Software Guide
Page 1
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide Cisco IOS Release 12.2(25)EX November 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7817058= Text Part Number: 78-17058-01
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide Cisco IOS Release 12.2(25)EX November 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7817058= Text Part Number: 78-17058-01
Software Guide
Page 2
..., Inc. All other trademarks mentioned in the United States and certain other company. (0502R) Cisco ME 3400 Ethernet Access Switch Software Configuration Guide © 2005 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. All rights reserved. and/or its affiliates ...
..., Inc. All other trademarks mentioned in the United States and certain other company. (0502R) Cisco ME 3400 Ethernet Access Switch Software Configuration Guide © 2005 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. All rights reserved. and/or its affiliates ...
Software Guide
Page 3
... Publications and Information xxxix Overview 1-1 Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability Features 1-4 VLAN Features 1-5 Security Features 1-5 Subscriber Security 1-5 Switch Security 1-5 Network Security 1-6 Quality of Service and Class of Service Features 1-6 Layer 2 Virtual Private Network Services 1-7 Layer 3 Features 1-7 Layer 3 VPN Services 1-8 Monitoring Features 1-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iii
... Publications and Information xxxix Overview 1-1 Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability Features 1-4 VLAN Features 1-5 Security Features 1-5 Subscriber Security 1-5 Switch Security 1-5 Network Security 1-6 Quality of Service and Class of Service Features 1-6 Layer 2 Virtual Private Network Services 1-7 Layer 3 Features 1-7 Layer 3 VPN Services 1-8 Monitoring Features 1-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iii
Software Guide
Page 4
... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-3 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-5 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iv 78-17058...
... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-3 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-5 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iv 78-17058...
Software Guide
Page 5
... 3-17 Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event ...Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Administering the Switch 5-1 Managing the System Time and Date 5-1 Understanding the System Clock 5-2 Understanding Network Time Protocol 5-2 Cisco ME 3400 Ethernet Access Switch...
... 3-17 Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event ...Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Administering the Switch 5-1 Managing the System Time and Date 5-1 Understanding the System Clock 5-2 Understanding Network Time Protocol 5-2 Cisco ME 3400 Ethernet Access Switch...
Software Guide
Page 6
... Entries 5-24 Configuring Unicast MAC Address Filtering 5-25 Disabling MAC Address Learning on a VLAN 5-26 Displaying Address Table Entries 5-28 Managing the ARP Table 5-28 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vi 78-17058-01
... Entries 5-24 Configuring Unicast MAC Address Filtering 5-25 Disabling MAC Address Learning on a VLAN 5-26 Displaying Address Table Entries 5-28 Managing the ARP Table 5-28 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vi 78-17058-01
Software Guide
Page 7
... the Privilege Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-10 Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-13 Default TACACS+ Configuration 7-13 Identifying the TACACS...Access and Network Services 7-16 Starting TACACS+ Accounting 7-17 Displaying the TACACS+ Configuration 7-17 Controlling Switch Access with RADIUS 7-18 Understanding RADIUS 7-18 RADIUS Operation 7-19 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vii
... the Privilege Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-10 Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-13 Default TACACS+ Configuration 7-13 Identifying the TACACS...Access and Network Services 7-16 Starting TACACS+ Accounting 7-17 Displaying the TACACS+ Configuration 7-17 Controlling Switch Access with RADIUS 7-18 Understanding RADIUS 7-18 RADIUS Operation 7-19 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vii
Software Guide
Page 8
...Secure Shell 7-37 Understanding SSH 7-38 SSH Servers, Integrated Clients, and Supported Versions 7-38 Limitations 7-38 Configuring SSH 7-39 Configuration Guidelines 7-39 Setting Up the Switch to Run SSH 7-39 Configuring the SSH Server 7-40 Displaying the SSH Configuration and Status 7-41 Configuring IEEE 802.1x Port-Based Authentication 8-1 Understanding IEEE... 802.1x Accounting Attribute-Value Pairs 8-5 IEEE 802.1x Host Mode 8-6 Using IEEE 802.1x with Port Security 8-7 Using IEEE 802.1x with VLAN Assignment 8-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide viii 78-17058-01
...Secure Shell 7-37 Understanding SSH 7-38 SSH Servers, Integrated Clients, and Supported Versions 7-38 Limitations 7-38 Configuring SSH 7-39 Configuration Guidelines 7-39 Setting Up the Switch to Run SSH 7-39 Configuring the SSH Server 7-40 Displaying the SSH Configuration and Status 7-41 Configuring IEEE 802.1x Port-Based Authentication 8-1 Understanding IEEE... 802.1x Accounting Attribute-Value Pairs 8-5 IEEE 802.1x Host Mode 8-6 Using IEEE 802.1x with Port Security 8-7 Using IEEE 802.1x with VLAN Assignment 8-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide viii 78-17058-01
Software Guide
Page 9
...01 Configuring IEEE 802.1x Authentication 8-9 Default IEEE 802.1x Configuration 8-9 IEEE 802.1x Configuration Guidelines 8-10 Configuring IEEE 802.1x Authentication 8-11 Configuring the Switch-to-RADIUS-Server Communication 8-12 Configuring Periodic Re-Authentication 8-13 Manually Re-Authenticating a Client Connected to a Port 8-14 Changing the Quiet Period 8-14 ...Duplex Mode 9-14 Speed and Duplex Configuration Guidelines 9-15 Setting the Interface Speed and Duplex Parameters 9-15 Configuring IEEE 802.3x Flow Control 9-17 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide ix
...01 Configuring IEEE 802.1x Authentication 8-9 Default IEEE 802.1x Configuration 8-9 IEEE 802.1x Configuration Guidelines 8-10 Configuring IEEE 802.1x Authentication 8-11 Configuring the Switch-to-RADIUS-Server Communication 8-12 Configuring Periodic Re-Authentication 8-13 Manually Re-Authenticating a Client Connected to a Port 8-14 Changing the Quiet Period 8-14 ...Duplex Mode 9-14 Speed and Duplex Configuration Guidelines 9-15 Setting the Interface Speed and Duplex Parameters 9-15 Configuring IEEE 802.3x Flow Control 9-17 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide ix
Software Guide
Page 10
... Configuring UNI VLANs 11-13 Displaying VLANs 11-14 Configuring VLAN Trunks 11-14 Trunking Overview 11-14 IEEE 802.1Q Configuration Considerations 11-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide x 78-17058-01
... Configuring UNI VLANs 11-13 Displaying VLANs 11-14 Configuring VLAN Trunks 11-14 Trunking Overview 11-14 IEEE 802.1Q Configuration Considerations 11-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide x 78-17058-01
Software Guide
Page 11
... 12-1 Understanding Private VLANs 12-1 Types of Private VLANs and Private-VLAN Ports 12-2 IP Addressing Scheme with Private VLANs 12-4 Private VLANs across Multiple Switches 12-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5 Private VLANs and SVIs 12-5 Configuring Private VLANs 12-5 Tasks for Configuring Private VLANs 12...-6 Secondary and Primary VLAN Configuration 12-7 Private-VLAN Port Configuration 12-8 Limitations with Other Features 12-9 Configuring and Associating VLANs in a Private VLAN 12-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xi
... 12-1 Understanding Private VLANs 12-1 Types of Private VLANs and Private-VLAN Ports 12-2 IP Addressing Scheme with Private VLANs 12-4 Private VLANs across Multiple Switches 12-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5 Private VLANs and SVIs 12-5 Configuring Private VLANs 12-5 Tasks for Configuring Private VLANs 12...-6 Secondary and Primary VLAN Configuration 12-7 Private-VLAN Port Configuration 12-8 Limitations with Other Features 12-9 Configuring and Associating VLANs in a Private VLAN 12-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xi
Software Guide
Page 12
... P T E R Configuring STP 14-1 Understanding Spanning-Tree Features 14-1 STP Overview 14-2 Spanning-Tree Topology and BPDUs 14-3 Bridge ID, Switch Priority, and Extended System ID 14-4 Spanning-Tree Interface States 14-4 Blocking State 14-6 Listening State 14-6 Learning State 14-6 Forwarding State 14...-7 Disabled State 14-7 How a Switch or Port Becomes the Root Switch or Root Port 14-7 Spanning Tree and Redundant Connectivity 14-8 Spanning-Tree Address Management 14-8 Accelerated Aging to Retain Connectivity 14-9 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xii 78-17058-01
... P T E R Configuring STP 14-1 Understanding Spanning-Tree Features 14-1 STP Overview 14-2 Spanning-Tree Topology and BPDUs 14-3 Bridge ID, Switch Priority, and Extended System ID 14-4 Spanning-Tree Interface States 14-4 Blocking State 14-6 Listening State 14-6 Learning State 14-6 Forwarding State 14...-7 Disabled State 14-7 How a Switch or Port Becomes the Root Switch or Root Port 14-7 Spanning Tree and Redundant Connectivity 14-8 Spanning-Tree Address Management 14-8 Accelerated Aging to Retain Connectivity 14-9 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xii 78-17058-01
Software Guide
Page 13
...-12 Changing the Spanning-Tree Mode. 14-13 Disabling Spanning Tree 14-14 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-16 Configuring Port Priority 14-16 Configuring Path Cost 14-18 Configuring the Switch Priority of a VLAN 14-19 Configuring Spanning-Tree Timers 14-20 Configuring the Hello Time... Unit Format and Processing 15-9 Processing Superior BPDU Information 15-10 Processing Inferior BPDU Information 15-10 Topology Changes 15-10 Contents 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiii
...-12 Changing the Spanning-Tree Mode. 14-13 Disabling Spanning Tree 14-14 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-16 Configuring Port Priority 14-16 Configuring Path Cost 14-18 Configuring the Switch Priority of a VLAN 14-19 Configuring Spanning-Tree Timers 14-20 Configuring the Hello Time... Unit Format and Processing 15-9 Processing Superior BPDU Information 15-10 Processing Inferior BPDU Information 15-10 Topology Changes 15-10 Contents 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiii
Software Guide
Page 14
... Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority 15-19 Configuring the Hello Time 15-19 Configuring the Forwarding-Delay Time 15... Guard 16-6 Enabling BPDU Filtering 16-7 Enabling EtherChannel Guard 16-8 Enabling Root Guard 16-9 Enabling Loop Guard 16-9 Displaying the Spanning-Tree Status 16-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiv 78-17058-01
... Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority 15-19 Configuring the Hello Time 15-19 Configuring the Forwarding-Delay Time 15... Guard 16-6 Enabling BPDU Filtering 16-7 Enabling EtherChannel Guard 16-8 Enabling Root Guard 16-9 Enabling Loop Guard 16-9 Displaying the Spanning-Tree Status 16-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiv 78-17058-01
Software Guide
Page 16
... Flooding During a TCN Event 20-12 Configuring the IGMP Snooping Querier 20-13 Disabling IGMP Report Suppression 20-14 Displaying IGMP Snooping Information 20-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvi 78-17058-01
... Flooding During a TCN Event 20-12 Configuring the IGMP Snooping Querier 20-13 Disabling IGMP Report Suppression 20-14 Displaying IGMP Snooping Information 20-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvi 78-17058-01
Software Guide
Page 17
... and Configuring Port Security 21-11 Enabling and Configuring Port Security Aging 21-15 Displaying Port-Based Traffic Control Settings 21-17 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvii
... and Configuring Port Security 21-11 Enabling and Configuring Port Security Aging 21-15 Displaying Port-Based Traffic Control Settings 21-17 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvii
Software Guide
Page 18
... 24-7 RSPAN VLAN 24-8 SPAN and RSPAN Interaction with Other Features 24-8 Configuring SPAN and RSPAN 24-9 Default SPAN and RSPAN Configuration 24-10 xviii Cisco ME 3400 Ethernet Access Switch Software Configuration Guide 78-17058-01
... 24-7 RSPAN VLAN 24-8 SPAN and RSPAN Interaction with Other Features 24-8 Configuring SPAN and RSPAN 24-9 Default SPAN and RSPAN Configuration 24-10 xviii Cisco ME 3400 Ethernet Access Switch Software Configuration Guide 78-17058-01
Software Guide
Page 19
... Servers 26-10 Logging Messages to a UNIX Syslog Daemon 26-10 Configuring the UNIX System Logging Facility 26-11 Displaying the Logging Configuration 26-12 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xix
... Servers 26-10 Logging Messages to a UNIX Syslog Daemon 26-10 Configuring the UNIX System Logging Facility 26-11 Displaying the Logging Configuration 26-12 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xix
Software Guide
Page 20
... ACLs 28-14 Using Time Ranges with ACLs 28-16 Including Comments in ACLs 28-18 Applying an IPv4 ACL to a Terminal Line 28-18 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xx 78-17058-01
... ACLs 28-14 Using Time Ranges with ACLs 28-16 Including Comments in ACLs 28-18 Applying an IPv4 ACL to a Terminal Line 28-18 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xx 78-17058-01
Software Guide
Page 21
... 28-36 VLAN Maps and Router ACL Configuration Guidelines 28-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 28-37 ACLs and Switched Packets 28-37 ACLs and Routed Packets 28-38 ACLs and Multicast Packets 28-39 Displaying IPv4 ACL Configuration 28-39 Configuring Control-Plane Security... QoS 30-1 Understanding QoS 30-1 Modular QoS CLI 30-3 Input and Output Policies 30-4 Input Policy Maps 30-4 Output Policy Maps 30-5 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xxi
... 28-36 VLAN Maps and Router ACL Configuration Guidelines 28-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 28-37 ACLs and Switched Packets 28-37 ACLs and Routed Packets 28-38 ACLs and Multicast Packets 28-39 Displaying IPv4 ACL Configuration 28-39 Configuring Control-Plane Security... QoS 30-1 Understanding QoS 30-1 Modular QoS CLI 30-3 Input and Output Policies 30-4 Input Policy Maps 30-4 Output Policy Maps 30-5 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xxi