User Guide
Page 27
...manner to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet Switch (config)# access-list 102 deny tcp any any ...Note In the first and second ACEs in a fragmented IP packet. If this packet is present. 16-
...manner to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet Switch (config)# access-list 102 deny tcp any any ...Note In the first and second ACEs in a fragmented IP packet. If this packet is present. 16-
User Guide
Page 28
...the third ACE (a deny). IP source address (Specify all fragments shows that ACE does not check any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 Feature Overview 16- The remaining fragments in the packet do not contain the SMTP port information because the first ACE only checks...be classified on any interface: Switch (config-ext-nacl)# permit tcp any any Switch (config-ext-nacl)# deny tcp any any Switch (config-ext-nacl)# permit udp any any Switch (config-ext-nacl)# deny udp any any Switch (config-ext-nacl)# permit ip any any Switch (config-ext-nacl)# deny ip any any ...
...the third ACE (a deny). IP source address (Specify all fragments shows that ACE does not check any Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 28 Feature Overview 16- The remaining fragments in the packet do not contain the SMTP port information because the first ACE only checks...be classified on any interface: Switch (config-ext-nacl)# permit tcp any any Switch (config-ext-nacl)# deny tcp any any Switch (config-ext-nacl)# permit udp any any Switch (config-ext-nacl)# deny udp any any Switch (config-ext-nacl)# permit ip any any Switch (config-ext-nacl)# deny ip any any ...
User Guide
Page 29
16- However, there are significant restrictions as well as differences for security 4 and QoS allowed on a switch Quality of Service Quality of the ACL restrictions on... an ACL: Switch (config)#ip access-list extended acl2 Switch (config-ext-nacl)# permit tcp 10.1.1.1 0.0.0.0 any eq 80 Switch (config-ext-nacl)# permit tcp 20.1.1.1 0.0.0.0 any number of service (QoS) but you ... ACLs as permit ip 10.1.1.1 any assurance of 23. You can be defined for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), ...
16- However, there are significant restrictions as well as differences for security 4 and QoS allowed on a switch Quality of Service Quality of the ACL restrictions on... an ACL: Switch (config)#ip access-list extended acl2 Switch (config-ext-nacl)# permit tcp 10.1.1.1 0.0.0.0 any eq 80 Switch (config-ext-nacl)# permit tcp 20.1.1.1 0.0.0.0 any number of service (QoS) but you ... ACLs as permit ip 10.1.1.1 any assurance of 23. You can be defined for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), ...
User Guide
Page 47
...range fastethernet 1-5 is valid; interface}[, {{ethernet | fastethernet | macro macro-name} slot/interface - Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 47 For example, the command interface range fastethernet...: Step 1 Command Purpose Router(config)# interface range {vlan vlan-id vlan-id} | {{ethernet | fastethernet | macro macro-name} slot/interface - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks •... To configure a range of interfaces to enter spaces before the dash is required. 16-
...range fastethernet 1-5 is valid; interface}[, {{ethernet | fastethernet | macro macro-name} slot/interface - Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 47 For example, the command interface range fastethernet...: Step 1 Command Purpose Router(config)# interface range {vlan vlan-id vlan-id} | {{ethernet | fastethernet | macro macro-name} slot/interface - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks •... To configure a range of interfaces to enter spaces before the dash is required. 16-
User Guide
Page 48
... Series, Cisco 3600 Series, and Cisco 3700 Series Defining a Range Macro To define an interface range macro, use the auto setting on both auto-negotiate. Verifying Configuration of a Range of the line need to be configured to the same setting. Configuration Tasks 16- do ...| fastethernet} slot/interface interface}] Defines the interface-range macro and save it in global configuration mode: Step 1 Command Purpose Router(config)# define interface-range macro-name {vlan vlan-id - Mismatched settings are not supported. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 48
... Series, Cisco 3600 Series, and Cisco 3700 Series Defining a Range Macro To define an interface range macro, use the auto setting on both auto-negotiate. Verifying Configuration of a Range of the line need to be configured to the same setting. Configuration Tasks 16- do ...| fastethernet} slot/interface interface}] Defines the interface-range macro and save it in global configuration mode: Step 1 Command Purpose Router(config)# define interface-range macro-name {vlan vlan-id - Mismatched settings are not supported. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 48
User Guide
Page 49
...interface 5/4: Router(config)# interface fastethernet 5/4 Router(config-if)# duplex full Verifying Interface Speed and Duplex Mode Configuration Step 1 Use the show interfaces command to verify the interface speed and duplex mode configuration for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ... Queueing strategy: fifo Output queue 0/40, 0 drops; Router(config-if)# speed [10 | 100 | auto] Sets the interface speed of autonegotiation interfaces. 16- Note If you set the duplex mode of the interface. Router(config-if)# duplex [auto | full | half] Sets the duplex...
...interface 5/4: Router(config)# interface fastethernet 5/4 Router(config-if)# duplex full Verifying Interface Speed and Duplex Mode Configuration Step 1 Use the show interfaces command to verify the interface speed and duplex mode configuration for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series ... Queueing strategy: fifo Output queue 0/40, 0 drops; Router(config-if)# speed [10 | 100 | auto] Sets the interface speed of autonegotiation interfaces. 16- Note If you set the duplex mode of the interface. Router(config-if)# duplex [auto | full | half] Sets the duplex...
User Guide
Page 50
... trunk allowed vlan {add | except | none | remove} vlan1[,vlan[,vlan[,...]] Router(config-if)# no carrier 0 output buffer failures, 0 output buffers swapped out Router# Configuring a Description for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input,... of the following commands beginning in interface configuration mode: Step 1 Command Router(config-if)# description string Purpose Adds a description for an interface. Configuration Tasks 16- To add a description for an interface, use the following commands: show ...
... trunk allowed vlan {add | except | none | remove} vlan1[,vlan[,vlan[,...]] Router(config-if)# no carrier 0 output buffer failures, 0 output buffers swapped out Router# Configuring a Description for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input,... of the following commands beginning in interface configuration mode: Step 1 Command Router(config-if)# description string Purpose Adds a description for an interface. Configuration Tasks 16- To add a description for an interface, use the following commands: show ...
User Guide
Page 51
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Verifying an Ethernet Interface as a Layer 2...Level: 100 Multicast Suppression Level: 100 Unicast Suppression Level: 100 Voice VLAN: none Appliance trust: none Router# show running-config interface fastethernet 5/8 Building configuration... interface FastEthernet5/8 no ip address switchport switchport trunk encapsulation dot1q end Step 2 Step 3 ...domain 1 Vlans in spanning tree forwarding state and not pruned 1 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 51...
and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Verifying an Ethernet Interface as a Layer 2...Level: 100 Multicast Suppression Level: 100 Unicast Suppression Level: 100 Voice VLAN: none Appliance trust: none Router# show running-config interface fastethernet 5/8 Building configuration... interface FastEthernet5/8 no ip address switchport switchport trunk encapsulation dot1q end Step 2 Step 3 ...domain 1 Vlans in spanning tree forwarding state and not pruned 1 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 51...
User Guide
Page 52
... for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring an Ethernet Interface as a Layer 2 Access To configure an Ethernet Interface as a Layer 2 access use the following commands beginning in global configuration mode: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Router(config)# interface {ethernet | fastethernet} slot/port Router(config-if)# shutdown Router(config-if...
... for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuring an Ethernet Interface as a Layer 2 Access To configure an Ethernet Interface as a Layer 2 access use the following commands beginning in global configuration mode: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command Router(config)# interface {ethernet | fastethernet} slot/port Router(config-if)# shutdown Router(config-if...
User Guide
Page 56
... be connected and functioning for Cisco IOS software to create port-channel interfaces for each interface: Step 1 Step 2 Step 3 Command Router(config)# interface fastethernet slot/port Router(config-if)# channel-group port-channel-number mode {on} Router(config-if)# end Purpose Selects a... when you configure Layer 2 Ethernet interfaces with the channel-group command, which creates the port-channel logical interface. Configuration Tasks 16- To configure Layer 2 Ethernet interfaces as a Layer 2 EtherChannel, use the following commands beginning in a port-channel. Configures...
... be connected and functioning for Cisco IOS software to create port-channel interfaces for each interface: Step 1 Step 2 Step 3 Command Router(config)# interface fastethernet slot/port Router(config-if)# channel-group port-channel-number mode {on} Router(config-if)# end Purpose Selects a... when you configure Layer 2 Ethernet interfaces with the channel-group command, which creates the port-channel logical interface. Configuration Tasks 16- To configure Layer 2 Ethernet interfaces as a Layer 2 EtherChannel, use the following commands beginning in a port-channel. Configures...
User Guide
Page 57
...show interfaces fastethernet 5/6 etherchannel Port state = EC-Enbld Up In-Bndl Usr-Config Channel group = 2 Mode = Desirable Port-channel = Po2 GC = 0x00020001...config interface port-channel 2 Building configuration... Quit timer is running . Device is running -config interface fastethernet 5/6 Building configuration... Switching timer is running . and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco... no ip address switchport switchport access vlan 10 switchport mode access end Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 57 A - Q...
...show interfaces fastethernet 5/6 etherchannel Port state = EC-Enbld Up In-Bndl Usr-Config Channel group = 2 Mode = Desirable Port-channel = Po2 GC = 0x00020001...config interface port-channel 2 Building configuration... Quit timer is running . Device is running -config interface fastethernet 5/6 Building configuration... Switching timer is running . and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco... no ip address switchport switchport access vlan 10 switchport mode access end Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 57 A - Q...
User Guide
Page 58
... Series Step 4 Router# show etherchannel load-balance Source XOR Destination IP address Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 58 Note For new load balancing to take affect, the EtherChannel must be first configured to ... bundled: 00h:23m:33s Fa5/6 Configuring EtherChannel Load Balancing To configure EtherChannel load balancing, use the following commands in global configuration mode: Step 1 Command Router(config)# port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip} Step 2 Router...
... Series Step 4 Router# show etherchannel load-balance Source XOR Destination IP address Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 58 Note For new load balancing to take affect, the EtherChannel must be first configured to ... bundled: 00h:23m:33s Fa5/6 Configuring EtherChannel Load Balancing To configure EtherChannel load balancing, use the following commands in global configuration mode: Step 1 Command Router(config)# port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip} Step 2 Router...
User Guide
Page 59
...-ip | dst-ip | src-dst-ip} Router(config)# end Purpose Configures EtherChannel load balancing. down P - Layer3 S - Exits configuration mode. 16- stand-alone s - Use the no interface port-channel port-channel-number Router(config)# end Verify Removing an EtherChannel Purpose Removes the port-...configuration mode: Step 1 Step 2 Command Router(config)# no keyword to return EtherChannel load balancing to the default configuration. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Removing an Interface from ...
...-ip | dst-ip | src-dst-ip} Router(config)# end Purpose Configures EtherChannel load balancing. down P - Layer3 S - Exits configuration mode. 16- stand-alone s - Use the no interface port-channel port-channel-number Router(config)# end Verify Removing an EtherChannel Purpose Removes the port-...configuration mode: Step 1 Step 2 Command Router(config)# no keyword to return EtherChannel load balancing to the default configuration. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Removing an Interface from ...
User Guide
Page 62
... Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Command Step 4 interface interface-id Step 5 dot1x port-control auto Step 6 end Step 7 show dot1x Step 8 copy running-config startup-config Purpose Enters... configure the RADIUS server parameters on the same RADIUS server are configured for the same service-for 802.1x authentication. Check the Status column in privileged EXEC mode, follow these ... enabled status means the port-control value is required. The combination of the display. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 To disable AAA, use the...
... Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Command Step 4 interface interface-id Step 5 dot1x port-control auto Step 6 end Step 7 show dot1x Step 8 copy running-config startup-config Purpose Enters... configure the RADIUS server parameters on the same RADIUS server are configured for the same service-for 802.1x authentication. Check the Status column in privileged EXEC mode, follow these ... enabled status means the port-control value is required. The combination of the display. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 To disable AAA, use the...
User Guide
Page 63
...string to configure some settings on the RADIUS server. If you want to configure the number of the string remote RADIUS server. 16- For key string, specify the authentication and encryption key used . Note Always configure the key as the last item in the... Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Command Purpose configure terminal Enters global configuration mode. If you want to individual ports. Step 3 Step 4 Step 5 end show running-config copy running on the switch. Enabling Periodic Reauthentication You can globally configure the...
...string to configure some settings on the RADIUS server. If you want to configure the number of the string remote RADIUS server. 16- For key string, specify the authentication and encryption key used . Note Always configure the key as the last item in the... Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Command Purpose configure terminal Enters global configuration mode. If you want to individual ports. Step 3 Step 4 Step 5 end show running-config copy running on the switch. Enabling Periodic Reauthentication You can globally configure the...
User Guide
Page 64
... Series, Cisco 3600 Series, and Cisco 3700 Series Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal dot1x re-authentication dot1x timeout re-authperiod seconds end show dot1x copy running -config startup-config Purpose Enters global configuration mode. The idle time is determined by default. ...-config Purpose Enters global configuration mode. Changing the Switch-to-Client Retransmission Time The client responds to privileged EXEC mode. Configuration Tasks 16- and 36-Port Ethernet Switch Module for a set period of the client might occur because the client ...
... Series, Cisco 3600 Series, and Cisco 3700 Series Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal dot1x re-authentication dot1x timeout re-authperiod seconds end show dot1x copy running -config startup-config Purpose Enters global configuration mode. The idle time is determined by default. ...-config Purpose Enters global configuration mode. Changing the Switch-to-Client Retransmission Time The client responds to privileged EXEC mode. Configuration Tasks 16- and 36-Port Ethernet Switch Module for a set period of the client might occur because the client ...
User Guide
Page 65
... file. Sets the number of times that the switch waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the amount of this... dot1x timeout tx-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. The range is 2. Setting the Switch-to-Client Frame-Retransmission ...servers. Verifies your entries. (Optional) Saves your entries in the configuration file. 16- Beginning in privileged EXEC mode, follow these steps to set the switch-to the client...
... file. Sets the number of times that the switch waits for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the amount of this... dot1x timeout tx-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. The range is 2. Setting the Switch-to-Client Frame-Retransmission ...servers. Verifies your entries. (Optional) Saves your entries in the configuration file. 16- Beginning in privileged EXEC mode, follow these steps to set the switch-to the client...
User Guide
Page 66
... file. To display the 802.1x administrative and operational status for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Enabling Multiple Hosts You can reset the 802.1x configuration... command is received), all attached clients are indirectly attached. Configuration Tasks 16- Displaying 802.1x Statistics and Status To display 802.1x statistics for all...statistics for a specific interface, use the show dot1x interface interface-id copy running -config startup-config Purpose Enters global configuration mode. Verifies your entries. (Optional) Saves your entries ...
... file. To display the 802.1x administrative and operational status for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Enabling Multiple Hosts You can reset the 802.1x configuration... command is received), all attached clients are indirectly attached. Configuration Tasks 16- Displaying 802.1x Statistics and Status To display 802.1x statistics for all...statistics for a specific interface, use the show dot1x interface interface-id copy running -config startup-config Purpose Enters global configuration mode. Verifies your entries. (Optional) Saves your entries ...
User Guide
Page 67
... 129.9. Step 1 Use the show spanning-tree vlan command to forwarding state: 1 BPDU: sent 3, received 3417 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 67 16- Exits configuration mode. To enable spanning tree on a per-VLAN basis, use the following commands in global configuration... mode: Step 1 Step 2 Command Router(config)# spanning-tree vlan vlan-id Router(config)# end Verify Spanning Tree Purpose Enables spanning tree...
... 129.9. Step 1 Use the show spanning-tree vlan command to forwarding state: 1 BPDU: sent 3, received 3417 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 67 16- Exits configuration mode. To enable spanning tree on a per-VLAN basis, use the following commands in global configuration... mode: Step 1 Step 2 Command Router(config)# spanning-tree vlan vlan-id Router(config)# end Verify Spanning Tree Purpose Enables spanning tree...
User Guide
Page 68
... 19, Port priority 100, Port Identifier 129.8. Use the no ] spanning-tree vlan vlan-id port-priority port-priority Step 4 Router(config-if)# end Verify Spanning Tree Port Priority Purpose Selects an interface to restore the defaults. Exits configuration mode. Step 1 Use the show... configuration: Router# show spanning-tree interface fastethernet 5/8 Port 264 (FastEthernet5/8) of this command to configure. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 68 Configuration Tasks 16- Configures the port priority for an interface. The port-priority value can be from 1 to 200,000...
... 19, Port priority 100, Port Identifier 129.8. Use the no ] spanning-tree vlan vlan-id port-priority port-priority Step 4 Router(config-if)# end Verify Spanning Tree Port Priority Purpose Selects an interface to restore the defaults. Exits configuration mode. Step 1 Use the show... configuration: Router# show spanning-tree interface fastethernet 5/8 Port 264 (FastEthernet5/8) of this command to configure. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 68 Configuration Tasks 16- Configures the port priority for an interface. The port-priority value can be from 1 to 200,000...