Manuale UtenteSommarioContents3Preface23Audience23Purpose23Conventions24Related Publications25Overview27Features27Ease of Use and Ease of Deployment27Performance27Manageability28Redundancy29VLAN Support30Security30Quality of Service and Class of Service31Monitoring31Management Options32Management Interface Options32Network Configuration Examples33Where to Go Next34Using the Command-Line Interface35Cisco IOS Command Modes35Getting Help37Abbreviating Commands38Using no and default Forms of Commands38Understanding CLI Messages39Using Command History39Changing the Command History Buffer Size39Recalling Commands40Disabling the Command History Feature40Using Editing Features40Enabling and Disabling Editing Features40Editing Commands through Keystrokes41Editing Command Lines that Wrap42Searching and Filtering Output of show and more Commands43Accessing the CLI43Assigning the Switch IP Address and Default Gateway45Understanding the Boot Process45Assigning Switch Information46Default Switch Information46Manually Assigning IP Information47Checking and Saving the Running Configuration48Modifying the Startup Configuration50Default Boot Configuration51Specifying the Filename to Read and Write the System Configuration51Booting a Specific Software Image52Controlling Environment Variables52Scheduling a Reload of the Software Image55Configuring a Scheduled Reload55Displaying Scheduled Reload Information56Administering the Switch57Managing the System Time and Date57Understanding the System Clock57Understanding Network Time Protocol58Configuring NTP59Default NTP Configuration60Configuring NTP Authentication60Configuring NTP Associations61Configuring NTP Broadcast Service62Configuring NTP Access Restrictions63Configuring the Source IP Address for NTP Packets65Displaying the NTP Configuration66Configuring Time and Date Manually66Setting the System Clock66Displaying the Time and Date Configuration67Configuring the Time Zone67Configuring Summer Time (Daylight Saving Time)68Configuring a System Name and Prompt69Default System Name and Prompt Configuration70Configuring a System Name70Understanding DNS70Default DNS Configuration71Setting Up DNS71Displaying the DNS Configuration72Creating a Banner72Default Banner Configuration72Configuring a Message-of-the-Day Login Banner72Configuring a Login Banner74Managing the MAC Address Table74Building the Address Table75MAC Addresses and VLANs75Default MAC Address Table Configuration76Changing the Address Aging Time76Removing Dynamic Address Entries76Configuring MAC Address Notification Traps77Adding and Removing Static Address Entries79Displaying Address Table Entries80Managing the ARP Table80Configuring Switch-Based Authentication81Preventing Unauthorized Access to Your Switch81Protecting Access to Privileged EXEC Commands82Default Password and Privilege Level Configuration82Setting or Changing a Static Enable Password83Protecting Enable and Enable Secret Passwords with Encryption84Setting a Telnet Password for a Terminal Line85Configuring Username and Password Pairs86Configuring Multiple Privilege Levels86Setting the Privilege Level for a Command87Changing the Default Privilege Level for Lines88Logging into and Exiting a Privilege Level88Controlling Switch Access with TACACS+89Understanding TACACS+89TACACS+ Operation91Configuring TACACS+91Default TACACS+ Configuration92Identifying the TACACS+ Server Host and Setting the Authentication Key92Configuring TACACS+ Login Authentication93Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services95Starting TACACS+ Accounting96Displaying the TACACS+ Configuration96Controlling Switch Access with RADIUS96Understanding RADIUS97RADIUS Operation98Configuring RADIUS99Default RADIUS Configuration99Identifying the RADIUS Server Host99Configuring RADIUS Login Authentication102Defining AAA Server Groups104Configuring RADIUS Authorization for User Privileged Access and Network Services106Starting RADIUS Accounting107Configuring Settings for All RADIUS Servers108Configuring the Switch to Use Vendor-Specific RADIUS Attributes108Configuring the Switch for Vendor-Proprietary RADIUS Server Communication109Displaying the RADIUS Configuration110Configuring the Switch for Local Authentication and Authorization111Configuring the Switch for Secure Shell112Understanding SSH112SSH Servers, Integrated Clients, and Supported Versions112Limitations113Configuring SSH113Configuration Guidelines113Cryptographic Software Image Guidelines114Setting Up the Switch to Run SSH114Configuring the SSH Server115Displaying the SSH Configuration and Status116Configuring IEEE 802.1x Port-Based Authentication117Understanding IEEE 802.1x Port-Based Authentication117Device Roles118Authentication Initiation and Message Exchange119Ports in Authorized and Unauthorized States120IEEE 802.1x Accounting121IEEE 802.1x Accounting Attribute-Value Pairs121IEEE 802.1x Host Mode122Using IEEE 802.1x with Port Security123Using IEEE 802.1x with Voice VLAN Ports124Using IEEE 802.1x with VLAN Assignment124Using IEEE 802.1x with Guest VLAN125Using IEEE 802.1x with Wake-on-LAN126Unidirectional State126Bidirectional State126Configuring IEEE 802.1x Authentication127Default IEEE 802.1x Configuration127IEEE 802.1x Configuration Guidelines128Enabling IEEE 802.1x Authentication129Configuring the Switch-to-RADIUS-Server Communication130Configuring IEEE 802.1x Authentication Using a RADIUS Server132Enabling Periodic Re-Authentication132Manually Re-Authenticating a Client Connected to a Port133Changing the Quiet Period133Changing the Switch-to-Client Retransmission Time134Setting the Switch-to-Client Frame-Retransmission Number135Configuring the Host Mode136Configuring a Guest VLAN136Resetting the IEEE 802.1x Configuration to the Default Values138Configuring IEEE 802.1x Authentication138Configuring IEEE 802.1x Accounting140Displaying IEEE 802.1x Statistics and Status141Configuring Interface Characteristics143Understanding Interface Types143Access Ports144Trunk Ports144Port-Based VLANs145EtherChannel Port Groups145Connecting Interfaces146Using the Interface Command146Procedures for Configuring Interfaces147Configuring a Range of Interfaces148Configuring and Using Interface-Range Macros149Configuring Ethernet Interfaces151Default Ethernet Interface Configuration151Configuring Interface Speed and Duplex Mode152Configuration Guidelines153Setting the Interface Speed and Duplex Parameters153Adding a Description for an Interface154Monitoring and Maintaining the Interfaces155Monitoring Interface and Controller Status155Clearing and Resetting Interfaces and Counters157Shutting Down and Restarting the Interface157Configuring Smartports Macros159Understanding Smartports Macros159Configuring Smartports Macros160Default Smartports Macro Configuration160Smartports Macro Configuration Guidelines160Creating Smartports Macros162Applying Smartports Macros163Applying Cisco-Default Smartports Macros164Displaying Smartports Macros166Configuring STP167Understanding Spanning-Tree Features167STP Overview168Spanning-Tree Topology and BPDUs169Bridge ID, Switch Priority, and Extended System ID170Spanning-Tree Interface States170Blocking State171Listening State172Learning State172Forwarding State172Disabled State173How a Switch or Port Becomes the Root Switch or Root Port173Spanning Tree and Redundant Connectivity174Spanning-Tree Address Management174Accelerated Aging to Retain Connectivity174Spanning-Tree Modes and Protocols175Supported Spanning-Tree Instances175Spanning-Tree Interoperability and Backward Compatibility176STP and IEEE 802.1Q Trunks176Spanning Tree Considerations for Cisco Systems Intelligent Gigabit Ethernet Switch Modules177Configuring Spanning-Tree Features177Default Spanning-Tree Configuration178Spanning-Tree Configuration Guidelines178Changing the Spanning-Tree Mode179Disabling Spanning Tree180Configuring the Root Switch181Configuring a Secondary Root Switch183Configuring the Port Priority183Configuring the Path Cost185Configuring the Switch Priority of a VLAN186Configuring Spanning-Tree Timers187Configuring the Hello Time187Configuring the Forwarding-Delay Time for a VLAN188Configuring the Maximum-Aging Time for a VLAN188Displaying the Spanning-Tree Status189Configuring MSTP191Understanding MSTP192Multiple Spanning-Tree Regions192IST, CIST, and CST192Operations Within an MST Region193Hop Count194Interoperability with IEEE 802.1D STP194Understanding RSTP195Port Roles and the Active Topology195Rapid Convergence196Synchronization of Port Roles197Bridge Protocol Data Unit Format and Processing198Processing Superior BPDU Information199Processing Inferior BPDU Information199Topology Changes199Configuring MSTP Features200Default MSTP Configuration201MSTP Configuration Guidelines201Specifying the MST Region Configuration and Enabling MSTP202Configuring the Root Switch203Configuring a Secondary Root Switch205Configuring the Port Priority205Configuring the Path Cost207Configuring the Switch Priority208Configuring the Hello Time208Configuring the Forwarding-Delay Time209Configuring the Maximum-Aging Time210Configuring the Maximum-Hop Count210Specifying the Link Type to Ensure Rapid Transitions211Restarting the Protocol Migration Process211Displaying the MST Configuration and Status212Configuring Optional Spanning-Tree Features213Understanding Optional Spanning-Tree Features213Understanding Port Fast214Understanding BPDU Guard215Understanding BPDU Filtering215Understanding UplinkFast216Understanding BackboneFast217Understanding EtherChannel Guard220Understanding Root Guard220Understanding Loop Guard221Configuring Optional Spanning-Tree Features221Default Optional Spanning-Tree Configuration222Optional Spanning-Tree Configuration Guidelines222Enabling Port Fast222Enabling BPDU Guard223Enabling BPDU Filtering224Enabling UplinkFast for Use with Redundant Links225Enabling BackboneFast226Enabling EtherChannel Guard227Enabling Root Guard227Enabling Loop Guard228Displaying the Spanning-Tree Status229Configuring VLANs231Understanding VLANs231Supported VLANs232VLAN Port Membership Modes233Configuring Normal-Range VLANs234Token Ring VLANs235Normal-Range VLAN Configuration Guidelines235VLAN Configuration Mode Options236VLAN Configuration in config-vlan Mode236VLAN Configuration in VLAN Configuration Mode236Saving VLAN Configuration237Default Ethernet VLAN Configuration237Creating or Modifying an Ethernet VLAN238Deleting a VLAN240Assigning Static-Access Ports to a VLAN240Configuring Extended-Range VLANs241Default VLAN Configuration242Extended-Range VLAN Configuration Guidelines242Creating an Extended-Range VLAN242Displaying VLANs243Configuring VLAN Trunks244Trunking Overview244IEEE 802.1Q Configuration Considerations246Default Layer 2 Ethernet Interface VLAN Configuration247Configuring an Ethernet Interface as a Trunk Port247Interaction with Other Features248Configuring a Trunk Port248Defining the Allowed VLANs on a Trunk249Changing the Pruning-Eligible List250Configuring the Native VLAN for Untagged Traffic251Load Sharing Using STP252Load Sharing Using STP Port Priorities252Load Sharing Using STP Path Cost254Configuring VMPS255Understanding VMPS256Dynamic Port VLAN Membership256VMPS Database Configuration File257Default VMPS Client Configuration257VMPS Configuration Guidelines257Configuring the VMPS Client258Entering the IP Address of the VMPS258Configuring Dynamic Access Ports on VMPS Clients258Reconfirming VLAN Memberships259Changing the Reconfirmation Interval260Changing the Retry Count260Monitoring the VMPS260Troubleshooting Dynamic Port VLAN Membership261VMPS Configuration Example261Configuring VTP263Understanding VTP263The VTP Domain264VTP Modes265VTP Advertisements265VTP Version 2266VTP Pruning266Configuring VTP268Default VTP Configuration268VTP Configuration Options269VTP Configuration in Global Configuration Mode269VTP Configuration in VLAN Configuration Mode269VTP Configuration Guidelines270Domain Names270Passwords270VTP Version270Configuration Requirements271Configuring a VTP Server271Configuring a VTP Client272Disabling VTP (VTP Transparent Mode)273Enabling VTP Version 2274Enabling VTP Pruning275Adding a VTP Client Switch to a VTP Domain276Monitoring VTP277Configuring IGMP Snooping and MVR279Understanding IGMP Snooping280IGMP Versions280Joining a Multicast Group281Leaving a Multicast Group283Immediate-Leave Processing284IGMP Configurable-Leave Timer284IGMP Report Suppression284Source-Only Networks285Configuring IGMP Snooping285Default IGMP Snooping Configuration286Enabling or Disabling IGMP Snooping286Setting the Snooping Method287Configuring a Multicast Router Port288Configuring a Host Statically to Join a Group288Enabling IGMP Immediate-Leave Processing289Configuring the IGMP Leave Timer290Disabling IGMP Report Suppression290Disabling IP Multicast-Source-Only Learning291Configuring the Aging Time292Displaying IGMP Snooping Information292Understanding Multicast VLAN Registration293Using MVR in a Multicast Television Application294Configuring MVR295Default MVR Configuration296MVR Configuration Guidelines and Limitations296Configuring MVR Global Parameters296Configuring MVR Interfaces298Displaying MVR Information299Configuring IGMP Filtering and Throttling299Default IGMP Filtering and Throttling Configuration300Configuring IGMP Profiles301Applying IGMP Profiles302Setting the Maximum Number of IGMP Groups303Configuring the IGMP Throttling Action303Displaying IGMP Filtering and Throttling Configuration305Configuring Port-Based Traffic Control307Configuring Storm Control307Understanding Storm Control307Default Storm Control Configuration308Configuring Storm Control and Threshold Levels308Configuring Protected Ports309Configuring Port Security310Understanding Port Security310Secure MAC Addresses311Security Violations311Default Port Security Configuration312Port Security Configuration Guidelines312Enabling and Configuring Port Security313Enabling and Configuring Port Security Aging315Displaying Port-Based Traffic Control Settings317Configuring UDLD319Understanding UDLD319Modes of Operation319Methods to Detect Unidirectional Links320Configuring UDLD322Default UDLD Configuration322Configuration Guidelines322Enabling UDLD Globally323Enabling UDLD on an Interface324Resetting an Interface Shut Down by UDLD324Displaying UDLD Status325Configuring CDP327Understanding CDP327Configuring CDP328Default CDP Configuration328Configuring the CDP Characteristics328Disabling and Enabling CDP329Disabling and Enabling CDP on an Interface330Monitoring and Maintaining CDP331Configuring SPAN and RSPAN333Understanding SPAN and RSPAN333SPAN and RSPAN Concepts and Terminology335SPAN Session335Traffic Types335Source Port336Destination Port336Reflector Port337SPAN Traffic337SPAN and RSPAN Interaction with Other Features338SPAN and RSPAN Session Limits339Default SPAN and RSPAN Configuration339Configuring SPAN339SPAN Configuration Guidelines339Creating a SPAN Session and Specifying Ports to Monitor340Creating a SPAN Session and Enabling Ingress Traffic341Removing Ports from a SPAN Session343Configuring RSPAN344RSPAN Configuration Guidelines344Configuring a VLAN as an RSPAN VLAN345Creating an RSPAN Source Session346Creating an RSPAN Destination Session347Removing Ports from an RSPAN Session348Displaying SPAN and RSPAN Status349Configuring RMON351Understanding RMON351Configuring RMON352Default RMON Configuration353Configuring RMON Alarms and Events353Configuring RMON Collection on an Interface355Displaying RMON Status356Configuring System Message Logging357Understanding System Message Logging357Configuring System Message Logging358System Log Message Format358Default System Message Logging Configuration359Disabling and Enabling Message Logging360Setting the Message Display Destination Device360Synchronizing Log Messages362Enabling and Disabling Timestamps on Log Messages363Enabling and Disabling Sequence Numbers in Log Messages364Defining the Message Severity Level364Limiting Syslog Messages Sent to the History Table and to SNMP366Configuring UNIX Syslog Servers366Logging Messages to a UNIX Syslog Daemon367Configuring the UNIX System Logging Facility367Displaying the Logging Configuration368Configuring SNMP369Understanding SNMP369SNMP Versions370SNMP Manager Functions371SNMP Agent Functions371SNMP Community Strings372Using SNMP to Access MIB Variables372SNMP Notifications372Configuring SNMP373Default SNMP Configuration373SNMP Configuration Guidelines374Disabling the SNMP Agent374Configuring Community Strings375Configuring SNMP Groups and Users376Configuring SNMP Notifications378Setting the Agent Contact and Location Information381Limiting TFTP Servers Used Through SNMP381SNMP Examples382Displaying SNMP Status383Configuring Network Security with ACLs385Understanding ACLs386Handling Fragmented and Unfragmented Traffic387Understanding Access Control Parameters388Guidelines for Applying ACLs to Physical Interfaces389Configuring ACLs390Unsupported Features390Creating Standard and Extended IP ACLs391ACL Numbers391Creating a Numbered Standard ACL392Creating a Numbered Extended ACL393Creating Named Standard and Extended ACLs396Applying Time Ranges to ACLs398Including Comments About Entries in ACLs400Creating Named MAC Extended ACLs401Creating MAC Access Groups402Applying ACLs to Terminal Lines or Physical Interfaces402Applying ACLs to a Terminal Line403Applying ACLs to a Physical Interface403Displaying ACL Information404Displaying ACLs404Displaying Access Groups405Examples for Compiling ACLs406Numbered ACL Examples407Extended ACL Examples407Named ACL Example407Commented IP ACL Entry Examples407Configuring QoS409Understanding QoS410Basic QoS Model411Classification412Classification Based on QoS ACLs413Classification Based on Class Maps and Policy Maps414Policing and Marking414Mapping Tables415Queueing and Scheduling415How Class of Service Works415Port Priority415Port Scheduling416Egress CoS Queues416Configuring Auto-QoS417Generated Auto-QoS Configuration417Effects of Auto-QoS on the Configuration419Configuration Guidelines419Enabling Auto-QoS for VoIP420Displaying Auto-QoS Information421Auto-QoS Configuration Example422Configuring Standard QoS424Default Standard QoS Configuration424Configuration Guidelines424Configuring Classification Using Port Trust States425Configuring the Trust State on Ports within the QoS Domain426Configuring the CoS Value for an Interface427Configuring Trusted Boundary428Enabling Pass-Through Mode430Configuring a QoS Policy431Classifying Traffic by Using ACLs431Classifying Traffic by Using Class Maps435Classifying, Policing, and Marking Traffic by Using Policy Maps436Configuring CoS Maps439Configuring the CoS-to-DSCP Map440Configuring the DSCP-to-CoS Map441Configuring the Egress Queues442Configuring CoS Priority Queues442Configuring WRR Priority443Enabling the Expedite Queue and Configuring WRR Priority443Displaying Standard QoS Information444Standard QoS Configuration Examples444QoS Configuration for the Existing Wiring Closet445QoS Configuration for the Intelligent Wiring Closet446Configuring EtherChannels and Layer2 Trunk Failover449Understanding EtherChannels449Understanding Port-Channel Interfaces450Understanding the Port Aggregation Protocol and Link Aggregation Protocol451PAgP and LACP Modes452Physical Learners and Aggregate-Port Learners453PAgP and LACP Interaction with Other Features453EtherChannel On Mode454Understanding Load Balancing and Forwarding Methods454Configuring EtherChannels456Default EtherChannel Configuration456EtherChannel Configuration Guidelines456Configuring Layer2 EtherChannels457Configuring EtherChannel Load Balancing459Configuring the PAgP Learn Method and Priority460Configuring the LACP Port Priority461Configuring Hot Standby Ports461Configuring the LACP System Priority462Displaying EtherChannel, PAgP, and LACP Status463Understanding Layer 2 Trunk Failover463Configuring Layer 2 Trunk Failover464Default Layer 2 Trunk Failover Configuration464Layer 2 Trunk Failover Configuration Guidelines465Configuring Layer2 Trunk Failover465Displaying Layer 2 Trunk Failover Status466Troubleshooting467Using Recovery Procedures467Recovering from a Software Failure467Recovering from Lost or Forgotten Passwords468Password Recovery with Password Recovery Enabled470Procedure with Password Recovery Disabled471Preventing Autonegotiation Mismatches473SFP Module Security and Identification473Diagnosing Connectivity Problems473Using Ping474Understanding Ping474Executing Ping474Using Layer 2 Traceroute475Understanding Layer 2 Traceroute475Usage Guidelines475Displaying the Physical Path476Using Debug Commands477Enabling Debugging on a Specific Feature477Enabling All-System Diagnostics478Redirecting Debug and Error Message Output478Using the debug auto qos Command478Using the crashinfo File479Supported MIBs481MIB List481Using FTP to Access the MIB Files483Working with the Cisco IOS File System, Configuration Files, and Software Images485Working with the Flash File System485Displaying Available File Systems486Setting the Default File System487Displaying Information about Files on a File System487Changing Directories and Displaying the Working Directory488Creating and Removing Directories488Copying Files489Deleting Files490Creating, Displaying, and Extracting tar Files490Creating a tar File490Displaying the Contents of a tar File491Extracting a tar File491Displaying the Contents of a File492Working with Configuration Files492Guidelines for Creating and Using Configuration Files493Configuration File Types and Location494Creating a Configuration File By Using a Text Editor494Copying Configuration Files By Using TFTP494Preparing to Download or Upload a Configuration File By Using TFTP494Downloading the Configuration File By Using TFTP495Uploading the Configuration File By Using TFTP496Copying Configuration Files By Using FTP496Preparing to Download or Upload a Configuration File By Using FTP497Downloading a Configuration File By Using FTP497Uploading a Configuration File By Using FTP498Copying Configuration Files By Using RCP499Preparing to Download or Upload a Configuration File By Using RCP500Downloading a Configuration File By Using RCP501Uploading a Configuration File By Using RCP502Clearing Configuration Information503Clearing the Startup Configuration File503Deleting a Stored Configuration File503Working with Software Images503Image Location on the Switch504tar File Format of Images on a Server or IBM.com504Copying Image Files By Using TFTP505Preparing to Download or Upload an Image File By Using TFTP505Downloading an Image File By Using TFTP506Uploading an Image File By Using TFTP507Copying Image Files By Using FTP508Preparing to Download or Upload an Image File By Using FTP508Downloading an Image File By Using FTP509Uploading an Image File By Using FTP511Copying Image Files By Using RCP512Preparing to Download or Upload an Image File By Using RCP512Downloading an Image File By Using RCP513Uploading an Image File By Using RCP515Getting Help and Technical Assistance517Before You Call517Using the Documentation518Getting Help and Information from the World Wide Web518Software Service and Support518Hardware Service and Support518Notices519Edition Notice520Trademarks520Index523Dimensioni: 5,73 MBPagine: 550Language: EnglishApri il manuale