Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2_25SEE

SwCfg book Catalyst 3550 Multilayer Switch Software Configuration Guide Cisco IOS Release 12 2(25)SEE February 2006 Corporate Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134 1[.]

Corporate Headquarters

Cisco Systems, Inc

170 West Tasman Drive

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE

OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system All rights reserved Copyright © 1981, Regents of the University of California

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise,

the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX,

Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc and/or its affiliates in the United States and certain other countries

All other trademarks mentioned in this document or Website are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0502R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses Any examples, command display output, and figures included in the document are shown for illustrative purposes only Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Catalyst 3550 Multilayer Switch Software Configuration Guide

Copyright © 2006 Cisco Systems, Inc All rights reserved.

Cisco Product Security Overview vii

Reporting Security Problems in Cisco Products vii

Obtaining Technical Assistance viii

Cisco Technical Support & Documentation Website viii

Submitting a Service Request ix

Definitions of Service Request Severity ix

Obtaining Additional Publications and Information ix

Management Interface Options 1-9

Advantages of Using Network Assistant and Clustering Switches 1-10

Network Configuration Examples 1-10

Design Concepts for Using the Switch 1-11

Small to Medium-Sized Network Using Mixed Switches 1-14

Large Network Using Only Catalyst 3550 Switches 1-16

Multidwelling Network Using Catalyst 3550 Switches 1-17

Long-Distance, High-Bandwidth Transport Configuration 1-19

Where to Go Next 1-19

C H A P T E R 2 Using the Command-Line Interface 2-1

Cisco IOS Command Modes 2-1

Getting Help 2-3

Abbreviating Commands 2-4

Using no and default Forms of Commands 2-4

Understanding CLI Messages 2-5

Using Configuration Logging 2-5

Using Command History 2-5

Changing the Command History Buffer Size 2-6

Recalling Commands 2-6

Disabling the Command History Feature 2-6

Using Editing Features 2-7

Enabling and Disabling Editing Features 2-7

Editing Commands through Keystrokes 2-7

Editing Command Lines that Wrap 2-8

Searching and Filtering Output of show and more Commands 2-9

Accessing the CLI 2-9

C H A P T E R 3 Assigning the Switch IP Address and Default Gateway 3-1

Understanding the Boot Process 3-1

Assigning Switch Information 3-2

Default Switch Information 3-3

Understanding DHCP-Based Autoconfiguration 3-3

DHCP Client Request Process 3-4

Configuring DHCP-Based Autoconfiguration 3-5

DHCP Server Configuration Guidelines 3-5

Configuring the TFTP Server 3-6

Configuring the DNS 3-6

Configuring the Relay Device 3-6

Obtaining Configuration Files 3-7

Example Configuration 3-8

Manually Assigning IP Information 3-10

Checking and Saving the Running Configuration 3-10

Modifying the Startup Configuration 3-11

Default Boot Configuration 3-11

Automatically Downloading a Configuration File 3-11

Specifying the Filename to Read and Write the System Configuration 3-12

Booting Manually 3-12

Booting a Specific Software Image 3-13

Controlling Environment Variables 3-14

Scheduling a Reload of the Software Image 3-16

Configuring a Scheduled Reload 3-16

Displaying Scheduled Reload Information 3-17

C H A P T E R 4 Configuring Cisco IOS CNS Agents 4-1

Understanding Cisco Configuration Engine Software 4-1

Hostname and DeviceID 4-4

Using Hostname, DeviceID, and ConfigID 4-4

Understanding Cisco IOS Agents 4-5

Initial Configuration 4-5

Incremental (Partial) Configuration 4-6

Synchronized Configuration 4-6

Configuring Cisco IOS Agents 4-6

Enabling Automated CNS Configuration 4-6

Enabling the CNS Event Agent 4-8

Enabling the Cisco IOS CNS Agent 4-9

Enabling an Initial Configuration 4-9

Enabling a Partial Configuration 4-11

Upgrading Devices with Cisco IOS Image Agent 4-12

Prerequisites for the CNS Image Agent 4-12

Restrictions for the CNS Image Agent 4-12

C H A P T E R 5 Clustering Switches 5-1

Understanding Switch Clusters 5-1

Cluster Command Switch Characteristics 5-2

Standby Cluster Command Switch Characteristics 5-3

Candidate Switch and Member Switch Characteristics 5-3

Planning a Switch Cluster 5-4

Automatic Discovery of Cluster Candidates and Members 5-4

Discovery Through CDP Hops 5-5

Discovery Through Non-CDP-Capable and Noncluster-Capable Devices 5-5

Discovery Through Different VLANs 5-6

Discovery Through Different Management VLANs 5-7

Discovery Through Routed Ports 5-7

Discovery of Newly Installed Switches 5-8

HSRP and Standby Cluster Command Switches 5-10

Virtual IP Addresses 5-11

Other Considerations for Cluster Standby Groups 5-11

Automatic Recovery of Cluster Configuration 5-12

IP Addresses 5-13

Hostnames 5-13

Passwords 5-13

SNMP Community Strings 5-14

TACACS+ and RADIUS 5-14

console For instructions on configuring the switch for a Telnet session, see the “Disabling Password Recovery” section on page 6-5.Catalyst 1900 and Catalyst 2820 CLI Considerations 5-14

Using SNMP to Manage Switch Clusters 5-15

C H A P T E R 6 Administering the Switch 6-1

Managing the System Time and Date 6-1

Understanding the System Clock 6-1

Understanding Network Time Protocol 6-2

Configuring NTP 6-3

Default NTP Configuration 6-4

Configuring NTP Authentication 6-4

Configuring NTP Associations 6-5

Configuring NTP Broadcast Service 6-6

Configuring NTP Access Restrictions 6-8

Configuring the Source IP Address for NTP Packets 6-10

Displaying the NTP Configuration 6-11

Configuring Time and Date Manually 6-11

Setting the System Clock 6-11

Displaying the Time and Date Configuration 6-12

Configuring the Time Zone 6-12

Configuring Summer Time (Daylight Saving Time) 6-13

Configuring a System Name and Prompt 6-14

Default System Name and Prompt Configuration 6-15

Configuring a System Name 6-15

Default Banner Configuration 6-17

Configuring a Message-of-the-Day Login Banner 6-17

Configuring a Login Banner 6-19

Managing the MAC Address Table 6-19

Building the Address Table 6-20

MAC Addresses and VLANs 6-20

Default MAC Address Table Configuration 6-21

Changing the Address Aging Time 6-21

Removing Dynamic Address Entries 6-21

Configuring MAC Address Notification Traps 6-22

Adding and Removing Static Address Entries 6-24

Configuring Unicast MAC Address Filtering 6-25

Displaying Address Table Entries 6-26

Optimizing System Resources for User-Selected Features 6-26

Using the Templates 6-28

Managing the ARP Table 6-29

C H A P T E R 7 Configuring Switch-Based Authentication 7-1

Preventing Unauthorized Access to Your Switch 7-1

Protecting Access to Privileged EXEC Commands 7-2

Default Password and Privilege Level Configuration 7-2

Setting or Changing a Static Enable Password 7-3

Protecting Enable and Enable Secret Passwords with Encryption 7-4

Disabling Password Recovery 7-5

Setting a Telnet Password for a Terminal Line 7-6

Configuring Multiple Privilege Levels 7-8

Setting the Privilege Level for a Command 7-8

Changing the Default Privilege Level for Lines 7-9

Logging into and Exiting a Privilege Level 7-10

Controlling Switch Access with TACACS+ 7-10

Understanding TACACS+ 7-10

TACACS+ Operation 7-12

Configuring TACACS+ 7-12

Default TACACS+ Configuration 7-13

Identifying the TACACS+ Server Host and Setting the Authentication Key 7-13

Configuring TACACS+ Login Authentication 7-14

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services 7-16

Starting TACACS+ Accounting 7-17

Displaying the TACACS+ Configuration 7-17

Controlling Switch Access with RADIUS 7-17

Understanding RADIUS 7-18

RADIUS Operation 7-19

Configuring RADIUS 7-20

Default RADIUS Configuration 7-20

Identifying the RADIUS Server Host 7-20

Configuring RADIUS Login Authentication 7-23

Defining AAA Server Groups 7-25

Configuring RADIUS Authorization for User Privileged Access and Network Services 7-27

Starting RADIUS Accounting 7-28

Configuring Settings for All RADIUS Servers 7-29

Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31

Displaying the RADIUS Configuration 7-31

Controlling Switch Access with Kerberos 7-32

Setting Up the Switch to Run SSH 7-39

Configuring the SSH Server 7-40

Displaying the SSH Configuration and Status 7-41

Configuring the Switch for Secure Socket Layer HTTP 7-41

Understanding Secure HTTP Servers and Clients 7-42

Certificate Authority Trustpoints 7-42

Configuring the Secure HTTP Server 7-46

Configuring the Secure HTTP Client 7-47

Displaying Secure HTTP Server and Client Status 7-48

Configuring the Switch for Secure Copy Protocol 7-48

C H A P T E R 8 Configuring IEEE 802.1x Port-Based Authentication 8-1

Understanding IEEE 802.1x Port-Based Authentication 8-1

Device Roles 8-2

Authentication Process 8-3

Authentication Initiation and Message Exchange 8-5

Ports in Authorized and Unauthorized States 8-7

IEEE 802.1x Host Mode 8-7

IEEE 802.1x Accounting 8-8

IEEE 802.1x Accounting Attribute-Value Pairs 8-8

Using IEEE 802.1x Authentication with VLAN Assignment 8-9

Using IEEE 802.1x Authentication with Per-User ACLs 8-10

Using IEEE 802.1x Authentication with Guest VLAN 8-11

Using IEEE 802.1x Authentication with Restricted VLAN 8-12

Using IEEE 802.1x Authentication with Inaccessible Authentication Bypass 8-13

Using IEEE 802.1x Authentication with Voice VLAN Ports 8-14

Using IEEE 802.1x Authentication with Port Security 8-15

Using IEEE 802.1x Authentication with Wake-on-LAN 8-16

Using IEEE 802.1x Authentication with MAC Authentication Bypass 8-16

Network Admission Control Layer 2 IEEE 802.1x Validation 8-17

Configuring IEEE 802.1x Authentication 8-18

Default IEEE 802.1x Authentication Configuration 8-19

IEEE 802.1x Authentication Configuration Guidelines 8-20

IEEE 802.1x Authentication 8-20

VLAN Assignment, Guest VLAN, Restricted VLAN, and Inaccessible Authentication Bypass 8-21

MAC Authentication Bypass 8-22

Upgrading from a Previous Software Release 8-22

Configuring IEEE 802.1x Authentication 8-22

Configuring the Switch-to-RADIUS-Server Communication 8-24

Configuring the Host Mode 8-26

Enabling Periodic Re-Authentication 8-26

Manually Re-Authenticating a Client Connected to a Port 8-27

Changing the Quiet Period 8-27

Changing the Switch-to-Client Retransmission Time 8-28

Setting the Switch-to-Client Frame-Retransmission Number 8-29

Setting the Re-Authentication Number 8-29

Configuring IEEE 802.1x Accounting 8-30

Configuring a Guest VLAN 8-31

Configuring a Restricted VLAN 8-32

Configuring the Inaccessible Authentication Bypass Feature 8-33

Configuring IEEE 802.1x Authentication with WoL 8-36

Configuring MAC Authentication Bypass 8-36

Configuring NAC Layer 2 IEEE 802.1x Validation 8-37

Disabling IEEE 802.1x on the Port 8-38

Resetting the IEEE 802.1x Configuration to the Default Values 8-38

Displaying IEEE 802.1x Statistics and Status 8-38

C H A P T E R 9 Configuring Interface Characteristics 9-1

Understanding Interface Types 9-1

EtherChannel Port Groups 9-5

Power Over Ethernet Ports 9-5

Supported Protocols and Standards 9-6

Powered-Device Detection and Initial Power Allocation 9-6

Power Management Modes 9-7

Connecting Interfaces 9-7

Using the Interface Command 9-9

Procedures for Configuring Interfaces 9-9

Configuring a Range of Interfaces 9-10

Configuring and Using Interface Range Macros 9-12

Configuring Ethernet Interfaces 9-13

Default Ethernet Interface Configuration 9-14

Configuring Interface Speed and Duplex Mode 9-15

Configuration Guidelines 9-15

Setting the Interface Speed and Duplex Parameters 9-16

Configuring Power over Ethernet on the Catalyst 3550-24PWR Ports 9-16

Configuring IEEE 802.3x Flow Control 9-17

Adding a Description for an Interface 9-18

Configuring Layer 3 Interfaces 9-19

Monitoring and Maintaining the Interfaces 9-20

Monitoring Interface and Controller Status 9-21

Clearing and Resetting Interfaces and Counters 9-21

Shutting Down and Restarting the Interface 9-22

C H A P T E R 10 Configuring Smartports Macros 10-1

Understanding Smartports Macros 10-1

Configuring Smartports Macros 10-2

Default Smartports Macro Configuration 10-2

Smartports Macro Configuration Guidelines 10-3

Creating Smartports Macros 10-4

Applying Smartports Macros 10-5

Applying Cisco-Default Smartports Macros 10-6

Displaying Smartports Macros 10-8

C H A P T E R 11 Configuring VLANs 11-1

Understanding VLANs 11-1

Supported VLANs 11-2

VLAN Port Membership Modes 11-3

Configuring Normal-Range VLANs 11-4

Token Ring VLANs 11-5

Normal-Range VLAN Configuration Guidelines 11-5

VLAN Configuration Mode Options 11-6

VLAN Configuration in config-vlan Mode 11-6

VLAN Configuration in VLAN Configuration Mode 11-6

Saving VLAN Configuration 11-7

Default Ethernet VLAN Configuration 11-7

Creating or Modifying an Ethernet VLAN 11-8

Deleting a VLAN 11-10

Assigning Static-Access Ports to a VLAN 11-10

Configuring Extended-Range VLANs 11-11

Default VLAN Configuration 11-12

Extended-Range VLAN Configuration Guidelines 11-12

Creating an Extended-Range VLAN 11-13

Creating an Extended-Range VLAN with an Internal VLAN ID 11-14

Displaying VLANs 11-15

Configuring VLAN Trunks 11-15

Trunking Overview 11-16

Encapsulation Types 11-17

IEEE 802.1Q Configuration Considerations 11-18

Default Layer 2 Ethernet Interface VLAN Configuration 11-19

Configuring an Ethernet Interface as a Trunk Port 11-19

Interaction with Other Features 11-19

Configuring a Trunk Port 11-20

Defining the Allowed VLANs on a Trunk 11-21

Changing the Pruning-Eligible List 11-22

Configuring the Native VLAN for Untagged Traffic 11-23

Load Sharing Using STP 11-23

Load Sharing Using STP Port Priorities 11-24

Load Sharing Using STP Path Cost 11-25

Configuring VMPS 11-27

Understanding VMPS 11-27

Dynamic Port VLAN Membership 11-28

VMPS Database Configuration File 11-28

Default VMPS Client Configuration 11-29

VMPS Configuration Guidelines 11-29

Configuring the VMPS Client 11-30

Entering the IP Address of the VMPS 11-30

Configuring Dynamic Access Ports on VMPS Clients 11-30

Reconfirming VLAN Memberships 11-31

Changing the Reconfirmation Interval 11-31

Changing the Retry Count 11-32

VTP Configuration in Global Configuration Mode 12-7

VTP Configuration in VLAN Configuration Mode 12-7

Enabling VTP Pruning 12-13

Adding a VTP Client Switch to a VTP Domain 12-14

Monitoring VTP 12-15

C H A P T E R 13 Configuring Voice VLAN 13-1

Understanding Voice VLAN 13-1

Configuring Voice VLAN 13-2

Default Voice VLAN Configuration 13-2

Voice VLAN Configuration Guidelines 13-3

Configuring a Port to Connect to a Cisco 7960 IP Phone 13-3

Configuring Ports to Carry Voice Traffic in IEEE 802.1Q Frames 13-4

Configuring Ports to Carry Voice Traffic in IEEE 802.1p Priority-Tagged Frames 13-4

Overriding the CoS Priority of Incoming Data Frames 13-5

Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames 13-6

Displaying Voice VLAN 13-6

C H A P T E R 14 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling 14-1

Understanding IEEE 802.1Q Tunneling 14-1

Configuring IEEE 802.1Q Tunneling 14-4

Default IEEE 802.1Q Tunneling Configuration 14-4

IEEE 802.1Q Tunneling Configuration Guidelines 14-4

Native VLANs 14-4

System MTU 14-5

IEEE 802.1Q Tunneling and Other Features 14-5

Configuring an IEEE 802.1Q Tunneling Port 14-6

Understanding Layer 2 Protocol Tunneling 14-7

Configuring Layer 2 Protocol Tunneling 14-9

Default Layer 2 Protocol Tunneling Configuration 14-10

Layer 2 Protocol Tunneling Configuration Guidelines 14-11

Configuring Layer 2 Tunneling 14-12

Configuring Layer 2 Tunneling for EtherChannels 14-13

Configuring the SP Edge Switch 14-13

Configuring the Customer Switch 14-15

Monitoring and Maintaining Tunneling Status 14-17

C H A P T E R 15 Configuring STP 15-1

Understanding Spanning-Tree Features 15-1

STP Overview 15-2

Spanning-Tree Topology and BPDUs 15-2

Bridge ID, Switch Priority, and Extended System ID 15-3

Spanning-Tree Interface States 15-4

How a Switch or Port Becomes the Root Switch or Root Port 15-7

Spanning Tree and Redundant Connectivity 15-7

Spanning-Tree Address Management 15-8

Accelerated Aging to Retain Connectivity 15-8

Spanning-Tree Modes and Protocols 15-9

Supported Spanning-Tree Instances 15-9

Spanning-Tree Interoperability and Backward Compatibility 15-10

STP and IEEE 802.1Q Trunks 15-10

VLAN-Bridge Spanning Tree 15-11

Configuring Spanning-Tree Features 15-11

Default Spanning-Tree Configuration 15-11

Spanning-Tree Configuration Guidelines 15-12

Changing the Spanning-Tree Mode 15-13

Disabling Spanning Tree 15-14

Configuring the Root Switch 15-14

Configuring a Secondary Root Switch 15-16

Configuring the Port Priority 15-17

Configuring the Path Cost 15-18

Configuring the Switch Priority of a VLAN 15-20

Configuring Spanning-Tree Timers 15-20

Configuring the Hello Time 15-21

Configuring the Forwarding-Delay Time for a VLAN 15-22

Configuring the Maximum-Aging Time for a VLAN 15-22

Configuring Spanning Tree for Use in a Cascaded Stack 15-23

Configuring the Transmit Hold Count 15-23

Displaying the Spanning-Tree Status 15-24

C H A P T E R 16 Configuring MSTP 16-1

Understanding MSTP 16-2

Multiple Spanning-Tree Regions 16-2

IST, CIST, and CST 16-3

Operations Within an MST Region 16-3

Operations Between MST Regions 16-4

IEEE 802.1s Terminology 16-5

Hop Count 16-5

Boundary Ports 16-6

IEEE 802.1s Implementation 16-6

Port Role Naming Change 16-6

Interoperation Between Legacy and Standard Switches 16-7

Detecting Unidirectional Link Failure 16-8

Interoperability with IEEE 802.1D STP 16-8

Understanding RSTP 16-8

Port Roles and the Active Topology 16-9

Rapid Convergence 16-10

Synchronization of Port Roles 16-11

Bridge Protocol Data Unit Format and Processing 16-12

Processing Superior BPDU Information 16-13

Processing Inferior BPDU Information 16-13

Topology Changes 16-13

Configuring MSTP Features 16-14

Default MSTP Configuration 16-15

MSTP Configuration Guidelines 16-15

Specifying the MST Region Configuration and Enabling MSTP 16-16

Configuring the Root Switch 16-17

Configuring a Secondary Root Switch 16-19

Configuring the Port Priority 16-20

Configuring the Path Cost 16-21

Configuring the Switch Priority 16-22

Configuring the Hello Time 16-22

Configuring the Forwarding-Delay Time 16-23

Configuring the Maximum-Aging Time 16-24

Configuring the Maximum-Hop Count 16-24

Specifying the Link Type to Ensure Rapid Transitions 16-25

Designating the Neighbor Type 16-25

Restarting the Protocol Migration Process 16-26

Displaying the MST Configuration and Status 16-26

C H A P T E R 17 Configuring Optional Spanning-Tree Features 17-1

Understanding Optional Spanning-Tree Features 17-1

Understanding Port Fast 17-2

Understanding BPDU Guard 17-2

Understanding BPDU Filtering 17-3

Understanding UplinkFast 17-3

Understanding Cross-Stack UplinkFast 17-5

How CSUF Works 17-6

Events that Cause Fast Convergence 17-7

Limitations 17-8

Connecting the Stack Ports 17-8

Understanding BackboneFast 17-9

Understanding EtherChannel Guard 17-12

Understanding Root Guard 17-12

Understanding Loop Guard 17-13

Configuring Optional Spanning-Tree Features 17-13

Default Optional Spanning-Tree Configuration 17-14

Optional Spanning-Tree Configuration Guidelines 17-14

Enabling Port Fast 17-14

Enabling BPDU Guard 17-15

Enabling BPDU Filtering 17-16

Enabling UplinkFast for Use with Redundant Links 17-17

Enabling Cross-Stack UplinkFast 17-18

Enabling BackboneFast 17-19

Enabling EtherChannel Guard 17-20

Enabling Root Guard 17-20

Enabling Loop Guard 17-21

Displaying the Spanning-Tree Status 17-22

C H A P T E R 18 Configuring Flex Links and the MAC Address-Table Move Update Feature 18-1

Understanding Flex Links and the MAC Address-Table Move Update 18-1

Flex Links 18-1

MAC Address-Table Move Update 18-3

Configuring Flex Links and MAC Address-Table Move Update 18-3

Configuration Guidelines 18-4

Default Configuration 18-4

Configuring Flex Links and MAC Address-Table Move Update 18-4

Configuring Flex Links 18-5

Configuring the MAC Address-Table Move Update Feature 18-6

Monitoring Flex Links and the MAC Address-Table Move Update 18-8

Option-82 Data Insertion 18-3

Cisco IOS DHCP Server Database 18-7

DHCP Snooping Binding Database 18-7

Configuring DHCP Features 18-8

Default DHCP Configuration 18-9

DHCP Snooping Configuration Guidelines 18-9

Upgrading from a Previous Software Release 18-10

Configuring the DHCP Server 18-11

Enabling Only the DHCP Relay Agent 18-11

Enabling the DHCP Relay Agent and Option 82 18-11

Validating the Relay Agent Information Option 82 18-12

Configuring the Reforwarding Policy 18-12

Specifying the Packet Forwarding Address 18-13

Enabling DHCP Snooping and Option 82 18-15

Enabling DHCP Snooping on Private VLANs 18-16

Enabling the Cisco IOS DHCP Server Database 18-17

Enabling the DHCP Snooping Binding Database Agent 18-17

Displaying DHCP Information 18-18

Understanding IP Source Guard 18-19

Source IP Address Filtering 18-19

Source IP and MAC Address Filtering 18-19

Configuring IP Source Guard 18-20

Default IP Source Guard Configuration 18-20

IP Source Guard Configuration Guidelines 18-20

Enabling IP Source Guard 18-21

Displaying IP Source Guard Information 18-22

C H A P T E R 20 Configuring Dynamic ARP Inspection 19-1

Understanding Dynamic ARP Inspection 19-1

Interface Trust States and Network Security 19-3

Rate Limiting of ARP Packets 19-4

Relative Priority of ARP ACLs and DHCP Snooping Entries 19-4

Logging of Dropped Packets 19-4

Configuring Dynamic ARP Inspection 19-5

Default Dynamic ARP Inspection Configuration 19-5

Dynamic ARP Inspection Configuration Guidelines 19-6

Configuring Dynamic ARP Inspection in DHCP Environments 19-7

Configuring ARP ACLs for Non-DHCP Environments 19-8

Limiting the Rate of Incoming ARP Packets 19-10

Performing Validation Checks 19-11

Configuring the Log Buffer 19-12

Displaying Dynamic ARP Inspection Information 19-14

C H A P T E R 21 Configuring IGMP Snooping and MVR 20-1

Understanding IGMP Snooping 20-2

IGMP Versions 20-2

Joining a Multicast Group 20-3

Leaving a Multicast Group 20-5

Immediate-Leave Processing 20-5

IGMP Configurable-Leave Timer 20-5

IGMP Report Suppression 20-5

Source-Only Networks 20-6

Configuring IGMP Snooping 20-6

Default IGMP Snooping Configuration 20-7

Enabling or Disabling IGMP Snooping 20-7

Setting the Snooping Method 20-8

Configuring a Multicast Router Port 20-9

Configuring a Host Statically to Join a Group 20-10

Enabling IGMP Immediate-Leave Processing 20-10

Configuring the IGMP Leave Timer 20-11

Configuring TCN-Related Commands 20-12

Controlling the Multicast Flooding Time After a TCN Event 20-12

Recovering from Flood Mode 20-12

Disabling Multicast Flooding During a TCN Event 20-13

Disabling IGMP Report Suppression 20-13

Displaying IGMP Snooping Information 20-14

Understanding Multicast VLAN Registration 20-15

Using MVR in a Multicast Television Application 20-16

Configuring MVR 20-18

Default MVR Configuration 20-18

MVR Configuration Guidelines and Limitations 20-18

Configuring MVR Global Parameters 20-19

Configuring MVR Interfaces 20-20

Displaying MVR Information 20-21

Configuring IGMP Filtering and Throttling 20-22

Default IGMP Filtering and Throttling Configuration 20-22

Configuring IGMP Profiles 20-23

Applying IGMP Profiles 20-24

Setting the Maximum Number of IGMP Groups 20-26

Configuring the IGMP Throttling Action 20-26

Displaying IGMP Filtering and Throttling Configuration 20-28

C H A P T E R 22 Configuring Port-Based Traffic Control 21-1

Configuring Storm Control 21-1

Understanding Storm Control 21-1

Default Storm Control Configuration 21-3

Configuring Storm Control and Threshold Levels 21-3

Configuring Protected Ports 21-5

Configuring Port Blocking 21-6

Blocking Flooded Traffic on an Interface 21-6

Resuming Normal Forwarding on a Port 21-7

Configuring Port Security 21-7

Understanding Port Security 21-8

Secure MAC Addresses 21-8

Security Violations 21-8

Default Port Security Configuration 21-9

Port Security Configuration Guidelines 21-10

Enabling and Configuring Port Security 21-11

Enabling and Configuring Port Security Aging 21-15

Displaying Port-Based Traffic Control Settings 21-17

Configuring the CDP Characteristics 22-2

Disabling and Enabling CDP 22-3

Disabling and Enabling CDP on an Interface 22-4

Monitoring and Maintaining CDP 22-4

Enabling UDLD Globally 23-5

Enabling UDLD on an Interface 23-5

Resetting an Interface Shut Down by UDLD 23-6

Displaying UDLD Status 23-7

C H A P T E R 25 Configuring SPAN and RSPAN 24-1

Understanding SPAN and RSPAN 24-1

SPAN and RSPAN Concepts and Terminology 24-2

SPAN and RSPAN Interaction with Other Features 24-7

SPAN and RSPAN Session Limits 24-8

Default SPAN and RSPAN Configuration 24-8

Configuring SPAN 24-8

SPAN Configuration Guidelines 24-9

Creating a SPAN Session and Specifying Ports to Monitor 24-9

Creating a SPAN Session and Enabling Ingress Traffic 24-11

Removing Ports from a SPAN Session 24-13

Specifying VLANs to Monitor 24-14

Specifying VLANs to Filter 24-15

Configuring RSPAN 24-16

RSPAN Configuration Guidelines 24-16

Configuring a VLAN as an RSPAN VLAN 24-17

Creating an RSPAN Source Session 24-18

Creating an RSPAN Destination Session 24-19

Creating an RSPAN Destination Session and Enabling Ingress Traffic 24-20

Removing Ports from an RSPAN Session 24-21

Specifying VLANs to Monitor 24-22

Specifying VLANs to Filter 24-23

Displaying SPAN and RSPAN Status 24-24

C H A P T E R 26 Configuring RMON 25-1

Understanding RMON 25-1

Configuring RMON 25-2

Default RMON Configuration 25-3

Configuring RMON Alarms and Events 25-3

Configuring RMON Collection on an Interface 25-5

Displaying RMON Status 25-6

C H A P T E R 27 Configuring System Message Logging 26-1

Understanding System Message Logging 26-1

Configuring System Message Logging 26-2

System Log Message Format 26-2

Default System Message Logging Configuration 26-3

Disabling and Enabling Message Logging 26-4

Setting the Message Display Destination Device 26-4

Synchronizing Log Messages 26-6

Enabling and Disabling Timestamps on Log Messages 26-7

Enabling and Disabling Sequence Numbers in Log Messages 26-8

Defining the Message Severity Level 26-8

Limiting Syslog Messages Sent to the History Table and to SNMP 26-10

Configuring UNIX Syslog Servers 26-10

Logging Messages to a UNIX Syslog Daemon 26-11

Configuring the UNIX System Logging Facility 26-11

Displaying the Logging Configuration 26-12

Disabling the SNMP Agent 27-7

Configuring Community Strings 27-8

Configuring SNMP Groups and Users 27-9

Configuring SNMP Notifications 27-11

Configuring SNMP Trap Notification Priority 27-14

Setting the Agent Contact and Location Information 27-15

Limiting TFTP Servers Used Through SNMP 27-15

Hardware and Software Handling of Router ACLs 28-7

Configuration Guidelines for Input Router ACLs 28-8

Unsupported Features 28-8

Creating Standard and Extended IP ACLs 28-8

Access List Numbers 28-9

Creating a Numbered Standard ACL 28-10

Creating a Numbered Extended ACL 28-11

Resequencing ACEs in an ACL 28-16

Using Time Ranges with ACLs 28-18

Including Comments in ACLs 28-19

Applying an IP ACL to an Interface or Terminal Line 28-20

IP ACL Configuration Examples 28-22

Numbered ACLs 28-24

Extended ACLs 28-24

Named ACLs 28-24

Time Range Applied to an IP ACL 28-25

Commented IP ACL Entries 28-25

ACL Logging 28-26

Configuring Named MAC Extended ACLs 28-27

Applying a MAC ACL to a Layer 2 Interface 28-29

Configuring VLAN Maps 28-30

VLAN Map Configuration Guidelines 28-31

Creating a VLAN Map 28-31

Examples of ACLs and VLAN Maps 28-32

Applying a VLAN Map to a VLAN 28-34

Using VLAN Maps in Your Network 28-34

Wiring Closet Configuration 28-34

Denying Access to a Server on Another VLAN 28-36

Using VLAN Maps with Router ACLs 28-37

Guidelines for Using Router ACLs and VLAN Maps 28-37

Examples of Router ACLs and VLAN Maps Applied to VLANs 28-38

ACLs and Switched Packets 28-38

ACLs and Bridged Packets 28-39

ACLs and Routed Packets 28-39

ACLs and Multicast Packets 28-40

Displaying ACL Information 28-41

Displaying ACL Configuration 28-41

Displaying ACL Resource Usage and Configuration Problems 28-43

Configuration Conflicts 28-44

ACL Configuration Fitting in Hardware 28-45

TCAM Usage 28-47

Classification Based on QoS ACLs 29-7

Classification Based on Class Maps and Policy Maps 29-7

Policing and Marking 29-8

Mapping Tables 29-10

Queueing and Scheduling 29-11

Queueing and Scheduling on Gigabit-Capable Ports 29-11

Queueing and Scheduling on 10/100 Ethernet Ports 29-15

Packet Modification 29-17

Configuring Auto-QoS 29-17

Generated Auto-QoS Configuration 29-18

Effects of Auto-QoS on the Configuration 29-21

Configuration Guidelines 29-21

Upgrading from a Previous Software Release 29-22

Enabling Auto-QoS for VoIP 29-22

Displaying Auto-QoS Information 29-23

Auto-QoS Configuration Example 29-24

Configuring Standard QoS 29-26

Default Standard QoS Configuration 29-26

Standard QoS Configuration Guidelines 29-27

Enabling QoS Globally 29-29

Configuring Classification By Using Port Trust States 29-30

Configuring the Trust State on Ports within the QoS Domain 29-30

Configuring the CoS Value for an Interface 29-32

Configuring a Trusted Boundary to Ensure Port Security 29-33

Enabling Pass-Through Mode 29-34

Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 29-35

Configuring a QoS Policy 29-37

Classifying Traffic by Using ACLs 29-37

Classifying Traffic on a Physical-Port Basis by Using Class Maps 29-40

Classifying Traffic on a Per-Port Per-VLAN Basis by Using Class Maps 29-42

Classifying, Policing, and Marking Traffic by Using Policy Maps 29-44

Classifying, Policing, and Marking Traffic by Using Aggregate Policers 29-50

Configuring DSCP Maps 29-53

Configuring the CoS-to-DSCP Map 29-54

Configuring the IP-Precedence-to-DSCP Map

Configuring the Policed-DSCP Map 29-56

Configuring the DSCP-to-CoS Map 29-56

Configuring the DSCP-to-DSCP-Mutation Map 29-58

Configuring Egress Queues on Gigabit-Capable Ethernet Ports 29-59

Mapping CoS Values to Select Egress Queues 29-60

Configuring the Egress Queue Size Ratios 29-61

Configuring Tail-Drop Threshold Percentages 29-61

Configuring WRED Drop Thresholds Percentages 29-63

Configuring the Egress Expedite Queue 29-65

Allocating Bandwidth among Egress Queues 29-65

Configuring Egress Queues on 10/100 Ethernet Ports 29-66

Mapping CoS Values to Select Egress Queues 29-67

Configuring the Minimum-Reserve Levels 29-68

Configuring the Egress Expedite Queue 29-69

Allocating Bandwidth among Egress Queues 29-69

Displaying Standard QoS Information 29-71

Standard QoS Configuration Examples 29-71

QoS Configuration for the Existing Wiring Closet 29-72

QoS Configuration for the Intelligent Wiring Closet 29-73

QoS Configuration for the Distribution Layer 29-74

C H A P T E R 31 Configuring EtherChannels 30-1

Understanding EtherChannels 30-1

Understanding Port-Channel Interfaces 30-3

Understanding the Port Aggregation Protocol and Link Aggregation Protocol 30-3

PAgP and LACP Modes 30-4

Physical Learners and Aggregate-Port Learners 30-5

PAgP and LACP Interaction with Other Features 30-6

EtherChannel On Mode 30-6

Understanding Load Balancing and Forwarding Methods 30-6

Configuring EtherChannels 30-7

Default EtherChannel Configuration 30-8

EtherChannel Configuration Guidelines 30-8

Configuring Layer 2 EtherChannels 30-9

Configuring Layer 3 EtherChannels 30-12

Creating Port-Channel Logical Interfaces 30-12

Configuring the Physical Interfaces 30-13

Configuring EtherChannel Load Balancing 30-15

Configuring the PAgP Learn Method and Priority 30-15

Configuring the LACP Port Priority 30-17

Configuring Hot Standby Ports 30-17

Configuring the LACP System Priority 30-18

Displaying EtherChannel, PAgP, and LACP Status 30-19

C H A P T E R 32 Configuring IP Unicast Routing 31-1

Understanding IP Routing 31-2

Steps for Configuring Routing 31-3

Configuring IP Addressing on Layer 3 Interfaces 31-4

Default Addressing Configuration 31-4

Assigning IP Addresses to Network Interfaces 31-5

Use of Subnet Zero 31-6

Classless Routing 31-7

Configuring Address Resolution Methods 31-8

Define a Static ARP Cache 31-9

Set ARP Encapsulation 31-10

Enable Proxy ARP 31-10

Routing Assistance When IP Routing is Disabled 31-11

Proxy ARP 31-11

Default Gateway 31-11

ICMP Router Discovery Protocol (IRDP) 31-12

Configuring Broadcast Packet Handling 31-13

Enabling Directed Broadcast-to-Physical Broadcast Translation 31-13

Forwarding UDP Broadcast Packets and Protocols 31-14

Establishing an IP Broadcast Address 31-15

Flooding IP Broadcasts 31-16

Monitoring and Maintaining IP Addressing 31-17

Enabling IP Unicast Routing 31-18

Configuring RIP 31-19

Default RIP Configuration 31-19

Configuring Basic RIP Parameters 31-20

Configuring RIP Authentication 31-22

Configuring Summary Addresses and Split Horizon 31-22

Configuring OSPF 31-24

Default OSPF Configuration 31-25

Nonstop Forwarding Awareness 31-26

Configuring Basic OSPF Parameters 31-26

Configuring OSPF Interfaces 31-27

Configuring Other OSPF Parameters 31-30

Changing LSA Group Pacing 31-32

Configuring a Loopback Interface 31-32

Monitoring OSPF 31-33

Configuring EIGRP 31-34

Default EIGRP Configuration 31-35

Nonstop Forwarding Awareness 31-37

Configuring Basic EIGRP Parameters 31-37

Configuring EIGRP Interfaces 31-38

Configuring EIGRP Route Authentication 31-39

EIGRP Stub Routing 31-39

Monitoring and Maintaining EIGRP 31-40

Configuring BGP 31-41

Default BGP Configuration 31-43

Nonstop Forwarding Awareness 31-45

Enabling BGP Routing 31-45

Managing Routing Policy Changes 31-48

Configuring BGP Decision Attributes 31-49

Configuring BGP Filtering with Route Maps 31-51

Configuring BGP Filtering by Neighbor 31-52

Configuring Prefix Lists for BGP Filtering 31-53

Configuring BGP Community Filtering 31-54

Configuring BGP Neighbors and Peer Groups 31-55

Configuring Aggregate Addresses 31-57

Configuring a Routing Domain Confederation 31-58

Configuring BGP Route Reflectors 31-59

Configuring Route Dampening 31-60

Monitoring and Maintaining BGP 31-61

Configuring Multi-VRF CE 31-62

Understanding Multi-VRF CE 31-62

Default Multi-VRF CE Configuration 31-64

Multi-VRF CE Configuration Guidelines 31-65

Configuring VRFs 31-66

Configuring a VPN Routing Session 31-67

Configuring BGP PE to CE Routing Sessions 31-67

Multi-VRF CE Configuration Example 31-68

Displaying Multi-VRF CE Status 31-72

Configuring Protocol-Independent Features 31-72

Configuring Cisco Express Forwarding 31-72

Configuring the Number of Equal-Cost Routing Paths 31-74

Configuring Static Unicast Routes 31-74

Specifying Default Routes and Networks 31-75

Using Route Maps to Redistribute Routing Information 31-76

Configuring Policy-Based Routing 31-79

PBR Configuration Guidelines 31-80

Enabling PBR 31-81

Filtering Routing Information 31-82

Setting Passive Interfaces 31-82

Controlling Advertising and Processing in Routing Updates 31-83

Filtering Sources of Routing Information 31-83

Managing Authentication Keys 31-84

Monitoring and Maintaining the IP Network 31-85

Configuring HSRP Authentication and Timers 32-8

Configuring HSRP Groups and Clustering 32-10

Monitoring and Maintaining WCCP 33-8

C H A P T E R 35 Configuring IP Multicast Routing 34-1

Understanding Cisco’s Implementation of IP Multicast Routing 34-2

Configuring IP Multicast Routing 34-8

Default Multicast Routing Configuration 34-9

Multicast Routing Configuration Guidelines 34-9

PIMv1 and PIMv2 Interoperability 34-9

Auto-RP and BSR Configuration Guidelines 34-10

Configuring Basic Multicast Routing 34-10

Configuring a Rendezvous Point 34-12

Manually Assigning an RP to Multicast Groups 34-12

Configuring Auto-RP 34-14

Configuring PIMv2 BSR 34-18

Using Auto-RP and a BSR 34-22

Monitoring the RP Mapping Information 34-23

Troubleshooting PIMv1 and PIMv2 Interoperability Problems 34-23

Configuring Advanced PIM Features 34-23

Understanding PIM Shared Tree and Source Tree 34-23

Delaying the Use of PIM Shortest-Path Tree 34-25

Modifying the PIM Router-Query Message Interval 34-26

Configuring Optional IGMP Features 34-26

Default IGMP Configuration 34-27

Configuring the Multilayer Switch as a Member of a Group 34-27

Controlling Access to IP Multicast Groups 34-28

Changing the IGMP Version 34-29

Modifying the IGMP Host-Query Message Interval 34-29

Changing the IGMP Query Timeout for IGMPv2 34-30

Changing the Maximum Query Response Time for IGMPv2 34-31

Configuring the Multilayer Switch as a Statically Connected Member 34-31

Configuring Optional Multicast Routing Features 34-32

Enabling CGMP Server Support 34-32

Configuring sdr Listener Support 34-33

Enabling sdr Listener Support 34-34

Limiting How Long an sdr Cache Entry Exists 34-34

Configuring the TTL Threshold 34-34

Configuring an IP Multicast Boundary 34-36

Configuring Basic DVMRP Interoperability Features 34-38

Configuring DVMRP Interoperability 34-38

Configuring a DVMRP Tunnel 34-40

Advertising Network 0.0.0.0 to DVMRP Neighbors 34-42

Responding to mrinfo Requests 34-43

Configuring Advanced DVMRP Interoperability Features 34-43

Enabling DVMRP Unicast Routing 34-44

Rejecting a DVMRP Nonpruning Neighbor 34-45

Controlling Route Exchanges 34-47

Limiting the Number of DVMRP Routes Advertised 34-47

Changing the DVMRP Route Threshold 34-47

Configuring a DVMRP Summary Address 34-48

Disabling DVMRP Autosummarization 34-50

Adding a Metric Offset to the DVMRP Route 34-50

Monitoring and Maintaining IP Multicast Routing 34-51

Clearing Caches, Tables, and Databases 34-52

Displaying System and Network Statistics 34-52

Monitoring IP Multicast Routing 34-53

Configuring a Default MSDP Peer 35-4

Caching Source-Active State 35-6

Requesting Source Information from an MSDP Peer 35-8

Controlling Source Information that Your Switch Originates 35-8

Redistributing Sources 35-9

Filtering Source-Active Request Messages 35-11

Controlling Source Information that Your Switch Forwards 35-12

Using a Filter 35-12

Using TTL to Limit the Multicast Data Sent in SA Messages 35-14

Controlling Source Information that Your Switch Receives 35-14

Configuring an MSDP Mesh Group 35-16

Shutting Down an MSDP Peer 35-16

Including a Bordering PIM Dense-Mode Region in MSDP 35-17

Configuring an Originating Address other than the RP Address 35-18

Monitoring and Maintaining MSDP 35-19

C H A P T E R 37 Configuring Fallback Bridging 36-1

Understanding Fallback Bridging 36-1

Configuring Fallback Bridging 36-3

Default Fallback Bridging Configuration 36-3

Fallback Bridging Configuration Guidelines 36-3

Creating a Bridge Group 36-4

Preventing the Forwarding of Dynamically Learned Stations 36-5

Configuring the Bridge Table Aging Time 36-6

Filtering Frames by a Specific MAC Address 36-6

Adjusting Spanning-Tree Parameters 36-7

Changing the Switch Priority 36-8

Changing the Interface Priority 36-8

Assigning a Path Cost 36-9

Adjusting BPDU Intervals 36-10

Disabling the Spanning Tree on an Interface 36-12

Monitoring and Maintaining Fallback Bridging 36-12

C H A P T E R 38 Troubleshooting 37-1

Using Recovery Procedures 37-1

Recovering from a Software Failure 37-2

Recovering from a Lost or Forgotten Password 37-2

Password Recovery with Password Recovery Enabled 37-3

Procedure with Password Recovery Disabled 37-5

Recovering from a Command Switch Failure 37-6

Replacing a Failed Command Switch with a Cluster Member 37-7

Replacing a Failed Command Switch with Another Switch 37-8

Recovering from Lost Member Connectivity 37-10

Preventing Autonegotiation Mismatches 37-10

GBIC Module Security and Identification 37-10

Diagnosing Connectivity Problems 37-11

Using Layer 2 Traceroute 37-14

Understanding Layer 2 Traceroute 37-14

Usage Guidelines 37-15

Displaying the Physical Path 37-16

Troubleshooting Power over Ethernet Switch Ports 37-16

Disabled Port Caused by Power Loss 37-16

Disabled Port Caused by False Link-Up 37-16

Using Debug Commands 37-17

Enabling Debugging on a Specific Feature 37-17

Enabling All-System Diagnostics 37-18

Redirecting Debug and Error Message Output 37-18

Using the debug auto qos Command 37-18

Using the show forward Command 37-19

Using the crashinfo File 37-21

A P P E N D I X A Supported MIBs A-1

MIB List A-1

Using FTP to Access the MIB Files A-3

A P P E N D I X B Working with the Cisco IOS File System, Configuration Files, and Software Images B-1

Working with the Flash File System B-1

Displaying Available File Systems B-2

Setting the Default File System B-3

Displaying Information about Files on a File System B-3

Changing Directories and Displaying the Working Directory B-3

Creating and Removing Directories B-4

Copying Files B-4

Deleting Files B-5

Creating, Displaying, and Extracting tar Files B-5

Creating a tar File B-5

Displaying the Contents of a tar File B-6

Extracting a tar File B-7

Displaying the Contents of a File B-7

Working with Configuration Files B-7

Guidelines for Creating and Using Configuration Files B-8

Configuration File Types and Location B-9

Creating a Configuration File By Using a Text Editor B-9

Copying Configuration Files By Using TFTP B-9

Preparing to Download or Upload a Configuration File By Using TFTP B-10

Downloading the Configuration File By Using TFTP B-10

Uploading the Configuration File By Using TFTP B-11

Copying Configuration Files By Using FTP B-11

Preparing to Download or Upload a Configuration File By Using FTP B-12

Downloading a Configuration File By Using FTP B-13

Uploading a Configuration File By Using FTP B-14

Copying Configuration Files By Using RCP B-14

Preparing to Download or Upload a Configuration File By Using RCP B-15

Downloading a Configuration File By Using RCP B-16

Uploading a Configuration File By Using RCP B-17

Clearing Configuration Information B-18

Clearing the Startup Configuration File B-18

Deleting a Stored Configuration File B-18

Working with Software Images B-18

Image Location on the Switch B-19

tar File Format of Images on a Server or Cisco.com B-19

Copying Image Files By Using TFTP B-20

Preparing to Download or Upload an Image File By Using TFTP B-21

Downloading an Image File By Using TFTP B-21

Uploading an Image File By Using TFTP B-23

Copying Image Files By Using FTP B-23

Preparing to Download or Upload an Image File By Using FTP B-24

Downloading an Image File By Using FTP B-25

Uploading an Image File By Using FTP B-26

Copying Image Files By Using RCP B-27

Preparing to Download or Upload an Image File By Using RCP B-28

Downloading an Image File By Using RCP B-29

Uploading an Image File By Using RCP B-31

A P P E N D I X C Unsupported CLI Commands in Cisco IOS Release 12.2(25)SEE C-1

Access Control Lists C-1

Unsupported Privileged EXEC Commands C-1

ARP Commands C-1

Unsupported Global Configuration Commands C-1

Unsupported Interface Configuration Commands C-1

FallBack Bridging C-2

Unsupported Privileged EXEC Commands C-2

Unsupported Global Configuration Commands C-2

Unsupported Interface Configuration Commands C-2

HSRP C-3

Unsupported Global Configuration Commands C-3

Unsupported Interface Configuration Commands C-3

Interface Configuration Commands C-4

IP Multicast Routing C-4

Unsupported Privileged EXEC Commands C-4

Unsupported Global Configuration Commands C-4

Unsupported Interface Configuration Commands C-5

IP Unicast Routing C-5

Unsupported Privileged EXEC or User EXEC Commands C-5

Unsupported Global Configuration Commands C-6

Unsupported Interface Configuration Commands C-6

Unsupported BGP Router Configuration Commands C-6

Unsupported VPN Configuration Commands C-7

Unsupported Route Map Commands C-7

MSDP C-7

Unsupported Privileged EXEC Commands C-7

Unsupported Global Configuration Commands C-8

NetFlow Commands C-8

Unsupported Global Configuration Commands C-8

Network Address Translation (NAT) commands C-8

Unsupported User EXEC Commands C-8

Unsupported Global Configuration Commands C-8

Unsupported Interface Configuration Commands C-8

QoS C-9

Unsupported Global Configuration Commands C-9

Unsupported Interface Configuration Commands C-9

Unsupported Policy-Map Configuration Commands C-9

Unsupported Class-Map Configuration Commands C-9

Audience

This guide is for the networking professional managing the Catalyst 3550 switch, hereafter referred to

as the switch or the multilayer switch Before using this guide, you should have experience working with

the Cisco IOS and be familiar with the concepts and terminology of Ethernet and local area networking

Purpose

This guide provides the information that you need to configure Layer 2 and Layer 3 software features on your switch The Catalyst 3550 switch is supported by either the IP base image (formerly known as the standard multilayer image [SMI]), which provides Layer 2+ features and basic Layer 3 routing, or the IP services image (formerly known as the enhanced multilayer image [EMI]), which provides Layer 2+

features, full Layer 3 routing, and advanced services All Catalyst 3550 Gigabit Ethernet switches are

shipped with the IP services image pre-installed Catalyst 3550 Fast Ethernet switches are shipped with either the IP base image or the IP services image pre-installed After initial deployment, you can order the software upgrade kit to upgrade Catalyst 3550 Fast Ethernet switches from the IP base image to the

IP services image

Use this guide with other documents for information about these topics:

• Requirements—This guide assumes that you have met the hardware and software requirements and cluster compatibility requirements described in the release notes

• Start-up information—This guide assumes that you have assigned switch IP information and passwords by using the browser setup program described in the switch hardware installation guide

• Embedded device manager and Network Assistant graphical user interfaces (GUIs)—This guide does not provide detailed information on the GUIs However, the concepts in this guide are applicable to the GUI user For information about the device manager, see the switch online help

For information about Network Assistant, see the Getting Started with Cisco Network Assistant,

available on Cisco.com

• Cluster configuration—For information about planning for, creating, and maintaining switch

clusters, see the Getting Started with Cisco Network Assistant, available on Cisco.com For

information about the clustering-related command-line interface (CLI) commands, see the command reference for this release

• CLI command information—This guide provides an overview for using the CLI For complete syntax and usage information about the commands that have been specifically created or changed for the switches, see the command reference for this release

Preface Conventions

This guide provides procedures for using the commands that have been created or changed for use with the switch It does not provide detailed information about these commands For detailed information about these commands, see the command reference for this release

This guide does not repeat the concepts and CLI procedures provided in the standard Cisco IOS Release 12.2 documentation For information about the standard Cisco IOS Release 12.2 commands, see

the Cisco IOS documentation set available from the Cisco.com home page at Service and Support >

Technical Documents On the Cisco Product Documentation home page, select Release 12.2 from the Cisco

IOS Software drop-down list

This guide does not describe system messages you might encounter or how to install your switch For this information, see the system message guide for this release and to the hardware installation guide.For documentation updates, see the release notes for this release

Conventions

This publication uses these conventions to convey instructions and information:

Command descriptions use these conventions:

• Commands and keywords are in boldface text

• Arguments for which you supply values are in italic.

• Square brackets ([ ]) mean optional elements

• Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements

• Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional element

Interactive examples use these conventions:

• Terminal sessions and system displays are in screen font

• Information you enter is in boldface screen font

• Nonprinting characters, such as passwords or tabs, are in angle brackets (< >)

Notes, cautions, and timesavers use these conventions and symbols:

Note Means reader take note Notes contain helpful suggestions or references to materials not contained in

this manual

Caution Means reader be careful In this situation, you might do something that could result equipment damage

or loss of data

Timesaver Means the following will help you solve a problem The tips information might not be troubleshooting

or even an action, but could be useful information

• Release Notes for the Catalyst 3550 Multilayer Switch (not orderable but available on Cisco.com)

Note Switch requirements and procedures for initial configurations and software upgrades tend to change and

therefore appear only in the release notes Before installing, configuring, or upgrading the switch, see the release notes on Cisco.com for the latest information

For information about the switch, see these documents:

• Catalyst 3750, 3560, 3550, 2970, and 2960 Switch System Message Guide (not orderable but

• Catalyst 3550 Multilayer Switch Command Reference (not orderable but available on Cisco.com)

• Device manager online help (available on the switch)

• Catalyst 3550 Multilayer Switch Hardware Installation Guide (not orderable but available on

Cisco.com)

• Catalyst 3550 Switch Getting Started Guide (order number DOC-7816575=)

• Regulatory Compliance and Safety Information for the Catalyst 3550 Switch (order number

DOC-7816655=)For information about related products, see these documents:

• Getting Started with Cisco Network Assistant (not orderable but available on Cisco.com)

• Release Notes for Cisco Network Assistant (not orderable but available on Cisco.com)

• Catalyst GigaStack Gigabit Interface Converter Hardware Installation Guide

(order number DOC-786460=)

• CWDM Passive Optical System Installation Note (not orderable but is available on Cisco.com)

• 1000BASE-T Gigabit Interface Converter Installation Notes (not orderable but is available on

Cisco.com)

• Cisco Small Form-Factor Pluggable Modules Installation Notes (order number DOC-7815160=)

• Cisco CWDM GBIC and CWDM SFP Installation Note (not orderable but available on Cisco.com)

• For information about the NAC features, see the Network Admission Control Software Configuration Guide (not orderable but available on Cisco.com)

Preface Obtaining Documentation

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com Cisco also provides several ways to obtain technical assistance and other technical resources These sections explain how to obtain technical information from Cisco Systems

The Product Documentation DVD is available as a single unit or as a subscription Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number

DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada,

or elsewhere at 011 408 519-5001

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com