Software Guide
Page 1
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide Cisco IOS Release 12.2(25)EX November 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7817058= Text Part Number: 78-17058-01
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide Cisco IOS Release 12.2(25)EX November 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7817058= Text Part Number: 78-17058-01
Software Guide
Page 2
... mentioned in the United States and certain other company. (0502R) Cisco ME 3400 Ethernet Access Switch Software Configuration Guide © 2005 Cisco Systems, Inc. All rights reserved. Copyright © 1981, Regents of the University of Cisco Systems, Inc.; All rights reserved. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR...
... mentioned in the United States and certain other company. (0502R) Cisco ME 3400 Ethernet Access Switch Software Configuration Guide © 2005 Cisco Systems, Inc. All rights reserved. Copyright © 1981, Regents of the University of Cisco Systems, Inc.; All rights reserved. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR...
Software Guide
Page 3
... Additional Publications and Information xxxix Overview 1-1 Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability Features 1-4 VLAN Features 1-5 Security Features 1-5 Subscriber Security 1-5 Switch Security 1-5 Network Security 1-6 Quality of Service and Class of Service Features 1-6 Layer 2 Virtual Private Network Services 1-7 Layer 3 Features 1-7 Layer 3 VPN Services 1-8 Monitoring Features 1-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iii
... Additional Publications and Information xxxix Overview 1-1 Features 1-1 Performance Features 1-2 Management Options 1-3 Manageability Features 1-3 Availability Features 1-4 VLAN Features 1-5 Security Features 1-5 Subscriber Security 1-5 Switch Security 1-5 Network Security 1-6 Quality of Service and Class of Service Features 1-6 Layer 2 Virtual Private Network Services 1-7 Layer 3 Features 1-7 Layer 3 VPN Services 1-8 Monitoring Features 1-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iii
Software Guide
Page 4
... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-3 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-5 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iv 78-17058-01
... Gateway 3-1 Understanding the Boot Process 3-1 Assigning Switch Information 3-2 Default Switch Information 3-3 Understanding DHCP-Based Autoconfiguration 3-3 DHCP Client Request Process 3-3 Configuring DHCP-Based Autoconfiguration 3-5 DHCP Server Configuration Guidelines 3-5 Configuring the TFTP Server 3-5 Configuring the DNS 3-6 Configuring the Relay Device 3-6 Obtaining Configuration Files 3-7 Example Configuration 3-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide iv 78-17058-01
Software Guide
Page 5
... 3-17 Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event ...Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Administering the Switch 5-1 Managing the System Time and Date 5-1 Understanding the System Clock 5-2 Understanding Network Time Protocol 5-2 Cisco ME 3400 Ethernet Access Switch...
... 3-17 Displaying Scheduled Reload Information 3-18 Configuring Cisco IOS CNS Agents 4-1 Understanding Cisco Configuration Engine Software 4-1 Configuration Service 4-2 Event ...Cisco IOS Agents 4-6 Enabling Automated CNS Configuration 4-6 Enabling the CNS Event Agent 4-8 Enabling the Cisco IOS CNS Agent 4-9 Enabling an Initial Configuration 4-9 Enabling a Partial Configuration 4-11 Displaying CNS Configuration 4-12 Administering the Switch 5-1 Managing the System Time and Date 5-1 Understanding the System Clock 5-2 Understanding Network Time Protocol 5-2 Cisco ME 3400 Ethernet Access Switch...
Software Guide
Page 6
Contents Configuring NTP 5-4 Default NTP Configuration 5-4 Configuring NTP Authentication 5-5 Configuring NTP Associations 5-6 Configuring NTP Broadcast Service 5-7 Configuring NTP Access Restrictions 5-8 Configuring the Source IP Address for NTP Packets 5-10 Displaying the NTP Configuration 5-11 Configuring Time and Date Manually 5-11 Setting the ...24 Configuring Unicast MAC Address Filtering 5-25 Disabling MAC Address Learning on a VLAN 5-26 Displaying Address Table Entries 5-28 Managing the ARP Table 5-28 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vi 78-17058-01
Contents Configuring NTP 5-4 Default NTP Configuration 5-4 Configuring NTP Authentication 5-5 Configuring NTP Associations 5-6 Configuring NTP Broadcast Service 5-7 Configuring NTP Access Restrictions 5-8 Configuring the Source IP Address for NTP Packets 5-10 Displaying the NTP Configuration 5-11 Configuring Time and Date Manually 5-11 Setting the ...24 Configuring Unicast MAC Address Filtering 5-25 Disabling MAC Address Learning on a VLAN 5-26 Displaying Address Table Entries 5-28 Managing the ARP Table 5-28 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide vi 78-17058-01
Software Guide
Page 7
...Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-10 Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-13 Default TACACS+ Configuration 7-13 Identifying ... for Privileged EXEC Access and Network Services 7-16 Starting TACACS+ Accounting 7-17 Displaying the TACACS+ Configuration 7-17 Controlling Switch Access with RADIUS 7-18 Understanding RADIUS 7-18 RADIUS Operation 7-19 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide ...
...Level for a Command 7-8 Changing the Default Privilege Level for Lines 7-9 Logging into and Exiting a Privilege Level 7-10 Controlling Switch Access with TACACS+ 7-10 Understanding TACACS+ 7-10 TACACS+ Operation 7-12 Configuring TACACS+ 7-13 Default TACACS+ Configuration 7-13 Identifying ... for Privileged EXEC Access and Network Services 7-16 Starting TACACS+ Accounting 7-17 Displaying the TACACS+ Configuration 7-17 Controlling Switch Access with RADIUS 7-18 Understanding RADIUS 7-18 RADIUS Operation 7-19 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide ...
Software Guide
Page 8
...Starting RADIUS Accounting 7-28 Configuring Settings for All RADIUS Servers 7-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31 Displaying the RADIUS Configuration 7-31 Controlling Switch Access with Kerberos 7-32 Understanding Kerberos 7-32 Kerberos Operation 7-34 Authenticating to a ...-Value Pairs 8-5 IEEE 802.1x Host Mode 8-6 Using IEEE 802.1x with Port Security 8-7 Using IEEE 802.1x with VLAN Assignment 8-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide viii 78-17058-01
...Starting RADIUS Accounting 7-28 Configuring Settings for All RADIUS Servers 7-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31 Displaying the RADIUS Configuration 7-31 Controlling Switch Access with Kerberos 7-32 Understanding Kerberos 7-32 Kerberos Operation 7-34 Authenticating to a ...-Value Pairs 8-5 IEEE 802.1x Host Mode 8-6 Using IEEE 802.1x with Port Security 8-7 Using IEEE 802.1x with VLAN Assignment 8-8 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide viii 78-17058-01
Software Guide
Page 9
... Macros 9-10 Configuring Ethernet Interfaces 9-11 Default Ethernet Interface Configuration 9-12 Configuring User Network and Network Node Interfaces 9-13 Configuring Interface Speed and Duplex Mode 9-14 Speed and Duplex Configuration Guidelines 9-15 Setting the Interface Speed and Duplex Parameters 9-15 Configuring IEEE 802.3x Flow Control 9-17 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide...
... Macros 9-10 Configuring Ethernet Interfaces 9-11 Default Ethernet Interface Configuration 9-12 Configuring User Network and Network Node Interfaces 9-13 Configuring Interface Speed and Duplex Mode 9-14 Speed and Duplex Configuration Guidelines 9-15 Setting the Interface Speed and Duplex Parameters 9-15 Configuring IEEE 802.3x Flow Control 9-17 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide...
Software Guide
Page 10
...-Range VLANs 11-4 VLAN Port Membership Modes 11-4 UNI VLANs 11-5 Creating and Modifying VLANs 11-6 Default Ethernet VLAN Configuration 11-7 VLAN Configuration Guidelines 11-8 Creating or Modifying an Ethernet VLAN 11-9 Assigning Static-Access Ports to a VLAN 11-10 Creating an Extended-Range VLAN with an Internal VLAN ID 11-11 Configuring... Configuring UNI VLANs 11-13 Displaying VLANs 11-14 Configuring VLAN Trunks 11-14 Trunking Overview 11-14 IEEE 802.1Q Configuration Considerations 11-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide x 78-17058-01
...-Range VLANs 11-4 VLAN Port Membership Modes 11-4 UNI VLANs 11-5 Creating and Modifying VLANs 11-6 Default Ethernet VLAN Configuration 11-7 VLAN Configuration Guidelines 11-8 Creating or Modifying an Ethernet VLAN 11-9 Assigning Static-Access Ports to a VLAN 11-10 Creating an Extended-Range VLAN with an Internal VLAN ID 11-11 Configuring... Configuring UNI VLANs 11-13 Displaying VLANs 11-14 Configuring VLAN Trunks 11-14 Trunking Overview 11-14 IEEE 802.1Q Configuration Considerations 11-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide x 78-17058-01
Software Guide
Page 11
...Reconfirmation Interval 11-27 Changing the Retry Count 11-27 Monitoring the VMPS 11-27 Troubleshooting Dynamic-Access Port VLAN Membership 11-28 VMPS Configuration Example 11-28 Configuring Private VLANs 12-1 Understanding Private ...Private VLANs and Private-VLAN Ports 12-2 IP Addressing Scheme with Private VLANs 12-4 Private VLANs across Multiple Switches 12-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5 Private VLANs and SVIs 12-5 Configuring ...12-9 Configuring and Associating VLANs in a Private VLAN 12-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xi
...Reconfirmation Interval 11-27 Changing the Retry Count 11-27 Monitoring the VMPS 11-27 Troubleshooting Dynamic-Access Port VLAN Membership 11-28 VMPS Configuration Example 11-28 Configuring Private VLANs 12-1 Understanding Private ...Private VLANs and Private-VLAN Ports 12-2 IP Addressing Scheme with Private VLANs 12-4 Private VLANs across Multiple Switches 12-4 Private VLANs and Unicast, Broadcast, and Multicast Traffic 12-5 Private VLANs and SVIs 12-5 Configuring ...12-9 Configuring and Associating VLANs in a Private VLAN 12-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xi
Software Guide
Page 12
...P T E R Configuring STP 14-1 Understanding Spanning-Tree Features 14-1 STP Overview 14-2 Spanning-Tree Topology and BPDUs 14-3 Bridge ID, Switch Priority, and Extended System ID 14-4 Spanning-Tree Interface States 14-4 Blocking State 14-6 Listening State 14-6 Learning State 14-6 Forwarding State ...14-7 Disabled State 14-7 How a Switch or Port Becomes the Root Switch or Root Port 14-7 Spanning Tree and Redundant Connectivity 14-8 Spanning-Tree Address Management 14-8 Accelerated Aging to Retain Connectivity 14-9 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xii 78-17058-01
...P T E R Configuring STP 14-1 Understanding Spanning-Tree Features 14-1 STP Overview 14-2 Spanning-Tree Topology and BPDUs 14-3 Bridge ID, Switch Priority, and Extended System ID 14-4 Spanning-Tree Interface States 14-4 Blocking State 14-6 Listening State 14-6 Learning State 14-6 Forwarding State ...14-7 Disabled State 14-7 How a Switch or Port Becomes the Root Switch or Root Port 14-7 Spanning Tree and Redundant Connectivity 14-8 Spanning-Tree Address Management 14-8 Accelerated Aging to Retain Connectivity 14-9 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xii 78-17058-01
Software Guide
Page 13
...-12 Changing the Spanning-Tree Mode. 14-13 Disabling Spanning Tree 14-14 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-16 Configuring Port Priority 14-16 Configuring Path Cost 14-18 Configuring the Switch Priority of a VLAN 14-19 Configuring Spanning-Tree Timers 14-20 Configuring the Hello Time... Unit Format and Processing 15-9 Processing Superior BPDU Information 15-10 Processing Inferior BPDU Information 15-10 Topology Changes 15-10 Contents 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiii
...-12 Changing the Spanning-Tree Mode. 14-13 Disabling Spanning Tree 14-14 Configuring the Root Switch 14-14 Configuring a Secondary Root Switch 14-16 Configuring Port Priority 14-16 Configuring Path Cost 14-18 Configuring the Switch Priority of a VLAN 14-19 Configuring Spanning-Tree Timers 14-20 Configuring the Hello Time... Unit Format and Processing 15-9 Processing Superior BPDU Information 15-10 Processing Inferior BPDU Information 15-10 Topology Changes 15-10 Contents 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiii
Software Guide
Page 14
... Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority 15-19 Configuring the Hello Time 15-19 Configuring the Forwarding-Delay Time 15... Guard 16-6 Enabling BPDU Filtering 16-7 Enabling EtherChannel Guard 16-8 Enabling Root Guard 16-9 Enabling Loop Guard 16-9 Displaying the Spanning-Tree Status 16-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiv 78-17058-01
... Guidelines 15-12 Specifying the MST Region Configuration and Enabling MSTP 15-13 Configuring the Root Switch 15-14 Configuring a Secondary Root Switch 15-16 Configuring Port Priority 15-17 Configuring Path Cost 15-18 Configuring the Switch Priority 15-19 Configuring the Hello Time 15-19 Configuring the Forwarding-Delay Time 15... Guard 16-6 Enabling BPDU Filtering 16-7 Enabling EtherChannel Guard 16-8 Enabling Root Guard 16-9 Enabling Loop Guard 16-9 Displaying the Spanning-Tree Status 16-10 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xiv 78-17058-01
Software Guide
Page 16
... Flooding During a TCN Event 20-12 Configuring the IGMP Snooping Querier 20-13 Disabling IGMP Report Suppression 20-14 Displaying IGMP Snooping Information 20-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvi 78-17058-01
... Flooding During a TCN Event 20-12 Configuring the IGMP Snooping Querier 20-13 Disabling IGMP Report Suppression 20-14 Displaying IGMP Snooping Information 20-15 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvi 78-17058-01
Software Guide
Page 17
... and Configuring Port Security 21-11 Enabling and Configuring Port Security Aging 21-15 Displaying Port-Based Traffic Control Settings 21-17 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvii
... and Configuring Port Security 21-11 Enabling and Configuring Port Security Aging 21-15 Displaying Port-Based Traffic Control Settings 21-17 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xvii
Software Guide
Page 18
... 24-7 RSPAN VLAN 24-8 SPAN and RSPAN Interaction with Other Features 24-8 Configuring SPAN and RSPAN 24-9 Default SPAN and RSPAN Configuration 24-10 xviii Cisco ME 3400 Ethernet Access Switch Software Configuration Guide 78-17058-01
... 24-7 RSPAN VLAN 24-8 SPAN and RSPAN Interaction with Other Features 24-8 Configuring SPAN and RSPAN 24-9 Default SPAN and RSPAN Configuration 24-10 xviii Cisco ME 3400 Ethernet Access Switch Software Configuration Guide 78-17058-01
Software Guide
Page 19
...RMON 25-1 Configuring RMON 25-2 Default RMON Configuration 25-3 Configuring RMON Alarms and Events 25-3 Collecting Group History Statistics on an Interface 25-5 Collecting Group Ethernet Statistics on an Interface 25-6 Displaying RMON Status 25-6 Configuring System Message Logging 26-1 Understanding System Message Logging 26-1 Configuring System Message Logging 26-2 System... Servers 26-10 Logging Messages to a UNIX Syslog Daemon 26-10 Configuring the UNIX System Logging Facility 26-11 Displaying the Logging Configuration 26-12 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xix
...RMON 25-1 Configuring RMON 25-2 Default RMON Configuration 25-3 Configuring RMON Alarms and Events 25-3 Collecting Group History Statistics on an Interface 25-5 Collecting Group Ethernet Statistics on an Interface 25-6 Displaying RMON Status 25-6 Configuring System Message Logging 26-1 Understanding System Message Logging 26-1 Configuring System Message Logging 26-2 System... Servers 26-10 Logging Messages to a UNIX Syslog Daemon 26-10 Configuring the UNIX System Logging Facility 26-11 Displaying the Logging Configuration 26-12 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xix
Software Guide
Page 20
...27-1 SNMP Versions 27-2 SNMP Manager Functions 27-3 SNMP Agent Functions 27-4 SNMP Community Strings 27-4 Using SNMP to Access MIB Variables 27-4 SNMP Notifications 27-5 SNMP ifIndex MIB Object Values 27-5 Configuring SNMP 27-6 Default SNMP Configuration 27-6 ... and Unfragmented Traffic 28-5 Configuring IPv4 ACLs 28-6 Creating Standard and Extended IPv4 ACLs 28-7 IPv4 Access List Numbers 28-8 ACL Logging 28-8 Creating a Numbered Standard ACL 28-9 Creating a Numbered Extended ACL... to a Terminal Line 28-18 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xx 78-17058-01
...27-1 SNMP Versions 27-2 SNMP Manager Functions 27-3 SNMP Agent Functions 27-4 SNMP Community Strings 27-4 Using SNMP to Access MIB Variables 27-4 SNMP Notifications 27-5 SNMP ifIndex MIB Object Values 27-5 Configuring SNMP 27-6 Default SNMP Configuration 27-6 ... and Unfragmented Traffic 28-5 Configuring IPv4 ACLs 28-6 Creating Standard and Extended IPv4 ACLs 28-7 IPv4 Access List Numbers 28-8 ACL Logging 28-8 Creating a Numbered Standard ACL 28-9 Creating a Numbered Extended ACL... to a Terminal Line 28-18 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xx 78-17058-01
Software Guide
Page 21
...VLAN Map to a VLAN 28-33 Using VLAN Maps in Your Network 28-34 Wiring Closet Configuration 28-34 Denying Access to a Server on Another VLAN 28-35 Using VLAN Maps with Router ACLs 28-36 VLAN Maps and Router ACL... Configuration Guidelines 28-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 28-37 ACLs and Switched Packets 28-37 ACLs and Routed Packets 28-38 ACLs and Multicast Packets 28-39 Displaying IPv4 ACL Configuration ...Input and Output Policies 30-4 Input Policy Maps 30-4 Output Policy Maps 30-5 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xxi
...VLAN Map to a VLAN 28-33 Using VLAN Maps in Your Network 28-34 Wiring Closet Configuration 28-34 Denying Access to a Server on Another VLAN 28-35 Using VLAN Maps with Router ACLs 28-36 VLAN Maps and Router ACL... Configuration Guidelines 28-36 Examples of Router ACLs and VLAN Maps Applied to VLANs 28-37 ACLs and Switched Packets 28-37 ACLs and Routed Packets 28-38 ACLs and Multicast Packets 28-39 Displaying IPv4 ACL Configuration ...Input and Output Policies 30-4 Input Policy Maps 30-4 Output Policy Maps 30-5 78-17058-01 Cisco ME 3400 Ethernet Access Switch Software Configuration Guide xxi