Software Guide
Page 11
...Contents Cisco IOS ACLs 3 VACLs 3 Applying Cisco IOS ACLs and VACLs on VLANs 7 Bridged Packets 7 Routed Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco...Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported ...
...Contents Cisco IOS ACLs 3 VACLs 3 Applying Cisco IOS ACLs and VACLs on VLANs 7 Bridged Packets 7 Routed Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco...Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported ...
Software Guide
Page 195
..., page 11-22 • Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting a Private VLAN Mapping, page 11-23 • Private VLAN Support on the switch where it was created. • To delete a Token Ring TrBRF VLAN, you must first reassign its child TrCRFs to another parent TrBRF...-13 Chapter 11 Configuring VLANs Deleting a VLAN Deleting a VLAN Follow these guidelines for deleting VLANs: • When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from all ports on vlan(s) 500 Do you want to that VLAN become inactive.
..., page 11-22 • Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting a Private VLAN Mapping, page 11-23 • Private VLAN Support on the switch where it was created. • To delete a Token Ring TrBRF VLAN, you must first reassign its child TrCRFs to another parent TrBRF...-13 Chapter 11 Configuring VLANs Deleting a VLAN Deleting a VLAN Follow these guidelines for deleting VLANs: • When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from all ports on vlan(s) 500 Do you want to that VLAN become inactive.
Software Guide
Page 196
... must bind them together and associate them to the promiscuous port. If you choose, you can extend private VLANs across multiple Ethernet switches by a group of community ports to communicate among themselves and to and from community ports from an ... in this hardware function occurs. Configuring Private VLANs Chapter 11 Configuring VLANs Understanding How Private VLANs Work Private VLANs provide Layer-2 isolation between ports within a private VLAN structure before you can use to communicate with routers, LocalDirector, backup servers, and administrative workstations. • An...
... must bind them together and associate them to the promiscuous port. If you choose, you can extend private VLANs across multiple Ethernet switches by a group of community ports to communicate among themselves and to and from community ports from an ... in this hardware function occurs. Configuring Private VLANs Chapter 11 Configuring VLANs Understanding How Private VLANs Work Private VLANs provide Layer-2 isolation between ports within a private VLAN structure before you can use to communicate with routers, LocalDirector, backup servers, and administrative workstations. • An...
Software Guide
Page 197
...Guide-Releases 6.3 and 6.4 11-15 For example, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of using private VLAN communities, you need to allocate one IP subnet to the entire group of the primary VLAN. ... private VLAN. VLAN membership becomes static. - The servers only require the ability to communicate with a default gateway to gain access to end points outside the VLAN itself. By incorporating these stations, regardless of stations. Chapter 11 Configuring VLANs Configuring Private VLANs In an Ethernet-switched ...
...Guide-Releases 6.3 and 6.4 11-15 For example, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of using private VLAN communities, you need to allocate one IP subnet to the entire group of the primary VLAN. ... private VLAN. VLAN membership becomes static. - The servers only require the ability to communicate with a default gateway to gain access to end points outside the VLAN itself. By incorporating these stations, regardless of stations. Chapter 11 Configuring VLANs Configuring Private VLANs In an Ethernet-switched ...
Software Guide
Page 198
... 11-3 Modules with the VLAN become inactive. • When configuring private VLANs, note the hardware and software interactions: - Configuring Private VLANs Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types... If you delete either the primary or secondary VLAN, the ports associated with Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports by ASIC 24-port 100FX Multimode MT-RJ Ports 1-12 Ports 13-24 Ports 25...
... 11-3 Modules with the VLAN become inactive. • When configuring private VLANs, note the hardware and software interactions: - Configuring Private VLANs Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types... If you delete either the primary or secondary VLAN, the ports associated with Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports by ASIC 24-port 100FX Multimode MT-RJ Ports 1-12 Ports 13-24 Ports 25...
Software Guide
Page 318
...Host X to Host Y is eventually being routed by the switch equipped with the MSFC. 16-22 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 In this configuration, the switch can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, ...8226; Wiring Closet Configuration, page 16-22 • Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 • Restricting ARP Traffic, page 16-26 ...
...Host X to Host Y is eventually being routed by the switch equipped with the MSFC. 16-22 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 In this configuration, the switch can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, ...8226; Wiring Closet Configuration, page 16-22 • Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 • Restricting ARP Traffic, page 16-26 ...
Software Guide
Page 322
... 6.1(1) and later releases, ACLs can be applied as follows: • You can map VACLs to secondary VLANs or primary VLANs. • Cisco IOS ACLs that can be applied to the router. 16-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 To allow... Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC Subnet 10.1.2.0/24 Host (VLAN 20) 26963 Restricting ARP Traffic Note This feature is mapped to. Configuring ACLs on Private VLANs Private VLANs allow ARP traffic on a ...
... 6.1(1) and later releases, ACLs can be applied as follows: • You can map VACLs to secondary VLANs or primary VLANs. • Cisco IOS ACLs that can be applied to the router. 16-26 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 To allow... Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC Subnet 10.1.2.0/24 Host (VLAN 20) 26963 Restricting ARP Traffic Note This feature is mapped to. Configuring ACLs on Private VLANs Private VLANs allow ARP traffic on a ...
Software Guide
Page 441
...Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 Configuring a Kerberos Server Before you can reach it. 78-13315-02 Catalyst 6000 Family...you enable DNS. In the following example adds a switch called CISCO.EDU is enabled. To configure the Kerberos server, perform this procedure: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Before you can enter the switch in the Kerberos server's key table, you must create the database the KDC...
...Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 Configuring a Kerberos Server Before you can reach it. 78-13315-02 Catalyst 6000 Family...you enable DNS. In the following example adds a switch called CISCO.EDU is enabled. To configure the Kerberos server, perform this procedure: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Before you can enter the switch in the Kerberos server's key table, you must create the database the KDC...
Software Guide
Page 448
...CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled Kerberos Pre Authentication Method set to encrypt the secret key that the switch...the application data packets encrypted for the duration of the Telnet session. If the Telnet server uses Kerberos for authentication, you can define a private DES key for the switch. To define a DES key, perform this will be eight characters or less. ...
...CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled Kerberos Pre Authentication Method set to encrypt the secret key that the switch...the application data packets encrypted for the duration of the Telnet session. If the Telnet server uses Kerberos for authentication, you can define a private DES key for the switch. To define a DES key, perform this will be eight characters or less. ...
Software Guide
Page 582
... All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality of ...6.3 and 6.4 78-13315-02 Understanding How System Message Logging Works Chapter 27 Configuring System Message Logging Note When the switch first initializes, the network is not connected until the initialization completes.
... All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality of ...6.3 and 6.4 78-13315-02 Understanding How System Message Logging Works Chapter 27 Configuring System Message Logging Note When the switch first initializes, the network is not connected until the initialization completes.
Software Guide
Page 877
... 3 MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview...figure 23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3...
... 3 MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview...figure 23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3...
Software Guide
Page 878
... Control Lists See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default configuration 4... VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol filtering and 1 reserved range 2 sc0 (in-band) interface assignment 2 Token...analog station gateway, 24-port FXS analog interface module 4 analog trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager 4 IN-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and...
... Control Lists See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default configuration 4... VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol filtering and 1 reserved range 2 sc0 (in-band) interface assignment 2 Token...analog station gateway, 24-port FXS analog interface module 4 analog trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager 4 IN-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and...