Software Guide
Page 11
...Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on ...Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported Features 27 Configuring...
...Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on ...Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported Features 27 Configuring...
Software Guide
Page 195
... transparent mode, the VLAN is deleted only on the current switch. • You can delete a single VLAN or a range of a Private VLAN Port, page 11-21 • Deleting a Private VLAN, page 11-22 • Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting... 11 Configuring VLANs Deleting a VLAN Deleting a VLAN Follow these guidelines for deleting VLANs: • When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from all switches in the VTP domain. • When you delete a normal-range VLAN in privileged mode: Task Delete ...
... transparent mode, the VLAN is deleted only on the current switch. • You can delete a single VLAN or a range of a Private VLAN Port, page 11-21 • Deleting a Private VLAN, page 11-22 • Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting... 11 Configuring VLANs Deleting a VLAN Deleting a VLAN Follow these guidelines for deleting VLANs: • When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from all switches in the VTP domain. • When you delete a normal-range VLAN in privileged mode: Task Delete ...
Software Guide
Page 196
...8226; Community ports communicate among themselves and with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from and to an isolated VLAN where this private VLAN. If you choose, you can then designate additional VLANs as ... a single isolated VLAN, and a series of community ports to communicate among themselves and to and from community ports from other private VLAN ports and is designated as VACLs to all promiscuous ports only. Note With software release 6.2(1) and later releases, you can...
...8226; Community ports communicate among themselves and with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from and to an isolated VLAN where this private VLAN. If you choose, you can then designate additional VLANs as ... a single isolated VLAN, and a series of community ports to communicate among themselves and to and from community ports from other private VLAN ports and is designated as VACLs to all promiscuous ports only. Note With software release 6.2(1) and later releases, you can...
Software Guide
Page 197
... primary VLAN, an MSFC port does not have the option of using private VLAN communities, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of the primary VLAN. - Private VLAN Configuration Guidelines Follow these results: - On an MSFC port or ...use one isolated VLAN. • You have this section, the term community VLAN is activated. • Set up all the private VLAN servers from an administration workstation. You will achieve these guidelines to end points outside the VLAN itself. With a nontrunk promiscuous port, you...
... primary VLAN, an MSFC port does not have the option of using private VLAN communities, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of the primary VLAN. - Private VLAN Configuration Guidelines Follow these results: - On an MSFC port or ...use one isolated VLAN. • You have this section, the term community VLAN is activated. • Set up all the private VLAN servers from an administration workstation. You will achieve these guidelines to end points outside the VLAN itself. With a nontrunk promiscuous port, you...
Software Guide
Page 198
...SPAN destination and another port is rejected. Configuring Private VLANs Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types and mapping propagation. • ...You can configure VLANs as primary, isolated, or community only if no access ports assigned to trunking mode, channeling, or have only one primary VLAN associated with Ports Listed by ASIC Groups Module Number WS...
...SPAN destination and another port is rejected. Configuring Private VLANs Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types and mapping propagation. • ...You can configure VLANs as primary, isolated, or community only if no access ports assigned to trunking mode, channeling, or have only one primary VLAN associated with Ports Listed by ASIC Groups Module Number WS...
Software Guide
Page 318
...HTTP traffic switched from Host X to Host Y would be dropped at the traffic entry point, Switch A. If you can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, page 16-27 Wiring Closet Configuration In a wiring closet configuration, Catalyst 6000 family switches ...describes some typical uses for VACLs and includes the following: • Wiring Closet Configuration, page 16-22 • Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for one more) • LOU 4 stores "range 11 13" (range needs the entire...
...HTTP traffic switched from Host X to Host Y would be dropped at the traffic entry point, Switch A. If you can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, page 16-27 Wiring Closet Configuration In a wiring closet configuration, Catalyst 6000 family switches ...describes some typical uses for VACLs and includes the following: • Wiring Closet Configuration, page 16-22 • Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for one more) • LOU 4 stores "range 11 13" (range needs the entire...
Software Guide
Page 322
..., ACLs can be applied as follows: • You can map VACLs to secondary VLANs or primary VLANs. • Cisco IOS ACLs that the ACL is only available with Supervisor Engine 2 with PFC Subnet 10.1.2.0/24 Host (VLAN 20) 26963 Restricting ARP Traffic Note This feature is mapped to. When ... VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC2. ARP traffic is permitted on a primary VLAN only and the ACL would then be either community VLANs or isolated VLANs. Configuring ACLs on Private VLANs Private VLANs allow ARP ...
..., ACLs can be applied as follows: • You can map VACLs to secondary VLANs or primary VLANs. • Cisco IOS ACLs that the ACL is only available with Supervisor Engine 2 with PFC Subnet 10.1.2.0/24 Host (VLAN 20) 26963 Restricting ARP Traffic Note This feature is mapped to. When ... VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC2. ARP traffic is permitted on a primary VLAN only and the ACL would then be either community VLANs or isolated VLANs. Configuring ACLs on Private VLANs Private VLANs allow ARP ...
Software Guide
Page 441
... 21-35 • Enabling Credentials Forwarding, page 21-36 • Disabling Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 Configuring a ... 6.4 21-31 Additionally, we recommend that NTP is created: /usr/local/sbin/kdb5_util create -r CISCO.EDU -s Add the switch to a place where the switch can enter the switch in the Kerberos server's key table, you need to create a database for the switch as follows: ank user1/admin...
... 21-35 • Enabling Credentials Forwarding, page 21-36 • Disabling Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 Configuring a ... 6.4 21-31 Additionally, we recommend that NTP is created: /usr/local/sbin/kdb5_util create -r CISCO.EDU -s Add the switch to a place where the switch can enter the switch in the Kerberos server's key table, you need to create a database for the switch as follows: ank user1/admin...
Software Guide
Page 448
Configuring Authentication Chapter 21 Configuring Switch Access Using AAA Defining and Clearing a Private DES Key You can define a private DES key for the duration of the Telnet session. To define a DES key, perform this task in privileged mode...the authentication method that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled Kerberos Pre ...
Configuring Authentication Chapter 21 Configuring Switch Access Using AAA Defining and Clearing a Private DES Key You can define a private DES key for the duration of the Telnet session. To define a DES key, perform this task in privileged mode...the authentication method that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled Kerberos Pre ...
Software Guide
Page 582
... pruning privatevlan qos radius rsvp security snmp spantree sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet ...Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality ...
... pruning privatevlan qos radius rsvp security snmp spantree sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet ...Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality ...
Software Guide
Page 877
...MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview 4 applying on bridged ... guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 ...
...MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview 4 applying on bridged ... guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 ...
Software Guide
Page 878
...VLAN Access Control Lists See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default configuration 4 deleting ...VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol filtering and 1 reserved range 2 sc0 (in-band) interface assignment 2 Token Ring ...trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager 4 IN-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02
...VLAN Access Control Lists See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default configuration 4 deleting ...VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol filtering and 1 reserved range 2 sc0 (in-band) interface assignment 2 Token Ring ...trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager 4 IN-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02