Software Guide
Page 1
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide Cisco IOS Release 12.2(25)EX November 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7817058= Text Part Number: 78-17058-01
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide Cisco IOS Release 12.2(25)EX November 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7817058= Text Part Number: 78-17058-01
Software Guide
Page 2
... Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare,...property of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) Cisco ME 3400 Ethernet Access Switch Software Configuration Guide © 2005 Cisco Systems, Inc. The use of their respective owners.
... Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare,...property of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) Cisco ME 3400 Ethernet Access Switch Software Configuration Guide © 2005 Cisco Systems, Inc. The use of their respective owners.
Software Guide
Page 3
... Publications and Information xxxix Overview 1-1 Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability Features 1-4 VLAN Features 1-5 Security Features 1-5 Subscriber Security 1-5 Switch Security 1-5 Network Security 1-6 Quality of Service and Class of Service Features 1-6 Layer 2 Virtual Private Network Services 1-7 Layer 3 Features 1-7 Layer 3 VPN Services 1-8 Monitoring Features 1-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iii
... Publications and Information xxxix Overview 1-1 Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability Features 1-4 VLAN Features 1-5 Security Features 1-5 Subscriber Security 1-5 Switch Security 1-5 Network Security 1-6 Quality of Service and Class of Service Features 1-6 Layer 2 Virtual Private Network Services 1-7 Layer 3 Features 1-7 Layer 3 VPN Services 1-8 Monitoring Features 1-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iii
Software Guide
Page 4
... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-3 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-5 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iv 78-17058...
... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-3 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-5 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iv 78-17058...
Software Guide
Page 5
... 3-17 Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event ...Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Administering the Switch 5-1 Managing the System Time and Date 5-1 Understanding the System Clock 5-2 Understanding Network Time Protocol 5-2 Cisco ME 3400 Ethernet Access Switch...
... 3-17 Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event ...Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Administering the Switch 5-1 Managing the System Time and Date 5-1 Understanding the System Clock 5-2 Understanding Network Time Protocol 5-2 Cisco ME 3400 Ethernet Access Switch...
Software Guide
Page 6
... Entries 5-24 Configuring Unicast MAC Address Filtering 5-25 Disabling MAC Address Learning on a VLAN 5-26 Displaying Address Table Entries 5-28 Managing the ARP Table 5-28 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vi 78-17058-01
... Entries 5-24 Configuring Unicast MAC Address Filtering 5-25 Disabling MAC Address Learning on a VLAN 5-26 Displaying Address Table Entries 5-28 Managing the ARP Table 5-28 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vi 78-17058-01
Software Guide
Page 7
... the Privilege Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-10 Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-13 Default TACACS+ Configuration 7-13 Identifying the TACACS...Access and Network Services 7-16 Starting TACACS+ Accounting 7-17 Displaying the TACACS+ Configuration 7-17 Controlling Switch Access with RADIUS 7-18 Understanding RADIUS 7-18 RADIUS Operation 7-19 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vii
... the Privilege Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-10 Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-13 Default TACACS+ Configuration 7-13 Identifying the TACACS...Access and Network Services 7-16 Starting TACACS+ Accounting 7-17 Displaying the TACACS+ Configuration 7-17 Controlling Switch Access with RADIUS 7-18 Understanding RADIUS 7-18 RADIUS Operation 7-19 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vii
Software Guide
Page 8
...Secure Shell 7-37 Understanding SSH 7-38 SSH Servers, Integrated Clients, and Supported Versions 7-38 Limitations 7-38 Configuring SSH 7-39 Configuration Guidelines 7-39 Setting Up the Switch to Run SSH 7-39 Configuring the SSH Server 7-40 Displaying the SSH Configuration and Status 7-41 Configuring IEEE 802.1x Port-Based Authentication 8-1 Understanding IEEE... 802.1x Accounting Attribute-Value Pairs 8-5 IEEE 802.1x Host Mode 8-6 Using IEEE 802.1x with Port Security 8-7 Using IEEE 802.1x with VLAN Assignment 8-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide viii 78-17058-01
...Secure Shell 7-37 Understanding SSH 7-38 SSH Servers, Integrated Clients, and Supported Versions 7-38 Limitations 7-38 Configuring SSH 7-39 Configuration Guidelines 7-39 Setting Up the Switch to Run SSH 7-39 Configuring the SSH Server 7-40 Displaying the SSH Configuration and Status 7-41 Configuring IEEE 802.1x Port-Based Authentication 8-1 Understanding IEEE... 802.1x Accounting Attribute-Value Pairs 8-5 IEEE 802.1x Host Mode 8-6 Using IEEE 802.1x with Port Security 8-7 Using IEEE 802.1x with VLAN Assignment 8-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide viii 78-17058-01
Software Guide
Page 9
...01 Configuring IEEE 802.1x Authentication 8-9 Default IEEE 802.1x Configuration 8-9 IEEE 802.1x Configuration Guidelines 8-10 Configuring IEEE 802.1x Authentication 8-11 Configuring the Switch-to-RADIUS-Server Communication 8-12 Configuring Periodic Re-Authentication 8-13 Manually Re-Authenticating a Client Connected to a Port 8-14 Changing the Quiet Period 8-14 ...Duplex Mode 9-14 Speed and Duplex Configuration Guidelines 9-15 Setting the Interface Speed and Duplex Parameters 9-15 Configuring IEEE 802.3x Flow Control 9-17 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide ix
...01 Configuring IEEE 802.1x Authentication 8-9 Default IEEE 802.1x Configuration 8-9 IEEE 802.1x Configuration Guidelines 8-10 Configuring IEEE 802.1x Authentication 8-11 Configuring the Switch-to-RADIUS-Server Communication 8-12 Configuring Periodic Re-Authentication 8-13 Manually Re-Authenticating a Client Connected to a Port 8-14 Changing the Quiet Period 8-14 ...Duplex Mode 9-14 Speed and Duplex Configuration Guidelines 9-15 Setting the Interface Speed and Duplex Parameters 9-15 Configuring IEEE 802.3x Flow Control 9-17 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide ix
Software Guide
Page 10
... Configuring UNI VLANs 11-13 Displaying VLANs 11-14 Configuring VLAN Trunks 11-14 Trunking Overview 11-14 IEEE 802.1Q Configuration Considerations 11-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide x 78-17058-01
... Configuring UNI VLANs 11-13 Displaying VLANs 11-14 Configuring VLAN Trunks 11-14 Trunking Overview 11-14 IEEE 802.1Q Configuration Considerations 11-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide x 78-17058-01
Software Guide
Page 11
... 12-1 Understanding Private VLANs 12-1 Types of Private VLANs and Private-VLAN Ports 12-2 IP Addressing Scheme with Private VLANs 12-4 Private VLANs across Multiple Switches 12-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5 Private VLANs and SVIs 12-5 Configuring Private VLANs 12-5 Tasks for Configuring Private VLANs 12...-6 Secondary and Primary VLAN Configuration 12-7 Private-VLAN Port Configuration 12-8 Limitations with Other Features 12-9 Configuring and Associating VLANs in a Private VLAN 12-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xi
... 12-1 Understanding Private VLANs 12-1 Types of Private VLANs and Private-VLAN Ports 12-2 IP Addressing Scheme with Private VLANs 12-4 Private VLANs across Multiple Switches 12-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5 Private VLANs and SVIs 12-5 Configuring Private VLANs 12-5 Tasks for Configuring Private VLANs 12...-6 Secondary and Primary VLAN Configuration 12-7 Private-VLAN Port Configuration 12-8 Limitations with Other Features 12-9 Configuring and Associating VLANs in a Private VLAN 12-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xi
Software Guide
Page 12
... P T E R Configuring STP 14-1 Understanding Spanning-Tree Features 14-1 STP Overview 14-2 Spanning-Tree Topology and BPDUs 14-3 Bridge ID, Switch Priority, and Extended System ID 14-4 Spanning-Tree Interface States 14-4 Blocking State 14-6 Listening State 14-6 Learning State 14-6 Forwarding State 14...-7 Disabled State 14-7 How a Switch or Port Becomes the Root Switch or Root Port 14-7 Spanning Tree and Redundant Connectivity 14-8 Spanning-Tree Address Management 14-8 Accelerated Aging to Retain Connectivity 14-9 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xii 78-17058-01
... P T E R Configuring STP 14-1 Understanding Spanning-Tree Features 14-1 STP Overview 14-2 Spanning-Tree Topology and BPDUs 14-3 Bridge ID, Switch Priority, and Extended System ID 14-4 Spanning-Tree Interface States 14-4 Blocking State 14-6 Listening State 14-6 Learning State 14-6 Forwarding State 14...-7 Disabled State 14-7 How a Switch or Port Becomes the Root Switch or Root Port 14-7 Spanning Tree and Redundant Connectivity 14-8 Spanning-Tree Address Management 14-8 Accelerated Aging to Retain Connectivity 14-9 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xii 78-17058-01
Software Guide
Page 13
...-12 Changing the Spanning-Tree Mode. 14-13 Disabling Spanning Tree 14-14 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-16 Configuring Port Priority 14-16 Configuring Path Cost 14-18 Configuring the Switch Priority of a VLAN 14-19 Configuring Spanning-Tree Timers 14-20 Configuring the Hello Time... Unit Format and Processing 15-9 Processing Superior BPDU Information 15-10 Processing Inferior BPDU Information 15-10 Topology Changes 15-10 Contents 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiii
...-12 Changing the Spanning-Tree Mode. 14-13 Disabling Spanning Tree 14-14 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-16 Configuring Port Priority 14-16 Configuring Path Cost 14-18 Configuring the Switch Priority of a VLAN 14-19 Configuring Spanning-Tree Timers 14-20 Configuring the Hello Time... Unit Format and Processing 15-9 Processing Superior BPDU Information 15-10 Processing Inferior BPDU Information 15-10 Topology Changes 15-10 Contents 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiii
Software Guide
Page 14
... Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority 15-19 Configuring the Hello Time 15-19 Configuring the Forwarding-Delay Time 15... Guard 16-6 Enabling BPDU Filtering 16-7 Enabling EtherChannel Guard 16-8 Enabling Root Guard 16-9 Enabling Loop Guard 16-9 Displaying the Spanning-Tree Status 16-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiv 78-17058-01
... Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority 15-19 Configuring the Hello Time 15-19 Configuring the Forwarding-Delay Time 15... Guard 16-6 Enabling BPDU Filtering 16-7 Enabling EtherChannel Guard 16-8 Enabling Root Guard 16-9 Enabling Loop Guard 16-9 Displaying the Spanning-Tree Status 16-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiv 78-17058-01
Software Guide
Page 16
... Flooding During a TCN Event 20-12 Configuring the IGMP Snooping Querier 20-13 Disabling IGMP Report Suppression 20-14 Displaying IGMP Snooping Information 20-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvi 78-17058-01
... Flooding During a TCN Event 20-12 Configuring the IGMP Snooping Querier 20-13 Disabling IGMP Report Suppression 20-14 Displaying IGMP Snooping Information 20-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvi 78-17058-01
Software Guide
Page 17
... and Configuring Port Security 21-11 Enabling and Configuring Port Security Aging 21-15 Displaying Port-Based Traffic Control Settings 21-17 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvii
... and Configuring Port Security 21-11 Enabling and Configuring Port Security Aging 21-15 Displaying Port-Based Traffic Control Settings 21-17 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvii
Software Guide
Page 18
... 24-7 RSPAN VLAN 24-8 SPAN and RSPAN Interaction with Other Features 24-8 Configuring SPAN and RSPAN 24-9 Default SPAN and RSPAN Configuration 24-10 xviii Cisco ME 3400 Ethernet Access Switch Software Configuration Guide 78-17058-01
... 24-7 RSPAN VLAN 24-8 SPAN and RSPAN Interaction with Other Features 24-8 Configuring SPAN and RSPAN 24-9 Default SPAN and RSPAN Configuration 24-10 xviii Cisco ME 3400 Ethernet Access Switch Software Configuration Guide 78-17058-01
Software Guide
Page 19
... Servers 26-10 Logging Messages to a UNIX Syslog Daemon 26-10 Configuring the UNIX System Logging Facility 26-11 Displaying the Logging Configuration 26-12 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xix
... Servers 26-10 Logging Messages to a UNIX Syslog Daemon 26-10 Configuring the UNIX System Logging Facility 26-11 Displaying the Logging Configuration 26-12 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xix
Software Guide
Page 20
... ACLs 28-14 Using Time Ranges with ACLs 28-16 Including Comments in ACLs 28-18 Applying an IPv4 ACL to a Terminal Line 28-18 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xx 78-17058-01
... ACLs 28-14 Using Time Ranges with ACLs 28-16 Including Comments in ACLs 28-18 Applying an IPv4 ACL to a Terminal Line 28-18 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xx 78-17058-01
Software Guide
Page 21
... 28-36 VLAN Maps and Router ACL Configuration Guidelines 28-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 28-37 ACLs and Switched Packets 28-37 ACLs and Routed Packets 28-38 ACLs and Multicast Packets 28-39 Displaying IPv4 ACL Configuration 28-39 Configuring Control-Plane Security... QoS 30-1 Understanding QoS 30-1 Modular QoS CLI 30-3 Input and Output Policies 30-4 Input Policy Maps 30-4 Output Policy Maps 30-5 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xxi
... 28-36 VLAN Maps and Router ACL Configuration Guidelines 28-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 28-37 ACLs and Switched Packets 28-37 ACLs and Routed Packets 28-38 ACLs and Multicast Packets 28-39 Displaying IPv4 ACL Configuration 28-39 Configuring Control-Plane Security... QoS 30-1 Understanding QoS 30-1 Modular QoS CLI 30-3 Input and Output Policies 30-4 Input Policy Maps 30-4 Output Policy Maps 30-5 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xxi