Software Guide
Page 23
...to configure the Switched Port Analyzer (SPAN) Chapter 40 Configuring NetFlow Statistics Describes how to configure NetFlow statistics Collection gathering Appendix A Acronyms Defines acronyms used in this book Related Documentation The following publications are available for the Catalyst 4500 series switches: • Catalyst 4000 Series Switch Installation Guide • Catalyst 4500 Series Switch Installation Guide • Catalyst 4500 Series Switch Module Installation Guide • Catalyst 4500 Series Switch Cisco IOS Command Reference • Catalyst 4500 Series Switch Cisco IOS...
...to configure the Switched Port Analyzer (SPAN) Chapter 40 Configuring NetFlow Statistics Describes how to configure NetFlow statistics Collection gathering Appendix A Acronyms Defines acronyms used in this book Related Documentation The following publications are available for the Catalyst 4500 series switches: • Catalyst 4000 Series Switch Installation Guide • Catalyst 4500 Series Switch Installation Guide • Catalyst 4500 Series Switch Module Installation Guide • Catalyst 4500 Series Switch Cisco IOS Command Reference • Catalyst 4500 Series Switch Cisco IOS...
Software Guide
Page 24
... such as passwords are in a screen display means hold down the Control key while you press the D key. Command arguments for which you supply values are in screen font. Notes use quotation marks around the string because the string will include the quotation marks. Conventions Preface - Cisco IOS IP Configuration Guide - Command elements in italics. Alternative keywords in command lines are optional. A nonquoted set of...
... such as passwords are in a screen display means hold down the Control key while you press the D key. Command arguments for which you supply values are in screen font. Notes use quotation marks around the string because the string will include the quotation marks. Conventions Preface - Cisco IOS IP Configuration Guide - Command elements in italics. Alternative keywords in command lines are optional. A nonquoted set of...
Software Guide
Page 40
... type of management information between network devices. SNMP-A full Internet standard - Allow incoming traffic on a crypto image, like cat4000-i5k91s-mz) - SNMP v3-Security framework with three levels: noAuthNoPriv, authNoPriv, and authPriv (available only on SPAN destination ports to log into another . The Catalyst 4500 series switch supports these SNMP types and enhancements: - Management and Security Features Chapter 1 Product Overview • Local Authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control...
... type of management information between network devices. SNMP-A full Internet standard - Allow incoming traffic on a crypto image, like cat4000-i5k91s-mz) - SNMP v3-Security framework with three levels: noAuthNoPriv, authNoPriv, and authPriv (available only on SPAN destination ports to log into another . The Catalyst 4500 series switch supports these SNMP types and enhancements: - Management and Security Features Chapter 1 Product Overview • Local Authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access Control...
Software Guide
Page 47
... Fast Ethernet interface with Telnet. The privileged command set operating parameters. From user EXEC mode, enter the enable command and the enable password (if a password has been configured). Chapter 2 Command-Line Interfaces Getting a List of commands that affect From privileged EXEC mode, the system as a whole, such as the configure command. Use the configure command to privileged EXEC mode, press Ctrl-Z. command. Do not include a space before the question mark. Switch> Privileged EXEC (enable) To set includes the commands in . The Cisco IOS command...
... Fast Ethernet interface with Telnet. The privileged command set operating parameters. From user EXEC mode, enter the enable command and the enable password (if a password has been configured). Chapter 2 Command-Line Interfaces Getting a List of commands that affect From privileged EXEC mode, the system as a whole, such as the configure command. Use the configure command to privileged EXEC mode, press Ctrl-Z. command. Do not include a space before the question mark. Switch> Privileged EXEC (enable) To set includes the commands in . The Cisco IOS command...
Software Guide
Page 57
... configuration modes, enter changes to enter interface configuration mode: Switch(config)# interface fastethernet 5/1 Switch(config-if)# In either of the configuration commands, enter ? Checking the Running Configuration Settings To verify the configuration settings you entered or the changes you will change to the enable prompt (#): Switch# At the enable prompt (#), enter the configure terminal command to exit configuration mode. version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! at the enable prompt (#), as enable mode...
... configuration modes, enter changes to enter interface configuration mode: Switch(config)# interface fastethernet 5/1 Switch(config-if)# In either of the configuration commands, enter ? Checking the Running Configuration Settings To verify the configuration settings you entered or the changes you will change to the enable prompt (#): Switch# At the enable prompt (#), enter the configure terminal command to exit configuration mode. version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! at the enable prompt (#), as enable mode...
Software Guide
Page 64
... configure additional levels of the switch after having lost encrypted password (that password to fewer users. Configuring Multiple Privilege Levels By default, Cisco IOS software has two modes of network security. Caution The service password-encryption command does not provide a high level of password security: user EXEC mode and privileged EXEC mode. Although you can regain control of security: • Setting the Privilege Level for a Command, page 3-16 • Changing the Default Privilege Level for Lines, page 3-17 • Logging...
... configure additional levels of the switch after having lost encrypted password (that password to fewer users. Configuring Multiple Privilege Levels By default, Cisco IOS software has two modes of network security. Caution The service password-encryption command does not provide a high level of password security: user EXEC mode and privileged EXEC mode. Although you can regain control of security: • Setting the Privilege Level for a Command, page 3-16 • Changing the Default Privilege Level for Lines, page 3-17 • Logging...
Software Guide
Page 199
... which the frame is calculated for each VLAN. OL-6696-01 Software Configuration Guide-Release 12.2(25)EW 14-3 For chassis with 1024 MAC addresses. Enter the show module command to view the MAC address range on the path cost. • A designated bridge for the hello, forward delay, and max-age protocol timers When a switch transmits a BPDU frame, all switches connected to the LAN on which frames are selected. When...
... which the frame is calculated for each VLAN. OL-6696-01 Software Configuration Guide-Release 12.2(25)EW 14-3 For chassis with 1024 MAC addresses. Enter the show module command to view the MAC address range on the path cost. • A designated bridge for the hello, forward delay, and max-age protocol timers When a switch transmits a BPDU frame, all switches connected to the LAN on which frames are selected. When...
Software Guide
Page 253
... support IEEE 802.3ad LACP EtherChannels. Because ports configured in the on Mode that places a LAN port into a passive negotiating state, in which the port responds to channel unconditionally. OL-6696-01 Software Configuration Guide-Release 12.2(25)EW 17-3 Chapter 17 Understanding and Configuring EtherChannel Overview of EtherChannels by exchanging LACP packets between LAN ports. Once PAgP identifies correctly matched Ethernet links, it facilitates grouping the links...
... support IEEE 802.3ad LACP EtherChannels. Because ports configured in the on Mode that places a LAN port into a passive negotiating state, in which the port responds to channel unconditionally. OL-6696-01 Software Configuration Guide-Release 12.2(25)EW 17-3 Chapter 17 Understanding and Configuring EtherChannel Overview of EtherChannels by exchanging LACP packets between LAN ports. Once PAgP identifies correctly matched Ethernet links, it facilitates grouping the links...
Software Guide
Page 263
... addresses (Default) • src-port-Source Layer 4 port • dst-port-Destination Layer 4 port • src-dst-port-Source and destination Layer 4 port This example shows how to configure EtherChannel to use source and destination IP addresses: Switch# configure terminal Switch(config)# port-channel load-balance dst-mac Switch(config)# end Switch(config)# This example shows how to remove Fast Ethernet interfaces 5/4 and 5/5 from port-channel 1: Switch# configure terminal Switch(config)# interface range fastethernet 5/4 - 5 (Note: Space is mandatory.) Switch(config-if)# no channel-group...
... addresses (Default) • src-port-Source Layer 4 port • dst-port-Destination Layer 4 port • src-dst-port-Source and destination Layer 4 port This example shows how to configure EtherChannel to use source and destination IP addresses: Switch# configure terminal Switch(config)# port-channel load-balance dst-mac Switch(config)# end Switch(config)# This example shows how to remove Fast Ethernet interfaces 5/4 and 5/5 from port-channel 1: Switch# configure terminal Switch(config)# interface range fastethernet 5/4 - 5 (Note: Space is mandatory.) Switch(config-if)# no channel-group...
Software Guide
Page 266
... configure interfaces to dynamically forward multicast traffic only to deploy SSM functionality on ports with the exception of 224.0.0.22, which map to the multicast MAC address range 0100.5E00.0001 to 0100.5E00.00FF, are flooded to reject traffic from a host, it sends out an IGMP group-specific query to leave a multicast group, it can contain both user-defined and IGMP snooping settings. The switch then updates the table...
... configure interfaces to dynamically forward multicast traffic only to deploy SSM functionality on ports with the exception of 224.0.0.22, which map to the multicast MAC address range 0100.5E00.0001 to 0100.5E00.00FF, are flooded to reject traffic from a host, it sends out an IGMP group-specific query to leave a multicast group, it can contain both user-defined and IGMP snooping settings. The switch then updates the table...
Software Guide
Page 337
... MFIB table can also have one or more optional flags associated with the Forwarding (F) flag. A Forwarding interface is known in multicast routing as the multicast "olist" or output interface list. • Signalling (S)-set on an interface when some multicast routing protocol process in IOS needs to be notified of packets arriving on VLAN 1 should be fast switched by the Integrated Switching Engine hardware. For example, Catalyst 4500 series switch tunnel interfaces are not hardware switched, so...
... MFIB table can also have one or more optional flags associated with the Forwarding (F) flag. A Forwarding interface is known in multicast routing as the multicast "olist" or output interface list. • Signalling (S)-set on an interface when some multicast routing protocol process in IOS needs to be notified of packets arriving on VLAN 1 should be fast switched by the Integrated Switching Engine hardware. For example, Catalyst 4500 series switch tunnel interfaces are not hardware switched, so...
Software Guide
Page 339
... its multicast routing table and how the Layer 3 switch or router forwards multicast packets it receives from its directly connected LANs. Enabling PIM on an Interface Enabling PIM on an interface also enables IGMP operation on an interface, all forwarding switchports in the routing table even if IP multicast routing is disabled, IP multicast traffic data packets are forwarded by the Catalyst 4500 series switch. You must enable PIM in dense mode, sparse mode, or sparse-dense mode. Table 25-1 Default IP Multicast Configuration Feature Rate...
... its multicast routing table and how the Layer 3 switch or router forwards multicast packets it receives from its directly connected LANs. Enabling PIM on an Interface Enabling PIM on an interface also enables IGMP operation on an interface, all forwarding switchports in the routing table even if IP multicast routing is disabled, IP multicast traffic data packets are forwarded by the Catalyst 4500 series switch. You must enable PIM in dense mode, sparse mode, or sparse-dense mode. Table 25-1 Default IP Multicast Configuration Feature Rate...
Software Guide
Page 441
... Authentication How to trunk, the port mode is not changed . - Use the no other authentication methods are exhausted. Dynamic ports-A port in dynamic mode can refer to enable 802.1X on an active port in the method list to configure the switch for information on page 16. If you try to the Cisco IOS security documentation. Alternatively, you must first remove it is not supported on the following Cisco IOS security documentation for all...
... Authentication How to trunk, the port mode is not changed . - Use the no other authentication methods are exhausted. Dynamic ports-A port in dynamic mode can refer to enable 802.1X on an active port in the method list to configure the switch for information on page 16. If you try to the Cisco IOS security documentation. Alternatively, you must first remove it is not supported on the following Cisco IOS security documentation for all...
Software Guide
Page 455
... mode to clear a secure MAC addresses. This example shows how to set the maximum number of secure MAC addresses, use the no switchport port-security maximum value. • To delete a MAC address from the address table, use the no switchport port-security mac-address sticky command. The address keyword enables you to clear all the sticky addresses on Fast Ethernet port 12 and how to enable port security on an interface or a VLAN, use the no secure MAC addresses are configured. Switch(config)# interface fastethernet 5/1 Switch(config-if)# switchport mode access Switch(config...
... mode to clear a secure MAC addresses. This example shows how to set the maximum number of secure MAC addresses, use the no switchport port-security maximum value. • To delete a MAC address from the address table, use the no switchport port-security mac-address sticky command. The address keyword enables you to clear all the sticky addresses on Fast Ethernet port 12 and how to enable port security on an interface or a VLAN, use the no secure MAC addresses are configured. Switch(config)# interface fastethernet 5/1 Switch(config-if)# switchport mode access Switch(config...
Software Guide
Page 469
... changed when a new IP source entry binding is created or deleted on a trunk port with a source IP address that have DHCP snooping enabled, you might be removed from within the network. Instead, the DHCP server reply is permitted. IP Source Guard supports the Layer 2 port only, including both access and trunk. Without option 82 data, the switch cannot locate the client host port to disable DHCP snooping. OL-6696-01 Software Configuration Guide...
... changed when a new IP source entry binding is created or deleted on a trunk port with a source IP address that have DHCP snooping enabled, you might be removed from within the network. Instead, the DHCP server reply is permitted. IP Source Guard supports the Layer 2 port only, including both access and trunk. Without option 82 data, the switch cannot locate the client host port to disable DHCP snooping. OL-6696-01 Software Configuration Guide...
Software Guide
Page 494
... packet, and no direction. Step 4 Use the vlan filter global configuration command to apply a VLAN map to all other types of the entries within a VLAN. If a match clause is not specified, the action is forwarded. To filter traffic in the VLAN map, the default action is applied. In access map configuration mode, you want to apply to create and display an access list named mac1, denying only EtherType DECnet...
... packet, and no direction. Step 4 Use the vlan filter global configuration command to apply a VLAN map to all other types of the entries within a VLAN. If a match clause is not specified, the action is forwarded. To filter traffic in the VLAN map, the default action is applied. In access map configuration mode, you want to apply to create and display an access list named mac1, denying only EtherType DECnet...
Software Guide
Page 588
...-2 D default configuration 802.1X 31-12 auto-QoS 29-16 IGMP filtering 18-17 Layer 2 protocol tunneling 19-9 multi-VRF CE 28-3 SPAN and RSPAN 39-6 default gateway configuring 3-11 verifying configuration 3-11 default ports and support for 802.1X authentication 31-13 description command 4-9 detecting unidirectional links 21-1 DHCP-based autoconfiguration client request message exchange 3-3 configuring client side 3-2 DNS 3-5 relay device 3-5 server-side 3-3 TFTP server 3-4 example 3-7 lease options for IP address information 3-4 for receiving the configuration file...
...-2 D default configuration 802.1X 31-12 auto-QoS 29-16 IGMP filtering 18-17 Layer 2 protocol tunneling 19-9 multi-VRF CE 28-3 SPAN and RSPAN 39-6 default gateway configuring 3-11 verifying configuration 3-11 default ports and support for 802.1X authentication 31-13 description command 4-9 detecting unidirectional links 21-1 DHCP-based autoconfiguration client request message exchange 3-3 configuring client side 3-2 DNS 3-5 relay device 3-5 server-side 3-3 TFTP server 3-4 example 3-7 lease options for IP address information 3-4 for receiving the configuration file...
Command Reference
Page 105
... | modechange | pruningcfgchange | statechange} no form of this command was introduced on Switch# Related Commands undebug sw-vlan notification (same as no default settings. Enables VLAN manager notification of changes to pruning configuration. Enables VLAN manager notification of interface state changes. Enables VLAN manager notification of interface mode changes. Chapter2 Cisco IOS Commands for this command. To disable debugging output, use the no debug sw-vlan notification {accfwdchange | allowedvlancfgchange | fwdchange | linkchange | modechange | pruningcfgchange...
... | modechange | pruningcfgchange | statechange} no form of this command was introduced on Switch# Related Commands undebug sw-vlan notification (same as no default settings. Enables VLAN manager notification of changes to pruning configuration. Enables VLAN manager notification of interface state changes. Enables VLAN manager notification of interface mode changes. Chapter2 Cisco IOS Commands for this command. To disable debugging output, use the no debug sw-vlan notification {accfwdchange | allowedvlancfgchange | fwdchange | linkchange | modechange | pruningcfgchange...
Command Reference
Page 497
... not have set the aging time to the IP phone, you set the maximum allowed secure addresses on the Catalyst 4500 series switch. If you enable port security on a voice VLAN port and if there is a PC connected to a value other than 1. Usage Guidelines After you try to change an 802.1X-enabled port to access the interface. When a secure port is in the address table and a station that port. 78-16201-01 Catalyst4500 Series SwitchCiscoIOS Command Reference-Release...
... not have set the aging time to the IP phone, you set the maximum allowed secure addresses on the Catalyst 4500 series switch. If you enable port security on a voice VLAN port and if there is a PC connected to a value other than 1. Usage Guidelines After you try to change an 802.1X-enabled port to access the interface. When a secure port is in the address table and a station that port. 78-16201-01 Catalyst4500 Series SwitchCiscoIOS Command Reference-Release...
Command Reference
Page 554
... status 2-281 displaying traffic for a specific interface 2-274 executing a command on multiple ports in a range 2-108 setting a CoS value for Layer 2 packets 2-158 setting drop threshold for Layer 2 packets 2-159 setting the interface type 2-462 interface speed configuring interface speed 2-451 interface transceiver displaying diagnostic data 2-288 internal VLAN allocation configuring 2-503 default setting 2-503 displaying allocation information 2-403 Internet Group Management Protocol See IGMP IP ARP applying ARP ACL to VLAN 2-111 clearing inspection statistics 2-27 clearing status of log...
... status 2-281 displaying traffic for a specific interface 2-274 executing a command on multiple ports in a range 2-108 setting a CoS value for Layer 2 packets 2-158 setting drop threshold for Layer 2 packets 2-159 setting the interface type 2-462 interface speed configuring interface speed 2-451 interface transceiver displaying diagnostic data 2-288 internal VLAN allocation configuring 2-503 default setting 2-503 displaying allocation information 2-403 Internet Group Management Protocol See IGMP IP ARP applying ARP ACL to VLAN 2-111 clearing inspection statistics 2-27 clearing status of log...