Transcription
Catalyst 3550 Multilayer SwitchSoftware Configuration GuideCisco IOS Release 12.1(8)EA1February 2002Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 526-4100Customer Order Number: DOC-7811194 Text Part Number: 78-11194-03
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUTNOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT AREPRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIRAPPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATIONPACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TOLOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part ofUCB’s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED“AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED,INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTALDAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE ORINABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.AccessPath, AtmDirector, Browse with Me, CCIP, CCSI, CD-PAC, CiscoLink, the Cisco Powered Network logo, Cisco Systems Networking Academy,the Cisco Systems Networking Academy logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, FrameShare, IGX, Internet Quotient, IP/VC, iQBreakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, ScriptBuilder, ScriptShare, SMARTnet,TransPath, Voice LAN, Wavelength Router, and WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,and Discover All That’s Possible are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP,Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systemslogo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastSwitch, GigaStack, IOS, IP/TV, LightStream,MICA, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter,and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply apartnership relationship between Cisco and any other company. (0110R)Catalyst 3550 Multilayer Switch Software Configuration GuideCopyright 2002, Cisco Systems, Inc.All rights reserved.
C ON T E NT xxviiiConventionsxxxRelated PublicationsxxxiObtaining Documentation xxxiWorld Wide Web xxxiDocumentation CD-ROM xxxiOrdering Documentation xxxiiDocumentation Feedback xxxiiObtaining Technical Assistance xxxiiCisco.com xxxiiiTechnical Assistance Center xxxiiiCisco TAC Web Site xxxiiiCisco TAC Escalation Center xxxivCHAPTER1OverviewFeatures1-11-1Management Options 1-5Management Interface Options 1-5Advantages of Using CMS and Clustering Switches1-6Network Configuration Examples 1-7Design Concepts 1-7Small to Medium-Sized Network Using Mixed Switches 1-11Large Network Using Only Catalyst 3550 Switches 1-13Multidwelling Network Using Catalyst 3550 Switches 1-14CHAPTER2Using the Command-Line InterfaceIOS Command ModesGetting Help2-12-12-3Abbreviating Commands2-3Using no and default Forms of Commands2-4Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03iii
ContentsUnderstanding CLI Messages2-4Using Command History 2-5Changing the Command History Buffer Size 2-5Recalling Commands 2-5Disabling the Command History Feature 2-5Using Editing Features 2-6Enabling and Disabling Editing Features 2-6Editing Commands through Keystrokes 2-6Editing Command Lines that Wrap 2-8Searching and Filtering Output of show and more CommandsAccessing the CLICHAPTER32-9Getting Started with CMSFeatures2-83-13-2Front Panel View 3-4Cluster Tree 3-5Front-Panel Images 3-6Redundant Power System LED 3-7Port Modes and LEDs 3-8VLAN Membership Modes 3-9Topology View 3-10Topology Icons 3-12Device and Link Labels 3-13Colors in the Topology View 3-14Topology Display Options 3-14Menus and Toolbar 3-15Menu Bar 3-15Toolbar 3-21Front Panel View Popup Menus 3-22Device Popup Menu 3-22Port Popup Menu 3-22Topology View Popup Menus 3-23Link Popup Menu 3-23Device Popup Menus 3-24Interaction Modes 3-26Guide Mode 3-26Expert Mode 3-26Wizards3-26Catalyst 3550 Multilayer Switch Software Configuration Guideiv78-11194-03
ContentsTool TipsOnline Help3-273-27CMS Window Components 3-28Host Name List 3-28Tabs, Lists, and Tables 3-29Icons Used in Windows 3-29Buttons 3-29Accessing CMS 3-30Access Modes in CMS 3-31HTTP Access to CMS 3-31Verifying Your Changes 3-32Change Notification 3-32Error Checking 3-32Saving Your Changes3-32Using Different Versions of CMSWhere to Go NextCHAPTER43-333-33Assigning the Switch IP Address and Default GatewayUnderstanding the Boot Process4-14-1Assigning Switch Information 4-2Default Switch Information 4-3Understanding DHCP-Based AutoconfigurationDHCP Client Request Process 4-4Configuring the DHCP Server 4-5Configuring the TFTP Server 4-5Configuring the DNS 4-6Configuring the Relay Device 4-6Obtaining Configuration Files 4-7Example Configuration 4-8Manually Assigning IP Information 4-10Checking and Saving the Running Configuration4-34-10Modifying the Startup Configuration 4-12Default Boot Configuration 4-12Automatically Downloading a Configuration File 4-12Specifying the Filename to Read and Write the System ConfigurationBooting Manually 4-13Booting a Specific Software Image 4-14Controlling Environment Variables 4-154-13Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03v
ContentsScheduling a Reload of the Software Image 4-17Configuring a Scheduled Reload 4-17Displaying Scheduled Reload Information 4-18CHAPTER5Clustering Switches5-1Understanding Switch Clusters 5-2Command Switch Characteristics 5-2Standby Command Switch Characteristics 5-3Candidate and Member Switches Characteristics5-3Planning a Switch Cluster 5-4Automatic Discovery of Cluster Candidates and Members 5-4Discovery through CDP Hops 5-5Discovery through Non-CDP-Capable and Noncluster-Capable DevicesDiscovery through Different VLANs 5-7Discovery through the Same Management VLAN 5-8Discovery through Different Management VLANs 5-9Discovery through Routed Ports 5-10Discovery of Newly Installed Switches 5-11HSRP and Standby Command Switches 5-12Virtual IP Addresses 5-13Automatic Recovery of Cluster Configuration 5-13Considerations for Cluster Standby Groups 5-14IP Addresses 5-15Host Names 5-16Passwords 5-16SNMP Community Strings 5-16TACACS 5-17Access Modes in CMS 5-17LRE Profiles 5-17Availability of Switch-Specific Features in Switch Clusters 5-185-6Creating a Switch Cluster 5-18Enabling a Command Switch 5-19Adding Member Switches 5-20Creating a Cluster Standby Group 5-22Verifying a Switch Cluster 5-24Using the CLI to Manage Switch Clusters 5-25Catalyst 1900 and Catalyst 2820 CLI ConsiderationsUsing SNMP to Manage Switch Clusters5-255-26Catalyst 3550 Multilayer Switch Software Configuration Guidevi78-11194-03
ContentsCHAPTER6Administering the Switch6-1Preventing Unauthorized Access to Your Switch6-1Protecting Access to Privileged EXEC Commands 6-2Default Password and Privilege Level Configuration 6-3Setting or Changing a Static Enable Password 6-3Protecting Enable and Enable Secret Passwords with EncryptionDisabling Password Recovery 6-5Setting a Telnet Password for a Terminal Line 6-6Configuring Username and Password Pairs 6-7Configuring Multiple Privilege Levels 6-8Setting the Privilege Level for a Command 6-8Changing the Default Privilege Level for Lines 6-9Logging into and Exiting a Privilege Level 6-106-4Controlling Switch Access with TACACS 6-10Understanding TACACS 6-10TACACS Operation 6-12Configuring TACACS 6-13Default TACACS Configuration 6-13Identifying the TACACS Server Host and Setting the Authentication Key 6-13Configuring TACACS Login Authentication 6-14Configuring TACACS Authorization for Privileged EXEC Access and Network ServicesStarting TACACS Accounting 6-17Displaying the TACACS Configuration 6-176-16Controlling Switch Access with RADIUS 6-17Understanding RADIUS 6-18RADIUS Operation 6-19Configuring RADIUS 6-19Default RADIUS Configuration 6-20Identifying the RADIUS Server Host 6-20Configuring RADIUS Login Authentication 6-23Defining AAA Server Groups 6-24Configuring RADIUS Authorization for User Privileged Access and Network Services 6-26Starting RADIUS Accounting 6-27Configuring Settings for All RADIUS Servers 6-28Configuring the Switch to Use Vendor-Specific RADIUS Attributes 6-28Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 6-29Displaying the RADIUS Configuration 6-30Configuring the Switch for Local Authentication and Authorization6-31Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03vii
ContentsManaging the System Time and Date 6-32Understanding the System Clock 6-32Understanding Network Time Protocol 6-32Configuring NTP 6-34Default NTP Configuration 6-35Configuring NTP Authentication 6-35Configuring NTP Associations 6-36Configuring NTP Broadcast Service 6-37Configuring NTP Access Restrictions 6-38Configuring the Source IP Address for NTP Packets 6-40Displaying the NTP Configuration 6-41Configuring Time and Date Manually 6-41Setting the System Clock 6-42Displaying the Time and Date Configuration 6-42Configuring the Time Zone 6-43Configuring Summer Time (Daylight Saving Time) 6-44Configuring a System Name and Prompt 6-46Default System Name and Prompt ConfigurationConfiguring a System Name 6-46Configuring a System Prompt 6-47Understanding DNS 6-47Default DNS Configuration 6-48Setting Up DNS 6-48Displaying the DNS Configuration 6-49Creating a Banner 6-49Default Banner Configuration 6-49Configuring a Message-of-the-Day Login BannerConfiguring a Login Banner 6-516-466-50Managing the MAC Address Table 6-51Building the Address Table 6-52MAC Addresses and VLANs 6-52Default MAC Address Table Configuration 6-53Changing the Address Aging Time 6-53Removing Dynamic Address Entries 6-54Configuring MAC Address Notification Traps 6-54Adding and Removing Static Address Entries 6-56Displaying Address Table Entries 6-57Optimizing System Resources for User-Selected FeaturesUsing the Templates 6-596-57Catalyst 3550 Multilayer Switch Software Configuration Guideviii78-11194-03
ContentsCHAPTER7Configuring 802.1X Port-Based Authentication7-1Understanding 802.1X Port-Based Authentication 7-1Device Roles 7-2Authentication Initiation and Message Exchange 7-3Ports in Authorized and Unauthorized States 7-4Supported Topologies 7-4Configuring 802.1X Authentication 7-5Default 802.1X Configuration 7-6802.1X Configuration Guidelines 7-7Enabling 802.1X Authentication 7-8Configuring the Switch-to-RADIUS-Server Communication 7-9Enabling Periodic Re-Authentication 7-10Manually Re-Authenticating a Client Connected to a Port 7-11Changing the Quiet Period 7-11Changing the Switch-to-Client Retransmission Time 7-12Setting the Switch-to-Client Frame-Retransmission Number 7-13Enabling Multiple Hosts 7-13Resetting the 802.1X Configuration to the Default Values 7-14Displaying 802.1X Statistics and StatusCHAPTER8Configuring Interface Characteristics7-148-1Understanding Interface Types 8-1Port-Based VLANs 8-2Switch Ports 8-2Access Ports 8-2Trunk Ports 8-3EtherChannel Port Groups 8-3Switch Virtual Interfaces 8-4Routed Ports 8-4Connecting Interfaces 8-5Using the Interface Command 8-6Procedures for Configuring Interfaces 8-7Configuring a Range of Interfaces 8-9Configuring and Using Interface Range Macros8-11Configuring Layer 2 Interfaces 8-12Default Layer 2 Ethernet Interface Configuration 8-13Configuring Interface Speed and Duplex Mode 8-14Configuration Guidelines 8-14Setting the Interface Speed and Duplex Parameters8-14Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03ix
ContentsConfiguring IEEE 802.3X Flow ControlAdding a Description for an Interface8-168-17Monitoring and Maintaining the Layer 2 Interface 8-18Monitoring Interface and Controller Status 8-18Clearing and Resetting Interfaces and Counters 8-20Shutting Down and Restarting the Interface 8-21Configuring Layer 3 InterfacesCHAPTER98-22Creating and Maintaining VLANs9-1Understanding VLANs 9-1Number of Supported VLANs 9-2VLAN Port Membership Modes 9-3Using the VLAN Trunking Protocol 9-3The VTP Domain and VTP Modes 9-4VTP Advertisements 9-5VTP Version 2 9-6VTP Pruning 9-6Configuring VTP 9-8Default VTP Configuration 9-8VTP Configuration Guidelines 9-8Configuring a VTP Server 9-10Configuring a VTP Client 9-11Disabling VTP (VTP Transparent Mode)Enabling VTP Version 2 9-12Enabling VTP Pruning 9-13Monitoring VTP 9-139-11VLANs in the VTP Database 9-15Token Ring VLANs 9-15Default VLAN Configuration 9-15VLAN Configuration Guidelines 9-16Configuring VLANs in the VTP Database 9-17Adding an Ethernet VLAN 9-17Modifying an Ethernet VLAN 9-18Deleting a VLAN from the Database 9-18Assigning Static-Access Ports to a VLAN 9-19Displaying VLANs in the VTP Database 9-21Understanding VLAN Trunks 9-22Trunking Overview 9-22Encapsulation Types 9-23Catalyst 3550 Multilayer Switch Software Configuration Guidex78-11194-03
Contents802.1Q Configuration Considerations 9-24Default Layer 2 Ethernet Interface VLAN Configuration 9-24Configuring an Ethernet Interface as a Trunk Port 9-25Configuring a Trunk Port 9-25Defining the Allowed VLANs on a Trunk 9-27Changing the Pruning-Eligible List 9-28Configuring the Native VLAN for Untagged Traffic 9-29Load Sharing Using STP 9-29Load Sharing Using STP Port Priorities 9-30Configuring STP Port Priorities and Load Sharing 9-30Load Sharing Using STP Path Cost 9-32Configuring STP Path Costs and Load Sharing 9-32Understanding VMPS 9-33Dynamic Port VLAN Membership 9-34VMPS Database Configuration File 9-34VMPS Configuration Guidelines 9-36Default VMPS Configuration 9-37Configuring an Interface as a Layer 2 Dynamic Access Port 9-37Entering the IP Address of the VMPS 9-37Configuring Dynamic Access Ports on VMPS Clients 9-38Reconfirming VLAN Memberships 9-39Changing the Reconfirmation Interval 9-39Changing the Retry Count 9-39Administering and Monitoring the VMPS 9-40Troubleshooting Dynamic Port VLAN Membership 9-40Dynamic Port VLAN Membership Configuration Example 9-40CHAPTER10Configuring STP10-1Understanding Basic STP Features 10-1Supported STP Instances 10-2STP Overview 10-2Bridge ID, Switch Priority, and Extended System IDElection of the Root Switch 10-3Bridge Protocol Data Units 10-4STP Timers 10-5Creating the STP Topology 10-5STP Interface States 10-6Blocking State 10-7Listening State 10-710-3Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03xi
ContentsLearning State 10-7Forwarding State 10-8Disabled State 10-8STP Address Management 10-8STP and IEEE 802.1Q Trunks 10-8VLAN-Bridge STP 10-9STP and Redundant Connectivity 10-9Accelerated Aging to Retain Connectivity10-10Understanding Advanced STP Features 10-10Understanding Port Fast 10-10Understanding BPDU Guard 10-11Understanding UplinkFast 10-12Understanding Cross-Stack UplinkFast 10-13How CSUF Works 10-14Events that Cause Fast Convergence 10-15Limitations 10-16Connecting the Stack Ports 10-16Understanding BackboneFast 10-18Understanding Root Guard 10-20Understanding EtherChannel Guard 10-20Configuring Basic STP Features 10-21Default STP Configuration 10-21Disabling STP 10-22Configuring the Root Switch 10-22Configuring a Secondary Root Switch 10-24Configuring STP Port Priority 10-26Configuring STP Path Cost 10-27Configuring the Switch Priority of a VLAN 10-28Configuring the Hello Time 10-29Configuring the Forwarding-Delay Time for a VLAN 10-29Configuring the Maximum-Aging Time for a VLAN 10-30Configuring STP for Use in a Cascaded Stack 10-30Displaying STP Status 10-31Configuring Advanced STP Features 10-32Configuring Port Fast 10-32Configuring BPDU Guard 10-33Configuring UplinkFast for Use with Redundant LinksConfiguring Cross-Stack UplinkFast 10-35Configuring BackboneFast 10-3610-34Catalyst 3550 Multilayer Switch Software Configuration Guidexii78-11194-03
ContentsConfiguring Root Guard 10-36Enabling EtherChannel Guard 10-37CHAPTER11Configuring IGMP Snooping and MVR11-1Understanding IGMP Snooping 11-1Joining a Multicast Group 11-2Leaving a Multicast Group 11-4Immediate-Leave Processing 11-4Configuring IGMP Snooping 11-5Default IGMP Snooping Configuration 11-5Enabling or Disabling IGMP Snooping 11-5Setting the Snooping Method 11-6Configuring a Multicast Router Port 11-7Configuring a Host Statically to Join a Group 11-8Enabling IGMP Immediate-Leave Processing 11-9Displaying IGMP Snooping Information11-9Understanding Multicast VLAN Registration 11-12Using MVR in a Multicast Television Application11-12Configuring MVR 11-14Configuration Guidelines and Limitations 11-14Default MVR Configuration 11-15Configuring MVR Global Parameters 11-15Configuring MVR Interfaces 11-16Displaying MVR Information11-18Configuring IGMP Filtering 11-20Default IGMP Filtering Configuration 11-20Configuring IGMP Profiles 11-20Applying IGMP Profiles 11-22Setting the Maximum Number of IGMP GroupsDisplaying IGMP Filtering ConfigurationCHAPTER12Configuring Port-Based Traffic Control11-2412-1Configuring Storm Control 12-1Understanding Storm Control 12-1Default Storm Control ConfigurationEnabling Storm Control 12-3Disabling Storm Control 12-4Configuring Protected Ports11-2312-312-5Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03xiii
ContentsConfiguring Port Blocking 12-6Blocking Flooded Traffic on an Interface 12-6Resuming Normal Forwarding on a Port 12-7Configuring Port Security 12-8Understanding Port Security 12-8Default Port Security Configuration 12-9Configuration Guidelines 12-9Enabling and Configuring Port Security 12-9Displaying Port-Based Traffic Control SettingsCHAPTER13Configuring CDP12-1113-1Understanding CDP13-1Configuring CDP 13-2Default CDP Configuration 13-2Configuring the CDP Characteristics 13-2Disabling and Enabling CDP 13-3Disabling and Enabling CDP on an InterfaceMonitoring and Maintaining CDPCHAPTER14Configuring UDLD13-514-1Understanding UDLD14-1Configuring UDLD 14-3Default UDLD Configuration 14-3Enabling UDLD Globally 14-3Enabling UDLD on an Interface 14-4Resetting an Interface Shut Down by UDLDDisplaying UDLD StatusCHAPTER15Configuring SPAN13-414-414-515-1Understanding SPAN 15-1SPAN Concepts and Terminology 15-2SPAN Session 15-2Traffic Types 15-3Source Port 15-4Destination Port 15-4VLAN-Based SPAN 15-5SPAN Traffic 15-5SPAN Interaction with Other Features 15-5Catalyst 3550 Multilayer Switch Software Configuration Guidexiv78-11194-03
ContentsConfiguring SPAN 15-6Default SPAN Configuration 15-7SPAN Configuration Guidelines 15-7Creating a SPAN Session and Specifying Ports to MonitorRemoving Ports from a SPAN Session 15-10Specifying VLANs to Monitor 15-11Specifying VLANs to Filter 15-12Displaying SPAN StatusCHAPTER16Configuring RMON15-1316-1Understanding RMON16-1Configuring RMON 16-2Default RMON Configuration 16-3Configuring RMON Alarms and Events 16-3Configuring RMON Collection on an InterfaceDisplaying RMON StatusCHAPTER1715-816-516-6Configuring System Message Logging17-1Understanding System Message Logging17-1Configuring System Message Logging 17-2System Log Message Format 17-2Default System Message Logging Configuration 17-3Disabling and Enabling Message Logging 17-4Setting the Message Display Destination Device 17-4Synchronizing Log Messages 17-6Enabling and Disabling Timestamps on Log Messages 17-7Enabling and Disabling Sequence Numbers in Log Messages 17-8Defining the Message Severity Level 17-8Limiting Syslog Messages Sent to the History Table and to SNMP 17-10Configuring UNIX Syslog Servers 17-10Logging Messages to a UNIX Syslog Daemon 17-11Configuring the UNIX System Logging Facility 17-11Displaying the Logging Configuration17-12Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03xv
ContentsCHAPTER18Configuring SNMP18-1Understanding SNMP 18-1SNMP Versions 18-2SNMP Manager Functions 18-2SNMP Agent Functions 18-3SNMP Community Strings 18-3Using SNMP to Access MIB Variables18-3Configuring SNMP 18-4Default SNMP Configuration 18-4Disabling the SNMP Agent 18-5Configuring Community Strings 18-5Configuring Trap Managers and Enabling Traps 18-7Setting the Agent Contact and Location Information 18-9Limiting TFTP Servers Used Through SNMP 18-9SNMP Examples 18-10Displaying SNMP StatusCHAPTER1918-10Configuring Network Security with ACLs19-1Understanding ACLs 19-1Supported ACLs 19-2Router ACLs 19-2VLAN Maps 19-3Handling Fragmented and Unfragmented Traffic19-4Configuring Router ACLs 19-5Hardware and Software Handling of Router ACLs 19-5Unsupported Features 19-6Creating Standard and Extended IP ACLs 19-6Access List Numbers 19-7Creating a Numbered Standard ACL 19-8Creating a Numbered Extended ACL 19-9Creating Named Standard and Extended ACLs 19-14Applying Time Ranges to ACLs 19-15Including Comments About Entries in ACLs 19-18Applying the ACL to an Interface or Terminal Line 19-18Displaying ACLs and Access Groups 19-20ACL Configuration Examples 19-22Numbered ACLs 19-24Extended ACLs 19-24Named ACLs 19-24Catalyst 3550 Multilayer Switch Software Configuration Guidexvi78-11194-03
ContentsTime Range Applied to an IP ACL 19-25Commented IP ACL Entries 19-25ACL Logging 19-26Configuring VLAN Maps 19-27VLAN Map Configuration Guidelines 19-28Creating Named MAC Extended ACLs 19-28Creating a VLAN Map 19-30Examples of ACLs and VLAN Maps 19-30Applying a VLAN Map to a VLAN 19-32Displaying VLAN Map Information 19-33Using VLAN Maps in Your Network 19-33Wiring Closet Configuration 19-34Denying Access to a Server on Another VLAN19-35Using VLAN Maps with Router ACLs 19-36Guidelines 19-36Determining if the ACL Configuration Fits in Hardware 19-37Examples of Router ACLs and VLAN Maps Applied to VLANs 19-39ACLs and Switched Packets 19-39ACLs and Bridged Packets 19-40ACLs and Routed Packets 19-41ACLs and Multicast Packets 19-42CHAPTER20Configuring QoS20-1Understanding QoS 20-1Basic QoS Model 20-3Classification 20-4Classification Based on QoS ACLs 20-7Classification Based on Class Maps and Policy Maps 20-7Policing and Marking 20-8Mapping Tables 20-11Queueing and Scheduling 20-12Queueing and Scheduling on Gigabit-Capable Ports 20-12Queueing and Scheduling on 10/100 Ethernet Ports 20-15Packet Modification 20-17Configuring QoS 20-18Default QoS Configuration 20-18Configuration Guidelines 20-20Enabling QoS Globally 20-21Configuring Classification Using Port Trust States20-21Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03xvii
ContentsConfiguring the Trust State on Ports within the QoS Domain 20-22Configuring the CoS Value for an Interface 20-24Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 20-25Configuring a QoS Policy 20-26Classifying Traffic by Using ACLs 20-27Classifying Traffic by Using Class Maps 20-30Classifying, Policing, and Marking Traffic by Using Policy Maps 20-32Classifying, Policing, and Marking Traffic by Using Aggregate Policers 20-37Configuring DSCP Maps 20-39Configuring the CoS-to-DSCP Map 20-39Configuring the IP-Precedence-to-DSCP Map 20-40Configuring the Policed-DSCP Map 20-41Configuring the DSCP-to-CoS Map 20-42Configuring the DSCP-to-DSCP-Mutation Map 20-43Configuring Egress Queues on Gigabit-Capable Ethernet Ports 20-44Mapping CoS Values to Select Egress Queues 20-45Configuring the Egress Queue Size Ratios 20-46Configuring Tail-Drop Threshold Percentages 20-47Configuring WRED Drop Thresholds Percentages 20-48Configuring the Egress Expedite Queue 20-50Allocating Bandwidth among Egress Queues 20-50Configuring Egress Queues on 10/100 Ethernet Ports 20-51Mapping CoS Values to Select Egress Queues 20-52Configuring the Minimum-Reserve Levels 20-53Configuring the Egress Expedite Queue 20-54Allocating Bandwidth among Egress Queues 20-54Displaying QoS Information20-56QoS Configuration Examples 20-56QoS Configuration for the Common Wiring Closet 20-57QoS Configuration for the Intelligent Wiring Closet 20-58QoS Configuration for the Distribution Layer 20-59CHAPTER21Configuring EtherChannel21-1Understanding EtherChannel 21-1Understanding Port-Channel Interfaces 21-2Understanding the Port Aggregation Protocol 21-3PAgP Modes 21-4Physical Learners and Aggregate-Port LearnersPAgP Interaction with Other Features 21-521-5Catalyst 3550 Multilayer Switch Software Configuration Guidexviii78-11194-03
ContentsUnderstanding Load Balancing and Forwarding Methods21-5Configuring EtherChannel 21-7Default EtherChannel Configuration 21-7EtherChannel Configuration Guidelines 21-8Configuring Layer 2 EtherChannels 21-9Configuring Layer 3 EtherChannels 21-11Creating Port-Channel Logical Interfaces 21-11Configuring the Physical Interfaces 21-12Configuring EtherChannel Load Balancing 21-13Configuring the PAgP Learn Method and Priority 21-14Displaying EtherChannel and PAgP StatusCHAPTER22Configuring IP Unicast RoutingUnderstanding Routing21-1622-122-2Steps for Configuring Routing22-3Configuring IP Addressing 22-4Default Addressing Configuration 22-4Assigning IP Addresses to Network Interfaces 22-5Use of Subnet Zero 22-8Classless Routing 22-8Configuring Address Resolution Methods 22-10Define a Static ARP Cache 22-11Set ARP Encapsulation 22-12Enable Proxy ARP 22-13Routing Assistance When IP Routing is Disabled 22-14Proxy ARP 22-14Default Gateway 22-15ICMP Router Discovery Protocol (IRDP) 22-15Configuring Broadcast Packet Handling 22-17Enabling Directed Broadcast-to-Physical Broadcast TranslationForwarding UDP Broadcast Packets and Protocols 22-18Establishing an IP Broadcast Address 22-20Flooding IP Broadcasts 22-20Monitoring and Maintaining IP Addressing 22-21Enabling IP Routing22-1722-24Configuring RIP 22-25RIP Authentication 22-28Summary Addresses and Split Horizon22-28Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03xix
ContentsConfiguring IGRP 22-30Load Balancing and Traffic Distribution ControlSplit Horizon 22-3422-31Configuring OSPF 22-35OSPF Interface Parameters 22-38OSPF Area Parameters 22-39Other OSPF Behavior Parameters 22-41Change LSA Group Pacing 22-43Loopback Interface 22-43Monitoring OSPF 22-44Configuring EIGRP 22-46EIGRP Router Mode Commands 22-48EIGRP Interface Mode Commands 22-49Configure EIGRP Route AuthenticationMonitoring and Maintaining EIGRP 22-5122-50Configuring Protocol-Independent Features 22-53Configuring Cisco Express Forwarding 22-53Configuring the Number of Equal-Cost Routing Paths 22-54Configuring Static Routes 22-55Specifying Default Routes 22-56Specifying a Default Network 22-56Redistributing Routing Information 22-57Filtering Routing Information 22-61Setting Passive Interfaces 22-61Controlling Advertising and Processing in Routing UpdatesFiltering Sources of Routing Information 22-62Managing Authentication Keys 22-63Monitoring and Maintaining the IP NetworkCHAPTER23Configuring HSRP22-6222-6423-1Understanding HSRP23-1Configuring HSRP 23-3Default HSRP Configuration 23-4Enabling HSRP 23-4Configuring HSRP Group Attributes 23-6Configuring HSRP Priority 23-6Configuring HSRP Authentication and TimersConfiguring HSRP Groups and Clustering 23-9Displaying HSRP Configurations23-823-10Catalyst 3550 Multilayer Switch Software Configuration Guidexx78-11194-03
ContentsCHAPTER24Configuring IP Multicast Routing24-1Cisco Implementation of IP Multicast Routing 24-2Understanding IGMP 24-3IGMP Version 1 24-3IGMP Version 2 24-4Understanding PIM 24-5PIM Versions 24-5PIM Modes 24-5Auto-RP 24-8Bootstrap Router 24-8Multicast Forwarding and Reverse Path CheckNeighbor Discovery 24-10Understanding DVMRP 24-11DVMRP Neighbor Discovery 24-11DVMRP Route Table 24-11DVMRP Source Distribution Tree 24-11Understanding CGMP 24-11Joining a Group with CGMP 24-12Leaving a Group with CGMP 24-1324-9Configuring IP Multicast Routing 24-13Default Multicast Routing Configuration 24-13Multicast Routing Configuration Guidelines 24-14PIMv1 and PIMv2 Interoperability 24-14Auto-RP and BSR Configuration Guidelines 24-15Configuring Basic Multicast Routing 24-15Configuring a Rendezvous Point 24-17Manually Assigning an RP to Multicast Groups 24-17Configuring Auto-RP 24-18Configuring PIMv2 BSR 24-22Using Auto-RP and a BSR 24-27Monitoring the RP Mapping Information 24-27Troubleshooting PIMv1 and PIMv2 Interoperability Problems24-28Configuring Advanced PIM Features 24-28Understanding PIM Shared Tree and Source Tree 24-28Delaying the Use of PIM Shortest-Path Tree 24-29Modifying the PIM Router-Query Message Interval 24-30Configuring Optional IGMP Features 24-31Default IGMP Configuration 24-31Changing the IGMP Version 24-32Catalyst 3550 Multilayer Switch Software Configuration Guide78-11194-03xxi
ContentsChanging the IGMP Query Timeout for IGMPv2 24-32Changing the Maximum Query Response Time for IGMPv2 24-33Co
Contents vii Catalyst 3550 Multilayer Switch Software Configuration Guide 78-11194-03 CHAPTER 6 Administering the Switch 6-1 Preventing Unauthorized Access to Your Switch 6-1 Protecting Access to Privileged EXEC Commands 6-2 Default Password and Privilege Level Configuration 6-3 Setting or Changing a Static Enable Password 6-3 Protecting Enable and Enable Secret Passwords with Encryption 6-4
