Cisco 3845 - Security Bundle Router Software Manual

  • Hello! I am an AI chatbot trained to assist you with the Cisco 3845 - Security Bundle Router Software Manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco ME 3800X and 3600X Switch
Software Configuration Guide
Cisco IOS Release 12.2(52)EY
October 2010
Text Part Number: OL-23400-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1005R)
Cisco ME 3800X and 3600X Switch Software Configuration Guide
© 2010 Cisco Systems, Inc. All rights reserved.
iii
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
CONTENTS
Preface xxxv
Audience xxxv
Purpose xxxv
Conventions xxxv
Related Publications xxxvi
Obtaining Documentation and Submitting a Service Request xxxvii
CHAPTER
1 Overview 1-1
Software Licenses and Features 1-1
Features 1-2
Performance Features 1-2
Management Options 1-3
Manageability Features 1-3
Availability Features 1-5
VLAN Features 1-5
Security Features 1-6
Switch Security 1-6
Network Security 1-6
Quality of Service and Class of Service Features 1-7
Layer 2 Virtual Private Network Services 1-7
Layer 3 Features 1-8
Layer 3 VPN Services 1-8
Monitoring Features 1-9
Feature Support per License 1-9
Where to Go Next 1-11
CHAPTER
2 Using the Command-Line Interface 2-1
Understanding Command Modes 2-1
Understanding the Help System 2-3
Understanding Abbreviated Commands 2-3
Understanding no and default Forms of Commands 2-4
Understanding CLI Error Messages 2-4
Using Command History 2-4
Contents
iv
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Changing the Command History Buffer Size 2-5
Recalling Commands 2-5
Disabling the Command History Feature 2-5
Using Editing Features 2-6
Enabling and Disabling Editing Features 2-6
Editing Commands through Keystrokes 2-6
Editing Command Lines that Wrap 2-8
Searching and Filtering Output of show and more Commands 2-8
Accessing the CLI 2-9
Accessing the CLI through a Console Connection or through Telnet 2-9
CHAPTER
3 Assigning the Switch IP Address and Default Gateway 3-1
Understanding the Boot Process 3-1
Initial Configuration 3-2
Assigning Switch Information 3-3
Default Switch Information 3-3
Understanding DHCP-Based Autoconfiguration 3-4
DHCP Client Request Process 3-4
Understanding DHCP-based Autoconfiguration and Image Update 3-5
DHCP Autoconfiguration 3-5
DHCP Auto-Image Update 3-5
Limitations and Restrictions 3-6
Configuring DHCP-Based Autoconfiguration 3-6
DHCP Server Configuration Guidelines 3-7
Configuring the TFTP Server 3-7
Configuring the DNS 3-8
Configuring the Relay Device 3-8
Obtaining Configuration Files 3-9
Example Configuration 3-10
Configuring the DHCP Auto Configuration and Image Update Features 3-11
Configuring DHCP Autoconfiguration (Only Configuration File) 3-12
Configuring DHCP Auto-Image Update (Configuration File and Image) 3-13
Configuring the Client 3-14
Manually Assigning IP Information 3-15
Checking and Saving the Running Configuration 3-16
Modifying the Startup Configuration 3-17
Default Boot Configuration 3-18
Automatically Downloading a Configuration File 3-18
Specifying the Filename to Read and Write the System Configuration 3-18
Contents
v
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Booting Manually 3-19
Booting a Specific Software Image 3-19
Controlling Environment Variables 3-20
Scheduling a Reload of the Software Image 3-21
Configuring a Scheduled Reload 3-22
Displaying Scheduled Reload Information 3-23
CHAPTER
4 Configuring Cisco IOS Configuration Engine 4-1
Understanding Cisco Configuration Engine Software 4-1
Configuration Service 4-2
Event Service 4-3
NameSpace Mapper 4-3
What You Should Know About the CNS IDs and Device Hostnames 4-3
ConfigID 4-3
DeviceID 4-4
Hostname and DeviceID 4-4
Using Hostname, DeviceID, and ConfigID 4-4
Understanding Cisco IOS Agents 4-5
Initial Configuration 4-5
Incremental (Partial) Configuration 4-6
Synchronized Configuration 4-6
Configuring Cisco IOS Agents 4-6
Enabling Automated CNS Configuration 4-6
Enabling the CNS Event Agent 4-7
Enabling the Cisco IOS CNS Agent 4-8
Enabling an Initial Configuration 4-9
Enabling a Partial Configuration 4-12
Upgrading Devices with Cisco IOS Image Agent 4-13
Prerequisites for the CNS Image Agent 4-13
Restrictions for the CNS Image Agent 4-13
Displaying CNS Configuration 4-14
CHAPTER
5 Administering the Switch 5-1
Managing the System Time and Date 5-1
Understanding the System Clock 5-1
Understanding Network Time Protocol 5-2
Configuring NTP 5-3
Default NTP Configuration 5-4
Configuring NTP Authentication 5-4
Contents
vi
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Configuring NTP Associations 5-5
Configuring NTP Broadcast Service 5-6
Configuring NTP Access Restrictions 5-8
Configuring the Source IP Address for NTP Packets 5-10
Displaying the NTP Configuration 5-11
Configuring Time and Date Manually 5-11
Setting the System Clock 5-11
Displaying the Time and Date Configuration 5-12
Configuring the Time Zone 5-12
Configuring Summer Time (Daylight Saving Time) 5-13
Configuring a System Name and Prompt 5-14
Default System Name and Prompt Configuration 5-15
Configuring a System Name 5-15
Understanding DNS 5-15
Default DNS Configuration 5-16
Setting Up DNS 5-16
Displaying the DNS Configuration 5-17
Creating a Banner 5-17
Default Banner Configuration 5-17
Configuring a Message-of-the-Day Login Banner 5-18
Configuring a Login Banner 5-19
Managing the MAC Address Table 5-19
Building the Address Table 5-20
MAC Addresses and VLANs 5-20
Default MAC Address Table Configuration 5-21
Changing the Address Aging Time 5-21
Removing Dynamic Address Entries 5-21
Configuring MAC Address Change Notification Traps 5-22
Configuring MAC Address Move Notification Traps 5-24
Configuring MAC Threshold Notification Traps 5-25
Adding and Removing Static Address Entries 5-26
Configuring Unicast MAC Address Filtering 5-27
Disabling MAC Address Learning on a VLAN 5-28
Displaying Address Table Entries 5-29
Managing the ARP Table 5-30
CHAPTER
6 Configuring Synchronous Ethernet 6-1
Understanding SyncE 6-1
Reference Clocks 6-1
Contents
vii
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
SyncE Timing Using REP for Loop Prevention and Resiliency 6-2
BITS Interface 6-5
Configuring SyncE 6-5
Default SyncE Configuration 6-6
Configuring the Network Clock Selection 6-6
Configuring the BITS Interface 6-7
Selecting the Network Clock 6-9
Configuring REP for the SyncE Network 6-10
Monitoring SyncE 6-11
CHAPTER
7 Configuring the Switch External Alarms 7-1
Understanding Switch Alarms 7-1
Configuring Switch Alarms 7-2
CHAPTER
8 Configuring Switch-Based Authentication 8-1
Preventing Unauthorized Access to Your Switch 8-1
Protecting Access to Privileged EXEC Commands 8-2
Default Password and Privilege Level Configuration 8-2
Setting or Changing a Static Enable Password 8-3
Protecting Enable and Enable Secret Passwords with Encryption 8-3
Disabling Password Recovery 8-5
Setting a Telnet Password for a Terminal Line 8-6
Configuring Username and Password Pairs 8-6
Configuring Multiple Privilege Levels 8-7
Setting the Privilege Level for a Command 8-8
Changing the Default Privilege Level for Lines 8-9
Logging into and Exiting a Privilege Level 8-9
Controlling Switch Access with TACACS+ 8-10
Understanding TACACS+ 8-10
TACACS+ Operation 8-12
Configuring TACACS+ 8-12
Default TACACS+ Configuration 8-13
Identifying the TACACS+ Server Host and Setting the Authentication Key 8-13
Configuring TACACS+ Login Authentication 8-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 8-16
Starting TACACS+ Accounting 8-16
Displaying the TACACS+ Configuration 8-17
Controlling Switch Access with RADIUS 8-17
Understanding RADIUS 8-17
Contents
viii
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
RADIUS Operation 8-19
Configuring RADIUS 8-19
Default RADIUS Configuration 8-20
Identifying the RADIUS Server Host 8-20
Configuring RADIUS Login Authentication 8-22
Defining AAA Server Groups 8-24
Configuring RADIUS Authorization for User Privileged Access and Network Services 8-26
Starting RADIUS Accounting 8-27
Configuring Settings for All RADIUS Servers 8-28
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 8-28
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 8-29
Configuring RADIUS Server Load Balancing 8-30
Displaying the RADIUS Configuration 8-30
Controlling Switch Access with Kerberos 8-31
Understanding Kerberos 8-31
Kerberos Operation 8-33
Authenticating to a Boundary Switch 8-33
Obtaining a TGT from a KDC 8-34
Authenticating to Network Services 8-34
Configuring Kerberos 8-34
Configuring the Switch for Local Authentication and Authorization 8-35
Configuring the Switch for Secure Shell 8-36
Understanding SSH 8-36
SSH Servers, Integrated Clients, and Supported Versions 8-36
Limitations 8-37
Configuring SSH 8-37
Configuration Guidelines 8-37
Setting Up the Switch to Run SSH 8-37
Configuring the SSH Server 8-38
Displaying the SSH Configuration and Status 8-39
Configuring the Switch for Secure Copy Protocol 8-39
Information About Secure Copy 8-40
CHAPTER
9 Configuring Interfaces 9-1
Understanding Interface Types 9-1
NNI Port Type 9-2
Port-Based VLANs 9-2
Switch Ports 9-2
Access Ports 9-3
Contents
ix
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Trunk Ports 9-3
Routed Ports 9-3
Ethernet Management Port 9-4
Switch Virtual Interfaces 9-4
EtherChannel Port Groups 9-4
Ethernet Flow Points 9-5
Connecting Interfaces 9-5
Using Interface Configuration Mode 9-6
Procedures for Configuring Interfaces 9-6
Configuring a Range of Interfaces 9-7
Configuring and Using Interface Range Macros 9-8
Using the Ethernet Management Port 9-10
Understanding the Ethernet Management Port 9-10
Supported Features on the Ethernet Management Port 9-12
Configuring the Ethernet Management Port 9-12
TFTP and the Ethernet Management Port 9-12
Configuring Ethernet Interfaces 9-13
Default Ethernet Interface Configuration 9-13
Configuring Interface Speed and Duplex Mode 9-14
Speed and Duplex Configuration Guidelines 9-14
Setting the Interface Speed and Duplex Parameters 9-15
Configuring IEEE 802.3x Flow Control 9-17
Configuring Auto-MDIX on an Interface 9-18
Adding a Description for an Interface 9-19
Configuring Layer 3 Interfaces 9-19
Configuring the Interface MTU 9-21
Monitoring and Maintaining the Interfaces 9-21
Monitoring Interface Status 9-21
Clearing and Resetting Interfaces and Counters 9-23
Shutting Down and Restarting the Interface 9-23
CHAPTER
10 Configuring VLANs 10-1
Understanding VLANs 10-1
Supported VLANs 10-3
Normal-Range VLANs 10-3
Extended-Range VLANs 10-4
VLAN Port Membership Modes 10-4
UNI VLANs 10-4
Creating and Modifying VLANs 10-5
Contents
x
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Default Ethernet VLAN Configuration 10-5
VLAN Configuration Guidelines 10-6
Creating or Modifying an Ethernet VLAN 10-7
Assigning Static-Access Ports to a VLAN 10-8
Displaying VLANs 10-9
Configuring VLAN Trunks 10-9
Trunking Overview 10-9
IEEE 802.1Q Configuration Considerations 10-10
Default Layer 2 Ethernet Interface VLAN Configuration 10-10
Configuring an Ethernet Interface as a Trunk Port 10-11
Interaction with EtherChannels 10-11
Configuring a Trunk Port 10-11
Defining the Allowed VLANs on a Trunk 10-12
Configuring the Native VLAN for Untagged Traffic 10-13
Configuring Trunk Ports for Load Sharing 10-14
Load Sharing Using STP Port Priorities 10-14
Load Sharing Using STP Path Cost 10-15
CHAPTER
11 Configuring Ethernet Virtual Connections (EVCs) 11-1
Supported EVC Features 11-2
Understanding EVC Features 11-3
Ethernet Virtual Connections 11-3
Service Instances and EFPs 11-3
Encapsulation 11-4
Bridge Domains 11-6
Split-Horizon 11-6
Rewrite Operations 11-7
Configuring EFPs 11-8
Default EVC Configuration 11-8
Configuration Guidelines 11-8
Creating Service Instances 11-9
Configuration Examples 11-10
Configuring a Service Instance 11-10
Encapsulation Using a VLAN Range 11-10
Two Service Instances Joining the Same Bridge Domain 11-10
Bridge Domains and VLAN Encapsulation 11-11
Rewrite 11-11
Split Horizon 11-11
Hairpinning 11-12
Contents
xi
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Egress Filtering 11-12
Examples of Unsupported Configurations 11-13
Overlapping Encapsulation 11-13
Global Rewrite Operation Limitation on a Switch 11-14
Configuring Other Features on EFPs 11-15
EFPs and EtherChannels 11-15
EFPs and Layer 2 Protocols 11-16
MAC Address Forwarding, Learning and Aging on EFPs 11-16
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling using EFPs 11-17
802.1Q Tunneling (QinQ) 11-17
Layer 2 Protocol Tunneling 11-21
EFPs and Ethernet over Multiprotocol Layer Switching (EoMPLS) 11-24
Bridge Domain Routing 11-24
EFPs and Switchport MAC Addresses 11-25
EVC and Switchports 11-25
EFPs and MSTP 11-29
Monitoring EVC 11-29
CHAPTER
12 Configuring Command Macros 12-1
Understanding Command Macros 12-1
Configuring Command Macros 12-1
Default Command Macro Configuration 12-2
Command Macro Configuration Guidelines 12-2
Creating Command Macros 12-3
Applying Command Macros 12-4
Displaying Command Macros 12-5
CHAPTER
13 Configuring STP 13-1
Understanding Spanning-Tree Features 13-1
STP Overview 13-2
Spanning-Tree Topology and BPDUs 13-2
Bridge ID, Switch Priority, and Extended System ID 13-3
Spanning-Tree Interface States 13-4
Blocking State 13-5
Listening State 13-6
Learning State 13-6
Forwarding State 13-6
Disabled State 13-6
How a Switch or Port Becomes the Root Switch or Root Port 13-7
Contents
xii
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Spanning Tree and Redundant Connectivity 13-7
Spanning-Tree Address Management 13-8
Accelerated Aging to Retain Connectivity 13-8
Spanning-Tree Modes and Protocols 13-9
Supported Spanning-Tree Instances 13-9
Spanning-Tree Interoperability and Backward Compatibility 13-10
STP and IEEE 802.1Q Trunks 13-10
Configuring Spanning-Tree Features 13-10
Default Spanning-Tree Configuration 13-11
Spanning-Tree Configuration Guidelines 13-11
Changing the Spanning-Tree Mode. 13-12
Disabling Spanning Tree 13-13
Configuring the Root Switch 13-14
Configuring a Secondary Root Switch 13-15
Configuring Port Priority 13-16
Configuring Path Cost 13-18
Configuring the Switch Priority of a VLAN 13-19
Configuring Spanning-Tree Timers 13-20
Configuring the Hello Time 13-20
Configuring the Forwarding-Delay Time for a VLAN 13-21
Configuring the Maximum-Aging Time for a VLAN 13-21
Displaying the Spanning-Tree Status 13-22
CHAPTER
14 Configuring MSTP 14-1
Understanding MSTP 14-2
Multiple Spanning-Tree Regions 14-2
IST, CIST, and CST 14-2
Operations Within an MST Region 14-3
Operations Between MST Regions 14-3
IEEE 802.1s Terminology 14-5
Hop Count 14-5
Boundary Ports 14-6
IEEE 802.1s Implementation 14-6
Port Role Naming Change 14-6
Interoperation Between Legacy and Standard Switches 14-7
Detecting Unidirectional Link Failure 14-7
Interoperability with IEEE 802.1D STP 14-8
Understanding RSTP 14-8
Port Roles and the Active Topology 14-9
Contents
xiii
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Rapid Convergence 14-9
Synchronization of Port Roles 14-11
Bridge Protocol Data Unit Format and Processing 14-12
Processing Superior BPDU Information 14-13
Processing Inferior BPDU Information 14-13
Topology Changes 14-13
Configuring MSTP Features 14-14
Default MSTP Configuration 14-14
MSTP Configuration Guidelines 14-15
Specifying the MST Region Configuration and Enabling MSTP 14-16
Configuring the Root Switch 14-17
Configuring a Secondary Root Switch 14-18
Configuring Port Priority 14-19
Configuring Path Cost 14-21
Configuring the Switch Priority 14-22
MSTP and Ethernet Flow Points (EFPs) 14-23
Configuring the Hello Time 14-23
Configuring the Forwarding-Delay Time 14-23
Configuring the Maximum-Aging Time 14-24
Configuring the Maximum-Hop Count 14-24
Specifying the Link Type to Ensure Rapid Transitions 14-25
Designating the Neighbor Type 14-26
Restarting the Protocol Migration Process 14-26
Displaying the MST Configuration and Status 14-27
CHAPTER
15 Configuring Optional Spanning-Tree Features 15-1
Understanding Optional Spanning-Tree Features 15-1
Understanding Port Fast 15-2
Understanding BPDU Guard 15-2
Understanding BPDU Filtering 15-3
Understanding EtherChannel Guard 15-3
Understanding Root Guard 15-3
Understanding Loop Guard 15-4
Configuring Optional Spanning-Tree Features 15-5
Default Optional Spanning-Tree Configuration 15-5
Optional Spanning-Tree Configuration Guidelines 15-5
Enabling Port Fast 15-5
Enabling BPDU Guard 15-6
Enabling BPDU Filtering 15-7
Enabling EtherChannel Guard 15-8
Contents
xiv
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Enabling Root Guard 15-9
Enabling Loop Guard 15-9
Displaying the Spanning-Tree Status 15-10
CHAPTER
16 Configuring Resilient Ethernet Protocol 16-1
Understanding REP 16-1
Link Integrity 16-3
Fast Convergence 16-4
VLAN Load Balancing 16-4
Spanning Tree Interaction 16-6
REP Ports 16-6
Configuring REP 16-6
Default REP Configuration 16-7
REP Configuration Guidelines 16-7
Configuring the REP Administrative VLAN 16-8
Configuring REP Interfaces 16-9
Setting Manual Preemption for VLAN Load Balancing 16-13
Configuring SNMP Traps for REP 16-13
Monitoring REP 16-14
CHAPTER
17 Configuring Flex Links and the MAC Address-Table Move Update Feature 17-1
Understanding Flex Links and the MAC Address-Table Move Update 17-1
Flex Links 17-1
VLAN Flex Link Load Balancing and Support 17-2
Flex Link Multicast Fast Convergence 17-3
Learning the Other Flex Link Port as the mrouter Port 17-3
Generating IGMP Reports 17-3
Leaking IGMP Reports 17-4
MAC Address-Table Move Update 17-6
Configuring Flex Links and MAC Address-Table Move Update 17-7
Default Configuration 17-7
Configuration Guidelines 17-8
Configuring Flex Links 17-8
Configuring VLAN Load Balancing on Flex Links 17-10
Configuring the MAC Address-Table Move Update Feature 17-11
Monitoring Flex Links and the MAC Address-Table Move Update 17-13
Contents
xv
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
CHAPTER
18 Configuring IGMP Snooping 18-1
Understanding IGMP Snooping 18-1
IGMP Versions 18-2
Joining a Multicast Group 18-3
Leaving a Multicast Group 18-4
Immediate Leave 18-5
IGMP Configurable-Leave Timer 18-5
IGMP Report Suppression 18-5
Configuring IGMP Snooping 18-6
Default IGMP Snooping Configuration 18-6
Enabling or Disabling IGMP Snooping 18-6
Configuring a Multicast Router Port 18-7
Configuring a Host Statically to Join a Group 18-8
Enabling IGMP Immediate Leave 18-8
Configuring the IGMP Leave Timer 18-9
Configuring TCN-Related Commands 18-10
Controlling the Multicast Flooding Time After a TCN Event 18-10
Recovering from Flood Mode 18-10
Disabling Multicast Flooding During a TCN Event 18-11
Disabling IGMP Report Suppression 18-12
Displaying IGMP Snooping Information 18-12
Configuring IGMP Filtering and Throttling 18-13
Default IGMP Filtering and Throttling Configuration 18-14
Configuring IGMP Profiles 18-14
Applying IGMP Profiles 18-15
Setting the Maximum Number of IGMP Groups 18-16
Configuring the IGMP Throttling Action 18-17
Displaying IGMP Filtering and Throttling Configuration 18-18
CHAPTER
19 Configuring Traffic Control 19-1
Configuring Storm Control 19-1
Understanding Storm Control 19-1
Default Storm Control Configuration 19-3
Configuring Storm Control and Threshold Levels 19-3
Configuring Port Blocking 19-5
Default Port Blocking Configuration 19-5
Blocking Flooded Traffic on an Interface 19-5
Configuring EVC MAC Security 19-6
Contents
xvi
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Understanding MAC Security 19-7
Secure MAC Addresses 19-7
Security Violations 19-7
Default EVC MAC Security Configuration 19-8
MAC Address Security Guidelines 19-9
Enabling and Configuring EVC MAC Security 19-9
Displaying Traffic Control Settings 19-12
CHAPTER
20 Configuring CDP 20-1
Understanding CDP 20-1
Configuring CDP 20-2
Default CDP Configuration 20-2
Configuring the CDP Characteristics 20-2
Disabling and Enabling CDP 20-3
Disabling and Enabling CDP on an Interface 20-4
CDP and Ethernet Flow Points (EFPs) 20-4
Monitoring and Maintaining CDP 20-5
CHAPTER
21 Configuring LLDP and LLDP-MED 21-1
Understanding LLDP and LLDP-MED 21-1
Understanding LLDP 21-1
Understanding LLDP-MED 21-2
Configuring LLDP and LLDP-MED 21-3
Default LLDP Configuration 21-3
Configuring LLDP Characteristics 21-3
Disabling and Enabling LLDP Globally 21-4
Disabling and Enabling LLDP on an Interface 21-5
Configuring LLDP-MED TLVs 21-6
LLDP and Ethernet Flow Points (EFPs) 21-7
Monitoring and Maintaining LLDP and LLDP-MED 21-7
CHAPTER
22 Configuring UDLD 22-1
Understanding UDLD 22-1
Modes of Operation 22-1
Methods to Detect Unidirectional Links 22-2
Configuring UDLD 22-3
Default UDLD Configuration 22-4
Configuration Guidelines 22-4
Enabling UDLD Globally 22-5
Contents
xvii
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Enabling UDLD on an Interface 22-5
Resetting an Interface Disabled by UDLD 22-6
UDLD and Ethernet Flow Points (EFPs) 22-6
Displaying UDLD Status 22-7
CHAPTER
23 Configuring RMON 23-1
Understanding RMON 23-1
Configuring RMON 23-3
Default RMON Configuration 23-3
Configuring RMON Alarms and Events 23-3
Collecting Group History Statistics on an Interface 23-5
Collecting Group Ethernet Statistics on an Interface 23-5
Displaying RMON Status 23-6
CHAPTER
24 Configuring System Message Logging 24-1
Understanding System Message Logging 24-1
Configuring System Message Logging 24-2
System Log Message Format 24-2
Default System Message Logging Configuration 24-3
Disabling Message Logging 24-3
Setting the Message Display Destination Device 24-4
Synchronizing Log Messages 24-5
Enabling and Disabling Time Stamps on Log Messages 24-7
Enabling and Disabling Sequence Numbers in Log Messages 24-7
Defining the Message Severity Level 24-8
Limiting Syslog Messages Sent to the History Table and to SNMP 24-9
Enabling the Configuration-Change Logger 24-10
Configuring UNIX Syslog Servers 24-11
Logging Messages to a UNIX Syslog Daemon 24-11
Configuring the UNIX System Logging Facility 24-12
Displaying the Logging Configuration 24-13
CHAPTER
25 Configuring SNMP 25-1
Understanding SNMP 25-1
SNMP Versions 25-2
SNMP Manager Functions 25-3
SNMP Agent Functions 25-4
SNMP Community Strings 25-4
Using SNMP to Access MIB Variables 25-4
Contents
xviii
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
SNMP Notifications 25-5
SNMP ifIndex MIB Object Values 25-5
MIB Data Collection and Transfer 25-6
Configuring SNMP 25-6
Default SNMP Configuration 25-7
SNMP Configuration Guidelines 25-7
Disabling the SNMP Agent 25-8
Configuring Community Strings 25-8
Configuring SNMP Groups and Users 25-10
Configuring SNMP Notifications 25-12
Setting the CPU Threshold Notification Types and Values 25-16
Setting the Agent Contact and Location Information 25-17
Limiting TFTP Servers Used Through SNMP 25-17
Configuring MIB Data Collection and Transfer 25-18
Configuring the Cisco Process MIB CPU Threshold Table 25-20
SNMP Examples 25-21
Displaying SNMP Status 25-23
CHAPTER
26 Configuring Network Security with ACLs 26-1
Understanding ACLs 26-1
Supported ACLs 26-2
Port ACLs 26-3
Router ACLs 26-4
VLAN Maps 26-5
Handling Fragmented and Unfragmented Traffic 26-5
Configuring IPv4 ACLs 26-6
Creating Standard and Extended IPv4 ACLs 26-7
IPv4 Access List Numbers 26-8
ACL Logging 26-8
Creating a Numbered Standard ACL 26-9
Creating a Numbered Extended ACL 26-10
Resequencing ACEs in an ACL 26-14
Creating Named Standard and Extended ACLs 26-14
Using Time Ranges with ACLs 26-16
Including Comments in ACLs 26-18
Applying an IPv4 ACL to a Terminal Line 26-18
Applying an IPv4 ACL to an Interface 26-19
Hardware and Software Treatment of IP ACLs 26-20
Troubleshooting ACLs 26-21
Contents
xix
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
IPv4 ACL Configuration Examples 26-22
Numbered ACLs 26-23
Extended ACLs 26-23
Named ACLs 26-24
Time Range Applied to an IP ACL 26-24
Commented IP ACL Entries 26-25
ACL Logging 26-25
Creating Named MAC Extended ACLs 26-26
Applying a MAC ACL to a Layer 2 Interface 26-28
Configuring VLAN Maps 26-29
VLAN Map Configuration Guidelines 26-29
Creating a VLAN Map 26-30
Examples of ACLs and VLAN Maps 26-31
Applying a VLAN Map to a VLAN 26-33
Using VLAN Maps in Your Network 26-33
Wiring Closet Configuration 26-33
Denying Access to a Server on Another VLAN 26-34
Using VLAN Maps with Router ACLs 26-35
VLAN Maps and Router ACL Configuration Guidelines 26-36
Examples of Router ACLs and VLAN Maps Applied to VLANs 26-37
ACLs and Switched Packets 26-37
ACLs and Routed Packets 26-37
ACLs and Multicast Packets 26-38
Displaying IPv4 ACL Configuration 26-39
CHAPTER
27 Configuring QoS 27-1
Understanding QoS 27-2
Modular QoS CLI Configuration 27-3
Hierarchical QoS 27-4
Classification 27-5
The match Command 27-6
Classification Based on Layer 2 CoS 27-7
Classification Based on IP Precedence 27-7
Classification Based on IP DSCP 27-7
CoS Mapping 27-8
Ingress Classification Based on QoS ACLs 27-9
Classification Based on QoS Groups 27-10
Classification Based on Discard Class 27-11
Classification Based on VLAN IDs 27-11
Contents
xx
Cisco ME 3800X and 3600X Switch Software Configuration Guide
OL-23400-01
Classification for MPLS and EoMPLS 27-11
Policing 27-13
Marking 27-14
Congestion Avoidance and Queuing 27-15
Congestion Management and Scheduling 27-17
Traffic Shaping 27-18
Class-Based Weighted Fair Queuing 27-19
Priority Queuing 27-20
Input and Output Policy Maps 27-20
Input Policy Maps 27-22
Output Policy Maps 27-22
QoS Treatment for Performance-Monitoring Protocols 27-23
Cisco IP-SLAs Probes 27-23
CPU Traffic 27-23
Configuring QoS 27-24
Default QoS Configuration 27-24
Configuration Guidelines and Limitations 27-24
Configuring Input Policy Maps 27-25
Configuring Input Class Maps 27-26
Using ACLs to Classify Traffic 27-28
Configuring Class-Based Marking 27-32
Configuring Policing 27-34
Configuring Output Policy Maps 27-41
Configuring Output Class Maps 27-41
Configuring Class-Based-Weighted Fair Queuing 27-44
Configuring Class-Based Shaping 27-47
Configuring Port Shaping 27-48
Configuring Class-Based Priority Queuing 27-49
Configuring Weighted Tail Drop 27-50
Hierarchical Policy Maps Configuration Examples 27-52
Configuring MPLS and EoMPLS QoS 27-53
Default MPLS and EoMPLS QoS Configuration 27-53
MPLS QoS Configuration Guidelines 27-54
Setting the Priority of Packets with Experimental Bits 27-54
MPLS DiffServ Tunneling Modes 27-55
Attaching a Service Policy to an Interface or EFP 27-56
Displaying QoS Information 27-57
CHAPTER
28 Configuring EtherChannels 28-1
Understanding EtherChannels 28-1
/