1

Understanding Private VLANs 13-1

Types of Private VLANs and Private-VLAN Ports 13-1

IP Addressing Scheme with Private VLANs 13-4

Private VLANs across Multiple Switches 13-4

Private VLANs and Unicast, Broadcast, and Multicast Traffic 13-5

Private VLANs and SVIs 13-5

Configuring Private VLANs 13-6

Tasks for Configuring Private VLANs 13-6

Default Private-VLAN Configuration 13-6

Private-VLAN Configuration Guidelines 13-6

Secondary and Primary VLAN Configuration 13-7

Private-VLAN Port Configuration 13-8

Limitations with Other Features 13-9

Configuring and Associating VLANs in a Private VLAN 13-10

Configuring a Layer 2 Interface as a Private-VLAN Host Port 13-11

Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port 13-12

Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface 13-13

Monitoring Private VLANs 13-15

Contents

xiii

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

14 Configuring IEEE 802.1Q Tunneling, VLAN Mapping, 802.1ad, and Layer 2 Protocol Tunneling 14-1

Understanding 802.1Q Tunneling 14-1

Configuring 802.1Q Tunneling 14-4

Default 802.1Q Tunneling Configuration 14-4

802.1Q Tunneling Configuration Guidelines 14-4

Native VLANs 14-4

System MTU 14-5

802.1Q Tunneling and Other Features 14-6

Configuring an 802.1Q Tunneling Port 14-6

Understanding VLAN Mapping 14-7

Mapping Customer VLANs to Service-Provider VLANs 14-8

Configuring VLAN Mapping 14-9

Default VLAN Mapping Configuration 14-9

VLAN Mapping Configuration Guidelines 14-9

Configuring VLAN Mapping 14-10

Configuring One-to-One Mapping 14-10

Configuring Traditional QinQ on a Trunk Port 14-11

Configuring Selective QinQ on a Trunk Port 14-12

Configuring IEEE 802.1ad 14-13

802.1ad and Split-Horizon Configuration Guidelines 14-14

Configuring 802.1ad EtherChannels 14-15

802.1ad EtherChannel Guidelines 14-15

\Configuration Example for 802.1ad End-to-End PAgP EtherChannels between CE Devices 14-15

Configuring 802.1ad Split Horizon 14-18

Understanding Layer 2 Protocol Tunneling 14-20

Configuring Layer 2 Protocol Tunneling 14-22

Default Layer 2 Protocol Tunneling Configuration 14-23

Layer 2 Protocol Tunneling Configuration Guidelines 14-23

Configuring Layer 2 Protocol Tunneling 14-25

Configuring Layer 2 Tunneling for EtherChannels 14-26

Configuring the SP Edge Switch 14-26

Configuring the Customer Switch 14-28

Monitoring and Maintaining Tunneling and Mapping Status 14-30

Contents

xiv

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

15 Configuring STP 15-1

Understanding Spanning-Tree Features 15-1

STP Overview 15-2

Spanning-Tree Topology and BPDUs 15-3

Bridge ID, Switch Priority, and Extended System ID 15-4

Spanning-Tree Interface States 15-4

Blocking State 15-6

Listening State 15-6

Learning State 15-7

Forwarding State 15-7

Disabled State 15-7

How a Switch or Port Becomes the Root Switch or Root Port 15-7

Spanning Tree and Redundant Connectivity 15-8

Spanning-Tree Address Management 15-9

Accelerated Aging to Retain Connectivity 15-9

Spanning-Tree Modes and Protocols 15-9

Supported Spanning-Tree Instances 15-10

Spanning-Tree Interoperability and Backward Compatibility 15-10

STP and IEEE 802.1Q Trunks 15-11

Configuring Spanning-Tree Features 15-11

Default Spanning-Tree Configuration 15-11

Spanning-Tree Configuration Guidelines 15-12

Enabling Spanning Tree on an ENI 15-13

Changing the Spanning-Tree Mode. 15-14

Disabling Spanning Tree 15-15

Configuring the Root Switch 15-15

Configuring a Secondary Root Switch 15-17

Configuring Port Priority 15-17

Configuring Path Cost 15-19

Configuring the Switch Priority of a VLAN 15-20

Configuring Spanning-Tree Timers 15-21

Configuring the Hello Time 15-21

Configuring the Forwarding-Delay Time for a VLAN 15-22

Configuring the Maximum-Aging Time for a VLAN 15-22

Displaying the Spanning-Tree Status 15-23

Contents

xv

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

16 Configuring MSTP 16-1

Understanding MSTP 16-2

Multiple Spanning-Tree Regions 16-2

IST, CIST, and CST 16-2

Operations Within an MST Region 16-3

Operations Between MST Regions 16-3

IEEE 802.1s Terminology 16-5

Hop Count 16-5

Boundary Ports 16-6

IEEE 802.1s Implementation 16-6

Port Role Naming Change 16-7

Interoperation Between Legacy and Standard Switches 16-7

Detecting Unidirectional Link Failure 16-8

Interoperability with IEEE 802.1D STP 16-8

Understanding RSTP 16-8

Port Roles and the Active Topology 16-9

Rapid Convergence 16-10

Synchronization of Port Roles 16-11

Bridge Protocol Data Unit Format and Processing 16-12

Processing Superior BPDU Information 16-13

Processing Inferior BPDU Information 16-13

Topology Changes 16-13

Configuring MSTP Features 16-14

Default MSTP Configuration 16-14

MSTP Configuration Guidelines 16-15

Specifying the MST Region Configuration and Enabling MSTP 16-16

Configuring the Root Switch 16-17

Configuring a Secondary Root Switch 16-19

Configuring Port Priority 16-19

Configuring Path Cost 16-21

Configuring the Switch Priority 16-22

Configuring the Hello Time 16-23

Configuring the Forwarding-Delay Time 16-23

Configuring the Maximum-Aging Time 16-24

Configuring the Maximum-Hop Count 16-24

Specifying the Link Type to Ensure Rapid Transitions 16-25

Designating the Neighbor Type 16-25

Restarting the Protocol Migration Process 16-26

Displaying the MST Configuration and Status 16-27

Contents

xvi

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

17 Configuring Optional Spanning-Tree Features 17-1

Understanding Optional Spanning-Tree Features 17-1

Understanding Port Fast 17-2

Understanding BPDU Guard 17-3

Understanding BPDU Filtering 17-3

Understanding EtherChannel Guard 17-3

Understanding Root Guard 17-4

Understanding Loop Guard 17-5

Configuring Optional Spanning-Tree Features 17-5

Default Optional Spanning-Tree Configuration 17-5

Optional Spanning-Tree Configuration Guidelines 17-6

Enabling Port Fast 17-6

Enabling BPDU Guard 17-7

Enabling BPDU Filtering 17-8

Enabling EtherChannel Guard 17-9

Enabling Root Guard 17-10

Enabling Loop Guard 17-10

Displaying the Spanning-Tree Status 17-11

CHAPTER

18 Configuring Resilient Ethernet Protocol 18-1

Understanding REP 18-1

Link Integrity 18-3

Fast Convergence 18-4

VLAN Load Balancing 18-4

Spanning Tree Interaction 18-6

REP Ports 18-6

Configuring REP 18-6

Default REP Configuration 18-7

REP Configuration Guidelines 18-7

Configuring the REP Administrative VLAN 18-8

Configuring REP Interfaces 18-9

Setting Manual Preemption for VLAN Load Balancing 18-13

Configuring SNMP Traps for REP 18-13

Monitoring REP 18-14

Contents

xvii

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

CHAPTER

19 Configuring Flex Links and the MAC Address-Table Move Update Feature 19-1

Understanding Flex Links and the MAC Address-Table Move Update 19-1

Flex Links 19-1

VLAN Flex Link Load Balancing and Support 19-2

Flex Link Multicast Fast Convergence 19-3

Learning the Other Flex Link Port as the mrouter Port 19-3

Generating IGMP Reports 19-3

Leaking IGMP Reports 19-4

MAC Address-Table Move Update 19-6

Configuring Flex Links and MAC Address-Table Move Update 19-7

Default Configuration 19-7

Configuration Guidelines 19-8

Configuring Flex Links 19-8

Configuring VLAN Load Balancing on Flex Links 19-10

Configuring the MAC Address-Table Move Update Feature 19-12

Monitoring Flex Links and the MAC Address-Table Move Update 19-14

CHAPTER

20 Configuring DHCP Features and IP Source Guard 20-1

Understanding DHCP Features 20-1

DHCP Server 20-2

DHCP Relay Agent 20-2

DHCP Snooping 20-2

Option-82 Data Insertion 20-3

Cisco IOS DHCP Server Database 20-6

DHCP Snooping Binding Database 20-6

Configuring DHCP Features 20-7

Default DHCP Configuration 20-8

DHCP Snooping Configuration Guidelines 20-8

Configuring the DHCP Server 20-9

Configuring the DHCP Relay Agent 20-10

Specifying the Packet Forwarding Address 20-10

Enabling DHCP Snooping and Option 82 20-11

Enabling DHCP Snooping on Private VLANs 20-13

Enabling the Cisco IOS DHCP Server Database 20-13

Enabling the DHCP Snooping Binding Database Agent 20-13

Displaying DHCP Snooping Information 20-15

Understanding DHCP Server Port-Based Address Allocation 20-15

Configuring DHCP Server Port-Based Address Allocation 20-15

Contents

xviii

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

Default Port-Based Address Allocation Configuration 20-16

Port-Based Address Allocation Configuration Guidelines 20-16

Enabling DHCP Server Port-Based Address Allocation 20-16

Displaying DHCP Server Port-Based Address Allocation 20-18

Understanding IP Source Guard 20-19

Source IP Address Filtering 20-19

Source IP and MAC Address Filtering 20-20

IP Source Guard for Static Hosts 20-20

Configuring IP Source Guard 20-21

Default IP Source Guard Configuration 20-21

IP Source Guard Configuration Guidelines 20-21

Enabling IP Source Guard 20-22

Configuring IP Source Guard for Static Hosts 20-23

Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port 20-23

Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port 20-26

Displaying IP Source Guard Information 20-28

CHAPTER

21 Configuring Dynamic ARP Inspection 21-1

Understanding Dynamic ARP Inspection 21-1

Interface Trust States and Network Security 21-3

Rate Limiting of ARP Packets 21-4

Relative Priority of ARP ACLs and DHCP Snooping Entries 21-4

Logging of Dropped Packets 21-4

Configuring Dynamic ARP Inspection 21-5

Default Dynamic ARP Inspection Configuration 21-5

Dynamic ARP Inspection Configuration Guidelines 21-6

Configuring Dynamic ARP Inspection in DHCP Environments 21-7

Configuring ARP ACLs for Non-DHCP Environments 21-8

Limiting the Rate of Incoming ARP Packets 21-10

Performing Validation Checks 21-12

Configuring the Log Buffer 21-13

Displaying Dynamic ARP Inspection Information 21-14

CHAPTER

22 Configuring IGMP Snooping and MVR 22-1

Understanding IGMP Snooping 22-1

IGMP Versions 22-2

Joining a Multicast Group 22-3

Leaving a Multicast Group 22-5

Immediate Leave 22-5

Contents

xix

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

IGMP Configurable-Leave Timer 22-5

IGMP Report Suppression 22-5

Configuring IGMP Snooping 22-6

Default IGMP Snooping Configuration 22-6

Enabling or Disabling IGMP Snooping 22-7

Configuring a Multicast Router Port 22-7

Configuring a Host Statically to Join a Group 22-8

Enabling IGMP Immediate Leave 22-9

Configuring the IGMP Leave Timer 22-9

Configuring TCN-Related Commands 22-10

Controlling the Multicast Flooding Time After a TCN Event 22-10

Recovering from Flood Mode 22-11

Disabling Multicast Flooding During a TCN Event 22-11

Configuring the IGMP Snooping Querier 22-12

Disabling IGMP Report Suppression 22-14

Displaying IGMP Snooping Information 22-14

Understanding Multicast VLAN Registration 22-15

Using MVR in a Multicast Television Application 22-16

Configuring MVR 22-18

Default MVR Configuration 22-18

MVR Configuration Guidelines and Limitations 22-18

Configuring MVR Global Parameters 22-19

Configuring MVR on Access Ports 22-21

Configuring MVR on Trunk Ports 22-22

Displaying MVR Information 22-23

Configuring IGMP Filtering and Throttling 22-24

Default IGMP Filtering and Throttling Configuration 22-24

Configuring IGMP Profiles 22-25

Applying IGMP Profiles 22-26

Setting the Maximum Number of IGMP Groups 22-27

Configuring the IGMP Throttling Action 22-27

Displaying IGMP Filtering and Throttling Configuration 22-29

CHAPTER

23 Configuring Port-Based Traffic Control 23-1

Configuring Storm Control 23-1

Understanding Storm Control 23-1

Default Storm Control Configuration 23-3

Configuring Storm Control and Threshold Levels 23-3

Configuring Protected Ports 23-5

Contents

xx

Cisco ME 3400E Ethernet Access Switch Software Configuration Guide

OL-16485-05

Default Protected Port Configuration 23-5

Protected Port Configuration Guidelines 23-6

Configuring a Protected Port 23-6

Configuring Port Blocking 23-6

Default Port Blocking Configuration 23-7

Blocking Flooded Traffic on an Interface 23-7

Configuring Port Security 23-8

Understanding Port Security 23-8

Secure MAC Addresses 23-8

Security Violations 23-9

Default Port Security Configuration 23-10

Port Security Configuration Guidelines 23-10

Enabling and Configuring Port Security 23-11

Enabling and Configuring Port Security Aging 23-15

Port Security and Private VLANs 23-16

Displaying Port-Based Traffic Control Settings 23-17

CHAPTER

24 Configuring CDP 24-1

Understanding CDP 24-1

Configuring CDP 24-2

Default CDP Configuration 24-2

Configuring the CDP Characteristics 24-2

Disabling and Enabling CDP 24-3

Disabling and Enabling CDP on an Interface 24-4

Monitoring and Maintaining CDP 24-5

CHAPTER

25 Configuring LLDP and LLDP-MED 25-1

Understanding LLDP and LLDP-MED 25-1

Understanding LLDP 25-1

Understanding LLDP-MED 25-2

Configuring LLDP and LLDP-MED 25-3

Default LLDP Configuration 25-3

Configuring LLDP Characteristics 25-4

Disabling and Enabling LLDP Globally 25-5

Disabling and Enabling LLDP on an Interface 25-5

Configuring LLDP-MED TLVs 25-6

Monitoring and Maintaining LLDP and LLDP-MED 25-8

Page is loading ...

Cisco ME 3400E Series Ethernet Access Switches, ME 3400E Series Ethernet Access Switches, ME 3400E-24TS-M Switch , ME 3400EG-12CS-M Switch , ME 3400EG-2CS-A Switch Configuration Guide

Related papers

Other documents