Index
Symbols
:: (double colon), 42
? (question mark), using for help, 60–61
[tab] key, completing commands, 60
Numbers
0 (zero), wildcard masks, 150, 198
1 (one), wildcard masks, 150, 198
232 bit addressing, 7
2xxx/3xxx series (BPDU Guard), Spanning Tree Protocol, 103
9xxx Series (BPDU Guard), Spanning Tree Protocol, 103
802.1AB (Link Layer Discovery Protocol), 123
2960 series switches, 70
secure configuration, 194
2960 switch, VLAN configurations, 80–81
2960/9200 series switches, 70
network topology, 72
9200 series switches, 70
A
AAA (authentication, authorization, and accounting) server, storing passwords, 217
access 1 switch (2960)
PVST+ (Per VLAN Spanning Tree), configuration examples, 107
PVST+ to Rapid-PVST+, migration example, 108
access 2 switch (2960)
PVST+ (Per VLAN Spanning Tree), configuration examples, 107–108
PVST+ to Rapid-PVST+, migration example, 108
access control entry (ACE), 199
access control lists. See ACLs (access control lists)
access lists, limiting NTP access, 178
access number lists, 197
access-class command, 220
access-class keyword, 207
access-group command, 220
access-group keyword, 207
ACE (access control entry), 199
ACLs (access control lists), 197
extended ACLs
applying to interfaces, 201
log keyword, 202
including comments about entries, 205
IPv4 ACLs, configuration examples, 208–210
IPv6 ACLs, 207
configuration examples, 210–211
verifying, 207
keywords, 198
named ACLs
creating, 203
removing specific lines with sequence numbers, 204
removing, 200
restricting virtual terminal access, 205–206
standard ACLs
applying to interfaces, 199–200
verifying, 200
wildcard masks, 198
acronyms for time zones, 180–181
AD (administrative distance), 143
floating static routes in IPv4, 143–144
address types, IPv6 addresses
anycast addresses, 50
addresses
broadcast addresses, 3
host addresses, 3
IPv4 addresses. See IPv4 addresses
IPv6 addresses. See IPv6 addresses
local addresses versus remote addresses, IPv4 addresses, 7
MAC addresses, 2
multicast addresses. See multicast addresses
network addresses, 3
remote addresses versus local addresses, IPv4 addresses, 7
remote ip addresses, mapping local host names to, 134
RFC (private) 1918 addresses, 165
static MAC addresses, configuring, 188
sticky MAC addresses, configuring, 189
unicast addresses. See unicast addresses
unique local addresses, 45
unspecified addresses, 45
well-known multicast addresses, IPv6 addresses, 49
administrative distance (AD), 143
floating static routes in IPv4, 143–144
Advanced Monitor Summary screen, WLC (Wireless LAN Controller), 230
algorithm types, password encryption, 218–219
ALSwitch1 (2960 or 9200), EtherChannel (configuration examples), 118–119
ALSwitch2 (2960 or 9200), EtherChannel (configuration examples), 119–120
ANSI/TIA cabling standards, 56
any keyword, 198
anycast addresses, IPv6 addresses, 50
appearance of
IPv4 addresses, 2
IPv6 addresses, 40
archive config command, 214
ARP (Address Resolution Protocol), disabling, 221
assigning
IPv4 addresses to fast Ethernet interfaces, 132
IPv4 addresses to gigabit Ethernet interfaces, 132
IPv6 addresses to interfaces, 133
ports to VLANs, 76
authentication, NTP (Network Time Protocol), 177
authentication, authorization, and accounting (AAA) server, storing passwords, 217
Authentication Key Management, 248–249
Auto-MDIX feature, 71
autosensing cable types, switches, 56
B
backup designated router (BDR), OSPF (Open Shortest Path First), 153
backups, configuration backups, 213–214
banners
login banners, 134
message-of-the-day banner, 133
BDR (backup designated router), OSPF (Open Shortest Path First), 153
binary, subnetting
binary math, 11
BOOTP server, disabling, 221
BPDU Guard (2xxx/3xxx Series), Spanning Tree Protocol, 103
BPDU Guard (9xxx Series), Spanning Tree Protocol, 103
broadcast addresses, 3
C
cables
ANSI/TIA cabling standards, 56
rollover cables, connecting to routers or switches, 51
T568A versus T568 B, 57
USB cables, connecting to routers or switches, 51–52
CAM (Content Addressable Memory) table, 188
Catalyst 9xxx series, 67
Catalyst 2960 (L2Switch1), inter-VLAN communication (configuration examples), 92–96
Catalyst 3560 (L3Switch1), inter-VLAN communication (configuration examples), 94–95
Catalyst 3650 (L3Switch1), inter-VLAN communication (configuration examples), 94–95
Catalyst 3750 (L3Switch1), inter-VLAN communication (configuration examples), 94–95
CDP (Cisco Discovery Protocol), 76, 121
configuring, 121
design tips, 122
disabling, 221
verifying, 122
changing spanning-tree mode, 99
channel-group command, 114
Cisco Discovery Protocol (CDP), 76, 121
configuring, 121
design tips, 122
disabling, 221
verifying, 122
Cisco IP Phones
configuring voice and data with trust, 77
DHCP servers, 160
Class B
IPv4 addresses, 5
subnetting using binary, 15–17
Class C
IPv4 addresses, 5
subnetting using binary, 12–15
Class D, IPv4 addresses, 5
classes of IPv4 addresses, 4–5
classless addressing, IPv4 addresses, 7–9
clear errdisable interface interface-id vlan, 190
clear ip ospf process, 152
clock rate command, 132
clocks, setting on routers, NTP (Network Time Protocol), 179–182
command modes
configuring switches, 68
command-line interface
console error messages, 60
disable command, 61
enable command, 61
end command, 61
exit command, 61
history commands, 63
logout command, 62
question mark (?) for help, 60–61
setup mode, 62
shortcuts for entering commands, 59
show commands, 64
[tab] key, 60
terminal commands, 64
commands, 190
archive config, 214
begin, 65
channel-group, 114
clear ip ospf process, 152
clear mac address-table, 190
clock rate, 132
command modes, 68
completing with [tab] key, 60
configure terminal, 138
copy running-config startup-config, 79, 214
default ?, 66
default command-name, 66
disable, 61
do, 138
enable, 61
enable secret password, 127, 217
end, 61
erase startup-config, 69
exec-timeout, 136
forward-time, 102
hello-time, 102
help, 68
history, 63
history size, 64
hostname, 219
interface range, 76
ip access-list resequence, 205
ip forward-helper udp x, 161
ip helper-address, 161
ip name-server, 135
ip route, 142
ipv6 enable, 133
log-adjacency-changes, 150
logout, 62
MAC address table, 72
max-age, 102
more, 64
network area, 150
no cdp enable, 122
no cdp run, 122
no ip forward-protocol udp x, 161
no switchport, 88
ntp master, 176
ntp peer, 176
port channel, 114
range, 76
remark, 205
router ospf x, 152
service password-encryption, 217–218
service sequence-numbers global configuration, 215
service timestamps log datetime global configuration, 215
setting duplex operation, 71
for setting interface descriptions, 70
setting operation speed, 71–72
shortcuts for entering, 59
show commands, 64
show con?, 60
show interfaces, 68
show interfaces vlanx, 68
show ntp associations, 176
show running-config, 71, 126, 138, 152
show version, 64
show vlan privileged EXEC, 75
spanning-tree portfast default global configuration, 102
spanning-tree portfast disable interface configuration, 102
spanning-tree vlan x root primary, 102
spanning-tree vlan x root secondary, 102
switchport mode access, 76, 84
switchport mode dynamic desirable, 83
switchport mode nonegotiate, 83
switchport mode trunk, 83
switchport trunk encapsulation negotiate, 84
switchport trunk pruning vlan, 86
terminal commands, 64
terminal history size, 64
terminal length x, 64
transport preferred none, 135
username, 217
verifying commands, 68
write, 137
write-memory, 214
comments, including in ACLs, 205
completing commands with [tab] key, 60
configuration backups, 213–214
configuration examples, EtherChannel, 117
configuration mode, EXEC commands (do), 138
configurations
erasing, routers, 136
saving, routers, 136
configure terminal command, routers, 138
configuring
ACLs (access control lists), tips for, 206–207
CDP (Cisco Discovery Protocol), 121
DAI (Dynamic ARP Inspection), 193
DHCP clients, on IOS software ethernet interface, 162
DHCP helper addresses, 161
DHCP scope, WLC (Wireless LAN Controller), 234–237
DHCP servers, on IOS routers, 159–160
EtherChannel
layer 3 EtherChannel, 114
inter-VLAN communication, on L3 switches, 88
IPv4 default routes, 144
IPv6 default routes, 147
IPv6 static route configuration, 146–147
LACP hot-standby ports, EtherChannel, 115–116
layer 2 EtherChannel, 113
LLDP (Link Layer Discovery Protocol) (802.1AB), 123
load balancing, EtherChannel, 114–115
NTP (Network Time Protocol), 175–176
OSPF (Open Shortest Path First), 150
passwords
device hardening, 217
PAT (Public Address Translation), 167–169
path cost, Spanning Tree Protocol, 101
port priority, Spanning Tree Protocol, 100–101
PortFast, Spanning Tree Protocol, 102–103
root switch, Spanning Tree Protocol, 100
routers
router names, 126
serial interfaces, 132
secondary root switches, 100
static MAC addresses, 188
sticky MAC addresses, 189
STP timers for Spanning Tree Protocol, 102
switch priority of VLANs, Spanning Tree Protocol, 101–102
switches
command modes, 68
help commands, 68
MAC address table, 72
resetting switch configuration, 69
setting duplex operation, 71
setting host names, 69
setting interface descriptions, 70
setting operation speed, 71–72
setting up IP addresses and default gateways, 70
verifying commands, 68
syslog, 215
VLAN (Dynamic) interface, 230–234
VLANs (virtual LANs)
voice and data with trust, 77
voice and data without trust, 78
voice VLAN, 76
WLANs (wireless LANs), 237–239
confog, 135
connecting
rollover cables to routers or switches, 51
routers or switches, terminal settings, 52
connections, LAN connections, 53
connectors, USB-to-serial connector for laptops, 55
console error messages, 60
Content Addressable Memory (CAM) table, 188
copy running-config startup-config command, 79, 214
routers, 136
copy running-config tftp command, 136
core switch (3650)
PVST+ (Per VLAN Spanning Tree), configuration examples, 105–106
PVST+ to Rapid-PVST+, migration example, 109
CORP routers, inter-VLAN communication, configuration examples, 90–92
Create Your Wireless Networks Wizard page, WLC (Wireless LAN Controller), 225–226
D
DAI (Dynamic ARP Inspection)
configuring, 193
verifying, 193
DCE cables, 54
serial interfaces, 132
dead interval timer, OSPF (Open Shortest Path First), 153
default ? command, 66
default command-name, 66
default dead interval timer, OSPF (Open Shortest Path First), 153
default EtherChannel configuration, 112
default gateways, configuring switches, 70
default hello timer, OSPF (Open Shortest Path First), 153
delimiting characters, 133–134
deny, ACLs (access control lists), 199
deny ipv6 any any command, 211
design, NTP (Network Time Protocol), 176–177
design tips, CDP (Cisco Discovery Protocol), 122
designated router (DR), OSPF (Open Shortest Path First), 153
detail keyword, 150
device hardening, 217
configuring
passwords, 217
disabling unneeded services, 221
password encryption, 218
restricting virtual terminal access, 220–221
device monitoring, 213
configuration backups, 213–214
logging, 214
syslog
configuring, 215
message example, 216
message format, 215
severity levels, 216
DHCP (Dynamic Host Configuration Protocol)
configuration examples, 162–164
disabling, 221
snooping, configuring, 190–192
DHCP address allocation, 191
DHCP clients, configuring on IOS software ethernet interface, 162
DHCP helper addresses, configuring, 161
DHCP scope, configuring, 234–237
DHCP servers
Cisco IP Phones, 160
configuring on IOS routers, 159–160
verifying and troubleshooting, 160–161
DHCP snooping
verifying, 192
diameter keyword, 100
Differentiated Services Code Point (DSCP), 77
disable command, 61
disabling unneeded services, 221
distribution 1 switch (3650)
PVST+ (Per VLAN Spanning Tree), configuration examples, 106
PVST+ to Rapid-PVST+, migration example, 109
distribution 2 switch (3650)
PVST+ (Per VLAN Spanning Tree), configuration examples, 106
PVST+ to Rapid-PVST+, migration example, 109
DLSwitch (3560 or 9300), EtherChannel, configuration examples, 117–118
DNS (Domain Name System), routers, 134–135
DNS name resolution, disabling, 221
do command, routers, 138
dot1q trunking, 84
double colon (::), 42
DR (designated router), OSPF (Open Shortest Path First), 153
DSCP (Differentiated Services Code Point), 77
dst-ip, 114
dst-mac, 114
dst-port, 114
DTP (Dynamic Trunking Protocol), 83–84
duplex operations, configuring switches, 71
Dynamic ARP Inspection (DAI)
configuring, 193
verifying, 193
Dynamic Host Configuration Protocol (DHCP)
configuration examples, 162–164
disabling, 221
E
enable command, 61
enable password command, 127, 217
enable secret password command, 127, 217
end command, 61
erase startup-config, 69
routers, 136
erase startup-config command, 69
erasing
configurations, routers, 136
error-disabled ports
recovering automatically from, 190
verifying autorecovery, 190
errors messages, console error messages, 60
EtherChannel, 111
configuration examples, 117
ALSwitch1 (2960 or 9200), 118–119
ALSwitch2 (2960 or 9200), 119–120
DLSwitch (3560 or 9300), 117–118
configuring
LACP hot-standby ports, 115–116
Layer 2 EtherChannel, 113
Layer 3 EtherChannel, 114
default configuration, 112
guidelines for configuring, 112–113
interface modes, 111
monitoring, 116
verifying, 116
Ethernet links, 24
examples
EtherChannel
ALSwitch 1 (2960 or 9200), 118–119
ALSwitch2 (2960 or 9200), 119–120
DLSwitch (3560 or 9300), 117–118
inter-VLAN communication, 89
L2Switch2 (Catalyst 2960), 92–96
L3Switch1 (Catalyst 3560/3650/3750), 94–95
NTP (Network Time Protocol), 182–186
OSPF (Open Shortest Path First), single-area OSPF, 154–157
PAT (Public Address Translation), 171–173
PVST+ (Per VLAN Spanning Tree), 104–105
router configurations, 138–140
routers, 138
EXEC-level mode
configuration mode, do command, 138
routers, 126
exec-timeout, 136
exit, 61
extended, 115
extended ACLs
applying to interfaces, 201
log keyword, 202
extended system ID, enabling, for Spanning Tree Protocol, 103
external routers, inter-VLAN communication, with external routers (router-on-a-stick), 87
F
fast Ethernet interface, assigning IPv4 addresses, 132
flat addresses, MAC addresses, 2
floating static routes
IPv4 addresses and administrative distance (AD), 143–144
IPv6, 147
formulas for subnetting network address spaces, 12
forward-time command, 102
G
gigabit Ethernet interfaces, assigning IPv4 addresses, 132
global configuration mode, routers, 126
H
hello interval timer, OSPF (Open Shortest Path First), 153
hello-time command, 102
hello-time keyword, 100
help
help commands, configuring switches, 68
hexidecimal digits, IPv6 addresses, 40
hierarchical addresses, IPv4 addresses, 1
history commands, 63
history size command, 64
host addresses, 3
host bits, 11
host keyword, 198
host names, setting for switches, 69
hostname command, 219
HTTP service, disabling, 221
HTTP-HTTPS Configuration page, 244
I
IEEE Standard 802.1Q (dot1q), 84
IETF (Internet Engineering Task Force), 39–40
illegal characters in host names, 69
implementing logging, 214
implicit deny rule, 211
in keyword, 200
information, verifying for VLANs, 78
interface descriptions, configuring, switches, 70
interface modes,
EtherChannel, 111
routers, 126
interface names, routers, 127–131
interface range command, 76
interfaces, moving between, 131
Internet Engineering Task Force (IETF), 39–40
Inter-Switch Link (ISL), 84
inter-VLAN communication
configuration examples, 89
L2Switch1 (Catalyst 2960), 95–96
L2Switch2 (Catalyst 2960), 92–94
L3Switch1 (Catalyst 3560/3650/3750), 94–95
with external routers (router-on-a-stick), 87
on multilayer switches, through SVI (Switch Virtual Interface), 88
network topology, 89
IOS routers, configuring DHCP servers, 159–160
IOS software ethernet interface, configuring DHCP clients, 162
ip access-list resequence command, 205
IP addresses, configuring switches, 70
ip forward-helper udp x, 161
ip helper-address, 161
ip name-server command, 135
ip ospf process ID area area number command, 151
IP redirects, disabling, 221
IP source routing, disabling, 221
ip subnet zero, 23
IPv4 ACLs, configuration examples, 208–210
appearance of, 2
assigning to fast Ethernet interfaces, 132
floating static routes in IPv4 and administrative distance (AD), 143–144
local versus remote addresses, 7
network bits versus node (host) bits, 5–6
network masks, 2
writing, 3
RFC (private) 1918 addresses, 6–7
subnetwork masks, 2
writing, 3
IPv4 embedded addresses, 45
IPv6 addresses, 48
IPv4 static routes
configuration examples, 144–146
verifying, 144
IPv6, 7
floating static routes, 147
IPv6 ACLs, 207
configuration examples, 210–211
verifying, 207
anycast addresses, 50
appearance of, 40
assigning to interfaces, 133
IPv6 default routes, configuring, 147
ipv6 enable command, 133
IPv6 static route
verifying, 147
ipv6-label, 115
ISL (Inter-Switch Link), 84
ISP router, inter-VLAN communication (configuration examples), 89–90
K
keyboard help, command-line interface, 62–63
keywords
access-class, 207
access-group, 207
any, 198
detail, 150
diameter, 100
hello-time, 100
host, 198
in, 200
log, 202
log-input, 202
overload, 168
priority, 101
traffic-filter, 207
voice, 189
L
L2 switchport capability, removing on L3 switches, 88
L2Switch2 (Catalyst 2960), inter-VLAN communication (configuration examples), 92–96
L3 switches
configuring inter-VLAN communication, 88
removing L2 switchport capability, 88
l3-proto, 115
L3Switch1 (Catalyst 3560/3650/3750), inter-VLAN communication (configuration examples), 94–95
LACP hot-standby ports, configuring for EtherChannel, 115–116
LAN connections, 53
Layer 2 EtherChannel, configuring, 113
Layer 3 EtherChannel, configuring, 114
leading bit pattern, 4
limiting NTP access with access lists, 178
line mode, routers, 126
Link Layer Discovery Protocol (LLDP) (802.1AB), 123
configuring, 123
verifying and troubleshooting, 124
link-local unicast addresses, 45–47
LLDP (Link Layer Discovery Protocol) (802.1AB), 123
configuring, 123
verifying and troubleshooting, 124
load balancing, configuring for EtherChannel, 114–115
local addresses versus remote addresses, IPv4 addresses, 7
local host names, mapping to remote IP addresses, 134
log keyword, 202
log-adjacency-changes, 150
logging
implementing, 214
into WLC, 229
logging console, 202
login banners, creating, 134
log-input keyword, 202
logout command, 62
Logs Config page, 245
loopback interfaces, OSPF (Open Shortest Path First), 152
M
MAC address table, switches, 72
MAC addresses, 2
management options, WLC (Wireless LAN Controller), 242–245
Management Summary page, WLC (Wireless LAN Controller), 242
mapping local host names to remote ip addresses, 134
max-age command, 102
mdix auto command, configuring switches, 70–71
message-of-the-day banner, 133
messages, syslog, 216
migration example, Spanning Tree Protocol (PVST+ to Rapid-PVST+), 108–109
monitoring
EtherChannel, 116
WLC (Wireless LAN Controller), 229–230
more command, pipe parameter (|), 64–65
MOTD (message-of-the-day) banner, 133
moving between interfaces, 131
MSTP (Multiple Spanning Tree Protocol), 98
multiarea OSPF, 150
multicast addresses, IPv6 addresses, 48–49
solicited-node multicast addresses, 50
well-known multicast addresses, 49
multilayer switches, inter-VLAN communication through SVI (Switch Virtual Interface), 88
Multiple Spanning Tree Protocol (MSTP), 98
N
named ACLs
creating, 203
removing specific lines with sequence numbers, 204
NAT (Network Address Translation)
PAT (Public Address Translation), 167–169
configuration examples, 171–173
RFC (private) 1918 addresses, 6
troubleshooting, 171
verifying, 170
NDP (Neighbor Discovery Protocol), 211
network address spaces, formulas for subnetting, 12
Network Address Translation (NAT), RFC (private) 1918 addresses, 6
network addresses, 3
network area command, 150
network bits, 11
versus node (host) bits, IPv4 addresses, 5–6
network masks, IPv4 addresses, 2
writing, 3
Network Time Protocol. See NTP (Network Time Protocol)
network topology
for 2960 series switch configuration, 72
ACL configurations, 208
DHCP configuration, 162
EtherChannel, 117
inter-VLAN communication, 89
IPv6 static route configuration, 147
NTP (Network Time Protocol), 183
PAT (Public Address Translation), 167, 171
router configurations, 138
single-area OSPF, 155
Static NAT, 169
static route configuration, 145
STP configuration example, 105
switch security, 194
VLAN configurations, 80
no banner login command, 134
no banner motd command, 133
no cdp enable command, 122
no cdp run command, 122
no ip domain-lookup command, 134–135
no ip forward-protocol udp x command, 161
no switchport command, 88
node (host) bits versus network bits, IPv4 addresses, 5–6
NTP (Network Time Protocol), 175
authentication, 177
configuration examples, 182–186
disabling, 221
limiting access with access lists, 178
securing, 177
setting clocks on routers, 179–182
single-letter time zone designators, 181–182
time stamps, 182
verifying and troubleshooting, 178
ntp master command, 176
ntp peer command, 176
NTPv4, 176
O
octets, 2
wildcard masks, 151
omitting all-0s hextets, IPv6 addresses, 42
omitting leading 0s, IPv6 addresses, 41
on-board port, 128
Open Shortest Path First. See OSPF
operation speed, configuring, switches, 71–72
OSPF (Open Shortest Path First), 149
configuration examples, single-area OSPF, 154–157
configuring, 150
DR/BDR elections, 153
loopback interfaces, 152
multiarea OSPF, 150
router ID, 152
timers, 153
troubleshooting, version 2, 154
version 2 versus version 3, 149–150
overload keyword, 168
P
password backdoor, 127
password encryption
device hardening, 218
routers, 127
passwords
configuring, 217
setting on switches, 187
storing, 217
VTP (VLAN Trunking Protocol), 85
PAT (Public Address Translation), 167–169
configuration examples, 171–173
troubleshooting, 171
verifying, 170
path cost, configuring for Spanning Tree Protocol, 101
Per VLAN Spanning Tree (PVST+), 97–98
permanent keyword, static routing, 142–143
permit any command, ACLs (access control lists), 199
permit ip any any command, 199
pinouts for different cables, 56
pipe parameter (|) options parameter, 65
port channel command, 114
port priority, configuring (Spanning Tree Protocol), 100–101
PortFast, configuring (Spanning Tree Protocol), 102–103
ports
assigning to VLANs, 76
error-disabled ports, recovering automatically from, 190
RJ-45 ports, 52
prefix length notation, IPv6 addresses, 43–44
prefix-length, 43
priority keyword, 101
private IP addresses, RFC (private) 1918 addresses, 165
privilege EXEC modes, 126, 134
protocols
ARP (Address Resolution Protocol), disabling, 221
CDP (Cisco Discovery Protocol), 121
configuring, 121
design tips, 122
verifying, 122
DHCP. See DHCP (Dynamic Host Configuration Protocol)
DTP (Dynamic Trunking Protocol), 83–84
LLDP (Link Layer Discovery Protocol) (802.1AB), 123
configuring, 123
verifying, 124
MSTP (Multiple Spanning Tree Protocol), 98
NDP (Neighbor Discovery Protocol), 211
NTP (Network Time Protocol). See NTP (Network Time Protocol)
Proxy Address Resolution Protocol (ARP), 221
Spanning Tree Protocol. See Spanning Tree Protocol (STP)
RSTP (Running Spanning Tree Protocol), 98
VTP (VLAN Trunking Protocol), 84–86
passwords, 85
pruning, 86
verifying, 86
Proxy Address Resolution Protocol (ARP), disabling, 221
pruning, VTP (VLAN Trunking Protocol), 86
Public Address Translation (PAT), 167–169
PVST+ (Per VLAN Spanning Tree), 97–98
configuration examples, 104–105
access 1 switch (2960), 107
access 2 switch (2960), 107–108
distribution 1 switch (3650), 106
distribution 2 switch (3650), 106
PVST+ to Rapid-PVST+, Spanning-Tree migration example, 108–109
Q
R
RADIUS Authentication Servers page, 241
RADIUS servers, WLC (Wireless LAN Controller), 239–241
range command, 76
Rapid PVST+, 98
rebooting WLC (Wireless LAN Controller), 229
recovering automatically from error-disabled ports, 190
recursive lookups, static routing, 142
reducing notation of IPv6 addresses, 41–43
reference clocks, 176
remark command, 205
remote addresses versus local addresses, IPv4 addresses, 7
remote ip addresses, mapping local host names to, 134
removing
ACLs (access control lists), 200
L2 switchport capability on L3 switches, 88
specific lines from ACLs with sequence numbers, 204
requirements for route summarization, 38
resetting switch configuration, 69
restricting virtual terminal access
ACLs (access control lists), 205–206
RF Parameter Optimization settings, WLC (Wireless LAN Controller), 227
RFC (private) 1918 addresses, 165
RJ45 Gio/o/o, 130
RJ-45 ports, 52
rollover cables, connecting to routers or switches, 51
root switch
configuring (Spanning Tree Protocol), 100
secondary root switches, configuring, 100
route flapping, route summarization, 38
route summarization, 33
requirements for, 38
route flapping, 38
router configuration mode, routers, 126
router configurations, network topology, 138
router ID, OSPF (Open Shortest Path First), 152
Router Model 1721, 128
Router Model 1760, 128
Router Model 1841, 128
Router Model 1941/1941W, 130
Router Model 2501, 128
Router Model 2514, 128
Router Model 2610, 128
Router Model 2611, 128
Router Model 2620, 128
Router Model 2621, 128
Router Model 2801, 129
Router Model 2811, 129
Router Model 2901, 130
Router Model 2911, 130
Router Model 4221/4321, 130
router modes, 126
router names, configuring, 126
router ospf x command, 152
router-on-a-stick, inter-VLAN communication, 87
routers
assigning
IPv4 addresses to fast Ethernet interfaces, 132
IPv4 addresses to gigabit Ethernet interfaces, 132
IPv6 addresses to interfaces, 133
clocks, setting (NTP), 179–182
configuration examples, 138
configuring
router names, 126
serial interfaces, 132
connecting
rollover cables, 51
terminal settings, 52
CORP routers, inter-VLAN communication examples, 90–92
DNS (Domain Name System), 134–135
erasing configurations, 136
EXEC commands, in configuration mode, 138
exec-timeout, 136
global configuration mode, 126
inter-VLAN communication with external routers (router-on-a-stick), 87
IOS routers, configuring DHCP servers on, 159–160
ISP router, inter-VLAN communication examples, 89–90
login banners, creating, 134
mapping local host names to remote ip addresses, 134
message-of-the-day banner, 133
moving between interfaces, 131
password encryption, 127
saving configurations, 136
verifying configurations with show commands, 137–138
write, 137
routing, static routing. See static routing
RSTP (Running Spanning Tree Protocol), 98
S
samples, networks needing VLSM address plans, 24
saving
configurations, routers, 136
VLAN configurations, 79
secondary root switches, configuring, 100
Secure Shell (SSH)
verifying, 220
securing NTP (Network Time Protocol), 177
security, WLANs, 226
Security Policies field, WLANs, 250
sequence numbers
serial cable (2500 series), 53
serial interfaces, configuring, 132
serial links, 24
servers, DHCP servers. See DHCP servers
service password-encryption command, 217–218
service sequence-numbers global configuration command, 215
service timestamps log datetime global configuration command, 215
Set Up Your Controller Wizard page, WLC (Wireless LAN Controller), 225
setup mode, 62
severity levels, syslog, 216
SFP Gio/o/o, 130
shortcuts
for entering commands, 59
show commands, 64
verifying router configurations, 137–138
show con? command, 60
show errdisable recovery command, 190
show flash command, 64
show history command, 64
show interfaces command, 68
show interfaces status err-disabled command, 190
show interfaces vlanx command, 68
show ip interface brief command, 128
show ntp associations command, 176
show running-config command, 71, 126
OSPF (Open Shortest Path First), 152
routers, 138
show version command, 64
show vlan privileged EXEC command, 75
Simplified Setup Start page, WLC (Wireless LAN Controller), 224
single-area OSPF, configuration examples, 154–157
single-letter time zone designators, 181–182
sizing classes of IPv4 addresses, 5–6
slots, 128
smart serial cables, 54
SNMP System Summary page, 242–243
SNMP Trap Controls General Tab, 243
solicited-node multicast addresses, IPv6 addresses, 50
Spanning Tree Protocol (STP)
BPDU Guard (2xxx/3xxx Series), 103
BPDU Guard (9xxx Series), 103
changing spanning-tree mode, 99
configuration example, network topology, 105
configuring
path cost, 101
root switch, 100
secondary root switches, 100
STP timers, 102
switch priority of VLANs, 101–102
enabling, 98
extended system ID, enabling, 103
migration example, PVST+ to Rapid-PVST+, 108–109
PVST+ (Per VLAN Spanning Tree)
access 1 switch (2960), 107
access 2 switch (2960), 107–108
configuration examples, 104–105
distribution 1 switch (3650), 106
distribution 2 switch (3650), 106
troubleshooting, 104
verifying, 104
spanning-tree mode, changing, 99
spanning-tree portfast default global configuration command, 102
spanning-tree portfast disable interface configuration command, 102
spanning-tree vlan x root primary command, 102
spanning-tree vlan x root secondary command, 102
src-dst-ip, 115
src-dst-mac, 115
src-dst-mixed-ip-port, 115
src-ip, 115
src-port, 115
SSH (Secure Shell)
verifying, 220
standard ACLs
applying to interfaces, 199–200
static MAC addresses, configuring, 188
static routing
configuration examples, IPv4 static routes, 144–146
configuring
IPv4 default routes, 144
IPv6 default routes, 147
floating static routes in IPv4 and administrative distance (AD), 143–144
floating static routes in IPv6, 147
recursive lookups, 142
verifying
IPv4 static routes, 144
IPv6 static routes, 147
static VLANs, creating, 75
with VLAN configuration mode, 75–76
sticky MAC addresses, configuring, 189
storing passwords, 217
STP. See Spanning Tree Protocol (STP)
STP configuration example, network topology, 105
STP timers, configuring (Spanning Tree Protocol), 102
stratum, 176
subinterface mode, routers, 126
subnetting, 11
Class B networks, using binary, 15–17
Class C network, using binary, 12–15
IP subnet zero, 23
network address spaces, formulas for, 12
VLSM (variable-length subnet masking), 23
subnetwork masks, IPv4 addresses, 2
writing, 3
supernetting. See route summarization
SVI (switched virtual interface), inter-VLAN communication, on multilayer switches, 88
switch port security
switch priority of VLANs, configuring, for Spanning Tree Protocol, 101–102
switch security, configuration examples, 194–196
switched virtual interfaces (SVI), inter-VLAN communication, on multilayer switches, 88
switches
2960/9200 series switches, 70
autosensing cable types, 56
configuring
command modes, 68
help commands, 68
MAC address table, 72
resetting switch configuration, 69
setting duplex operation, 71
setting host names, 69
setting interface descriptions, 70
setting operation speed, 71–72
setting up IP addresses and default gateways, 70
static MAC addresses, 188
sticky MAC addresses, 189
verifying commands, 68
connecting
rollover cables, 51
terminal settings, 52
DHCP snooping, configuring, 190–192
inter-VLAN communication, on multilayer switches through SVI, 88
recovering automatically from error-disabled ports, 190
root switch, configuring, 100
secondary root switches, configuring, 100
setting passwords, 187
switch port security, verifying, 189–190
verifying autorecovery of error-disabled ports, 190
switchport mode access command, 76, 84
switchport mode dynamic auto command, 83
switchport mode dynamic desirable command, 83
switchport mode nonegotiate command, 83
switchport mode trunk command, 83
switchport port-security mac-address sticky command, 189
switchport trunk encapsulation negotiate command, 84
switchport trunk pruning vlan command, 86
syslog
configuring, 215
message example, 216
message format, 215
severity levels, 216
System Configuration Dialog (setup mode), 62
T
T568A versus T568B cables, 57
T568B versus T568A cables, 57
Tech Support > System Resource Information page, 245
Telnet-SSH configuration, 244
terminal commands, 64
terminal settings, connecting, routers or switches, 52
time stamps, NTP (Network Time Protocol), 182
time zone designators, 181–182
timers, OSPF (Open Shortest Path First), 153
traffic-filter keyword, 207
transparent mode, VLANs, 76
transport preferred none command, 135
troubleshooting
CDP (Cisco Discovery Protocol), 122
LLDP (Link Layer Discovery Protocol) (802.1AB), 124
NAT (Network Address Translation), 171
NTP (Network Time Protocol), 178
OSPF (Open Shortest Path First), version 2, 154
PAT (Public Address Translation), 171
Spanning Tree Protocol, 104
trust, configuring voice and data VLANs with, 77
U
unicast addresses, IPv6 addresses, 45–48
global unicast addresses (GUAs), 45–46
IPv4 embedded addresses, 48
link-local unicast addresses, 46–47
loopback addresses, 47
unspecified addresses, 47
unicast communication, 1
unique local addresses, 45
unneeded services, disabling, 221
unspecified addresses, 45
IPv6 addresses, 47
USB cables, connecting, to routers or switches, 51–52
USB Type A to 5-pin mini type B cable, 55
USB-to-serial connector for laptops, 55
user EXEC mode, 134
user mode, routers, 126
username command, 217
UTP wiring standards, T568A versus T568 B, 57
V
V.35 DTE and DCE cables, 54
variable-length subnet masking (VLSM), 23
verifying
ACLs (access control lists), 200
autorecovery of error-disabled ports, 190
CDP (Cisco Discovery Protocol), 122
DAI (Dynamic ARP Inspection), 193
DHCP snooping, 192
EtherChannel, 116
information, VLANs, 78
IPv4 static routes, 144
IPv6 ACLs, 207
IPv6 static route, 147
LLDP (Link Layer Discovery Protocol) (802.1AB), 124
NAT (Network Address Translation) configurations, 170
NTP (Network Time Protocol), 178
OSPF (Open Shortest Path First), version 2, 153–154
PAT (Public Address Translation), 170
router configurations with show commands, 137–138
Spanning Tree Protocol (STP), 104
SSH (Secure Shell), 220
VTP (VLAN Trunking Protocol), 86
verifying commands, configuring switches, 68
virtual terminal access, restricting, 220–221
VLAN (Dynamic) interface, configuring, 230–234
VLAN configuration mode, creating static VLANs, 75–76
VLAN encapsulation type, setting, 84
VLAN Trunking Protocol (VTP), 76, 84–86
passwords, 85
pruning, 86
verifying, 86
VLANs (virtual LANs)
assigning ports to, 76
configuring
inter-VLAN communication on L3 switches, 88
voice and data with trust, 77
voice and data without trust, 78
inter-VLAN communication. See inter-VLAN communication
with external routers (router-on-a-stick), 87
on multilayer switches through SVI, 88
network topology, configuration examples, 80
range command, 76
saving configurations, 79
static VLANs, creating, 75
with VLAN configuration mode, 75–76
verifying information, 78
voice VLAN, configuring, 76
VLSM (variable-length subnet masking), 23
voice and data, configuring
with trust, VLANs, 77
without trust, 78
voice keyword, 189
voice VLAN, configuring, 76
VTP (VLAN Trunking Protocol), 76, 84–86
passwords, 85
pruning, 86
verifying, 86
W-X-Y-Z
well-known multicast addresses, IPv6 addresses, 49
wildcard masks
ACLs (access control lists), 198
OSPF (Open Shortest Path First), 150–152
Wireless LAN Controller. See WLC (Wireless LAN Controller)
WLANs (wireless LANs)
security, 226
WLC (Wireless LAN Controller)
configuring
VLAN (Dynamic) interface, 230–234
WPA2 PSK, configuring, WLANs, 246–250
write command, routers, 137
write erase command, 137
write memory command, 137
write network command, 137
write-memory command, 214
writing
network masks, IPv4 addresses, 3
subnetwork masks, IPv4 addresses, 3