Software Guide
Page 11
...Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on ... Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported Features 27 Configuring...
...Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on ... Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported Features 27 Configuring...
Software Guide
Page 195
...switch, perform this case, the switch is deleted only on the current switch. • You can delete a single VLAN or a range of a Private VLAN Port, page 11-21 • Deleting a Private VLAN, page 11-22 • Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting...Console> (enable) This command will deactivate all ports on vlan(s) 10 All ports on normal range vlan(s) 10 will deactivate all switches in the VTP domain. • When you delete a normal-range VLAN in VTP transparent mode, the VLAN is a VTP server): Console> (enable) clear vlan 500 This ...
...switch, perform this case, the switch is deleted only on the current switch. • You can delete a single VLAN or a range of a Private VLAN Port, page 11-21 • Deleting a Private VLAN, page 11-22 • Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting...Console> (enable) This command will deactivate all ports on vlan(s) 10 All ports on normal range vlan(s) 10 will deactivate all switches in the VTP domain. • When you delete a normal-range VLAN in VTP transparent mode, the VLAN is a VTP server): Console> (enable) clear vlan 500 This ...
Software Guide
Page 196
... granted at Layer 2 from all other ports within the same private VLAN with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from the primary VLAN to the secondary VLAN when the traffic crosses the boundary of the promiscuous port. • Community ports communicate among themselves and transmit traffic to...
... granted at Layer 2 from all other ports within the same private VLAN with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from the primary VLAN to the secondary VLAN when the traffic crosses the boundary of the promiscuous port. • Community ports communicate among themselves and transmit traffic to...
Software Guide
Page 197
... require the ability to communicate with a default gateway to gain access to those of promiscuous ports). On an MSFC port or a nontrunk promiscuous port, you can assign an individual VLAN and associated IP subnet to allow all the private VLAN servers from an administration workstation. VLAN membership becomes static. - Note A two-way community VLAN can...
... require the ability to communicate with a default gateway to gain access to those of promiscuous ports). On an MSFC port or a nontrunk promiscuous port, you can assign an individual VLAN and associated IP subnet to allow all the private VLAN servers from an administration workstation. VLAN membership becomes static. - Note A two-way community VLAN can...
Software Guide
Page 198
... server mode, because VTP does not support private VLAN types and mapping propagation. • You can configure VLANs as primary, isolated, or community only if no access ports assigned to trunking mode, channeling, or have dynamic VLAN memberships, with Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports...
... server mode, because VTP does not support private VLAN types and mapping propagation. • You can configure VLANs as primary, isolated, or community only if no access ports assigned to trunking mode, channeling, or have dynamic VLAN memberships, with Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports...
Software Guide
Page 318
...; Wiring Closet Configuration, page 16-22 • Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 • Restricting ARP Traffic, page 16-26 ...• Configuring ACLs on Switch A. Traffic from Host X to Host Y, you do not want HTTP traffic switched from Host X to wiring closet Switch A and Switch C (see Figure 16-4). If you can configure a VACL on Private...
...; Wiring Closet Configuration, page 16-22 • Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 • Restricting ARP Traffic, page 16-26 ...• Configuring ACLs on Switch A. Traffic from Host X to Host Y, you do not want HTTP traffic switched from Host X to wiring closet Switch A and Switch C (see Figure 16-4). If you can configure a VACL on Private...
Software Guide
Page 322
...Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN...applied as follows: • You can map VACLs to secondary VLANs or primary VLANs. • Cisco IOS ACLs that can be applied to the router. 16-26 Catalyst 6000 Family Software Configuration Guide-...ARP traffic disallowed, enter the set security acl ip acl_name deny arp command. Configuring ACLs on Private VLANs Private VLANs allow ARP traffic on a VLAN that the ACL is only available with Supervisor Engine ...
...Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN...applied as follows: • You can map VACLs to secondary VLANs or primary VLANs. • Cisco IOS ACLs that can be applied to the router. 16-26 Catalyst 6000 Family Software Configuration Guide-...ARP traffic disallowed, enter the set security acl ip acl_name deny arp command. Configuring ACLs on Private VLANs Private VLANs allow ARP traffic on a VLAN that the ACL is only available with Supervisor Engine ...
Software Guide
Page 441
...usr/local/sbin/kdb5_util create -r CISCO.EDU -s Add the switch to configure the Kerberos server. The following example, a database called Cat6509 to the CISCO.EDU database: ank host/Cat6509.cisco.edu@CISCO.EDU Add the username as follows: ank user1@CISCO.EDU Add the administrative principals as ...• Enabling Credentials Forwarding, page 21-36 • Disabling Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 ...
...usr/local/sbin/kdb5_util create -r CISCO.EDU -s Add the switch to configure the Kerberos server. The following example, a database called Cat6509 to the CISCO.EDU database: ank host/Cat6509.cisco.edu@CISCO.EDU Add the username as follows: ank user1@CISCO.EDU Add the administrative principals as ...• Enabling Credentials Forwarding, page 21-36 • Disabling Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 ...
Software Guide
Page 448
Configuring Authentication Chapter 21 Configuring Switch Access Using AAA Defining and Clearing a Private DES Key You can choose to have all the application data packets encrypted for the duration of the Telnet ... depends on the authentication method that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled Kerberos Pre Authentication Method set...
Configuring Authentication Chapter 21 Configuring Switch Access Using AAA Defining and Clearing a Private DES Key You can choose to have all the application data packets encrypted for the duration of the Telnet ... depends on the authentication method that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled Kerberos Pre Authentication Method set...
Software Guide
Page 582
... sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality of Service Remote Access...
... sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality of Service Remote Access...
Software Guide
Page 877
...23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3... parameters 4 Layer 4 parameters 4 Layer 4 port operations 20 logging messages 40 overview 1 redirecting broadcast traffic to a specific server port figure 24 procedure 23 restricting ARP traffic 26 restricting the DHCP response for a specific server figure 25 procedure 24 storing in Flash memory 42 ...
...23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3... parameters 4 Layer 4 parameters 4 Layer 4 port operations 20 logging messages 40 overview 1 redirecting broadcast traffic to a specific server port figure 24 procedure 23 restricting ARP traffic 26 restricting the DHCP response for a specific server figure 25 procedure 24 storing in Flash memory 42 ...
Software Guide
Page 878
...based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing ...ports, assigning to 12 IP subnetworks and 2 mapping 802.1Q to ISL 10 mapping reserved to non-reserved 9 mapping VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private...port VLAN membership 10 monitoring 6 overview 1 reconfirming membership 7 troubleshooting 8 voice-over-IP network analog station gateway, 24-port FXS analog interface module 4 analog trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco...
...based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing ...ports, assigning to 12 IP subnetworks and 2 mapping 802.1Q to ISL 10 mapping reserved to non-reserved 9 mapping VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private...port VLAN membership 10 monitoring 6 overview 1 reconfirming membership 7 troubleshooting 8 voice-over-IP network analog station gateway, 24-port FXS analog interface module 4 analog trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco...