Software Guide
Page 11
...Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on ...Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported Features 27 Configuring...
...Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on ...Wiring Closet Configuration 22 Redirecting Broadcast Traffic to a Specific Server Port 23 Restricting the DHCP Response for a Specific Server 24 Denying Access to a Server on Another VLAN 25 Restricting ARP Traffic 26 Configuring ACLs on Private VLANs 26 Capturing Traffic Flows 27 Unsupported Features 27 Configuring...
Software Guide
Page 195
... on normal range vlan(s) 10 will be deactivated in VTP transparent mode, the VLAN is a VTP server): Console> (enable) clear vlan 500 This command will deactivate all switches in the VTP domain. • When you delete a normal-range VLAN in the entire management domain...Software Configuration Guide-Releases 6.3 and 6.4 11-13 Configuring Private VLANs These sections describe how private VLANs work: • Understanding How Private VLANs Work, page 11-14 • Private VLAN Configuration Guidelines, page 11-15 • Creating a Primary Private VLAN, page 11-18 • Viewing the Port ...
... on normal range vlan(s) 10 will be deactivated in VTP transparent mode, the VLAN is a VTP server): Console> (enable) clear vlan 500 This command will deactivate all switches in the VTP domain. • When you delete a normal-range VLAN in the entire management domain...Software Configuration Guide-Releases 6.3 and 6.4 11-13 Configuring Private VLANs These sections describe how private VLANs work: • Understanding How Private VLANs Work, page 11-14 • Private VLAN Configuration Guidelines, page 11-15 • Creating a Primary Private VLAN, page 11-18 • Viewing the Port ...
Software Guide
Page 196
... promiscuous ports only. Within a private VLAN are associated with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from the primary VLAN to the Multilayer Switch Feature Card (MSFC). Note With software release 6.2(1) and later releases, you can extend private VLANs across multiple Ethernet switches by isolated ports to...
... promiscuous ports only. Within a private VLAN are associated with routers, LocalDirector, backup servers, and administrative workstations. • An isolated port has complete Layer 2 separation from the primary VLAN to the Multilayer Switch Feature Card (MSFC). Note With software release 6.2(1) and later releases, you can extend private VLANs across multiple Ethernet switches by isolated ports to...
Software Guide
Page 197
... many isolated or community VLANs as desired; Isolated/community VLAN spanning tree properties are attached as promiscuous to allow all the private VLAN servers from an administration workstation. On an MSFC port or a nontrunk promiscuous port, you can only connect an MSFC router. For... automatic VLAN translation that the LocalDirector can load balance the servers present in one primary VLAN, an MSFC port does not have access to these results: - Chapter 11 Configuring VLANs Configuring Private VLANs In an Ethernet-switched environment, you can connect a wide range of devices as...
... many isolated or community VLANs as desired; Isolated/community VLAN spanning tree properties are attached as promiscuous to allow all the private VLAN servers from an administration workstation. On an MSFC port or a nontrunk promiscuous port, you can only connect an MSFC router. For... automatic VLAN translation that the LocalDirector can load balance the servers present in one primary VLAN, an MSFC port does not have access to these results: - Chapter 11 Configuring VLANs Configuring Private VLANs In an Ethernet-switched environment, you can connect a wide range of devices as...
Software Guide
Page 198
... Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types and mapping propagation. • You can configure VLANs as an isolated or community port.) If you delete either the primary or ...(Note that always have only one isolated VLAN and/or multiple communities associated with Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports by ASIC 24-port 100FX Multimode MT-RJ Ports 1-12 Ports 13-24 Ports 25-36 Ports ...
... Chapter 11 Configuring VLANs • After you configure a private VLAN, you cannot change the VTP mode to client or server mode, because VTP does not support private VLAN types and mapping propagation. • You can configure VLANs as an isolated or community port.) If you delete either the primary or ...(Note that always have only one isolated VLAN and/or multiple communities associated with Ports Listed by ASIC Groups Module Number WS-X6224-100FX-MT WS-X6248-RJ-45 WS-X6248-TEL Description Ports by ASIC 24-port 100FX Multimode MT-RJ Ports 1-12 Ports 13-24 Ports 25-36 Ports ...
Software Guide
Page 318
..., page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 • Restricting ARP Traffic, page 16-26 • Configuring ACLs on Switch A. If you can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, page 16...
..., page 16-23 • Restricting the DHCP Response for a Specific Server, page 16-24 • Denying Access to a Server on Another VLAN, page 16-25 • Restricting ARP Traffic, page 16-26 • Configuring ACLs on Switch A. If you can configure a VACL on Private VLANs, page 16-26 • Capturing Traffic Flows, page 16...
Software Guide
Page 322
... that are mapped to a primary VLAN get mapped to the associated secondary VLANs. • You cannot map Cisco IOS ACLs to secondary VLANs. • You cannot map dynamic ACEs to a private VLAN. • You can map QoS ACLs to secondary VLANs or primary VLANs. To allow you enter this ...VACLs in your Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC Subnet 10.1.2.0/24 Host (VLAN 20) 26963 Restricting ARP Traffic Note This ...
... that are mapped to a primary VLAN get mapped to the associated secondary VLANs. • You cannot map Cisco IOS ACLs to secondary VLANs. • You cannot map dynamic ACEs to a private VLAN. • You can map QoS ACLs to secondary VLANs or primary VLANs. To allow you enter this ...VACLs in your Network Chapter 16 Configuring Access Control Figure 16-7 Deny Access to a Server on Another VLAN VACL 10.1.1.100 Server (VLAN 10) 10.1.1.4 Host (VLAN 10) 10.1.1.8 Host (VLAN 10) Catalyst 6500 series switches with PFC Subnet 10.1.2.0/24 Host (VLAN 20) 26963 Restricting ARP Traffic Note This ...
Software Guide
Page 441
...; Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 Configuring a Kerberos Server Before you can use Kerberos as follows: ktadd host/Cat6509.cisco.edu@CISCO.EDU Move the keytab file to a place where the switch can reach it. 78...
...; Defining and Clearing a Private DES Key, page 21-38 • Encrypting a Telnet Session, page 21-38 • Displaying and Clearing Kerberos Configurations, page 21-39 Configuring a Kerberos Server Before you can use Kerberos as follows: ktadd host/Cat6509.cisco.edu@CISCO.EDU Move the keytab file to a place where the switch can reach it. 78...
Software Guide
Page 448
... that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled ...mode: Task Clear a DES key from the switch. Configuring Authentication Chapter 21 Configuring Switch Access Using AAA Defining and Clearing a Private DES Key You can define a private DES key for the switch. If the Telnet server uses Kerberos for the duration of the Telnet ...
... that when the show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled ...mode: Task Clear a DES key from the switch. Configuring Authentication Chapter 21 Configuring Switch Access Using AAA Defining and Clearing a Private DES Key You can define a private DES key for the switch. If the Telnet server uses Kerberos for the duration of the Telnet ...
Software Guide
Page 582
... sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality of Service Remote Access...
... sys tac tcp Definition All facilities ACL facility Cisco Discovery Protocol Common Open Policy Server Dynamic Trunking Protocol Dynamic VLAN Enhanced Address Recognition Logic File System GARP VLAN Registration Protocol Internet Protocol Kernel ASLB facility Multicast Management Multilayer Switching Port Aggregation Protocol Protocol Filter VTP pruning Private VLAN facility Quality of Service Remote Access...
Software Guide
Page 877
... 3 MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview...figure 23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3...
... 3 MISTP mode 13 PVST+ mode 13 uploading configuration files preparation 5, 8 running configuration 5, 8 TFTP 5 software images preparation 8, 15 rcp server 15 supervisor 9, 15 supervisor engine 9 user EXEC mode 9 user sessions disconnecting 6 monitoring 6 78-13315-02 Index V VACLs 3 ACEs overview...figure 23 guidelines 28 summary 29 configuration guidelines 28 configuring 28 configuring for policy-based forwarding 46 configuring on private VLANs 26 denying access to a server on another VLAN figure 26 procedure 25 features unsupported 27 hardware requirements 2 Layer 2 parameters 5 Layer 3...
Software Guide
Page 878
...VLAN Access Control Lists See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default configuration 4 deleting ...VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol filtering and 1 reserved range 2 sc0 (in-band) interface assignment 2 Token Ring ...trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager 4 IN-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02
...VLAN Access Control Lists See VACLs VLAN-based SPAN, see VSPAN VLAN filtering trunk 4 VLAN Management Policy Server See VMPS VLANs allowed on trunk 7 auxiliary 8, 19 clearing VLAN mappings 9 default configuration 4 deleting ...VLANs to VLANs 9 MISTP VLAN conflicts See MISTP native 802.1Q and 4 normal range 2, 5 private See private VLANs protocol filtering and 1 reserved range 2 sc0 (in-band) interface assignment 2 Token Ring ...trunk gateway, description 5 auxiliary VLANs, configuring 19 Cisco CallManager 4 IN-30 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02