ユーザーズマニュアル目次Cisco IE 3010 Switch Software Configuration Guide1Contents3Preface33Overview37Features37Ease-of-Deployment and Ease-of-Use Features38Performance Features38Management Options39Manageability Features40Availability and Redundancy Features41VLAN Features42Security Features42QoS and CoS Features45Monitoring Features46Default Settings After Initial Switch Configuration47Network Configuration Examples49Design Concepts for Using the Switch49Where to Go Next50Using the Command-Line Interface51Understanding Command Modes51Understanding the Help System53Understanding Abbreviated Commands54Understanding no and default Forms of Commands54Understanding CLI Error Messages55Using Configuration Logging55Using Command History56Changing the Command History Buffer Size56Recalling Commands56Disabling the Command History Feature57Using Editing Features57Enabling and Disabling Editing Features57Editing Commands through Keystrokes58Editing Command Lines that Wrap59Searching and Filtering Output of show and more Commands60Accessing the CLI60Accessing the CLI through a Console Connection or through Telnet60Assigning the Switch IP Address and Default Gateway61Understanding the Boot Process61Assigning Switch Information63Default Switch Information63Understanding DHCP-Based Autoconfiguration63DHCP Client Request Process64Understanding DHCP-based Autoconfiguration and Image Update65DHCP Autoconfiguration65DHCP Auto-Image Update65Limitations and Restrictions66Configuring DHCP-Based Autoconfiguration66DHCP Server Configuration Guidelines66Configuring the TFTP Server67Configuring the DNS68Configuring the Relay Device68Obtaining Configuration Files69Example Configuration69Configuring the DHCP Auto Configuration and Image Update Features71Configuring DHCP Autoconfiguration (Only Configuration File)71Configuring DHCP Auto-Image Update (Configuration File and Image)72Configuring the Client73Manually Assigning IP Information74Checking and Saving the Running Configuration75Modifying the Startup Configuration76Default Boot Configuration77Automatically Downloading a Configuration File77Specifying the Filename to Read and Write the System Configuration77Booting Manually78Booting a Specific Software Image79Controlling Environment Variables79Scheduling a Reload of the Software Image81Configuring a Scheduled Reload81Displaying Scheduled Reload Information82Configuring Cisco IOS Configuration Engine83Understanding Cisco Configuration Engine Software83Configuration Service84Event Service85NameSpace Mapper85What You Should Know About the CNS IDs and Device Hostnames85ConfigID85DeviceID86Hostname and DeviceID86Using Hostname, DeviceID, and ConfigID86Understanding Cisco IOS Agents87Initial Configuration87Incremental (Partial) Configuration88Synchronized Configuration88Configuring Cisco IOS Agents88Enabling Automated CNS Configuration88Enabling the CNS Event Agent89Enabling the Cisco IOS CNS Agent91Enabling an Initial Configuration91Enabling a Partial Configuration94Displaying CNS Configuration95Clustering Switches97Understanding Switch Clusters97Cluster Command Switch Characteristics99Standby Cluster Command Switch Characteristics99Candidate Switch and Cluster Member Switch Characteristics99Planning a Switch Cluster100Automatic Discovery of Cluster Candidates and Members100Discovery Through CDP Hops101Discovery Through Non-CDP-Capable and Noncluster-Capable Devices102Discovery Through Different VLANs102Discovery Through Different Management VLANs103Discovery of Newly Installed Switches104Virtual IP Addresses105Other Considerations for Cluster Standby Groups105Automatic Recovery of Cluster Configuration106IP Addresses107Hostnames107Passwords108SNMP Community Strings108TACACS+ and RADIUS108LRE Profiles109Using the CLI to Manage Switch Clusters109Using SNMP to Manage Switch Clusters110Administering the Switch111Managing the System Time and Date111Understanding the System Clock111Understanding Network Time Protocol112Configuring NTP114Default NTP Configuration114Configuring NTP Authentication115Configuring NTP Associations116Configuring NTP Broadcast Service117Configuring NTP Access Restrictions118Configuring the Source IP Address for NTP Packets120Displaying the NTP Configuration121Configuring Time and Date Manually121Setting the System Clock121Displaying the Time and Date Configuration122Configuring the Time Zone122Configuring Summer Time (Daylight Saving Time)123Configuring a System Name and Prompt124Default System Name and Prompt Configuration125Configuring a System Name125Understanding DNS125Default DNS Configuration126Setting Up DNS126Displaying the DNS Configuration127Creating a Banner127Default Banner Configuration127Configuring a Message-of-the-Day Login Banner128Configuring a Login Banner129Managing the MAC Address Table129Building the Address Table130MAC Addresses and VLANs130Default MAC Address Table Configuration131Changing the Address Aging Time131Removing Dynamic Address Entries132Configuring MAC Address Change Notification Traps132Configuring MAC Address Move Notification Traps134Configuring MAC Threshold Notification Traps135Adding and Removing Static Address Entries136Configuring Unicast MAC Address Filtering137Disabling MAC Address Learning on a VLAN138Displaying Address Table Entries140Managing the ARP Table140Configuring the Switch Alarms141Understanding IE 3010 Switch Alarms141Global Status Monitoring Alarms142FCS Error Hysteresis Threshold142Port Status Monitoring Alarms142Triggering Alarm Options143Configuring IE 3010 External Alarms144Configuring IE 3010 Switch Alarms146Default Switch Alarm Configuration146Configuring the Power Supply Alarms146Configuring the Switch Temperature Alarms147Setting the Primary Temperature Threshold for the Switch147Setting a Secondary Temperature Threshold for the Switch148Associating the Temperature Alarms to a Relay149Configuring the FCS Bit Error Rate Alarm150Setting the FCS Error Threshold150Setting the FCS Error Hysteresis Threshold150Configuring Alarm Profiles151Creating or Modifying an Alarm Profile151Attaching an Alarm Profile to a Specific Port152Enabling SNMP Traps153Displaying IE 3010 Switch Alarms Status153Configuring SDM Templates155Understanding the SDM Templates155Configuring the Switch SDM Template156SDM Template Configuration Guidelines156Setting the SDM Template157Displaying the SDM Templates158Configuring Switch-Based Authentication159Preventing Unauthorized Access to Your Switch159Protecting Access to Privileged EXEC Commands160Default Password and Privilege Level Configuration161Setting or Changing a Static Enable Password161Protecting Enable and Enable Secret Passwords with Encryption162Disabling Password Recovery163Setting a Telnet Password for a Terminal Line164Configuring Username and Password Pairs165Configuring Multiple Privilege Levels166Setting the Privilege Level for a Command166Changing the Default Privilege Level for Lines167Logging into and Exiting a Privilege Level168Controlling Switch Access with TACACS+168Understanding TACACS+168TACACS+ Operation170Configuring TACACS+171Default TACACS+ Configuration171Identifying the TACACS+ Server Host and Setting the Authentication Key171Configuring TACACS+ Login Authentication172Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services174Starting TACACS+ Accounting175Establishing a Session with a Router if the AAA Server is Unreachable176Displaying the TACACS+ Configuration176Controlling Switch Access with RADIUS176Understanding RADIUS176RADIUS Operation178RADIUS Change of Authorization178Overview179Change-of-Authorization Requests179CoA Request Response Code180CoA Request Commands182Configuring RADIUS185Default RADIUS Configuration185Identifying the RADIUS Server Host186Configuring RADIUS Login Authentication188Defining AAA Server Groups190Configuring RADIUS Authorization for User Privileged Access and Network Services192Starting RADIUS Accounting193Establishing a Session with a Router if the AAA Server is Unreachable194Configuring Settings for All RADIUS Servers194Configuring the Switch to Use Vendor-Specific RADIUS Attributes194Configuring the Switch for Vendor-Proprietary RADIUS Server Communication196Configuring CoA on the Switch197Monitoring and Troubleshooting CoA Functionality198Configuring RADIUS Server Load Balancing198Displaying the RADIUS Configuration198Controlling Switch Access with Kerberos198Understanding Kerberos199Kerberos Operation201Authenticating to a Boundary Switch201Obtaining a TGT from a KDC201Authenticating to Network Services202Configuring Kerberos202Configuring the Switch for Local Authentication and Authorization202Configuring the Switch for Secure Shell203Understanding SSH204SSH Servers, Integrated Clients, and Supported Versions204Limitations204Configuring SSH205Configuration Guidelines205Setting Up the Switch to Run SSH205Configuring the SSH Server206Displaying the SSH Configuration and Status207Configuring the Switch for Secure Socket Layer HTTP208Understanding Secure HTTP Servers and Clients209Certificate Authority Trustpoints209CipherSuites210Configuring Secure HTTP Servers and Clients211Default SSL Configuration211SSL Configuration Guidelines211Configuring a CA Trustpoint212Configuring the Secure HTTP Server213Configuring the Secure HTTP Client214Displaying Secure HTTP Server and Client Status215Configuring the Switch for Secure Copy Protocol215Information About Secure Copy216Configuring IEEE 802.1x Port-Based Authentication217Understanding IEEE 802.1x Port-Based Authentication217Device Roles218Authentication Process219Authentication Initiation and Message Exchange221Authentication Manager223Port-Based Authentication Methods223Per-User ACLs and Filter-Ids224Authentication Manager CLI Commands225Ports in Authorized and Unauthorized States226802.1x Host Mode227Multidomain Authentication228802.1x Multiple Authentication Mode229MAC Move229MAC Replace230802.1x Accounting230802.1x Accounting Attribute-Value Pairs231802.1x Readiness Check232802.1x Authentication with VLAN Assignment232Using 802.1x Authentication with Per-User ACLs233802.1x Authentication with Downloadable ACLs and Redirect URLs234Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL236Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs236VLAN ID-based MAC Authentication236802.1x Authentication with Guest VLAN237802.1x Authentication with Restricted VLAN238802.1x Authentication with Inaccessible Authentication Bypass239Support on Multiple-Authentication Ports239Authentication Results239Feature Interactions240802.1x Authentication with Voice VLAN Ports240802.1x Authentication with Port Security241802.1x Authentication with Wake-on-LAN242802.1x Authentication with MAC Authentication Bypass242802.1x User Distribution244802.1x User Distribution Configuration Guidelines244Network Admission Control Layer 2 802.1x Validation245Flexible Authentication Ordering245Open1x Authentication245Using Voice Aware 802.1x Security246802.1x Supplicant and Authenticator Switches with Network Edge Access Topology (NEAT)246Guidelines247Using IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute247Common Session ID248Configuring 802.1x Authentication249Default 802.1x Authentication Configuration250802.1x Authentication Configuration Guidelines251802.1x Authentication251VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass252MAC Authentication Bypass253Maximum Number of Allowed Devices Per Port253Configuring 802.1x Readiness Check253Configuring Voice Aware 802.1x Security254Configuring 802.1x Violation Modes255Configuring 802.1x Authentication256Configuring the Switch-to-RADIUS-Server Communication258Configuring the Host Mode259Configuring Periodic Re-Authentication260Manually Re-Authenticating a Client Connected to a Port261Changing the Quiet Period262Changing the Switch-to-Client Retransmission Time262Setting the Switch-to-Client Frame-Retransmission Number263Setting the Re-Authentication Number264Enabling MAC Move264Enabling MAC Replace265Configuring 802.1x Accounting266Configuring a Guest VLAN267Configuring a Restricted VLAN268Configuring the Inaccessible Authentication Bypass Feature270Configuring 802.1x Authentication with WoL272Configuring MAC Authentication Bypass273Configuring 802.1x User Distribution274Configuring NAC Layer 2 802.1x Validation275Configuring an Authenticator and a Supplicant Switch with NEAT276Configuring NEAT with Auto Smartports Macros277Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs277Configuring Downloadable ACLs278Configuring a Downloadable Policy278Configuring VLAN ID-based MAC Authentication280Configuring Flexible Authentication Ordering280Configuring Open1x281Disabling 802.1x Authentication on the Port281Resetting the 802.1x Authentication Configuration to the Default Values282Displaying 802.1x Statistics and Status283Configuring Web-Based Authentication285Understanding Web-Based Authentication285Device Roles286Host Detection286Session Creation286Authentication Process287Local Web Authentication Banner287Web Authentication Customizable Web Pages289Guidelines289Web-based Authentication Interactions with Other Features291Port Security291LAN Port IP291Gateway IP291ACLs291Context-Based Access Control292802.1x Authentication292EtherChannel292Configuring Web-Based Authentication293Default Web-Based Authentication Configuration293Web-Based Authentication Configuration Guidelines and Restrictions293Web-Based Authentication Configuration Task List294Configuring the Authentication Rule and Interfaces294Configuring AAA Authentication295Configuring Switch-to-RADIUS-Server Communication295Configuring the HTTP Server297Customizing the Authentication Proxy Web Pages297Specifying a Redirection URL for Successful Login299Configuring an AAA Fail Policy299Configuring the Web-Based Authentication Parameters300Configuring a Web Authentication Local Banner300Removing Web-Based Authentication Cache Entries301Displaying Web-Based Authentication Status301Configuring Interface Characteristics303Understanding Interface Types303Port-Based VLANs304Switch Ports304Access Ports304Trunk Ports305EtherChannel Port Groups305Dual-Purpose Uplink Ports306Power over Ethernet Ports306Supported Protocols and Standards306Powered-Device Detection and Initial Power Allocation307Power Management Modes308Power Monitoring and Power Policing309Connecting Interfaces311Using Interface Configuration Mode311Procedures for Configuring Interfaces312Configuring a Range of Interfaces312Configuring and Using Interface Range Macros314Configuring Ethernet Interfaces316Default Ethernet Interface Configuration316Setting the Type of a Dual-Purpose Uplink Port317Configuring Interface Speed and Duplex Mode318Speed and Duplex Configuration Guidelines319Setting the Interface Speed and Duplex Parameters319Configuring IEEE 802.3x Flow Control320Configuring Auto-MDIX on an Interface321Configuring a Power Management Mode on a PoE Port322Budgeting Power for Devices Connected to a PoE Port324Adding a Description for an Interface325Configuring Layer 3 Interfaces326Configuring the System MTU326Monitoring and Maintaining the Interfaces328Monitoring Interface Status328Clearing and Resetting Interfaces and Counters329Shutting Down and Restarting the Interface329Configuring Smartports Macros331Understanding Smartports Macros331Configuring Smartports Macros331Default Smartports Configuration331Smartports Configuration Guidelines332Applying Smartports Macros333Displaying Smartports Macros335Configuring VLANs337Understanding VLANs337Supported VLANs338VLAN Port Membership Modes339Configuring Normal-Range VLANs340Token Ring VLANs341Normal-Range VLAN Configuration Guidelines341Configuring Normal-Range VLANs342Default Ethernet VLAN Configuration342Creating or Modifying an Ethernet VLAN343Deleting a VLAN344Assigning Static-Access Ports to a VLAN345Configuring Extended-Range VLANs346Default VLAN Configuration346Extended-Range VLAN Configuration Guidelines346Creating an Extended-Range VLAN347Creating an Extended-Range VLAN with an Internal VLAN ID348Displaying VLANs349Configuring VLAN Trunks350Trunking Overview350IEEE 802.1Q Configuration Considerations351Default Layer 2 Ethernet Interface VLAN Configuration352Configuring an Ethernet Interface as a Trunk Port352Interaction with Other Features352Configuring a Trunk Port353Defining the Allowed VLANs on a Trunk354Changing the Pruning-Eligible List355Configuring the Native VLAN for Untagged Traffic355Configuring Trunk Ports for Load Sharing356Load Sharing Using STP Port Priorities356Load Sharing Using STP Path Cost358Configuring VMPS359Understanding VMPS360Dynamic-Access Port VLAN Membership360Default VMPS Client Configuration361VMPS Configuration Guidelines361Configuring the VMPS Client362Entering the IP Address of the VMPS362Configuring Dynamic-Access Ports on VMPS Clients362Reconfirming VLAN Memberships363Changing the Reconfirmation Interval363Changing the Retry Count364Monitoring the VMPS364Troubleshooting Dynamic-Access Port VLAN Membership365VMPS Configuration Example365Configuring VTP367Understanding VTP367The VTP Domain368VTP Modes369VTP Advertisements369VTP Version 2370VTP Version 3370VTP Pruning371Configuring VTP373Default VTP Configuration373VTP Configuration Guidelines374Domain Names374Passwords374VTP Version375Configuration Requirements376Configuring VTP Mode376Configuring a VTP Version 3 Password378Configuring a VTP Version 3 Primary Server379Enabling the VTP Version379Enabling VTP Pruning380Configuring VTP on a Per-Port Basis381Adding a VTP Client Switch to a VTP Domain381Monitoring VTP382Configuring Voice VLAN383Understanding Voice VLAN383Cisco IP Phone Voice Traffic384Cisco IP Phone Data Traffic384Configuring Voice VLAN385Default Voice VLAN Configuration385Voice VLAN Configuration Guidelines385Configuring a Port Connected to a Cisco 7960 IP Phone386Configuring Cisco IP Phone Voice Traffic387Configuring the Priority of Incoming Data Frames388Displaying Voice VLAN388Configuring STP389Understanding Spanning-Tree Features389STP Overview390Spanning-Tree Topology and BPDUs391Bridge ID, Switch Priority, and Extended System ID392Spanning-Tree Interface States392Blocking State393Listening State394Learning State394Forwarding State394Disabled State395How a Switch or Port Becomes the Root Switch or Root Port395Spanning Tree and Redundant Connectivity396Spanning-Tree Address Management396Accelerated Aging to Retain Connectivity396Spanning-Tree Modes and Protocols397Supported Spanning-Tree Instances397Spanning-Tree Interoperability and Backward Compatibility398STP and IEEE 802.1Q Trunks398VLAN-Bridge Spanning Tree398Configuring Spanning-Tree Features399Default Spanning-Tree Configuration399Spanning-Tree Configuration Guidelines400Changing the Spanning-Tree Mode.401Disabling Spanning Tree402Configuring the Root Switch402Configuring a Secondary Root Switch404Configuring Port Priority404Configuring Path Cost406Configuring the Switch Priority of a VLAN407Configuring Spanning-Tree Timers408Configuring the Hello Time408Configuring the Forwarding-Delay Time for a VLAN409Configuring the Maximum-Aging Time for a VLAN409Configuring the Transmit Hold-Count410Displaying the Spanning-Tree Status410Configuring MSTP411Understanding MSTP412Multiple Spanning-Tree Regions412IST, CIST, and CST412Operations Within an MST Region413Operations Between MST Regions413IEEE 802.1s Terminology415Hop Count415Boundary Ports416IEEE 802.1s Implementation416Port Role Naming Change416Interoperation Between Legacy and Standard Switches417Detecting Unidirectional Link Failure417Interoperability with IEEE 802.1D STP418Understanding RSTP418Port Roles and the Active Topology419Rapid Convergence419Synchronization of Port Roles421Bridge Protocol Data Unit Format and Processing422Processing Superior BPDU Information422Processing Inferior BPDU Information423Topology Changes423Configuring MSTP Features423Default MSTP Configuration424MSTP Configuration Guidelines424Specifying the MST Region Configuration and Enabling MSTP425Configuring the Root Switch427Configuring a Secondary Root Switch428Configuring Port Priority429Configuring Path Cost430Configuring the Switch Priority431Configuring the Hello Time432Configuring the Forwarding-Delay Time433Configuring the Maximum-Aging Time433Configuring the Maximum-Hop Count434Specifying the Link Type to Ensure Rapid Transitions434Designating the Neighbor Type435Restarting the Protocol Migration Process435Displaying the MST Configuration and Status436Configuring Optional Spanning-Tree Features437Understanding Optional Spanning-Tree Features437Understanding Port Fast438Understanding BPDU Guard438Understanding BPDU Filtering439Understanding UplinkFast439Understanding BackboneFast441Understanding EtherChannel Guard443Understanding Root Guard444Understanding Loop Guard445Configuring Optional Spanning-Tree Features445Default Optional Spanning-Tree Configuration445Optional Spanning-Tree Configuration Guidelines446Enabling Port Fast446Enabling BPDU Guard447Enabling BPDU Filtering448Enabling UplinkFast for Use with Redundant Links449Enabling BackboneFast449Enabling EtherChannel Guard450Enabling Root Guard451Enabling Loop Guard451Displaying the Spanning-Tree Status452Configuring Flex Links and the MAC Address-Table Move Update Feature453Understanding Flex Links and the MAC Address-Table Move Update453Flex Links453VLAN Flex Link Load Balancing and Support454Flex Link Multicast Fast Convergence455Learning the Other Flex Link Port as the mrouter Port455Generating IGMP Reports455Leaking IGMP Reports456Configuration Examples456MAC Address-Table Move Update458Configuring Flex Links and the MAC Address-Table Move Update459Default Configuration459Configuration Guidelines460Configuring Flex Links460Configuring VLAN Load Balancing on Flex Links462Configuring the MAC Address-Table Move Update Feature464Monitoring Flex Links and the MAC Address-Table Move Update466Configuring DHCP Features and IP Source Guard Features467Understanding DHCP Snooping467DHCP Server468DHCP Relay Agent468DHCP Snooping468Option-82 Data Insertion470Cisco IOS DHCP Server Database473DHCP Snooping Binding Database473Configuring DHCP Snooping474Default DHCP Snooping Configuration475DHCP Snooping Configuration Guidelines475Configuring the DHCP Relay Agent477Specifying the Packet Forwarding Address477Enabling DHCP Snooping and Option 82478Enabling the Cisco IOS DHCP Server Database480Enabling the DHCP Snooping Binding Database Agent480Displaying DHCP Snooping Information481Understanding IP Source Guard481Source IP Address Filtering482Source IP and MAC Address Filtering482IP Source Guard for Static Hosts482Configuring IP Source Guard483Default IP Source Guard Configuration483IP Source Guard Configuration Guidelines483Enabling IP Source Guard484Configuring IP Source Guard for Static Hosts485Configuring IP Source Guard for Static Hosts on a Layer 2 Access Port485Configuring IP Source Guard for Static Hosts on a Private VLAN Host Port490Displaying IP Source Guard Information492Understanding DHCP Server Port-Based Address Allocation492Configuring DHCP Server Port-Based Address Allocation492Default Port-Based Address Allocation Configuration493Port-Based Address Allocation Configuration Guidelines493Enabling DHCP Server Port-Based Address Allocation493Displaying DHCP Server Port-Based Address Allocation495Configuring Dynamic ARP Inspection497Understanding Dynamic ARP Inspection497Interface Trust States and Network Security499Rate Limiting of ARP Packets500Relative Priority of ARP ACLs and DHCP Snooping Entries500Logging of Dropped Packets500Configuring Dynamic ARP Inspection501Default Dynamic ARP Inspection Configuration501Dynamic ARP Inspection Configuration Guidelines501Configuring Dynamic ARP Inspection in DHCP Environments503Configuring ARP ACLs for Non-DHCP Environments504Limiting the Rate of Incoming ARP Packets506Performing Validation Checks507Configuring the Log Buffer508Displaying Dynamic ARP Inspection Information510Configuring IGMP Snooping and MVR513Understanding IGMP Snooping513IGMP Versions514Joining a Multicast Group515Leaving a Multicast Group517Immediate Leave517IGMP Configurable-Leave Timer517IGMP Report Suppression517Configuring IGMP Snooping518Default IGMP Snooping Configuration518Enabling or Disabling IGMP Snooping519Setting the Snooping Method520Configuring a Multicast Router Port521Configuring a Host Statically to Join a Group522Enabling IGMP Immediate Leave522Configuring the IGMP Leave Timer523Configuring TCN-Related Commands524Controlling the Multicast Flooding Time After a TCN Event524Recovering from Flood Mode524Disabling Multicast Flooding During a TCN Event525Configuring the IGMP Snooping Querier526Disabling IGMP Report Suppression527Displaying IGMP Snooping Information527Understanding Multicast VLAN Registration529Using MVR in a Multicast Television Application529Configuring MVR531Default MVR Configuration531MVR Configuration Guidelines and Limitations531Configuring MVR Global Parameters532Configuring MVR Interfaces533Displaying MVR Information535Configuring IGMP Filtering and Throttling535Default IGMP Filtering and Throttling Configuration536Configuring IGMP Profiles536Applying IGMP Profiles538Setting the Maximum Number of IGMP Groups538Configuring the IGMP Throttling Action539Displaying IGMP Filtering and Throttling Configuration540Configuring Port-Based Traffic Control541Configuring Storm Control541Understanding Storm Control541Default Storm Control Configuration543Configuring Storm Control and Threshold Levels543Configuring Protected Ports545Default Protected Port Configuration545Protected Port Configuration Guidelines545Configuring a Protected Port546Configuring Port Blocking546Default Port Blocking Configuration547Blocking Flooded Traffic on an Interface547Configuring Port Security547Understanding Port Security548Secure MAC Addresses548Security Violations549Default Port Security Configuration550Port Security Configuration Guidelines550Enabling and Configuring Port Security552Enabling and Configuring Port Security Aging556Port Security and Private VLANs557Displaying Port-Based Traffic Control Settings558Configuring CDP559Understanding CDP559Configuring CDP560Default CDP Configuration560Configuring the CDP Characteristics561Disabling and Enabling CDP561Disabling and Enabling CDP on an Interface562Monitoring and Maintaining CDP563Configuring LLDP, LLDP-MED, and Wired Location Service565Understanding LLDP, LLDP-MED, and Wired Location Service565LLDP-MED566Wired Location Service567Configuring LLDP, LLDP-MED, and Wired Location Service568Default LLDP Configuration568Configuration Guidelines569Enabling LLDP569Configuring LLDP Characteristics570Configuring LLDP-MED TLVs571Configuring Network-Policy TLV571Configuring Location TLV and Wired Location Service573Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service574Configuring UDLD577Understanding UDLD577Modes of Operation577Methods to Detect Unidirectional Links578Configuring UDLD579Default UDLD Configuration580Configuration Guidelines580Enabling UDLD Globally581Enabling UDLD on an Interface581Resetting an Interface Disabled by UDLD582Displaying UDLD Status582Configuring SPAN and RSPAN583Understanding SPAN and RSPAN583Local SPAN584Remote SPAN584SPAN and RSPAN Concepts and Terminology585SPAN Sessions585Monitored Traffic586Source Ports587Source VLANs588VLAN Filtering588Destination Port589RSPAN VLAN590SPAN and RSPAN Interaction with Other Features590Configuring SPAN and RSPAN591Default SPAN and RSPAN Configuration591Configuring Local SPAN592SPAN Configuration Guidelines592Creating a Local SPAN Session593Creating a Local SPAN Session and Configuring Incoming Traffic595Specifying VLANs to Filter596Configuring RSPAN597RSPAN Configuration Guidelines597Configuring a VLAN as an RSPAN VLAN598Creating an RSPAN Source Session599Creating an RSPAN Destination Session600Creating an RSPAN Destination Session and Configuring Incoming Traffic601Specifying VLANs to Filter603Displaying SPAN and RSPAN Status604Configuring RMON605Understanding RMON605Configuring RMON606Default RMON Configuration607Configuring RMON Alarms and Events607Collecting Group History Statistics on an Interface609Collecting Group Ethernet Statistics on an Interface609Displaying RMON Status610Configuring System Message Logging611Understanding System Message Logging611Configuring System Message Logging612System Log Message Format612Default System Message Logging Configuration613Disabling Message Logging614Setting the Message Display Destination Device615Synchronizing Log Messages616Enabling and Disabling Time Stamps on Log Messages617Enabling and Disabling Sequence Numbers in Log Messages618Defining the Message Severity Level618Limiting Syslog Messages Sent to the History Table and to SNMP620Enabling the Configuration-Change Logger620Configuring UNIX Syslog Servers621Logging Messages to a UNIX Syslog Daemon622Configuring the UNIX System Logging Facility622Displaying the Logging Configuration623Configuring SNMP625Understanding SNMP625SNMP Versions626SNMP Manager Functions627SNMP Agent Functions628SNMP Community Strings628Using SNMP to Access MIB Variables628SNMP Notifications629SNMP ifIndex MIB Object Values629Configuring SNMP630Default SNMP Configuration630SNMP Configuration Guidelines630Disabling the SNMP Agent631Configuring Community Strings632Configuring SNMP Groups and Users633Configuring SNMP Notifications635Setting the CPU Threshold Notification Types and Values639Setting the Agent Contact and Location Information640Limiting TFTP Servers Used Through SNMP640SNMP Examples641Displaying SNMP Status642Configuring Network Security with ACLs643Understanding ACLs643Supported ACLs644Handling Fragmented and Unfragmented Traffic645Configuring IPv4 ACLs646Creating Standard and Extended IPv4 ACLs647Access List Numbers648ACL Logging648Creating a Numbered Standard ACL649Creating a Numbered Extended ACL650Resequencing ACEs in an ACL654Creating Named Standard and Extended ACLs654Using Time Ranges with ACLs656Including Comments in ACLs658Applying an IPv4 ACL to a Terminal Line659Applying an IPv4 ACL to an Interface659Hardware and Software Treatment of IP ACLs661Troubleshooting ACLs661IPv4 ACL Configuration Examples662Numbered ACLs664Extended ACLs664Named ACLs664Time Range Applied to an IP ACL665Commented IP ACL Entries665ACL Logging666Creating Named MAC Extended ACLs667Applying a MAC ACL to a Layer 2 Interface668Displaying IPv4 ACL Configuration670Configuring QoS671Understanding QoS671Basic QoS Model673Classification674Classification Based on QoS ACLs677Classification Based on Class Maps and Policy Maps677Policing and Marking678Policing on Physical Ports679Policing on SVIs680Mapping Tables682Queueing and Scheduling Overview683Weighted Tail Drop683SRR Shaping and Sharing684Queueing and Scheduling on Ingress Queues684Queueing and Scheduling on Egress Queues686Packet Modification688Configuring Auto-QoS688Generated Auto-QoS Configuration689Effects of Auto-QoS on the Configuration694Auto-QoS Configuration Guidelines694Enabling Auto-QoS for VoIP695Auto-QoS Configuration Example697Displaying Auto-QoS Information698Configuring Standard QoS699Default Standard QoS Configuration699Default Ingress Queue Configuration700Default Egress Queue Configuration700Default Mapping Table Configuration701Standard QoS Configuration Guidelines702QoS ACL Guidelines702Applying QoS on Interfaces702Policing Guidelines703General QoS Guidelines703Enabling QoS Globally704Enabling VLAN-Based QoS on Physical Ports704Configuring Classification Using Port Trust States705Configuring the Trust State on Ports within the QoS Domain705Configuring the CoS Value for an Interface707Configuring a Trusted Boundary to Ensure Port Security707Enabling DSCP Transparency Mode709Configuring the DSCP Trust State on a Port Bordering Another QoS Domain709Configuring a QoS Policy711Classifying Traffic by Using ACLs712Classifying Traffic by Using Class Maps715Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps717Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps721Classifying, Policing, and Marking Traffic by Using Aggregate Policers727Configuring DSCP Maps729Configuring the CoS-to-DSCP Map729Configuring the IP-Precedence-to-DSCP Map730Configuring the Policed-DSCP Map731Configuring the DSCP-to-CoS Map732Configuring the DSCP-to-DSCP-Mutation Map733Configuring Ingress Queue Characteristics735Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds735Allocating Buffer Space Between the Ingress Queues737Allocating Bandwidth Between the Ingress Queues737Configuring the Ingress Priority Queue738Configuring Egress Queue Characteristics739Configuration Guidelines740Allocating Buffer Space to and Setting WTD Thresholds for an Egress Queue-Set740Mapping DSCP or CoS Values to an Egress Queue and to a Threshold ID742Configuring SRR Shaped Weights on Egress Queues743Configuring SRR Shared Weights on Egress Queues744Configuring the Egress Expedite Queue745Limiting the Bandwidth on an Egress Interface746Displaying Standard QoS Information747Configuring EtherChannels and Link-State Tracking749Understanding EtherChannels749EtherChannel Overview750Port-Channel Interfaces751Port Aggregation Protocol752PAgP Modes752PAgP Interaction with Virtual Switches and Dual-Active Detection753PAgP Interaction with Other Features753Link Aggregation Control Protocol753LACP Modes754LACP Interaction with Other Features754EtherChannel On Mode754Load Balancing and Forwarding Methods755Configuring EtherChannels756Default EtherChannel Configuration757EtherChannel Configuration Guidelines757Configuring Layer 2 EtherChannels758Configuring EtherChannel Load Balancing761Configuring the PAgP Learn Method and Priority762Configuring LACP Hot-Standby Ports763Configuring the LACP System Priority764Configuring the LACP Port Priority764Displaying EtherChannel, PAgP, and LACP Status765Understanding Link-State Tracking766Configuring Link-State Tracking768Default Link-State Tracking Configuration768Link-State Tracking Configuration Guidelines769Configuring Link-State Tracking769Displaying Link-State Tracking Status770Configuring Cisco IOS IP SLAs Operations771Understanding Cisco IOS IP SLAs771Using Cisco IOS IP SLAs to Measure Network Performance773IP SLAs Responder and IP SLAs Control Protocol774Response Time Computation for IP SLAs774IP SLAs Operation Scheduling775IP SLAs Operation Threshold Monitoring775Configuring IP SLAs Operations776Default Configuration776Configuration Guidelines776Configuring the IP SLAs Responder777Analyzing IP Service Levels by Using the UDP Jitter Operation778Analyzing IP Service Levels by Using the ICMP Echo Operation781Monitoring IP SLAs Operations783Troubleshooting785Recovering from a Software Failure786Recovering from a Lost or Forgotten Password787Recovering from Lost Cluster Member Connectivity788Preventing Autonegotiation Mismatches788Troubleshooting Power over Ethernet Switch Ports789Disabled Port Caused by Power Loss789Disabled Port Caused by False Link Up789SFP Module Security and Identification789Monitoring SFP Module Status790Using Ping790Understanding Ping790Using Layer 2 Traceroute790Understanding Layer 2 Traceroute791Usage Guidelines791Displaying the Physical Path792Using IP Traceroute792Understanding IP Traceroute792Executing IP Traceroute793Using TDR794Understanding TDR794Running TDR and Displaying the Results794Using Debug Commands795Enabling Debugging on a Specific Feature795Enabling All-System Diagnostics796Redirecting Debug and Error Message Output796Using the show platform forward Command796Using the crashinfo Files798Basic crashinfo Files798Extended crashinfo Files798Troubleshooting Tables799Troubleshooting CPU Utilization799Possible Symptoms of High CPU Utilization799Verifying the Problem and Cause799Troubleshooting Power over Ethernet (PoE)801Supported MIBs805MIB List805Using FTP to Access the MIB Files807Working with the Cisco IOS File System, Configuration Files, and Software Images809Working with the Flash File System809Displaying Available File Systems809Detecting an Unsupported SD Flash Memory Card810SD Flash Memory Card LED811Setting the Default File System811Displaying Information about Files on a File System812Changing Directories and Displaying the Working Directory812Creating and Removing Directories813Copying Files813Deleting Files814Creating, Displaying, and Extracting tar Files814Creating a tar File815Displaying the Contents of a tar File815Extracting a tar File816Displaying the Contents of a File816Working with Configuration Files817Guidelines for Creating and Using Configuration Files817Configuration File Types and Location n818Creating a Configuration File By Using a Text Editor818Copying Configuration Files By Using TFTP818Preparing to Download or Upload a Configuration File B y Using TFTP818Downloading the Configuration File By Using TFTP819Uploading the Configuration File By Using TFTP820Copying Configuration Files By Using FTP820Preparing to Download or Upload a Configuration File By Using FTP821Downloading a Configuration File By Using FTP821Uploading a Configuration File By Using FTP822Copying Configuration Files By Using RCP823Preparing to Download or Upload a Configuration File By Using RCP824Downloading a Configuration File By Using RCP825Uploading a Configuration File By Using RCP826Clearing Configuration Information826Clearing the Startup Configuration File827Deleting a Stored Configuration File827Replacing and Rolling Back Configurations827Understanding Configuration Replacement and Rollback827Configuration Guidelines828Configuring the Configuration Archive829Performing a Configuration Replacement or Rollback Operation829Working with Software Images830Image Location on the Switch831tar File Format of Images on a Server or Cisco.com831Copying Image Files By Using TFTP832Preparing to Download or Upload an Image File By Using TFTP832Downloading an Image File By Using TFTP833Uploading an Image File By Using TFTP835Copying Image Files By Using FTP835Preparing to Download or Upload an Image File By Using FTP836Downloading an Image File By Using FTP837Uploading an Image File By Using FTP838Copying Image Files By Using RCP839Preparing to Download or Upload an Image File By Using RCP840Downloading an Image File By Using RCP841Uploading an Image File By Using RCP842Unsupported Commands in Cisco IOS Release 12.2(53)EZ845Access Control Lists846Unsupported Privileged EXEC Commands846Unsupported Global Configuration Commands846Unsupported Route-Map Configuration Commands846Archive Commands846Unsupported Privileged EXEC Commands846ARP Commands846Unsupported Global Configuration Commands846Unsupported Interface Configuration Commands847Boot Loader Commands847Unsupported Global Configuration Commands847Debug Commands847Unsupported Privileged EXEC Commands847High Availability847Unsupported SSO-Aware HSRP Commands847IGMP Snooping Commands847Unsupported Global Configuration Commands847Interface Commands848Unsupported Privileged EXEC Commands848Unsupported Global Configuration Commands848Unsupported Interface Configuration Commands848IP SLA848Unsupported MPLS Health Monitor Commands848Unsupported Ethernet Gatekeeper Registration Commands848Unsupported VoIP Call Setup Probe Commands848MAC Address Commands848Unsupported Privileged EXEC Commands848Unsupported Global Configuration Commands849Miscellaneous849Unsupported User EXEC Commands849Unsupported Privileged EXEC Commands849Unsupported Global Configuration Commands849NetFlow Commands850Unsupported Global Configuration Commands850Network Address Translation (NAT) Commands850Unsupported Privileged EXEC Commands850QoS850Unsupported Global Configuration Command850Unsupported Interface Configuration Commands850Unsupported Policy-Map Configuration Command850RADIUS850Unsupported Global Configuration Commands850SNMP851Unsupported Global Configuration Commands851SNMPv3851Unsupported 3DES Encryption Commands851Spanning Tree851Unsupported Global Configuration Command851Unsupported Interface Configuration Command851VLAN851Unsupported Global Configuration Command851Unsupported User EXEC Commands852Unsupported VLAN Database Commands852Index853サイズ: 25.4MBページ数: 892Language: Englishマニュアルを開く