Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Configuration Guide
Text Part Number: OL-9639-06
THE SPECIFICATIONS AND INFORMATION REGA RDING THE P RODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE W ITH OUT NOT ICE. A LL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILIT Y FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRA NTY FO R THE A CCOMPA NYING PRODUCT A RE SET FORTH IN T HE INFORM ATION P ACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DO CUMENT FILES AND SOFTW ARE OF THESE SUPPL IERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM AL L WARRANTIES, EX PRESSED OR
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICUL AR PURPOSE AND NON INFRINGEMENT OR ARISIN G FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOS T PROFITS OR LOSS OR DAMAGE TO DATA ARISIN G OUT OF THE US E OR INABILI TY TO USE THIS MA NUAL, EVEN I F CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SU CH DAMA GES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are
trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You,
Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco
Cisco
Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing,
FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ
LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, P owerPanels,
ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the
WebEx
logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0807R)
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Understanding Command Modes2-1
Understanding the Help System2-3
Understanding Abbreviated Commands2-3
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
iii
Contents
Understanding no and default Forms of Commands2-4
Understanding CLI Error Messages2-4
Using Command History2-4
Changing the Command History Buffer Size2-5
Recalling Commands2-5
Disabling the Command History Feature2-5
Using Editing Features2-6
Enabling and Disabling Editing Features2-6
Editing Commands through Keystrokes2-6
Editing Command Lines that Wrap2-8
Searching and Filtering Output of show and more Commands2-8
Accessing the CLI2-9
Accessing the CLI through a Console Connection or through Telnet2-9
CHAPTER
3Assigning the Switch IP Address and Default Gateway3-1
Understanding the Boot Process3-1
Assigning Switch Information3-2
Default Switch Information3-3
Understanding DHCP-Based Autoconfiguration3-3
DHCP Client Request Process3-3
Understanding DHCP-based Autoconfiguration and Image Update3-4
DHCP Autoconfiguration3-5
DHCP Auto-Image Update3-5
Limitations and Restrictions3-5
Configuring DHCP-Based Autoconfiguration3-6
DHCP Server Configuration Guidelines3-6
Configuring the TFTP Server3-6
Configuring the DNS3-7
Configuring the Relay Device3-7
Obtaining Configuration Files3-8
Example Configuration3-9
Configuring the DHCP Auto Configuration and Image Update Features3-10
Configuring DHCP Autoconfiguration (Only Configuration File)3-11
Configuring DHCP Auto-Image Update (Configuration File and Image)3-12
Configuring the Client3-13
Manually Assigning IP Information3-14
iv
Checking and Saving the Running Configuration3-14
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Modifying the Startup Configuration3-16
Default Boot Configuration3-17
Automatically Downloading a Configuration File3-17
Specifying the Filename to Read and Write the System Configuration3-17
Booting Manually3-18
Booting a Specific Software Image3-18
Controlling Environment Variables3-19
Scheduling a Reload of the Software Image3-21
Configuring a Scheduled Reload3-21
Displaying Scheduled Reload Information3-22
Enabling Automated CNS Configuration4-6
Enabling the CNS Event Agent4-7
Enabling the Cisco IOS CNS Agent4-8
Enabling an Initial Configuration4-9
Enabling a Partial Configuration4-13
Upgrading Devices with Cisco IOS Image Agent4-14
Prerequisites for the CNS Image Agent4-14
Restrictions for the CNS Image Agent4-14
OL-9639-06
Displaying CNS Configuration4-15
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
v
Contents
CHAPTER
5Administering the Switch5-1
Managing the System Time and Date5-1
Understanding the System Clock 5-2
Understanding Network Time Protocol5-2
Configuring NTP5-4
Default NTP Configuration5-4
Configuring NTP Authentication5-4
Configuring NTP Associations5-5
Configuring NTP Broadcast Service5-6
Configuring NTP Access Restrictions5-8
Configuring the Source IP Address for NTP Packets5-10
Displaying the NTP Configuration5-11
Configuring Time and Date Manually5-11
Setting the System Clock5-11
Displaying the Time and Date Configuration5-12
Configuring the Time Zone 5-12
Configuring Summer Time (Daylight Saving Time)5-13
Configuring a System Name and Prompt5-14
Default System Name and Prompt Configuration5-15
Configuring a System Name5-15
Understanding DNS5-15
Default DNS Configuration5-16
Setting Up DNS5-16
Displaying the DNS Configuration5-17
vi
Creating a Banner5-17
Default Banner Configuration5-17
Configuring a Message-of-the-Day Login Banner5-18
Configuring a Login Banner5-19
Suppressing the Power-Supply Alarm on an ME 3400G-12CS Switch5-19
Managing the MAC Address Table5-20
Building the Address Table5-21
MAC Addresses and VLANs5-21
Default MAC Address Table Configuration5-22
Changing the Address Aging Time5-22
Removing Dynamic Address Entries5-23
Configuring MAC Address Notification Traps5-23
Adding and Removing Static Address Entries5-25
Configuring Unicast MAC Address Filtering5-26
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Disabling MAC Address Learning on a VLAN5-27
Displaying Address Table Entries5-28
Managing the ARP Table5-29
Contents
CHAPTER
CHAPTER
6Configuring SDM Templates6-1
Understanding the SDM Templates6-1
Configuring the Switch SDM Template6-2
Preventing Unauthorized Access to Your Switch7-1
Protecting Access to Privileged EXEC Commands7-2
Default Password and Privilege Level Configuration7-2
Setting or Changing a Static Enable Password7-3
Protecting Enable and Enable Secret Passwords with Encryption7-3
Disabling Password Recovery7-5
Setting a Telnet Password for a Terminal Line7-6
Configuring Username and Password Pairs7-6
Configuring Multiple Privilege Levels7-7
Setting the Privilege Level for a Command7-8
Changing the Default Privilege Level for Lines7-9
Logging into and Exiting a Privileg e Lev e l 7-9
Default TACACS+ Configuration7-13
Identifying the TACACS+ Server Host and Setting the Authentication Key7-13
Configuring TACACS+ Login Authentication7-14
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services7-16
Starting TACACS+ Accounting7-17
Displaying the TACACS+ Configuration7-17
Controlling Switch Access with RADIUS7-17
Understanding RADIUS7-18
RADIUS Operation7-19
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
vii
Contents
Configuring RADIUS7-20
Default RADIUS Configuration7-20
Identifying the RADIUS Server Host 7-20
Configuring RADIUS Login Authentication7-23
Defining AAA Server Groups7-25
Configuring RADIUS Authorization for User Privileged Access and Network Services7-27
Starting RADIUS Accounting7-28
Configuring Settings for All RADIUS Servers7-29
Configuring the Switch to Use Vendor-Specific RADIUS Attributes7-29
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication7-30
Displaying the RADIUS Configuration7-31
Controlling Switch Access with Kerberos7-32
Understanding Kerberos7-32
Kerberos Operation7-34
Authenticating to a Boundary Switch7-34
Obtaining a TGT from a KDC7-35
Authenticating to Network Services7-35
Configuring Kerberos7-35
CHAPTER
Configuring the Switch for Local Authentication and Authorization7-36
Configuring the Switch for Secure Shell7-37
Understanding SSH7-37
SSH Servers, Integrated Clients, and Supported Versions7-37
Limitations7-38
Configuring SSH7-38
Configuration Guidelines7-38
Setting Up the Switch to Run SSH7-39
Configuring the SSH Server7-40
Displaying the SSH Configuration and Status7-40
Configuring the Switch for Secure Copy Protocol7-41
Maximum Number of Allowed Devices Per Port8-11
Configuring 802.1x Readiness Check8-12
Configuring IEEE 802.1x Violation Modes8-13
Configuring IEEE 802.1x Authentication8-13
Configuring the Switch-to-RADIUS-Server Communication8-15
Configuring Periodic Re-Authentication8-16
Manually Re-Authenticating a Client Connected to a Port8-16
Changing the Quiet Period8-17
Changing the Switch-to-Client Retransmission Time8-17
Setting the Switch-to-Client Frame-Retransmission Number8-18
Setting the Re-Authentication Number8-18
Configuring the Host Mode8-19
Resetting the IEEE 802.1x Configuration to the Default Values8-20
Configuring IEEE 802.1x Accounting8-20
Contents
CHAPTER
Displaying IEEE 802.1x Statistics and Status8-21
9Configuring Interfaces9-1
Understanding Interface Types9-1
UNI, NNI, and ENI Port Types9-2
Port-Based VLANs9-2
Switch Ports9-3
Procedures for Configuring Interfaces9-8
Configuring a Range of Interfaces9-9
Configuring and Using Interface Range Macros9-10
OL-9639-06
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
ix
Contents
Configuring Ethernet Interfaces9-12
Default Ethernet Interface Configuration9-12
Configuring the Port Type9-14
Configuring Interface Speed and Duplex Mode9-15
Speed and Duplex Configuration Guidelines9-15
Setting the Interface Speed and Duplex Parameters9-16
Configuring a Dual-Purpose Port9-17
Configuring IEEE 802.3x Flow Control9-19
Configuring Auto-MDIX on an Interface9-20
Adding a Description for an Interface9-21
Configuring Layer 3 Interfaces9-22
Configuring the System MTU9-23
Monitoring and Maintaining the Interfaces9-26
Monitoring Interface Status9-26
Clearing and Resetting Interfaces and Counters9-27
Shutting Down and Restarting the Interface9-28
Default Ethernet VLAN Configuration11-7
VLAN Configuration Guidelines11-8
Creating or Modifying an Ethernet VLAN11-9
Assigning Static-Access Ports to a VLAN11-11
Creating an Extended-Range VLAN with an Internal VLAN ID11-11
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring Dynamic-Access Ports on VMPS Clients11-26
Reconfirming VLAN Memberships11-27
Changing the Reconfirmation Interval11-27
Changing the Retry Count11-27
Monitoring the VMPS11-28
Troubleshooting Dynamic-Access Port VLAN Membership11-28
VMPS Configuration Example11-28
12Configuring Private VLANs12-1
Understanding Private VLANs12-1
Types of Private VLANs and Private-VLAN Ports12-2
IP Addressing Scheme with Private VLANs12-4
Private VLANs across Multiple Switches12-4
Private VLANs and Unicast, Broadcast, and Multicast Traffic12-5
Private VLANs and SVIs12-5
OL-9639-06
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Secondary and Primary VLAN Configuration12-7
Private-VLAN Port Configuration12-8
Limitations with Other Features12-9
Configuring and Associating VLANs in a Private VLAN12-10
Configuring a Layer 2 Interface as a Private-VLAN Host Port12-11
Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port12-13
Mapping Secondary VLANs to a Primary VLAN Layer 3 VLAN Interface12-14
Monitoring Private VLANs12-15
CHAPTER
13Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling13-1
Disabled State14-7
How a Switch or Port Becomes the Root Switch or Root Port14-7
Spanning Tree and Redundant Connectivity14-8
Spanning-Tree Address Management14-9
Accelerated Aging to Retain Connectivity14-9
Spanning-Tree Modes and Protocols14-9
Supported Spanning-Tree Instances14-10
Spanning-Tree Interoperability and Backward Compatibility14-10
STP and IEEE 802.1Q Trunks14-11
Configuring Spanning-Tree Features14-11
Default Spanning-Tree Configuration14-11
Spanning-Tree Configuration Guidelines14-12
Enabling Spanning Tree on an ENI14-13
Changing the Spanning-Tree Mode.14-14
Disabling Spanning Tree14-15
Configuring the Root Switch14-15
Configuring a Secondary Root Switch14-17
Configuring Port Priority14-17
Configuring Path Cost14-19
Configuring the Switch Priority of a VLAN14-20
Configuring Spanning-Tree Timers14-21
Configuring the Hello Time14-21
Configuring the Forwarding-Delay Time for a VLAN14-22
Configuring the Maximum-Aging Time for a VLAN14-22
Contents
CHAPTER
OL-9639-06
Displaying the Spanning-Tree Status14-23
15Configuring MSTP15-1
Understanding MSTP15-2
Multiple Spanning-Tree Regions15-2
IST, CIST, and CST15-3
Operations Within an MST Region15-3
Operations Between MST Regions15-4
IEEE 802.1s Terminology15-5
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
xiii
Contents
Hop Count15-5
Boundary Ports15-6
IEEE 802.1s Implementation15-6
Port Role Naming Change15-7
Interoperation Between Legacy and Standard Switches15-7
Detecting Unidirectional Link Failure15-8
Interoperability with IEEE 802.1D STP15-8
Understanding RSTP15-8
Port Roles and the Active Topology15-9
Rapid Convergence15-10
Synchronization of Port Roles15-11
Bridge Protocol Data Unit Format and Processing15-12
Processing Superior BPDU Information15-13
Processing Inferior BPDU Information15-13
Topology Changes15-13
Configuring MSTP Features15-14
Default MSTP Configuration15-14
MSTP Configuration Guidelines15-15
Specifying the MST Region Configuration and Enabling MSTP15-16
Configuring the Root Switch15-17
Configuring a Secondary Root Switch15-18
Configuring Port Priority 15-19
Configuring Path Cost15-21
Configuring the Switch Priority15-22
Configuring the Hello Time15-23
Configuring the Forwarding-Delay Time15-23
Configuring the Maximum-Aging Time15-24
Configuring the Maximum-Hop Count15-24
Specifying the Link Type to Ensure Rapid Transitions15-25
Designating the Neighbor Type15-25
Restarting the Protocol Migration Process15-26
Displaying DHCP Server Port-Based Address Allocation19-22
Contents
CHAPTER
CHAPTER
20Configuring Dynamic ARP Inspection20-1
Understanding Dynamic ARP Inspection20-1
Interface Trust States and Network Security20-3
Rate Limiting of ARP Packets20-4
Relative Priority of ARP ACLs and DHCP Snooping Entries20-4
Logging of Dropped Packets20-4
Configuring Dynamic ARP Inspection20-5
Default Dynamic ARP Inspection Configuration20-5
Dynamic ARP Inspection Configuration Guidelines20-6
Configuring Dynamic ARP Inspection in DHCP Environments20-7
Configuring ARP ACLs for Non-DHCP Environments20-8
Limiting the Rate of Incoming ARP Packets20-10
Performing Validation Checks20-12
Configuring the Log Buffer20-12
Using MVR in a Multicast Television Application21-16
Configuring MVR21-18
Default MVR Configuration21-18
MVR Configuration Guidelines and Limitations21-18
Configuring MVR Global Parameters21-19
Configuring MVR on Access Ports21-20
Configuring MVR on Trunk Ports21-22
CHAPTER
Displaying MVR Information21-23
Configuring IGMP Filtering and Throttling21-23
Default IGMP Filtering and Throttling Configuration21-24
Configuring IGMP Profiles21-25
Applying IGMP Profiles21-26
Setting the Maximum Number of IGMP Groups21-26
Configuring the IGMP Throttling Action21-27
Displaying IGMP Filtering and Throttling Configuration21-29
22Configuring Port-Based Traffic Control22-1
Configuring Storm Control22-1
Understanding Storm Control22-1
Default Storm Control Configuration22-3
Configuring Storm Control and Threshold Levels22-3
Configuring Small-Frame Arrival Rate22-5
Configuring Protected Ports22-6
Default Protected Port Configuration22-6
Protected Port Configuration Guidelines22-7
Configuring a Protected Port22-7
xviii
Configuring Port Blocking22-7
Default Port Blocking Configuration22-8
Blocking Flooded Traffic on an Interface22-8
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Configuring Port Security22-9
Understanding Port Security22-9
Secure MAC Addresses22-9
Security Violations22-10
Default Port Security Configuration22-11
Port Security Configuration Guidelines22-11
Enabling and Configuring Port Security22-12
Enabling and Configuring Port Security Aging22-16
Port Security and Private VLANs22-17
Displaying Port-Based Traffic Control Settings22-18
Contents
CHAPTER
CHAPTER
23Configuring CDP23-1
Understanding CDP23-1
Configuring CDP23-2
Default CDP Configuration23-2
Configuring the CDP Characteristics23-2
Disabling and Enabling CDP23-3
Disabling and Enabling CDP on an Interface23-4
Monitoring and Maintaining CDP23-5
24Configuring LLDP and LLDP-MED24-1
Understanding LLDP and LLDP-MED24-1
Understanding LLDP24-1
Understanding LLDP-MED24-2
Configuring LLDP and LLDP-MED24-3
Default LLDP Configuration24-3
Configuring LLDP Characteristics24-4
Disabling and Enabling LLDP Globally24-5
Disabling and Enabling LLDP on an Interface24-5
Configuring LLDP-MED TLVs24-6
CHAPTER
OL-9639-06
Monitoring and Maintaining LLDP and LLDP-MED24-7
25Configuring UDLD25-1
Understanding UDLD25-1
Modes of Operation25-1
Methods to Detect Unidirectional Links25-2
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
xix
Contents
Configuring UDLD25-3
Default UDLD Configuration25-4
Configuration Guidelines25-4
Enabling UDLD Globally25-5
Enabling UDLD on an Interface25-5
Resetting an Interface Disabled by UDLD25-6
Displaying UDLD Status25-6
CHAPTER
26Configuring SPAN and RSPAN26-1
Understanding SPAN and RSPAN26-1
Local SPAN26-2
Remote SPAN26-2
SPAN and RSPAN Concepts and Terminology26-3
SPAN and RSPAN Interaction with Other Features26-8
Configuring SPAN and RSPAN26-9
Default SPAN and RSPAN Configuration26-9
Configuring Local SPAN26-10
SPAN Configuration Guidelines26-10
Creating a Local SPAN Session26-11
Creating a Local SPAN Session and Configuring Ingress Traffic26-13
Specifying VLANs to Filter26-15
Configuring RSPAN26-16
RSPAN Configuration Guidelines26-16
Configuring a VLAN as an RSPAN VLAN26-17
Creating an RSPAN Source Session26-17
Creating an RSPAN Destination Session26-19
Creating an RSPAN Destination Session and Configuring Ingress Traffic26-20
Specifying VLANs to Filter26-21
xx
Displaying SPAN and RSPAN Status26-22
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Contents
CHAPTER
CHAPTER
27Configuring RMON27-1
Understanding RMON27-1
Configuring RMON27-2
Default RMON Configuration27-3
Configuring RMON Alarms and Events27-3
Collecting Group History Statistics on an Interface27-5
Collecting Group Ethernet Statistics on an Interface27-5
Displaying RMON Status27-6
28Configuring System Message Logging28-1
Understanding System Message Logging28-1
Configuring System Message Logging28-2
System Log Message Format28-2
Default System Message Logging Configuration28-3
Disabling Message Logging28-4
Setting the Message Display Destination Device28-5
Synchronizing Log Messages28-6
Enabling and Disabling Time Stamps on Log Messages28-7
Enabling and Disabling Sequence Numbers in Log Messages28-8
Defining the Message Severity Level28-8
Limiting Syslog Messages Sent to the History Table and to SNMP28-10
Enabling the Configuration-Change Logger28-10
Configuring UNIX Syslog Servers28-12
Logging Messages to a UNIX Syslog Daemon28-12
Configuring the UNIX System Logging Facility28-12
CHAPTER
OL-9639-06
Displaying the Logging Configuration28-13
29Configuring SNMP29-1
Understanding SNMP29-1
SNMP Versions29-2
SNMP Manager Functions29-3
SNMP Agent Functions29-4
SNMP Community Strings29-4
Using SNMP to Access MIB Variables 29-4
SNMP Notifications29-5
SNMP ifIndex MIB Object Values29-5
MIB Data Collection and Transfer29-6
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
xxi
Contents
Configuring SNMP29-6
Default SNMP Configuration29-7
SNMP Configuration Guidelines29-7
Disabling the SNMP Agent29-8
Configuring Community Strings29-8
Configuring SNMP Groups and Users29-10
Configuring SNMP Notifications29-12
Setting the Agent Contact and Location Information29-16
Limiting TFTP Servers Used Through SNMP29-16
Configuring MIB Data Collection and Transfer29-17
Configuring the Cisco Process MIB CPU Threshold Table29-20
SNMP Examples29-20
Registering and Defining an Embedded Event Manager Applet30-5
Registering and Defining an Embedded Event Manager TCL Script30-6
Displaying Embedded Event Manager Information30-7
31Configuring Network Security with ACLs31-1
Understanding ACLs31-1
Supported ACLs31-2
Port ACLs31-3
Router ACLs31-4
VLAN Maps31-5
Handling Fragmented and Unfragmented Traffic31-5
xxii
Configuring IPv4 ACLs31-6
Creating Standard and Extended IPv4 ACLs31-7
IPv4 Access List Numbers31-8
ACL Logging31-8
Creating a Numbered Standard ACL31-9
Creating a Numbered Extended ACL31-10
Resequencing ACEs in an ACL31-14
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Creating Named Standard and Extended ACLs31-14
Using Time Ranges with ACLs31-16
Including Comments in ACLs31-18
Applying an IPv4 ACL to a Terminal Line31-18
Applying an IPv4 ACL to an Interface31-19
Hardware and Software Treatment of IP ACLs31-20
IPv4 ACL Configuration Examples31-21
Numbered ACLs31-23
Extended ACLs31-23
Named ACLs31-23
Time Range Applied to an IP ACL31-24
Commented IP ACL Entries31-24
ACL Logging31-25
Creating Named MAC Extended ACLs31-26
Applying a MAC ACL to a Layer 2 Interface31-27
Contents
CHAPTER
Configuring VLAN Maps31-28
VLAN Map Configuration Guidelines31-29
Creating a VLAN Map31-30
Examples of ACLs and VLAN Maps31-31
Applying a VLAN Map to a VLAN31-33
Using VLAN Maps in Your Network31-33
Wiring Closet Configuration31-33
Denying Access to a Server on Another VLAN31-34
Using VLAN Maps with Router ACLs31-35
VLAN Maps and Router ACL Configuration Guidelines31-36
Examples of Router ACLs and VLAN Maps Applied to VLANs31-37
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
xxiii
Contents
CHAPTER
33Configuring QoS33-1
Understanding QoS33-1
Modular QoS CLI33-3
Input and Output Policies33-4
Input Policy Maps33-4
Output Policy Maps33-5
Classification33-5
Class Maps33-6
The match Command33-7
Classification Based on Layer 2 CoS33-7
Classification Based on IP Precedence33-8
Classification Based on IP DSCP33-8
Classification Comparisons33-9
Classification Based on QoS ACLs33-10
Classification Based on QoS Groups33-10
Classification Based on VLAN IDs33-11
Table Maps33-13
Policing33-14
Individual Policing33-15
Aggregate Policing33-16
Unconditional Priority Policing33-18
Marking33-19
Marking and Queuing CPU-Generated Traffic33-20
Congestion Management and Scheduling33-20
Traffic Shaping33-21
Class-Based Weighted Fair Queuing33-23
Priority Queuing33-24
Congestion Avoidance and Queuing33-26
xxiv
Configuring QoS33-29
Default QoS Configuration33-29
QoS Configuration Guidelines33-29
Using ACLs to Classify Traffic33-30
Creating IP Standard ACLs33-30
Creating IP Extended ACLs33-32
Creating Layer 2 MAC ACLs33-33
Using Class Maps to Define a Traffic Class33-34
Configuring Table Maps33-36
Attaching a Traffic Policy to an Interface33-37
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-06
Configuring Input Policy Maps33-38
Configuring Input Policy Maps with Individual Policing33-39
Configuring Input Policy Maps with Aggregate Policing33-43
Configuring Input Policy Maps with Marking33-45
Configuring Per-Port Per-VLAN QoS with Hierarchical Input Policy Maps33-47
Configuring Output Policy Maps33-51
Configuring Output Policy Maps with Class-Based-Weighted-Queu ing33-53
Configuring Output Policy Maps with Class-Based Shaping33-54
Configuring Output Policy Maps with Port Shaping33-56
Configuring Output Policy Maps with Class-Based Priority Queuing33-57
Configuring Output Policy Maps with Weighted Tail Drop33-61
Displaying QoS Information33-64
QoS Statistics33-64
Configuration Examples for Policy Maps33-64
QoS Configuration for Customer A33-65
QoS Configuration for Customer B33-67
Modifying Output Policies and Adding or Deleting Classification Criteria33-68
Modifying Output Policies and Changing Queuing or Scheduling Parameters33-68
Modifying Output Policies and Adding or Deleting Configured Actions 33-69
Modifying Output Policies and Adding or Deleting a Class33-70
Contents
CHAPTER
34Configuring EtherChannels and Link-State Tracking34-1
Understanding EtherChannels34-1
EtherChannel Overview34-2
Port-Channel Interfaces34-3
Port Aggregation Protocol34-4
PAgP Modes34-5
PAgP Interaction with Other Features34-5
Link Aggregation Control Protocol34-6
LACP Modes34-6
LACP Interaction with Other Features34-7
EtherChannel On Mode34-7
Load Balancing and Forwarding Methods34-7
Configuring Network Types for OSPF Interfaces35-29
Configuring OSPF Area Parameters35-31
Configuring Other OSPF Parameters35-32
Changing LSA Group Pacing35-33
Configuring a Loopback Interface35-34
Monitoring OSPF35-35
Understanding Multi-VRF CE35-75
Default Multi-VRF CE Configuration35-77
Multi-VRF CE Configuration Guid elines35-77
Configuring VRFs35-78
Configuring VRF-Aware Services35-79
User Interface for ARP35-79
User Interface for PING35-80
User Interface for SNMP35-80
User Interface for HSRP35-80
User Interface for uRPF35-81
User Interface for Syslog35-81
User Interface for Traceroute35-82
User Interface for FTP and TFTP35-82
Configuring a VPN Routing Session35-82
Configuring BGP PE to CE Routing Sessions35-83
Multi-VRF CE Configuration Example35-84
Displaying Multi-VRF CE Status35-88
xxviii
Configuring Protocol-Independent Features35-88
Configuring Cisco Express Forwarding35-88
Configuring the Number of Equal-Cost Routing Paths35-90
Configuring Static Unicast Routes35-90
Specifying Default Routes and Networks35-91
Using Route Maps to Redistribute Routing Information35-92
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Setting Passive Interfaces35-99
Controlling Advertising and Proce s sing in Routing Updates35-100
Filtering Sources of Routing Information35-101
Managing Authentication Keys35-101
Monitoring and Maintaining the IP Network35-102
Contents
CHAPTER
CHAPTER
36Configuring HSRP36-1
Understanding HSRP36-1
HSRP Versions36-3
Multiple HSRP36-4
Configuring HSRP36-5
Default HSRP Configuration36-5
HSRP Configuration Guidelines36-5
Enabling HSRP36-6
Configuring HSRP Priority36-7
Configuring MHSRP36-10
Configuring HSRP Authentication and Timers36-10
Enabling HSRP Support for ICMP Redirect Messages36-12
Displaying HSRP Configurations36-12
37Configuring Cisco IOS IP SLAs Operations37-1
Understanding Cisco IOS IP SLAs37-1
Using Cisco IOS IP SLAs to Measure Network Performance37-3
IP SLAs Responder and IP SLAs Control Protocol37-4
Response Time Computation for IP SLAs37-4
IP SLAs Operation Scheduling37-5
IP SLAs Operation Threshold Monitoring37-5
OL-9639-06
Configuring IP SLAs Operations37-6
Default Configuration37-6
Configuration Guidelines37-6
Configuring the IP SLAs Responder37-7
Analyzing IP Service Levels by Using the UDP Jitter Operation37-8
Analyzing IP Service Levels by Using the ICMP Echo Operation37-11
Monitoring IP SLAs Operations37-13
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Default Configuration38-2
Tracking Interface Line-Protocol or IP Routing State38-2
Configuring a Tracked List38-3
Configuring a Tracked List with a Boolean Expression38-4
Configuring a Tracked List with a Weight Threshold38-5
Configuring a Tracked List with a Percentage Threshold38-6
Configuring HSRP Object Tracking38-7
Configuring Other Tracking Characteristics38-8
Configuring IP SLAs Object Tracking38-8
Configuring Static Routing Support38-10
Configuring a Primary Interface38-10
Configuring a Cisco IP SLAs Monitoring Agent and Track Object38-11
Configuring a Routing Policy and Default Route38-12
Monitoring Enhanced Object Tracking38-13
CHAPTER
39Configuring Ethernet OAM, CFM, and E-LMI39-1
Understanding Ethernet CFM39-2
CFM Domain39-2
Maintenance Points39-3
CFM Messages39-4
Crosscheck Function39-4
SNMP Traps39-4
IP SLAs Support for CFM39-5