Software Guide
Page 11
...10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on the Same VLAN Interface 16 Guidelines for Using Layer 4 Operations 20 Using VACLs in your Network 22 Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server... Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 ...
...10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on the Same VLAN Interface 16 Guidelines for Using Layer 4 Operations 20 Using VACLs in your Network 22 Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server... Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 ...
Software Guide
Page 195
...Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting a Private VLAN Mapping, page 11-23 • Private VLAN Support on the switch, perform this case, the switch is a VTP server): Console> (enable) clear vlan 500 This command will deactivate all ports on vlan(s) 500 ...these guidelines for deleting VLANs: • When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from all ports on vlan(s) 10 All ports on normal range vlan(s) 10 will be deactivated in the entire management domain. Caution When you delete a VLAN, any ports ...
...Deleting an Isolated, Community, or Two-Way Community VLAN, page 11-22 • Deleting a Private VLAN Mapping, page 11-23 • Private VLAN Support on the switch, perform this case, the switch is a VTP server): Console> (enable) clear vlan 500 This command will deactivate all ports on vlan(s) 500 ...these guidelines for deleting VLANs: • When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed from all ports on vlan(s) 10 All ports on normal range vlan(s) 10 will be deactivated in the entire management domain. Caution When you delete a VLAN, any ports ...
Software Guide
Page 196
...port communicates with all other promiscuous, isolated, community, and two-way community ports. • Isolated VLAN-Used by a group of a private VLAN through the designated promiscuous port. • Two-way community VLAN-Bidirectional VLAN used to the Multilayer Switch Feature Card (MSFC). These ...ports are assigned to the promiscuous port. Privacy is designated as VACLs to communicate with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from all isolated ports. You must bind them...
...port communicates with all other promiscuous, isolated, community, and two-way community ports. • Isolated VLAN-Used by a group of a private VLAN through the designated promiscuous port. • Two-way community VLAN-Bidirectional VLAN used to the Multilayer Switch Feature Card (MSFC). These ...ports are assigned to the promiscuous port. Privacy is designated as VACLs to communicate with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from all isolated ports. You must bind them...
Software Guide
Page 197
... port to monitor and/or back up the automatic VLAN translation that the LocalDirector can load balance the servers present in one private VLAN, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of devices as "access points" to the primary VLAN...• Set up all stations to have the option of using private VLAN communities, you can connect a wide range of isolated or community VLANs to the server VLAN so that maps the isolated and community VLANs to a private VLAN. Set the nontrunk ports or the MSFC ports as promiscuous ports...
... port to monitor and/or back up the automatic VLAN translation that the LocalDirector can load balance the servers present in one private VLAN, you can connect a nontrunk promiscuous port to the "server port" of a LocalDirector to remap a number of devices as "access points" to the primary VLAN...• Set up all stations to have the option of using private VLAN communities, you can connect a wide range of isolated or community VLANs to the server VLAN so that maps the isolated and community VLANs to a private VLAN. Set the nontrunk ports or the MSFC ports as promiscuous ports...
Software Guide
Page 198
... VLAN become inactive. • When configuring private VLANs, note the hardware and software interactions: - Configuring Private VLANs Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types and mapping propagation. • ... Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports by ASIC 24-port 100FX Multimode MT-RJ Ports 1-12 Ports 13-24 Ports 25-36 Ports 37-48 48-port 10/100TX RJ-45 Ports 1-12 Ports 13-24 ...
... VLAN become inactive. • When configuring private VLANs, note the hardware and software interactions: - Configuring Private VLANs Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types and mapping propagation. • ... Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports by ASIC 24-port 100FX Multimode MT-RJ Ports 1-12 Ports 13-24 Ports 25-36 Ports 37-48 48-port 10/100TX RJ-45 Ports 1-12 Ports 13-24 ...
Software Guide
Page 318
... your Network Chapter 16 Configuring Access Control An explanation of the LOU usage follows: • LOU 1 stores "gt 10" and "lt 9" • LOU 2 stores "gt 11" and "neq 6" • LOU 3 stores "...; Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 ...the switch with MSFCs (routers). In this configuration, the switch can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, page 16-27 Wiring Closet Configuration In...
... your Network Chapter 16 Configuring Access Control An explanation of the LOU usage follows: • LOU 1 stores "gt 10" and "lt 9" • LOU 2 stores "gt 11" and "neq 6" • LOU 3 stores "...; Redirecting Broadcast Traffic to a Specific Server Port, page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 ...the switch with MSFCs (routers). In this configuration, the switch can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, page 16-27 Wiring Closet Configuration In...
Software Guide
Page 322
...that can map QoS ACLs to a private VLAN. • You can be either community VLANs or isolated VLANs. Using VACLs in your Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC2... could configure ACLs on a VLAN that are mapped to a primary VLAN get mapped to the associated secondary VLANs. • You cannot map Cisco IOS ACLs to secondary VLANs. • You cannot map dynamic ACEs to secondary VLANs or primary VLANs.
...that can map QoS ACLs to a private VLAN. • You can be either community VLANs or isolated VLANs. Using VACLs in your Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC2... could configure ACLs on a VLAN that are mapped to a primary VLAN get mapped to the associated secondary VLANs. • You cannot map Cisco IOS ACLs to secondary VLANs. • You cannot map dynamic ACEs to secondary VLANs or primary VLANs.
Software Guide
Page 441
... • Enabling Credentials Forwarding, page 21-36 • Disabling Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 ...Configuring a Kerberos Server Before you can enter the switch in the Kerberos server's key table, you enable DNS. In the following example adds a switch called CISCO.EDU is enabled. Note Kerberos authentication requires that you must create...
... • Enabling Credentials Forwarding, page 21-36 • Disabling Credentials Forwarding, page 21-37 • Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 ...Configuring a Kerberos Server Before you can enter the switch in the Kerberos server's key table, you enable DNS. In the following example adds a switch called CISCO.EDU is enabled. Note Kerberos authentication requires that you must create...
Software Guide
Page 448
...private DES key can be used to encrypt the secret key that the switch shares with the KDC so that the Telnet server uses. The key length should be a Kerberized Telnet depends on the authentication method that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server...:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials ...
...private DES key can be used to encrypt the secret key that the switch shares with the KDC so that the Telnet server uses. The key length should be a Kerberized Telnet depends on the authentication method that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server...:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials ...
Software Guide
Page 582
... pruning privatevlan qos radius rsvp security snmp spantree sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet ...Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality ...
... pruning privatevlan qos radius rsvp security snmp spantree sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet ...Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality ...
Software Guide
Page 877
... 3 MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview...figure 23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3...
... 3 MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview...figure 23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3...
Software Guide
Page 878
... See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default...to ISL 10 mapping reserved to non-reserved 9 mapping VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol...membership 10 monitoring 6 overview 1 reconfirming membership 7 troubleshooting 8 voice-over-IP network analog station gateway, 24-port FXS analog interface module 4 analog trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager...
... See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default...to ISL 10 mapping reserved to non-reserved 9 mapping VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol...membership 10 monitoring 6 overview 1 reconfirming membership 7 troubleshooting 8 voice-over-IP network analog station gateway, 24-port FXS analog interface module 4 analog trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager...