User Guide
Page 27
... 10.2.2.2, port 65000, going to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet Switch (config)# access-list 102 deny tcp any any Note In...
... 10.2.2.2, port 65000, going to a Network Feature Overview Host A Cisco router with these commands, applied to three fragmented packets: Switch (config)# access-list 102 permit tcp any host 10.1.1.1 eq smtp Switch (config)# access-list 102 deny tcp any host 10.1.1.2 eq telnet Switch (config)# access-list 102 deny tcp any any Note In...
User Guide
Page 28
...Packets can be classified on any interface: Switch (config-ext-nacl)# permit tcp any any Switch (config-ext-nacl)# deny tcp any any Switch (config-ext-nacl)# permit udp any any Switch (config-ext-nacl)# deny udp any any Switch (config-ext-nacl)# permit ip any any Switch (config-ext-nacl)# deny ip any any Switch...values associated with a given mask are being sent to define the flow, or specify a user-defined subnet. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are called rules. Feature Overview 16-
...Packets can be classified on any interface: Switch (config-ext-nacl)# permit tcp any any Switch (config-ext-nacl)# deny tcp any any Switch (config-ext-nacl)# permit udp any any Switch (config-ext-nacl)# deny udp any any Switch (config-ext-nacl)# permit ip any any Switch (config-ext-nacl)# deny ip any any Switch...values associated with a given mask are being sent to define the flow, or specify a user-defined subnet. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series first ACE, even though they are called rules. Feature Overview 16-
User Guide
Page 29
... eq 80 Switch (config-ext-nacl)# permit tcp 20.1.1.1 0.0.0.0 any number of system-defined masks. However, there are applied to ACL filters: • Only one type of traffic. The second ACE permits all the TCP packets coming from the host 10.1.1.1 with Cisco Catalyst switches. For ... Table 5 lists a summary of 23. It transmits the packets without any . If you require. You can be used for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede ...
... eq 80 Switch (config-ext-nacl)# permit tcp 20.1.1.1 0.0.0.0 any number of system-defined masks. However, there are applied to ACL filters: • Only one type of traffic. The second ACE permits all the TCP packets coming from the host 10.1.1.1 with Cisco Catalyst switches. For ... Table 5 lists a summary of 23. It transmits the packets without any . If you require. You can be used for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Feature Overview Note In an IP extended ACL (both named and numbered), a Layer 4 system-defined mask cannot precede ...
User Guide
Page 47
... configuration mode: Step 1 Command Purpose Router(config)# interface range {vlan vlan-id vlan-id} | {{ethernet | fastethernet | macro macro-name} slot/interface - For example, the command interface range fastethernet 1 - 5 is required. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12... interface}[, {{ethernet | fastethernet | macro macro-name} slot/interface - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks • Configuring Power Management on the Interface, page 98 • Configuring IP Multicast Layer...
... configuration mode: Step 1 Command Purpose Router(config)# interface range {vlan vlan-id vlan-id} | {{ethernet | fastethernet | macro macro-name} slot/interface - For example, the command interface range fastethernet 1 - 5 is required. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12... interface}[, {{ethernet | fastethernet | macro macro-name} slot/interface - and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks • Configuring Power Management on the Interface, page 98 • Configuring IP Multicast Layer...
User Guide
Page 48
...save it in global configuration mode: Step 1 Command Purpose Router(config)# define interface-range macro-name {vlan vlan-id - Mismatched settings are not supported. do not use the define interface-range command in NVRAM. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 48...Configuring the Interface Speed, page 49 • Configuring the Interface Duplex Mode, page 49 • Configuring a Description for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Defining a Range Macro To define an interface range macro, use the auto setting on the supported side. •...
...save it in global configuration mode: Step 1 Command Purpose Router(config)# define interface-range macro-name {vlan vlan-id - Mismatched settings are not supported. do not use the define interface-range command in NVRAM. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 48...Configuring the Interface Speed, page 49 • Configuring the Interface Duplex Mode, page 49 • Configuring a Description for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Defining a Range Macro To define an interface range macro, use the auto setting on the supported side. •...
User Guide
Page 49
..., use the following example shows how to set the interface duplex mode to full on Fast Ethernet interface 5/4: Router(config)# interface fastethernet 5/4 Router(config-if)# duplex full Verifying Interface Speed and Duplex Mode Configuration Step 1 Use the show interfaces command to verify the ... Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring the Interface Speed To set the interface speed to auto on a 10/100-Mbps Ethernet interface, both speed and duplex are autonegotiated. Router(config-if)# speed [10 | 100 | auto] Sets the interface speed of "show...
..., use the following example shows how to set the interface duplex mode to full on Fast Ethernet interface 5/4: Router(config)# interface fastethernet 5/4 Router(config-if)# duplex full Verifying Interface Speed and Duplex Mode Configuration Step 1 Use the show interfaces command to verify the ... Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Configuring the Interface Speed To set the interface speed to auto on a 10/100-Mbps Ethernet interface, both speed and duplex are autonegotiated. Router(config-if)# speed [10 | 100 | auto] Sets the interface speed of "show...
User Guide
Page 50
... trunk allowed vlan {add | except | none | remove} vlan1[,vlan[,vlan[,...]] Router(config-if)# no carrier 0 output buffer failures, 0 output buffers swapped out Router# Configuring a Description for an interface. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input...
... trunk allowed vlan {add | except | none | remove} vlan1[,vlan[,vlan[,...]] Router(config-if)# no carrier 0 output buffer failures, 0 output buffers swapped out Router# Configuring a Description for an interface. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input...
User Guide
Page 51
... blocked: false Broadcast Suppression Level: 100 Multicast Suppression Level: 100 Unicast Suppression Level: 100 Voice VLAN: none Appliance trust: none Router# show running-config interface fastethernet 5/8 Building configuration... interface FastEthernet5/8 no ip address switchport switchport trunk encapsulation dot1q end Step 2 Step 3 Router# show interfaces fastethernet 5/8... allowed on trunk 1 Vlans allowed and active in management domain 1 Vlans in spanning tree forwarding state and not pruned 1 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 51 Current configuration: ! 16-
... blocked: false Broadcast Suppression Level: 100 Multicast Suppression Level: 100 Unicast Suppression Level: 100 Voice VLAN: none Appliance trust: none Router# show running-config interface fastethernet 5/8 Building configuration... interface FastEthernet5/8 no ip address switchport switchport trunk encapsulation dot1q end Step 2 Step 3 Router# show interfaces fastethernet 5/8... allowed on trunk 1 Vlans allowed and active in management domain 1 Vlans in spanning tree forwarding state and not pruned 1 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 51 Current configuration: ! 16-
User Guide
Page 52
...a Layer 2 access use the following sections: • Configuring VLANs (optional) • Deleting a VLAN from the Database (optional) Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 52 Activates the interface. (Required only if you shut down the interface to ... Step 3 Step 4 Step 5 Step 6 Command Router(config)# interface {ethernet | fastethernet} slot/port Router(config-if)# shutdown Router(config-if)# switchport mode access Router(config-if)# switchport access vlan vlan-num Router(config-if)# no shutdown Router(config-if)# end Purpose Selects the interface to configure. (Optional...
...a Layer 2 access use the following sections: • Configuring VLANs (optional) • Deleting a VLAN from the Database (optional) Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 52 Activates the interface. (Required only if you shut down the interface to ... Step 3 Step 4 Step 5 Step 6 Command Router(config)# interface {ethernet | fastethernet} slot/port Router(config-if)# shutdown Router(config-if)# switchport mode access Router(config-if)# switchport access vlan vlan-num Router(config-if)# no shutdown Router(config-if)# end Purpose Selects the interface to configure. (Optional...
User Guide
Page 56
...-Port Ethernet Switch Module for each interface: Step 1 Step 2 Step 3 Command Router(config)# interface fastethernet slot/port Router(config-if)# channel-group port-channel-number mode {on} Router(config-if)# end Purpose Selects a physical interface to configure. Note Cisco IOS software creates port-channel interfaces for Layer 2 EtherChannels. You cannot put Layer 2 Ethernet interfaces into a manually created...
...-Port Ethernet Switch Module for each interface: Step 1 Step 2 Step 3 Command Router(config)# interface fastethernet slot/port Router(config-if)# channel-group port-channel-number mode {on} Router(config-if)# end Purpose Selects a physical interface to configure. Note Cisco IOS software creates port-channel interfaces for Layer 2 EtherChannels. You cannot put Layer 2 Ethernet interfaces into a manually created...
User Guide
Page 57
...show running . interface FastEthernet5/6 no ip address switchport switchport access vlan 10 switchport mode access end Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 57 Device is in Auto mode. S - Interface... switchport switchport access vlan 10 switchport mode access channel-group 2 mode on physical port. A - Hello timer is running -config interface fastethernet 5/6 Building configuration... Switching timer is in Consistent state. Device is running -config interface port-channel 2 Building configuration... Device is running . Timers...
...show running . interface FastEthernet5/6 no ip address switchport switchport access vlan 10 switchport mode access end Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 57 Device is in Auto mode. S - Interface... switchport switchport access vlan 10 switchport mode access channel-group 2 mode on physical port. A - Hello timer is running -config interface fastethernet 5/6 Building configuration... Switching timer is in Consistent state. Device is running -config interface port-channel 2 Building configuration... Device is running . Timers...
User Guide
Page 58
... Series Step 4 Router# show etherchannel load-balance Source XOR Destination IP address Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 58 Note For new load balancing to take affect, the EtherChannel must be first configured to ... bundled: 00h:23m:33s Fa5/6 Configuring EtherChannel Load Balancing To configure EtherChannel load balancing, use the following commands in global configuration mode: Step 1 Command Router(config)# port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip} Step 2 Router...
... Series Step 4 Router# show etherchannel load-balance Source XOR Destination IP address Router# Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 58 Note For new load balancing to take affect, the EtherChannel must be first configured to ... bundled: 00h:23m:33s Fa5/6 Configuring EtherChannel Load Balancing To configure EtherChannel load balancing, use the following commands in global configuration mode: Step 1 Command Router(config)# port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip} Step 2 Router...
User Guide
Page 59
... configuration mode: Step 1 Step 2 Command Router(config)# [no] port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip} Router(config)# end Purpose Configures EtherChannel load balancing. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Removing an Interface...
... configuration mode: Step 1 Step 2 Command Router(config)# [no] port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip} Router(config)# end Purpose Configures EtherChannel load balancing. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Removing an Interface...
User Guide
Page 62
... requests to be enabled for example, authentication-the second host entry configured acts as the fail-over backup to privileged EXEC mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 To disable 802.1x AAA authentication, use the no dot1x port-control... first one. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Command Step 4 interface interface-id Step 5 dot1x port-control auto Step 6 end Step 7 show dot1x Step 8 copy running-config startup-config Purpose Enters interface configuration mode, and specify the interface ...
... requests to be enabled for example, authentication-the second host entry configured acts as the fail-over backup to privileged EXEC mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 62 To disable 802.1x AAA authentication, use the no dot1x port-control... first one. and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Command Step 4 interface interface-id Step 5 dot1x port-control auto Step 6 end Step 7 show dot1x Step 8 copy running-config startup-config Purpose Enters interface configuration mode, and specify the interface ...
User Guide
Page 63
...36-Port Ethernet Switch Module for authentication requests. For auth-port port-number, specify the UDP destination port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Command Purpose configure terminal Enters global configuration mode. Returns to the... not specify a time period before enabling reauthentication, the number of seconds between the switch and the RADIUS daemon running -config startup-config If you want to configure these steps to enable periodic reauthentication of the client and to configure some settings on the...
...36-Port Ethernet Switch Module for authentication requests. For auth-port port-number, specify the UDP destination port for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Step 1 Step 2 Command Purpose configure terminal Enters global configuration mode. Returns to the... not specify a time period before enabling reauthentication, the number of seconds between the switch and the RADIUS daemon running -config startup-config If you want to configure these steps to enable periodic reauthentication of the client and to configure some settings on the...
User Guide
Page 64
... 1 Step 2 Command configure terminal dot1x timeout quiet-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. the default is enabled. Changing the Switch-to-Client Retransmission Time The client responds to the default...in the configuration file. Changing the Quiet Period When the switch cannot authenticate the client, the switch remains idle for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal dot1x re-authentication dot1x ...
... 1 Step 2 Command configure terminal dot1x timeout quiet-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. the default is enabled. Changing the Switch-to-Client Retransmission Time The client responds to the default...in the configuration file. Changing the Quiet Period When the switch cannot authenticate the client, the switch remains idle for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal dot1x re-authentication dot1x ...
User Guide
Page 65
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the number of this command only to -client frame-retransmission number: Step 1 Step 2 Command configure terminal dot1x max-req count Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config...1 Step 2 Command configure terminal dot1x timeout tx-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. the default is 2. To return to the default retransmission time, use the no dot1x timeout ...
...Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Configuration Tasks Note You should change the number of this command only to -client frame-retransmission number: Step 1 Step 2 Command configure terminal dot1x max-req count Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config...1 Step 2 Command configure terminal dot1x timeout tx-period seconds Step 3 Step 4 Step 5 end show dot1x copy running -config startup-config Purpose Enters global configuration mode. the default is 2. To return to the default retransmission time, use the no dot1x timeout ...
User Guide
Page 66
... display the 802.1x administrative and operational status for the switch, use the show dot1x interface interface-id copy running -config startup-config Purpose Enters global configuration mode. and 36-Port Ethernet Switch Module for all interfaces, use the show dot1x statistics interface interface...dot1x port-control interface configuration command set to auto for a specific interface, use the show dot1x copy running -config startup-config Purpose Enters global configuration mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 66 Returns to auto. In this mode, only one...
... display the 802.1x administrative and operational status for the switch, use the show dot1x interface interface-id copy running -config startup-config Purpose Enters global configuration mode. and 36-Port Ethernet Switch Module for all interfaces, use the show dot1x statistics interface interface...dot1x port-control interface configuration command set to auto for a specific interface, use the show dot1x copy running -config startup-config Purpose Enters global configuration mode. Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 66 Returns to auto. In this mode, only one...
User Guide
Page 67
...separate instance of transitions to verify spanning tree configuration: Router# show spanning-tree vlan command to forwarding state: 1 BPDU: sent 3, received 3417 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 67 To enable spanning tree on a per-VLAN basis, use the following commands in ...global configuration mode: Step 1 Step 2 Command Router(config)# spanning-tree vlan vlan-id Router(config)# end Verify Spanning Tree Purpose Enables spanning tree on a per -VLAN basis. Exits configuration mode.
...separate instance of transitions to verify spanning tree configuration: Router# show spanning-tree vlan command to forwarding state: 1 BPDU: sent 3, received 3417 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ 67 To enable spanning tree on a per-VLAN basis, use the following commands in ...global configuration mode: Step 1 Step 2 Command Router(config)# spanning-tree vlan vlan-id Router(config)# end Verify Spanning Tree Purpose Enables spanning tree on a per -VLAN basis. Exits configuration mode.
User Guide
Page 68
... Purpose Selects an interface to 65,535 in global configuration mode: Step 1 Step 2 Command Router(config)# interface {{ethernet | fastethernet} slot/port} | {port-channel port-channel-number} Router(config-if)# [no form of this command to restore the defaults. and 36-Port Ethernet Switch Module for... an interface. The value of port-cost can be from 1 to 255 in increments of an interface, use the following commands beginning in Cisco ...
... Purpose Selects an interface to 65,535 in global configuration mode: Step 1 Step 2 Command Router(config)# interface {{ethernet | fastethernet} slot/port} | {port-channel port-channel-number} Router(config-if)# [no form of this command to restore the defaults. and 36-Port Ethernet Switch Module for... an interface. The value of port-cost can be from 1 to 255 in increments of an interface, use the following commands beginning in Cisco ...