Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E Cisco IOS Release 12.1 E Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface 21 Audience 21 Organization 21 Related Documentation Conventions CHAPTER 1 23 24 Product Overview 1 Configuring Embedded CiscoView Support 2 Understanding Embedded CiscoView 2 Installing and Configuring Embedded CiscoView 2 Displaying Embedded CiscoView Information 3 CHAPTER 2 Command-Line Interfaces 1 Accessing the CLI 1 Accessing the CLI through the EIA/TIA-232 Console Interface Accessing the CLI through Telnet 2 Performing Command Line Processing Performing History Subs
Contents Protecting Access to Privileged EXEC Commands 15 Setting or Changing a Static Enable Password 15 Using the enable password and enable secret Commands 15 Setting or Changing a Line Password 16 Setting TACACS+ Password Protection for Privileged EXEC Mode Encrypting Passwords 17 Configuring Multiple Privilege Levels 17 Recovering a Lost Enable Password 19 Modifying the Supervisor Engine Startup Configuration 20 Understanding the Supervisor Engine Boot Configuration Configuring the Software Configur
Contents Performing a Fast Software Upgrade Copying Files to an MSFC CHAPTER 6 Configuring Interfaces 9 10 1 Understanding Interface Configuration Using the Interface Command 1 2 Configuring a Range of Interfaces 4 Defining and Using Interface-Range Macros 6 Configuring Optional Interface Features 7 Configuring Ethernet Interface Speed and Duplex Mode Configuring Jumbo Frame Support 10 Configuring IEEE 802.
Contents Understanding the VTP Domain 2 Understanding VTP Modes 2 Understanding VTP Advertisements Understanding VTP Version 2 3 Understanding VTP Pruning 3 VTP Default Configuration 2 5 VTP Configuration Guidelines and Restrictions Configuring VTP 6 Configuring VTP Global Parameters Configuring the VTP Mode 8 Displaying VTP Statistics 10 CHAPTER Configuring VLANs 9 5 6 1 Understanding How VLANs Work 1 VLAN Overview 1 VLAN Ranges 2 Configurable VLAN Parameters 3 Understanding Token Ring VLANs 3 V
Contents CHAPTER 11 Configuring Cisco IP Phone Support 1 Understanding Cisco IP Phone Support 1 Cisco IP Phone Connections 1 Cisco IP Phone Voice Traffic 2 Cisco IP Phone Data Traffic 3 Cisco IP Phone Power Configurations 3 Default Cisco IP Phone Support Configuration 4 Cisco IP Phone Support Configuration Guidelines and Restrictions 4 Configuring Cisco IP Phone Support 5 Configuring Voice Traffic Support 5 Configuring Data Traffic Support 7 Configuring Inline Power Support 8 CHAPTER 12 Configur
Contents Preconfiguration Tasks 6 Configuring 802.1Q Tunnel Ports 6 Configuring the Switch to Tag Native VLAN Traffic Understanding How Layer 2 Protocol Tunneling Works Configuring Support for Layer 2 Protocol Tunneling CHAPTER 15 Configuring STP and IEEE 802.
Contents Configuring the Hello Time 32 Configuring the Forward-Delay Time for a VLAN 32 Configuring the Maximum Aging Time for a VLAN 33 Enabling Rapid-PVST 33 Configuring IEEE 802.
Contents CHAPTER 18 Configuring IP Multicast Layer 3 Switching 1 Understanding How IP Multicast Layer 3 Switching Works IP Multicast Layer 3 Switching Overview 2 Multicast Layer 3 Switching Cache 2 IP Multicast Layer 3 Switching Flow Mask 3 Layer 3-Switched Multicast Packet Rewrite 3 Partially and Completely Switched Flows 4 Non-RPF Traffic Processing 5 Default IP Multicast Layer 3 Switching Configuration 1 7 IP Multicast Layer 3 Switching Configuration Guidelines and Restrictions PFC2 with MSCF2 8
Contents IP MLS Operation 5 Default IP MLS Configuration 6 IP MLS Configuration Guidelines and Restrictions 6 Configuring IP MLS 6 Enabling IP MLS Globally 6 Disabling and Enabling IP MLS on a Layer 3 Interface Displaying the Interface IP MLS Configuration 7 Configuring the MLS Aging-Time 8 Setting the Minimum IP MLS Flow Mask 8 7 Displaying IP MLS Cache Entries 9 Displaying IP MLS Information 9 Displaying IP MLS Cache Entries for a Specific Destination Address Displaying Cache Entries for a Specif
Contents Troubleshooting IPX MLS CHAPTER 21 14 Configuring IGMP Snooping 1 Understanding How IGMP Snooping Works 1 IGMP Snooping Overview 2 Joining a Multicast Group 2 Leaving a Multicast Group 4 Understanding IGMP Snooping Querier 5 Understanding IGMP Version 3 Support 6 Default IGMP Snooping Configuration 6 IGMP Snooping and IGMP Snooping Querier Configuration Guidelines and Restrictions Guidelines 6 Restrictions 7 Enabling the IGMP Snooping Querier 7 Configuring IGMP Snooping 8 Enabling IGMP S
Contents Configuring CBAC on Catalyst 6500 Series Switches Configuring MAC Address-Based Traffic Blocking Configuring VLAN ACLs 8 Understanding VACLs 8 Configuring VACLs 11 Configuring VACL Logging Configuring TCP Intercept 7 8 17 18 Configuring Unicast Reverse Path Forwarding 19 Understanding Unicast RPF Support 19 Configuring Unicast RPF 19 Enabling Self-Pinging 19 Configuring the Unicast RPF Checking Mode 20 CHAPTER 24 Configuring Unicast Flood Protection 21 Configuring MAC Move Notification
Contents Initializing Authentication for the Client Connected to a Port 11 Changing the Quiet Period 11 Changing the Switch-to-Client Retransmission Time 12 Setting the Switch-to-Client Retransmission Time for EAP-Request Frames 13 Setting the Switch-to-Authentication-Server Retransmission Time for Layer 4 Packets Setting the Switch-to-Client Frame Retransmission Number 14 Enabling Multiple Hosts 14 Resetting the 802.1X Configuration to the Default Values 15 Displaying 802.
Contents CHAPTER 30 Configuring CDP 1 Understanding How CDP Works 1 Configuring CDP 1 Enabling CDP Globally 2 Displaying the CDP Global Configuration 2 Enabling CDP on a Port 2 Displaying the CDP Interface Configuration 3 Monitoring and Maintaining CDP 3 CHAPTER 31 Configuring PFC QoS 1 Understanding How PFC QoS Works 1 Hardware Supported by PFC QoS 2 QoS Terminology 3 PFC QoS Feature Flowcharts 6 PFC QoS Feature Summary 11 Ingress LAN Port Features 12 PFC Marking and Policing 16 LAN Egress Port
Contents Configuring DSCP Value Maps 66 Configuring PFC QoS Statistics Data Export CHAPTER 32 Configuring UDLD 70 1 Understanding How UDLD Works UDLD Overview 1 UDLD Aggressive Mode 2 Default UDLD Configuration 1 3 Configuring UDLD 3 Enabling UDLD Globally 3 Enabling UDLD on Individual LAN Interfaces 4 Disabling UDLD on Fiber-Optic LAN Interfaces 5 Configuring the UDLD Probe Message Interval 5 Resetting Disabled LAN Interfaces 6 CHAPTER 33 Configuring NDE 1 Understanding How NDE Works NDE Ove
Contents Local SPAN and RSPAN Guidelines and Restrictions VSPAN Guidelines and Restrictions 7 RSPAN Guidelines and Restrictions 7 6 Configuring Local SPAN and RSPAN 8 Local SPAN and RSPAN Configuration Overview 8 Configuring RSPAN VLANs 9 Configuring Local or RSPAN Sources 9 Monitoring Specific Source VLANs on a Source Trunk Port Configuring Local SPAN and RSPAN Destinations 10 Verifying the Configuration 12 Configuration Examples 13 CHAPTER 35 Configuring Web Cache Services Using WCCP Understanding W
Contents CHAPTER 36 Configuring SNMP IfIndex Persistence 1 Understanding SNMP IfIndex Persistence 1 Configuring SNMP IfIndex Persistence 1 Enabling and Disabling SNMP IfIndex Persistence Globally 2 Enabling and Disabling SNMP IfIndex Persistence on Specific Interfaces Configuration Examples CHAPTER 37 2 3 Configuring the Switch Fabric Module 1 Understanding How the Switch Fabric Module Works 1 Switch Fabric Module Overview 1 Switch Fabric Module Slots 2 Switch Fabric Redundancy 2 Forwarding De
Contents APPENDIX A Acronyms 1 INDEX Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
Contents Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
Preface This preface describes who should read the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, how it is organized, and its document conventions. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6500 series switches. Organization This guide is organized as follows: Chapter Title Description Chapter 1 Product Overview Presents an overview of the Catalyst 6500 series switches.
Preface Organization Chapter Title Description Chapter 11 Configuring Cisco IP Phone Support Describes how to configure Cisco IP Phone support. Chapter 12 Configuring Layer 3 Interfaces Describes how to configure LAN interfaces to support Layer 3 features. Chapter 13 Configuring EtherChannels Describes how to configure Layer 2 and Layer 3 EtherChannel port bundles. Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Describes how to configure IEEE 802.
Preface Related Documentation Chapter Title Description Chapter 33 Configuring NDE Describes how to configure Neflow Data Export (NDE). Chapter 34 Configuring Local SPAN and RSPAN Describes how to configure the Switch Port Analyzer (SPAN). Chapter 35 Configuring Web Cache Services Using WCCP Describes how to configure web cache services using WCCP. Chapter 36 Configuring SNMP IfIndex Persistence Describes how to configure SNMP ifIndex persistence.
Preface Conventions – Software System Error Messages – Debug Command Reference – Internetwork Design Guide – Internetwork Troubleshooting Guide – Configuration Builder Getting Started Guide The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm • For information about MIBs, go to this URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.
Preface Conventions Cautions use the following conventions: Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.
Preface Conventions Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 1 Product Overview The Cisco IOS on the Catalyst 6500 Series Switches product supports the following hardware and software: • Supervisor Engine 2, Policy Feature Card 2 (PFC2), and Multilayer Switch Feature Card 2 (MSFC2); and in Catalyst 6500 series switches: – Switch Fabric Module – Fabric-enabled switching modules – Fabric-enabled switching modules with a distributed forwarding card (DFC) • Supervisor Engine 1, PFC, and MSFC or MSFC2 • All Layer 2 and Layer 3 configuration from the s
Chapter 1 Product Overview Configuring Embedded CiscoView Support Configuring Embedded CiscoView Support These sections describe the Embedded CiscoView support available with Release 12.
Chapter 1 Product Overview Configuring Embedded CiscoView Support For more information about web access to the switch, refer to “Using the Cisco Web Browser” in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt1/fcd105.
Chapter 1 Product Overview Configuring Embedded CiscoView Support Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 2 Command-Line Interfaces This chapter describes the command-line interfaces (CLIs) you use to configure the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.
Chapter 2 Command-Line Interfaces Accessing the CLI To make a console connection, perform this task: Command Purpose Step 1 Press Return. Brings up the prompt. Step 2 Router> enable Initiates enable mode enable. Step 3 Password: password Router# Completes enable mode enable. Step 4 Router# quit Exits the session when finished.
Chapter 2 Command-Line Interfaces Performing Command Line Processing This example shows how to open a Telnet session to the switch: unix_host% telnet Router_1 Trying 172.20.52.40... Connected to 172.20.52.40. Escape character is '^]'. User Access Verification Password: Router_1> enable Password: Router_1# Performing Command Line Processing Commands are not case sensitive.
Chapter 2 Command-Line Interfaces Cisco IOS Command Modes Table 2-2 History Substitution Commands Command Ctrl-P or the up arrow key. Purpose 1 Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. Ctrl-N or the down arrow key.1 Returns to more recent commands in the history buffer after recalling commands with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively more recent commands.
Chapter 2 Command-Line Interfaces Displaying a List of Cisco IOS Commands and Syntax Table 2-3 Frequently Used Cisco IOS Command Modes Mode Description of Use How to Access User EXEC Connect to remote devices, change Log in. terminal settings on a temporary basis, perform basic tests, and display system information. Prompt Router> Privileged EXEC (enable) Set operating parameters. The privileged command set includes the commands in user EXEC mode, as well as the configure command.
Chapter 2 Command-Line Interfaces ROM-Monitor Command-Line Interface For example: Router# configure ? memory network overwrite-network terminal Configure Configure Overwrite Configure from NV memory from a TFTP network host NV memory from TFTP network host from the terminal To redisplay a command you previously entered, press the up arrow key or Ctrl-P. You can continue to press the up arrow key to see the last 20 commands you entered.
C H A P T E R 3 Configuring the Switch for the First Time This chapter contains information about how to initially configure the Catalyst 6500 series switch, which supplements the administration information and procedures in these publications: • Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/index.htm • Cisco IOS Configuration Fundamentals Configuration Command Reference, Release 12.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Table 3-1 Default Configuration Feature Default Value Administrative connection Normal mode Global information No value for the following: • System name • System contact • Location System clock No value for system clock time Passwords No passwords configured for normal mode or enable mode (press the Return key) Prompt Router> Configuring the Switch These sections describe how to configure the switch: Note • U
Chapter 3 Configuring the Switch for the First Time Configuring the Switch When you enter the setup command, current system configuration defaults are displayed in square brackets [ ] as you move through the setup command process and are queried by the system to make changes.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 28-Mar-01 18:36 by hqluong Image text-base: 0x30020980, data-base: 0x306B8000 Start as Primary processor 00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging out put. 00:00:03: Currently running ROMMON from S (Gold) region 00:00:05: %OIR-6-CONSOLE: Changing console ownership to route processor System Bootstrap, Version 12.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch --- System Configuration Dialog --Continue with configuration dialog? [yes/no]: y At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch GigabitEthernet1/1 172.20.52.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Note Step 6 An enable secret password can contain from 1 to 25 uppercase and lowercase alphanumeric characters; an enable password can contain any number of uppercase and lowercase alphanumeric characters. In both cases, a number cannot be the first character. Spaces are also valid password characters; for example, “two words” is a valid password. Leading spaces are ignored; trailing spaces are recognized.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch shutdown no ip address ! interface GigabitEthernet1/2 shutdown no ip address ! . <...output truncated...> .! end [0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch When you reach and respond to the configuration dialog for the last installed interface, your interface configuration is complete. Step 3 Check and verify the entire list of configuration parameters, which should display on your console terminal and end with the following query: Use this configuration? [yes/no]: A no response places you back at the enable prompt (#).
Chapter 3 Configuring the Switch for the First Time Configuring the Switch For detailed interface configuration information, refer to the Cisco IOS Interface Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inter_c/index.htm Using Configuration Mode If you prefer not to use the setup facility, you can configure the switch from configuration mode as follows: Step 1 Connect a console terminal to the console interface of your supervisor engine.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Current configuration: Current configuration : 3441 bytes ! version 12.1 service timestamps debug datetime localtime service timestamps log datetime localtime no service password-encryption ! hostname Router ! boot buffersize 522200 boot system flash slot0:c6sup22-jsv-mz.121-5c.EX.bin boot bootldr bootflash:c6msfc2-boot-mz.121-3a.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Configuring a Default Gateway Note The switch uses the default gateway only when it is not configured with a routing protocol. To send data to another subnet when the switch is not configured with a routing protocol, configure a default gateway. The default gateway must be the IP address of an interface on a router in the same subnet.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch This example shows how to use the show running-config command to confirm the configuration of the previously configured static route: Router# show running-config Building configuration... . <...output truncated...> . ip default-gateway 172.20.52.35 ip classless ip route 171.10.5.10 255.255.255.255 172.20.3.
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Configuring a BOOTP Server The Bootstrap Protocol (BOOTP) automatically assigns an IP address by adding the MAC and IP addresses of the interface to the BOOTP server configuration file. When the switch boots, it automatically retrieves the IP address from the BOOTP server. The switch performs a BOOTP request only if the current IP address is set to 0.0.0.0.
Chapter 3 Configuring the Switch for the First Time Protecting Access to Privileged EXEC Commands Protecting Access to Privileged EXEC Commands The following tasks provide a way to control access to the system configuration file and privileged EXEC commands: • Setting or Changing a Static Enable Password, page 3-15 • Using the enable password and enable secret Commands, page 3-15 • Setting or Changing a Line Password, page 3-16 • Setting TACACS+ Password Protection for Privileged EXEC Mode, page 3-
Chapter 3 Configuring the Switch for the First Time Protecting Access to Privileged EXEC Commands Use either of these commands with the level option to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level. Use the privilege level configuration command to specify commands accessible at various levels. If you enable the service password-encryption command, the password you enter is encrypted.
Chapter 3 Configuring the Switch for the First Time Protecting Access to Privileged EXEC Commands When you set TACACS password protection at the privileged EXEC mode, the enable EXEC command prompts for both a new username and a password. This information is then sent to the TACACS+ server for authentication. If you are using the extended TACACS+, it also sends any existing UNIX user identification code to the TACACS+ server.
Chapter 3 Configuring the Switch for the First Time Protecting Access to Privileged EXEC Commands For example, if you want many users to have access to the clear line command, you can assign it level 2 security and distribute the level 2 password widely. If you want more restricted access to the configure command, you can assign it level 3 security and distribute that password to more restricted users.
Chapter 3 Configuring the Switch for the First Time Recovering a Lost Enable Password Exiting a Privilege Level To exit to a specified privilege level, perform this task: Command Purpose Router# disable level Exits to a specified privilege level.
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Modifying the Supervisor Engine Startup Configuration These sections describe how the startup configuration on the supervisor engine works and how to modify the configuration register and BOOT variable: • Understanding the Supervisor Engine Boot Configuration, page 3-20 • Configuring the Software Configuration Register, page 3-21 • Specifying the Startup System Image, page 3-24 • Understanding
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration The ROM monitor has these features: • Power-on confidence test • Hardware initialization • Boot capability (manual boot and autoboot) • Debug utility and crash analysis • Monitor call interface (EMT calls—the ROM monitor provides information and some functionality to the running software images through EMT calls) • File system (the ROM monitor knows the simple file system and supports the n
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Table 3-2 Software Configuration Register Bit Meaning (continued) Bit Number1 Hexadecimal Meaning 11 to 12 0x0800 to 0x1000 Console line speed (default is 9600 baud) 13 0x2000 Boot default Flash software if network boot fails 14 0x4000 IP broadcasts do not have network numbers 15 0x8000 Enable diagnostic messages and ignore NVRAM contents 1.
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Modifying the Boot Field You modify the boot field from the software configuration register. To modify the software configuration register boot field, perform this task: Command Purpose Step 1 Router# show version Determines the current configuration register setting. Step 2 Router# configure terminal Enters configuration mode, selecting the terminal option.
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Verifying the Configuration Register Setting Enter the show version EXEC command to verify the current configuration register setting. In ROM-monitor mode, enter the o command to verify the value of the configuration register boot field.
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Flash Memory Features The Flash memory components allow you to do the following: • Copy the system image to Flash memory using TFTP. • Copy the system image to Flash memory using rcp. • Boot the system from Flash memory either automatically or manually. • Copy the Flash memory image to a network server using TFTP or rcp.
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration CONFIG_FILE Environment Variable For Class A Flash file systems, the CONFIG_FILE environment variable specifies the file system and filename of the configuration file to use for initialization (startup). Valid file systems can include nvram:, slot0:, and sup-bootflash:.
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Setting the BOOTLDR Environment Variable To set the BOOTLDR environment variable, perform this task: Command Purpose Step 1 Router# dir bootflash: Verifies that bootflash contains the boot loader image. Step 2 Router# configure terminal Enters the configuration mode from the terminal.
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 4 Configuring EHSA Supervisor Engine Redundancy With 12.1 E releases earlier than Release 12.1(13)E, the Catalyst 6500 series switch supports dual supervisor engines with EHSA. Note EHSA is not supported in Release 12.1(13)E and later releases (see Chapter 5, “Configuring RPR and RPR+ Supervisor Engine Redundancy,” for information about RPR or RPR+ redundancy in Release 12.1(13)E and later releases.
Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation EHSA standby mode provides the following features: Note • Auto-startup and bootvar synchronization between active and redundant supervisor engines • Hardware signals that detect and decide the active or redundant status of supervisor engines • Clock synchronization every 60 seconds from the active to the redundant supervisor engine • A redundant supervisor engine that is booted but not all subsystems ar
Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation Note • Note If the redundant supervisor engine is running Catalyst operating system software, remove the active supervisor engine and boot the switch with only the redundant supervisor engine installed. Follow the procedures in the release notes to convert the redundant supervisor engine from Catalyst operating system software.
Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation Router(config-r-mc)# end Router# copy running-config startup-config Note To manually synchronize only individual elements of the standard auto-sync configuration, disable the default automatic synchronization feature.
Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation Use the following command to copy a file to the bootflash: device on a redundant supervisor engine: Router# copy source_device:source_filename slavesup-bootflash:target_filename Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release
Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Release 12.1(13)E and later releases support supervisor engine redundancy with Route Processor Redundancy (RPR) and Route Processor Redundancy Plus (RPR+). This chapter describes how to configure supervisor engine redundancy with RPR and RPR+. Note Enhanced high system availability (EHSA) is not supported in Release 12.1(13)E and later releases.
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Understanding Supervisor Engine Redundancy RPR Operation RPR supports the following features: Note • Auto-startup and bootvar synchronization between active and redundant supervisor engines • Hardware signals that detect and decide the active or redundant status of supervisor engines • Clock synchronization every 60 seconds from the active to the redundant supervisor engine • A redundant supervisor engine that is booted but not all
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Understanding Supervisor Engine Redundancy RPR+ enhances RPR by providing the following additional benefits: • Reduced switchover time Depending on the configuration, the switchover time is in the range of 30 to 60 seconds.
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Supervisor Engine Redundancy Guidelines and Restrictions Supervisor Engine Redundancy Guidelines and Restrictions These sections describe supervisor engine redundancy configuration guidelines and restrictions: • RPR+ Guidelines and Restrictions, page 5-4 • Hardware Configuration Guidelines and Restrictions, page 5-5 • Configuration Mode Restrictions, page 5-6 RPR+ Guidelines and Restrictions The following guidelines and restrictions ap
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Supervisor Engine Redundancy Guidelines and Restrictions Guidelines • The two Gigabit Ethernet interfaces on the redundant supervisor engine are always active. • RPR+ switchover takes place after the failed supervisor engine completes a core dump. A core dump can take up to 15 minutes. To get faster switchover time, disable core dump on the supervisor engines.
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Configuring Supervisor Engine Redundancy Configuration Mode Restrictions The following configuration restrictions apply during the startup synchronization process: • You cannot perform configuration changes during the startup (bulk) synchronization.
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Configuring Supervisor Engine Redundancy client count = 11 client_notification_TMR keep_alive TMR keep_alive count keep_alive threshold RF debug mask = = = = = 30000 milliseconds 4000 milliseconds 0 7 0x0 Router# Synchronizing the Supervisor Engine Configurations During normal operation, the startup-config and config-registers configuration are synchronized by default between the two supervisor engines.
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Configuring Supervisor Engine Redundancy Router(config-r-mc)# no auto-sync standard Router(config-r-mc)# auto-sync config-register Router(config-r-mc)# end Router# copy running-config startup-config Displaying the Redundancy States To display the redundancy states, perform this task: Command Purpose Router# show redundancy states Displays the redundancy states.
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Performing a Fast Software Upgrade Performing a Fast Software Upgrade The fast software upgrade (FSU) procedure supported by RPR allows you to upgrade the Cisco IOS image on the supervisor engines without reloading the system. Note If you are performing a first-time upgrade to RPR from EHSA, you must reload both supervisor engines. FSU from EHSA is not supported.
Chapter 5 Configuring RPR and RPR+ Supervisor Engine Redundancy Copying Files to an MSFC This example shows how to perform an FSU: Router# config terminal Router(config)# config-register 0x2 Router(config)# boot system flash slot0: c6sup22-jsv-mz.121-11.
C H A P T E R 6 Configuring Interfaces This chapter describes how to configure interfaces on the Catalyst 6500 series switches.
Chapter 6 Configuring Interfaces Using the Interface Command • Port number—The physical port number on the module. On the Catalyst 6500 series switch, the port numbers always begin with 1. When facing the rear of the switch, ports are numbered from the left to the right. You can identify ports from the physical location. You also can use show commands to display information about a specific port, or all the ports. Note With Release 12.
Chapter 6 Configuring Interfaces Using the Interface Command 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router# Step 4 Enter the show hardware EXEC command to see a list of the system software and hardware: Router# show hardware Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(5c)EX, EARLY DEPLOY) Synced to mainline version: 12.
Chapter 6 Configuring Interfaces Configuring a Range of Interfaces Configuring a Range of Interfaces The interface-range configuration mode allows you to configure multiple interfaces with the same configuration parameters. After you enter the interface-range configuration mode, all command parameters you enter are attributed to all interfaces within that range until you exit out of the interface-range configuration mode.
Chapter 6 Configuring Interfaces Configuring a Range of Interfaces Note • With releases earlier than Release 12.1(26)E, for VLAN interfaces, the interface range command supports only those VLAN interfaces for which Layer 2 VLANs have been created with the interface vlan command (the show running-configuration command displays the configured VLAN interfaces). The interface range command does not support VLAN interfaces that are not displayed by the show running-configuration command. • With Release 12.
Chapter 6 Configuring Interfaces Defining and Using Interface-Range Macros If you enter multiple configuration commands while you are in interface-range configuration mode, each command is executed as it is entered (they are not batched together and executed after you exit interface-range configuration mode). If you exit interface-range configuration mode while the commands are being executed, some commands may not be executed on all interfaces in the range.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features Configuring Optional Interface Features These sections describe optional interface features: • Configuring Ethernet Interface Speed and Duplex Mode, page 6-7 • Configuring Jumbo Frame Support, page 6-10 • Configuring IEEE 802.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features Setting the Ethernet Interface Speed Note If you set the Ethernet port speed to auto on a 10/100-Mbps or 10/100/1000-Mbps Ethernet port, both speed and duplex are autonegotiated. To set the port speed for a 10/100 or a 10/100/1000-Mbps Ethernet port, perform this task: Command Purpose Step 1 Router(config)# interface fastethernet slot/port Selects the Ethernet port to be configured.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features The ports on both ends of a link must have the same setting. The link will not come up if the ports at each end of the link are set inconsistently (link negotiation enabled on one port and disabled on the other port). Table 6-1 shows the four possible link negotiation configurations and the resulting link status for each configuration.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1238 packets input, 273598 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 1380 packets ou
Chapter 6 Configuring Interfaces Configuring Optional Interface Features Jumbo Frame Support Overview A jumbo frame is a frame larger than the default Ethernet frame size. You enable jumbo frame support by configuring a larger-than-default maximum transmission unit (MTU) size on a port or VLAN interface and, with Release 12.1(13)E and later releases, configuring the global LAN port MTU size. Note • Jumbo frame support fragments routed traffic in software on the MSFC.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features Bridged and Routed Traffic Size Check at Egress Gigabit Ethernet and 10 Gigabit Ethernet Ports Jumbo frame support compares egress traffic size with the global egress LAN port MTU size at egress Gigabit Ethernet and 10 Gigabit Ethernet LAN ports that have a nondefault MTU size configured. The port drops traffic that is oversized. With Release 12.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features Release 12.1(13)E and later releases support nondefault MTU sizes between 1,500 and 9,216 bytes for Layer 2 Ethernet ports, configured per-port with the mtu command and globally with the system jumbomtu command. With earlier releases, 9216 bytes is the only supported nondefault MTU size for Layer 2 Ethernet ports, configured per-port with the mtu command.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features This example shows how to configure the MTU size on Gigabit Ethernet port 1/2: Router# configure terminal Router(config)# interface gigabitethernet 1/2 Router(config-if)# mtu 9216 Router(config-if)# end This example shows how to verify the configuration: Router# show interface gigabitethernet 1/2 GigabitEthernet1/2 is administratively down, line protocol is down Hardware is C6k 1000Mb 802.3, address is 0030.9629.9f88 (bia 0030.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features When configuring flow control, note the following syntax information: • 10-Gigabit Ethernet ports are permanently configured to respond to pause frames. • When the configuration of the remote ports is unknown, use the receive desired keywords to configure a Gigabit Ethernet port to respond to received pause frames. • Use the receive on keywords to configure a Gigabit Ethernet port to respond to received pause frames.
Chapter 6 Configuring Interfaces Configuring Optional Interface Features Table 6-2 Port Debounce Timer Delay Time (continued) Port Type Debounce Timer Disabled Fiber Gigabit ports 10 milliseconds 10-Gigabit ports Note Debounce Timer Enabled 100 through 5000 milliseconds With Release 12.1(13)E and later releases, you can configure the port debounce timer on 10 Gigabit Ethernet ports, but it has no effect. With Release 12.
Chapter 6 Configuring Interfaces Understanding Online Insertion and Removal This example shows how to add a description on Fast Ethernet port 5/5: Router(config)# interface fastethernet 5/5 Router(config-if)# description Channel-group to "Marketing" Understanding Online Insertion and Removal The online insertion and removal (OIR) feature supported on the Catalyst 6500 series switches allows you to remove and replace modules while the system is online.
Chapter 6 Configuring Interfaces Monitoring and Maintaining Interfaces To display information about the interface, perform these tasks: Command Purpose Router# show ibc Displays current internal status information. Router# show eobc Displays current internal out-of-band information. Router# show interfaces [type slot/port] Displays the status and configuration of all or a specific interface. Router# show running-config Displays the currently running configuration.
Chapter 6 Configuring Interfaces Monitoring and Maintaining Interfaces Resetting an Interface To reset an interface, perform this task: Command Purpose Router# clear interface type 1 Resets an interface. slot/port 1.
Chapter 6 Configuring Interfaces Monitoring and Maintaining Interfaces Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 7 Configuring LAN Ports for Layer 2 Switching This chapter describes how to use the command-line interface (CLI) to configure Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet LAN ports for Layer 2 switching on the Catalyst 6500 series switches. The configuration tasks in this chapter apply to LAN ports on LAN switching modules and to the LAN ports on the supervisor engine.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Understanding How Layer 2 Switching Works Layer 2 Ethernet Switching Overview Catalyst 6500 series switches support simultaneous, parallel connections between Layer 2 Ethernet segments. Switched connections between Ethernet segments last only for the duration of the packet. New connections can be made between different segments for the next packet.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Understanding How Layer 2 Switching Works Trunking Overview Note For information about VLANs, see Chapter 9, “Configuring VLANs.” A trunk is a point-to-point link between the switch and another networking device. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Understanding How Layer 2 Switching Works Encapsulation Types Table 7-1 lists the Ethernet trunk encapsulation types. Table 7-1 Ethernet Trunk Encapsulation Types Encapsulation Function switchport trunk encapsulation isl Specifies ISL encapsulation on the trunk link. Note 10-Gigabit Ethernet ports do not support ISL encapsulation. switchport trunk encapsulation dot1q Specifies 802.1Q encapsulation on the trunk link.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Default Layer 2 LAN Interface Configuration Note DTP is a point-to-point protocol. However, some internetworking devices might forward DTP frames improperly. To avoid this problem, ensure that LAN ports connected to devices that do not support DTP are configured with the access keyword if you do not intend to trunk across those links.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Layer 2 LAN Interface Configuration Guidelines and Restrictions Layer 2 LAN Interface Configuration Guidelines and Restrictions When configuring Layer 2 LAN ports, follow these guidelines and restrictions: Restrictions • 10-Gigabit Ethernet ports do not support ISL encapsulation. • Non-Cisco 802.1Q switches maintain only a single instance of spanning tree (the Mono Spanning Tree, or MST) that defines the spanning tree topology for all VLANs.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching These sections describe how to configure Layer 2 switching on the Catalyst 6500 series switches: Note • Configuring a LAN Port for Layer 2 Switching, page 7-7 • Configuring a Layer 2 Switching Port as a Trunk, page 7-8 • Configuring a LAN Interface as a Layer 2 Access Port, page 7-14 • Use the default interface {ethernet | fastethernet | gigabitet
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Configuring a Layer 2 Switching Port as a Trunk These sections describe configuring a Layer 2 switching port as a trunk: • Preparing a Layer 2 Switching Port for Configuration as a Trunk, page 7-8 • Configuring the Layer 2 Switching Port as an ISL or 802.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching To configure the Layer 2 switching port as an ISL or 802.1Q trunk, perform this task: Command Purpose Router(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate} (Optional) Configures the encapsulation, which configures the Layer 2 switching port as either an ISL or 802.1Q trunk.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching To configure the Layer 2 trunk not to use DTP, perform this task: Step 1 Step 2 Command Purpose Router(config-if)# switchport mode trunk (Optional) Configures the port to trunk unconditionally. Router(config-if)# no switchport mode Reverts to the default trunk trunking mode (switchport mode dynamic desirable).
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Note Complete the steps in the “Completing Trunk Configuration” section on page 7-13 after performing the tasks in this section. Configuring the 802.1Q Native VLAN Note Complete the steps in the “Preparing a Layer 2 Switching Port for Configuration as a Trunk” section on page 7-8 before performing the tasks in this section. To configure the 802.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching When configuring the list of VLANs allowed on a trunk, note the following syntax information: Note • The vlan parameter is either a single VLAN ID or a range of VLAN IDs described by two VLAN IDs, the lesser one first, separated by a dash. Do not enter any spaces between comma-separated vlan parameters or in dash-specified ranges. • With Release 12.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Note Complete the steps in the “Completing Trunk Configuration” section on page 7-13 after performing the tasks in this section. Completing Trunk Configuration To complete Layer 2 trunk configuration, perform this task: Command Purpose Step 1 Router(config-if)# no shutdown Activates the interface. (Required only if you shut down the interface.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Router# show interfaces fastethernet 5/8 switchport Name: Fa5/8 Switchport: Enabled Administrative Mode: dynamic desirable Operational Mode: trunk Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: dot1q Negotiation of Trunking: Enabled Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALL Pruning VLANs Enabled: ALL Router# sho
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Step 6 Command Purpose Router(config-if)# switchport access vlan vlan_ID Places the LAN port in a VLAN. • With Release 12.1(13)E and later releases, the vlan_ID value can be 1 to 4094, except for reserved VLANs (see Table 9-1 on page 9-2). • With 12.1 E releases earlier than Release 12.1(13)E, the vlan_ID value can be 1 to 1005.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Configuring a Custom IEEE 802.1Q EtherType Field Value With Release 12.1(20)E and later releases, you can configure a custom EtherType field value on a port to support network devices that do not use the standard 0x8100 EtherType field value on 802.1Q-tagged or 802.1p-tagged frames.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching • You cannot configure a custom EtherType field value on the ports in an EtherChannel. • You cannot form an EtherChannel from ports that are configured with custom EtherType field values.
Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 8 Configuring VTP This chapter describes how to configure the VLAN Trunking Protocol (VTP) on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 8 Configuring VTP Understanding How VTP Works Understanding the VTP Domain A VTP domain (also called a VLAN management domain) is made up of one or more interconnected network devices that share the same VTP domain name. A network device can be configured to be in one and only one VTP domain. You make global VLAN configuration changes for the domain using either the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
Chapter 8 Configuring VTP Understanding How VTP Works The following global configuration information is distributed in VTP advertisements: • VLAN IDs (ISL and 802.1Q) • Emulated LAN names (for ATM LANE) • 802.
Chapter 8 Configuring VTP Understanding How VTP Works Figure 8-1 shows a switched network without VTP pruning enabled. Interface 1 on network Switch 1 and port 2 on Switch 4 are assigned to the Red VLAN. A broadcast is sent from the host connected to Switch 1. Switch 1 floods the broadcast, and every network device in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN.
Chapter 8 Configuring VTP VTP Default Configuration Enabling VTP pruning on a VTP server enables pruning for the entire management domain. VTP pruning takes effect several seconds after you enable it. By default, VLANs 2 through 1000 are pruning eligible. VTP pruning does not prune traffic from pruning-ineligible VLANs. VLAN 1 is always pruning ineligible; traffic from VLAN 1 cannot be pruned.
Chapter 8 Configuring VTP Configuring VTP • When you enable or disable VTP pruning on a VTP server, VTP pruning for the entire management domain is enabled or disabled. • The pruning-eligibility configuration applies globally to all trunks on the switch. You cannot configure pruning-eligibility separately for each trunk.
Chapter 8 Configuring VTP Configuring VTP This example shows one way to configure a VTP password with Release 12.1(13)E and later releases: Router# configure terminal Router(config)# vtp password WATER Setting device VLAN database password to WATER. Router# This example shows how to configure a VTP password with any release: Router# vtp password WATER Setting device VLAN database password to WATER. Router# Note The password is not stored in the running-config file.
Chapter 8 Configuring VTP Configuring VTP Note In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to function properly on devices that support Token Ring interfaces. To enable VTP version 2, perform this task: Step 1 Step 2 Command Purpose Router(config)# vtp version {1 | 2} Enables VTP version 2. Router(config)# no vtp version Reverts to the default (VTP version 1). Router# show vtp status Verifies the configuration.
Chapter 8 Configuring VTP Configuring VTP Note When VTP is disabled, you can enter VLAN configuration commands in configuration mode instead of the VLAN database mode and the VLAN configuration is stored in the startup configuration file. This example shows how to configure the switch as a VTP server: Router# configure terminal Router(config)# vtp mode server Setting device to VTP SERVER mode.
Chapter 8 Configuring VTP Configuring VTP This example shows how to verify the configuration: Router# show vtp status VTP Version : 2 Configuration Revision : 247 Maximum VLANs supported locally : 1005 Number of existing VLANs : 33 VTP Operating Mode : Transparent VTP Domain Name : Lab_Network VTP Pruning Mode : Enabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0.0.
C H A P T E R 9 Configuring VLANs This chapter describes how to configure VLANs on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 9 Configuring VLANs Understanding How VLANs Work VLAN Ranges Note You must enable the extended system ID to use 4096 VLANs (see the “Understanding the Bridge ID” section on page 15-3). With Release 12.1(13)E and later releases, Catalyst 6500 series switches support 4096 VLANs in accordance with the IEEE 802.1Q standard. These VLANs are organized into several ranges; you use each range slightly differently.
Chapter 9 Configuring VLANs Understanding How VLANs Work Configurable VLAN Parameters Note • Ethernet VLAN 1 uses only default values. • Except for the VLAN name, Ethernet VLANs 1006 through 4094 use only default values. • With Release 12.1(13)E and later releases, you can configure the VLAN name for Ethernet VLANs 1006 through 4094.
Chapter 9 Configuring VLANs Understanding How VLANs Work Figure 9-1 Interconnected Token Ring TrBRF and TrCRF VLANs SRB or SRT BRF CRF Token Ring 001 Token Ring 001 SRS Token Ring 011 SRS Token Ring 002 Token Ring 002 Token Ring 002 S6624 SRS For source routing, the Catalyst 6500 series switch appears as a single bridge between the logical rings. The TrBRF can function as a source-route bridge (SRB) or a source-route transparent (SRT) bridge running either the IBM or IEEE STP.
Chapter 9 Configuring VLANs Understanding How VLANs Work Figure 9-2 Undistributed TrCRFs Switch A Switch B ISL TrCRF 350 TrCRF 200 S6813 TrBRF 3 TrCRF 400 By default, Token Ring ports are associated with the default TrCRF (VLAN 1003, trcrf-default), which has the default TrBRF (VLAN 1005, trbrf-default) as its parent.
Chapter 9 Configuring VLANs VLAN Default Configuration Figure 9-4 Backup TrCRF Switch A Switch B ISL TrBRF 1 TrCRF 601 TrCRF 600 S6811 Backup TrCRF 612 VLAN Default Configuration Tables 9-2 through 9-6 show the default configurations for the different VLAN media types. Table 9-2 Ethernet VLAN Defaults and Ranges Parameter Default Range VLAN ID 1 1–4094 VLAN name “default” for VLAN 1 “VLANvlan_ID” for other Ethernet VLANs — 802.
Chapter 9 Configuring VLANs VLAN Default Configuration Table 9-3 FDDI VLAN Defaults and Ranges (continued) Parameter Default Range Translational bridge 2 0 0–1005 VLAN state active active, suspend Table 9-4 Token Ring (TrCRF) VLAN Defaults and Ranges Parameter Default Range VLAN ID 1003 1–1005 VLAN name “token-ring-default” — 802.
Chapter 9 Configuring VLANs VLAN Configuration Guidelines and Restrictions Table 9-6 Token Ring (TrBRF) VLAN Defaults and Ranges (continued) Parameter Default Range MTU size VTPv1 1500; VTPv2 4472 1500–18190 Bridge number 1 0–15 STP type ibm auto, ibm, ieee VLAN state active active, suspend VLAN Configuration Guidelines and Restrictions Follow these guidelines and restrictions when creating and modifying VLANs in your network: Restrictions • Supervisor engine redundancy does not suppor
Chapter 9 Configuring VLANs Configuring VLANs • When a Catalyst 6500 series switch is configured as a VTP server, you can configure FDDI and Token Ring VLANs from the switch. • You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN you specify must exist).
Chapter 9 Configuring VLANs Configuring VLANs • You can configure extended-range VLANs only in global configuration mode. You cannot configure extended-range VLANs in VLAN database mode. VLAN Configuration in VLAN Database Mode Note You cannot configure extended-range VLANs in VLAN database mode. You can configure extended-range VLANs only in global configuration mode. RPR+ redundancy does not support configuration entered in VLAN database mode. Use global configuration mode with RPR+ redundancy.
Chapter 9 Configuring VLANs Configuring VLANs When you create or modify an Ethernet VLAN, note the following syntax information: • Releases 12.1(11b)E and later support VLAN configuration in global configuration mode. • Releases 12.1(13)E and later support extended-range VLANs. • RPR+ redundancy does not support a configuration entered in VLAN database mode. Use global configuration mode with RPR+ redundancy.
Chapter 9 Configuring VLANs Configuring VLANs Assigning a Layer 2 LAN Interface to a VLAN A VLAN created in a management domain remains unused until you assign one or more LAN ports to the VLAN. Note Make sure you assign LAN ports to a VLAN of the appropriate type. Assign Ethernet ports to Ethernet-type VLANs. To assign one or more LAN ports to a VLAN, complete the procedures in the “Configuring LAN Interfaces for Layer 2 Switching” section on page 7-7.
Chapter 9 Configuring VLANs Configuring VLANs 802.1Q VLANs in the range 1 through 1001 and 1006 through 4094 are automatically mapped to the corresponding ISL VLAN. 802.1Q VLAN numbers corresponding to reserved VLAN numbers must be mapped to an ISL VLAN in order to be recognized and forwarded by Cisco network devices. These restrictions apply when mapping 802.1Q VLANs to ISL VLANs: • You can configure up to eight 802.1Q-to-ISL VLAN mappings on the Catalyst 6500 series switch. • You can only map 802.
Chapter 9 Configuring VLANs Configuring VLANs Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 10 Configuring Private VLANs This chapter describes how to configure private VLANs on the Catalyst 6500 series switches. Release 12.1 E supports private VLANs with Release 12.1(11b)E and later. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 10 Configuring Private VLANs Private VLAN Configuration Restrictions and Guidelines Private VLAN ports are associated with a set of supporting VLANs that are used to create the private VLAN structure. A private VLAN uses VLANs three ways: Note • Primary VLAN—Carries traffic from promiscuous ports to isolated, community, and other promiscuous ports. • Isolated VLAN—Carries traffic from isolated ports to promiscuous ports.
Chapter 10 Configuring Private VLANs Private VLAN Configuration Restrictions and Guidelines • Do not configure private VLAN ports as EtherChannels. While a port is part of the private VLAN configuration, any EtherChannel configuration for it is inactive. • Destination SPAN configuration supersedes private VLAN configuration. While a port is a destination SPAN port, any private VLAN configuration for it is inactive.
Chapter 10 Configuring Private VLANs Private VLAN Configuration Restrictions and Guidelines • VTP does not support private VLANs. You must configure private VLANs on each device where you want private VLAN ports. • To maintain the security of your private VLAN configuration and avoid other use of the VLANs configured as private VLANs, configure private VLANs on all intermediate devices, including devices that have no private VLAN ports.
Chapter 10 Configuring Private VLANs Configuring Private VLANs • Because the private VLAN port sticky ARP entries do not age out, you must manually remove private VLAN port ARP entries if a MAC address changes. You can add or remove private VLAN ARP entries manually as follows: Router(config)# no arp 11.1.3.30 IP ARP:Deleting Sticky ARP entry 11.1.3.30 Router(config)# arp 11.1.3.30 0000.5403.2356 arpa IP ARP:Overwriting Sticky ARP entry 11.1.3.30, hw:00d0.bb09.266e by hw:0000.5403.
Chapter 10 Configuring Private VLANs Configuring Private VLANs Primary Secondary Type Interfaces ------- --------- ----------------- -----------------------------------------202 primary This example shows how to configure VLAN 303 as a community VLAN and verify the configuration: Router# configure terminal Router(config)# vlan 303 Router(config-vlan)# private-vlan community Router(config-vlan)# end Router# show vlan private-vlan Primary Secondary Type Interfaces ------- --------- ----------------- -----
Chapter 10 Configuring Private VLANs Configuring Private VLANs • Use the remove keyword with a secondary_vlan_list to clear the association between secondary VLANs and a primary VLAN. • The command does not take effect until you exit VLAN configuration submode.
Chapter 10 Configuring Private VLANs Configuring Private VLANs • Enter a secondary_vlan_list parameter or use the add keyword with a secondary_vlan_list parameter to map the secondary VLANs to the primary VLAN. • Use the remove keyword with a secondary_vlan_list parameter to clear the mapping between secondary VLANs and the primary VLAN.
Chapter 10 Configuring Private VLANs Configuring Private VLANs This example shows how to configure interface FastEthernet 5/1 as a private VLAN host port and verify the configuration: Router# configure terminal Router(config)# interface fastethernet 5/1 Router(config-if)# switchport mode private-vlan host Router(config-if)# switchport private-vlan host-association 202 303 Router(config-if)# end Router# show interfaces fastethernet 5/1 switchport Name: Fa5/1 Switchport: Enabled Administrative Mode: private
Chapter 10 Configuring Private VLANs Configuring Private VLANs When you configure a Layer 2 interface as a private VLAN promiscuous port, note the following syntax information: • The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated items. Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs.
C H A P T E R 11 Configuring Cisco IP Phone Support This chapter describes how to configure support for Cisco IP Phones on the Catalyst 6500 series switches. Release 12.1(13)E and later releases support Cisco IP Phones. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication for this release.
Chapter 11 Configuring Cisco IP Phone Support Understanding Cisco IP Phone Support Figure 11-1 Cisco IP Phone Connected to a Switch Cisco IP Phone 7960 Phone ASIC Workstation/PC P2 3-port switch P3 Access port Catalyst switch or Cisco Router 79490 P1 10/100 module Cisco IP Phone Voice Traffic The Cisco IP Phone transmits voice traffic with Layer 3 IP precedence and Layer 2 CoS values, which are both set to 5 by default.
Chapter 11 Configuring Cisco IP Phone Support Understanding Cisco IP Phone Support Cisco IP Phone Data Traffic Note Untagged traffic from the device attached to the Cisco IP Phone passes through the Cisco IP Phone unchanged, regardless of the trust state of the access port on the Cisco IP Phone. To process tagged data traffic (traffic in 802.1Q or 802.
Chapter 11 Configuring Cisco IP Phone Support Default Cisco IP Phone Support Configuration When a switching module port detects an unpowered Cisco IP Phone, the switching module reports to the supervisor engine that an unpowered Cisco IP Phone is present and on which module and port. If the port is configured in auto mode, the supervisor engine determines if there is enough system power available to power up the Cisco IP Phone.
Chapter 11 Configuring Cisco IP Phone Support Configuring Cisco IP Phone Support • You cannot configure 10/100 Mbps ports with QoS port architecture 1p4t/2q2t to trust received Layer 2 CoS values. Configure policies to trust the Layer 3 IP precedence value on switching modules with QoS port architecture 1p4t/2q2t. • The following conditions indicate that the Cisco IP Phone and a device attached to the Cisco IP Phone are in the same VLAN and must be in the same IP subnet: – If they both use 802.
Chapter 11 Configuring Cisco IP Phone Support Configuring Cisco IP Phone Support Command Purpose Step 3 Router(config)# end Exits configuration mode. Step 4 Router# show interfaces fastethernet slot/port switchport Router# show running-config interface fastethernet slot/port Verifies the configuration.
Chapter 11 Configuring Cisco IP Phone Support Configuring Cisco IP Phone Support Configuring Data Traffic Support To configure the way in which the Cisco IP Phone transmits data traffic, perform this task: Command Purpose Step 1 Router(config)# interface fastethernet slot/port Selects the port to configure. Step 2 Router(config-if)# mls qos trust extend [cos cos_value] Configures the way in which the Cisco IP Phone transmits data traffic.
Chapter 11 Configuring Cisco IP Phone Support Configuring Cisco IP Phone Support Configuring Inline Power Support To configure inline power support, perform this task: Command Purpose Step 1 Router(config)# interface fastethernet slot/port Selects the port to configure. Step 2 Router(config-if)# power inline {auto | never} Configures inline power support. Router(config-if)# no power inline Clears the configuration. Step 3 Router(config)# end Exits configuration mode.
C H A P T E R 12 Configuring Layer 3 Interfaces This chapter contains information about how to configure Layer 3 interfaces on the Catalyst 6500 series switches, which supplements the information and procedures in the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.
Chapter 12 Configuring Layer 3 Interfaces Configuring IP Routing and Addresses Note • For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm • Release 12.1(13)E and later releases support configuration of 4,096 Layer 3 VLAN interfaces.
Chapter 12 Configuring Layer 3 Interfaces Configuring IP Routing and Addresses The Multilayer Switch Feature Card 2 (MSFC2) provides processing in software for route-map sequences that use the match length and set interface keywords. To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1, “Classification,” “Configuring Policy-Based Routing,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcprt1/qcdpbr.
Chapter 12 Configuring Layer 3 Interfaces Configuring IP Routing and Addresses Router# show interfaces fastethernet 5/4 FastEthernet5/4 is up, line protocol is up Hardware is Cat6K 100Mb Ethernet, address is 0050.f0ac.3058 (bia 0050.f0ac.3058) Internet address is 172.20.52.
Chapter 12 Configuring Layer 3 Interfaces Configuring IP Routing and Addresses WCCP Redirect exclude is disabled BGP Policy Mapping is disabled IP multicast multilayer switching is disabled IP mls switching is enabled Router# This example uses the show running-config command to display the interface IP address configuration of Fast Ethernet port 5/4: Router# show running-config interfaces fastethernet 5/4 Building configuration...
Chapter 12 Configuring Layer 3 Interfaces Configuring IPX Routing and Network Numbers Configuring IPX Routing and Network Numbers For complete information and procedures, refer to these publications: • Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm • Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: http://www.cisco.
Chapter 12 Configuring Layer 3 Interfaces Configuring AppleTalk Routing, Cable Ranges, and Zones Configuring AppleTalk Routing, Cable Ranges, and Zones For complete information and procedures, refer to these publications: • Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm • Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: http://www.cisco.
Chapter 12 Configuring Layer 3 Interfaces Configuring Other Protocols on Layer 3 Interfaces Configuring Other Protocols on Layer 3 Interfaces Refer to these publications for information about configuring other protocols on Layer 3 interfaces: • Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/apollo_c/index.
C H A P T E R 13 Configuring EtherChannels This chapter describes how to configure EtherChannels on the Catalyst 6500 series switch Layer 2 or Layer 3 LAN ports. Note • For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 13 Configuring EtherChannels Understanding How EtherChannels Work EtherChannel Feature Overview An EtherChannel bundles individual Ethernet links into a single logical link that provides the aggregate bandwidth of up to eight physical links. A Catalyst 6500 series switch supports a maximum of 64 EtherChannels (256 with Release 12.1(2)E and earlier). You can form an EtherChannel with up to eight compatibly configured LAN ports on any module in a Catalyst 6500 series switch.
Chapter 13 Configuring EtherChannels Understanding How EtherChannels Work Table 13-1 EtherChannel Modes Mode Description on Mode that forces the LAN port to channel unconditionally. In the on mode, a usable EtherChannel exists only when a LAN port group in the on mode is connected to another LAN port group in the on mode. Because ports configured in the on mode do not negotiate, there is no negotiation traffic between the ports. You cannot configure the on mode with an EtherChannel protocol.
Chapter 13 Configuring EtherChannels Understanding How EtherChannels Work The protocol learns the capabilities of LAN port groups dynamically and informs the other LAN ports. Once LACP identifies correctly matched Ethernet links, it facilitates grouping the links into an EtherChannel. The EtherChannel is then added to the spanning tree as a single bridge port.
Chapter 13 Configuring EtherChannels EtherChannel Feature Configuration Guidelines and Restrictions Understanding Port Channel Interfaces Each EtherChannel has a numbered port channel interface. Release 12.1(5)E and later releases support a maximum of 64 port channel interfaces, numbered from 1 to 256. Note Releases 12.1(4)E1, 12.1(3a)E4, and 12.1(3a)E3 support a maximum of 64 port channel interfaces, numbered from 1 to 64. Releases 12.
Chapter 13 Configuring EtherChannels Configuring EtherChannels • Enable all LAN ports in an EtherChannel. If you shut down a LAN port in an EtherChannel, it is treated as a link failure and its traffic is transferred to one of the remaining ports in the EtherChannel. • An EtherChannel will not form if one of the LAN ports is a Switched Port Analyzer (SPAN) destination port.
Chapter 13 Configuring EtherChannels Configuring EtherChannels Configuring Port Channel Logical Interfaces for Layer 3 EtherChannels Note • When configuring Layer 2 EtherChannels, you cannot put Layer 2 LAN ports into manually created port channel logical interfaces. If you are configuring a Layer 2 EtherChannel, do not perform the procedures in this section (see the “Configuring Channel Groups” section on page 13-8).
Chapter 13 Configuring EtherChannels Configuring EtherChannels Configuring Channel Groups Note • When configuring Layer 3 EtherChannels, you must manually create the port channel logical interface first (see the “Configuring Port Channel Logical Interfaces for Layer 3 EtherChannels” section on page 13-7), and then put the Layer 3 LAN ports into the channel group as described in this section.
Chapter 13 Configuring EtherChannels Configuring EtherChannels Note See the “Configuring a Range of Interfaces” section on page 6-4 for information about the range keyword. This example shows how to verify the configuration of port channel interface 2: Router# show running-config interface port-channel 2 Building configuration...
Chapter 13 Configuring EtherChannels Configuring EtherChannels This example shows how to verify the configuration of port channel interface 2 after the LAN ports have been configured: Router# show etherchannel 12 port-channel Port-channels in the group: ---------------------Port-channel: Po12 -----------Age of the Port-channel = 04d:18h:58m:50s Logical slot/port = 14/1 Number of ports = 0 GC = 0x00000000 HotStandBy port = null Port state = Port-channel Ag-Not-Inuse Protocol = PAgP Router# Configuring th
Chapter 13 Configuring EtherChannels Configuring EtherChannels Configuring EtherChannel Load Balancing To configure EtherChannel load balancing, perform this task: Command Purpose Router(config)# port-channel load-balance {src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip | src-port | dst-port | src-dst-port} Configures EtherChannel load balancing. Router(config)# no port-channel load-balance Reverts to default EtherChannel load balancing.
Chapter 13 Configuring EtherChannels Configuring EtherChannels Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling With Release 12.1(13)E and later, the Catalyst 6500 series switches support IEEE 802.1Q tunneling and Layer 2 protocol tunneling. This chapter describes how to configure IEEE 802.1Q tunneling and Layer 2 protocol tunneling on the Catalyst 6500 series switches.
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Understanding How 802.1Q Tunneling Works The customer switches are trunk connected, but with 802.1Q tunneling, the service provider switches only use one service provider VLAN to carry all the customer VLANs, instead of directly carrying all the customer VLANs. With 802.1Q tunneling, tagged customer traffic comes from an 802.1Q trunk port on a customer device and enters the service-provider edge switch through a tunnel port.
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Understanding How 802.1Q Tunneling Works Figure 14-2 Untagged, 802.1Q-Tagged, and Double-Tagged Ethernet Frames Source address Destination Length/ address EtherType SA Len/Etype DA SA Etype DA SA Etype Data Tag Tag FCS Len/Etype Etype Tag Original Ethernet frame Data FCS Len/Etype 802.
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling 802.1Q Tunneling Configuration Guidelines and Restrictions 802.1Q Tunneling Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring 802.1Q tunneling in your network: Restrictions • Because tunnel traffic has the added ethertype and length field and retains the 802.
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Configuring 802.1Q Tunneling • Trunks require no special configuration to carry tunnel VLANs. • We recommend that you use ISL trunks to carry tunnel traffic between devices that do not have tunnel ports. Because of the 802.1Q native VLAN feature, using 802.1Q trunks requires that you be very careful when you configure tunneling: a mistake might direct tunnel traffic to a non-tunnel port.
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Configuring 802.1Q Tunneling Preconfiguration Tasks Before you can configure Layer 2 protocol tunneling, you must perform these tasks: Step 1 On all the service provider edge switches, PortFast BPDU filtering must be enabled on the 802.1Q tunnel ports as follows: Router(config-if)# spanning-tree bpdufilter enable Router(config-if)# spanning-tree portfast Note With Release 12.
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Understanding How Layer 2 Protocol Tunneling Works Command Purpose Step 4 Router(config-if)# end Exits configuration mode. Step 5 Router# show dot1q-tunnel [{interface type interface-number}] Verifies the configuration. 1.
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Configuring Support for Layer 2 Protocol Tunneling topology on switches 1, 2, and 3 without considering convergence parameters based on switches 4 and 5. To provide a single spanning tree domain for the customer, a generic scheme to tunnel BPDUs was created for control protocol PDUs (CDP, STP, and VTP). This process is referred to as Generic Bridge PDU Tunneling (GBPT).
Chapter 14 Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling Configuring Support for Layer 2 Protocol Tunneling To configure Layer 2 protocol tunneling on a port, perform this task: Command Purpose Step 1 Router(config)# interface type1 slot/port Selects the LAN port to configure.
Chapter 14 Configuring IEEE 802.
C H A P T E R 15 Configuring STP and IEEE 802.1s MST This chapter describes how to configure the Spanning Tree Protocol (STP) and the IEEE 802.1s Multiple Spanning Tree (MST) protocol on Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication. This chapter consists of these sections: Note • Understanding How STP Works, page 15-2 • Understanding How IEEE 802.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Understanding How STP Works These sections describe how STP works: • STP Overview, page 15-2 • Understanding the Bridge ID, page 15-3 • Understanding Bridge Protocol Data Units, page 15-4 • Election of the Root Bridge, page 15-4 • STP Protocol Timers, page 15-5 • Creating the Spanning Tree Topology, page 15-5 • STP Port States, page 15-6 • STP and IEEE 802.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Understanding the Bridge ID Each VLAN on each network device has a unique 64-bit bridge ID consisting of a bridge priority value, an extended system ID, and an STP MAC address allocation. This section contains these topics: • Bridge Priority Value, page 15-3 • Extended System ID, page 15-3 • STP MAC Address Allocation, page 15-3 Bridge Priority Value With Release 12.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works If you have a network device in your network with MAC address reduction enabled, you should also enable MAC address reduction on all other Layer-2 connected network devices to avoid undesirable root bridge election and spanning tree topology issues. When MAC address reduction is enabled, the root bridge priority becomes a multiple of 4096 plus the VLAN ID.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works The STP root bridge is the logical center of the spanning tree topology in a Layer 2 network. All paths that are not needed to reach the root bridge from anywhere in the Layer 2 network are placed in STP blocking mode. BPDUs contain information about the transmitting bridge and its ports, including bridge and MAC addresses, bridge priority, port priority, and path cost.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works For example, assume that one port on Switch B is a fiber-optic link, and another port on Switch B (an unshielded twisted-pair [UTP] link) is the root port. Network traffic might be more efficient over the high-speed fiber-optic link. By changing the STP port priority on the fiber-optic port to a higher priority (lower numerical value) than the root port, the fiber-optic port becomes the new root port.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Figure 15-2 STP Layer 2 LAN Interface States Boot-up initialization Blocking state Listening state Disabled state Forwarding state S5691 Learning state When you enable STP, every port in the Catalyst 6500 series switch, VLAN, and network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each Layer 2 LAN port stabilizes to the forwarding or blocking state.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Blocking State A Layer 2 LAN port in the blocking state does not participate in frame forwarding, as shown in Figure 15-3. After initialization, a BPDU is sent out to each Layer 2 LAN port. A network device initially assumes it is the root until it exchanges BPDUs with other network devices. This exchange establishes which network device in the network is the root or root bridge.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Listening State The listening state is the first transitional state a Layer 2 LAN port enters after the blocking state. The Layer 2 LAN port enters this state when STP determines that the Layer 2 LAN port should participate in frame forwarding. Figure 15-4 shows a Layer 2 LAN port in the listening state.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Learning State A Layer 2 LAN port in the learning state prepares to participate in frame forwarding. The Layer 2 LAN port enters the learning state from the listening state. Figure 15-5 shows a Layer 2 LAN port in the learning state.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Forwarding State A Layer 2 LAN port in the forwarding state forwards frames, as shown in Figure 15-6. The Layer 2 LAN port enters the forwarding state from the learning state.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How STP Works Disabled State A Layer 2 LAN port in the disabled state does not participate in frame forwarding or STP, as shown in Figure 15-7. A Layer 2 LAN port in the disabled state is virtually nonoperational.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1w RSTP Works Understanding How IEEE 802.1w RSTP Works Note In Cisco IOS release 12.1(11)EX and later releases, RSTP is implemented as part of Multiple Spanning Tree Protocol (MSTP). In Cisco IOS release 12.1(13)E and later releases, RSTP is also available as a standalone protocol in Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) mode. In this mode, the switch runs an RSTP instance on each VLAN, which follows the usual PVST+ approach.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1s MST Works • Backup—A backup for the path provided by a designated port toward the leaves of the spanning tree. Backup ports can exist only where two ports are connected together in a loopback by a point-to-point link or bridge with two or more connections to a shared LAN segment. • Disabled—A port that has no role within the operation of spanning tree.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1s MST Works These sections describe Multiple Spanning Tree (MST): • IEEE 802.1s MST Overview, page 15-15 • MST-to-PVST Interoperability, page 15-16 • Common Spanning Tree, page 15-18 • MST Instances, page 15-18 • MST Configuration Parameters, page 15-18 • MST Regions, page 15-19 • Message Age and Hop Count, page 15-20 • Default STP Configuration, page 15-21 IEEE 802.1s MST Overview Releases 12.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1s MST Works • MST establishes and maintains additional spanning trees within each MST region. These spanning trees are referred to as MST instances (MSTIs). The IST is numbered 0, and the MSTIs are numbered 1,2,3, and so on. Any MSTI is local to the MST region that is independent of MSTIs in another region, even if the MST regions are interconnected.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1s MST Works An MST region appears as an SST or pseudobridge to STP running in the SST region. Pseudobridges operate as follows: • The same values for root identifiers and root path costs are sent in all BPDUs of all the pseudobridge ports. Pseudobridges differ from a single SST bridge as follows: – The pseudobridge BPDUs have different bridge identifiers.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1s MST Works When you connect a PVST+ switch to two different MST regions, the topology change from the PVST+ switch does not pass beyond the first MST region. In this case, the topology changes are only propagated in the instance to which the VLAN is mapped. The topology change stays local to the first MST region and the CAM entries in the other region are not flushed.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1s MST Works MST Regions These sections describe MST regions: • MST Region Overview, page 15-19 • Boundary Ports, page 15-19 • IST Master, page 15-19 • Edge Ports, page 15-20 • Link Type, page 15-20 MST Region Overview Interconnected bridges that have the same MST configuration are referred to as an MST region. There is no limit on the number of MST regions in the network.
Chapter 15 Configuring STP and IEEE 802.1s MST Understanding How IEEE 802.1s MST Works If two or more bridges at the boundary of a region have an identical path to the root, you can set a slightly lower bridge priority to make a specific bridge the IST master. The root path cost and message age inside a region stay constant, but the IST path cost is incremented and the IST remaining hops are decremented at each hop.
Chapter 15 Configuring STP and IEEE 802.1s MST Default STP Configuration Default STP Configuration Table 15-5 shows the default STP configuration.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP • Ensure that trunks carry all of the VLANs mapped to an instance or do not carry any VLANs at all for this instance. • Do not connect switches with access links because access links may partition a VLAN.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP Enabling STP Note STP is enabled by default on VLAN 1 and on all newly created VLANs. You can enable STP on a per-VLAN basis. The Catalyst 6500 series switch maintains a separate instance of STP for each VLAN (except on VLANs on which you disable STP). To enable STP on a per-VLAN basis, perform this task: Command Purpose Router(config)# spanning-tree vlan vlan_ID Enables STP on a per-VLAN basis.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP This example shows how to verify the configuration: Router# show spanning-tree vlan 200 VLAN0200 Spanning tree enabled protocol ieee Root ID Priority 32768 Address 00d0.00b8.14c8 This bridge is the root Hello Time 2 sec Max Age 20 sec Bridge ID Priority 32768 Address 00d0.00b8.14c8 Hello Time 2 sec Max Age 20 sec Aging Time 300 Interface ---------------Fa4/4 Fa4/5 Role ---Desg Back Sts --FWD BLK Cost --------200000 200000 Prio.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP This example shows how to enable the extended system ID: Router# configure terminal Router(config)# spanning-tree extend system-id Router(config)# end Router# This example shows how to verify the configuration: Router# show spanning-tree summary | include Extended Extended system ID is enabled. Configuring the Root Bridge Catalyst 6500 series switches maintain a separate instance of STP for each active VLAN.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP Use the diameter keyword to specify the Layer 2 network diameter (that is, the maximum number of bridge hops between any two end stations in the Layer 2 network). When you specify the network diameter, the Catalyst 6500 series switch automatically selects an optimal hello time, forward delay time, and maximum age time for a network of that diameter, which can significantly reduce the STP convergence time.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP To configure a Catalyst 6500 series switch as the secondary root bridge, perform this task: Step 1 Step 2 Command Purpose Router(config)# [no] spanning-tree vlan vlan_ID root secondary [diameter hops [hello-time seconds]] Configures a Catalyst 6500 series switch as the secondary root bridge. The vlan_ID value can be 1 through 4094, except reserved VLANs (see Table 9-1 on page 9-2).
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP Command Step 5 Purpose 1 Router# show spanning-tree interface {type slot/port} | {port-channel port_channel_number} Router# show spanning-tree vlan vlan_ID 1. Verifies the configuration.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP You also can display spanning tree information for VLAN 200 using the following command: Router# show spanning-tree vlan 200 interface fastEthernet 4/4 Interface Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------Fa4/4 Desg LRN 200000 64.196 P2p Configuring STP Port Cost The STP port path cost default value is determined from the media speed of a LAN interface.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP VLAN0006 VLAN0007 VLAN0008 VLAN0009 VLAN0010 Router# Back Back Back Back Back BLK BLK BLK BLK BLK 1000 1000 1000 1000 1000 160.196 160.196 160.196 160.196 160.196 P2p P2p P2p P2p P2p This example shows how to configure the port priority at an individual port VLAN cost for VLAN 200: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP To configure the STP bridge priority of a VLAN when the extended system ID is disabled, perform this task: Command Purpose Router(config)# spanning-tree vlan vlan_ID priority bridge_priority Configures the bridge priority of a VLAN when the extended system ID is disabled. The bridge_priority value can be from 1 to 65535. The vlan_ID value can be 1 through 4094, except reserved VLANs (see Table 9-1 on page 9-2).
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP Configuring the Hello Time Note Be careful when using this command. For most situations, we recommend that you use the spanning-tree vlan vlan_ID root primary and spanning-tree vlan vlan_ID root secondary commands to modify the hello time. To configure the STP hello time of a VLAN, perform this task: Command Purpose Router(config)# spanning-tree vlan vlan_ID hello-time hello_time Configures the hello time of a VLAN.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring STP This example shows how to configure the forward delay time for VLAN 200 to 21 seconds: Router# configure terminal Router(config)# spanning-tree vlan 200 forward-time 21 Router(config)# end Router# This example shows how to verify the configuration: Router# show spanning-tree vlan 200 bridge Hello Max Fwd Vlan Bridge ID Time Age Delay ---------------- -------------------- ---- ---- ----VLAN200 49152 0050.3e8d.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Specifying the Link Type Rapid connectivity is established only on point-to-point links. Spanning tree views a point-to-point link as a segment connecting only two switches running the spanning tree algorithm. Because the switch assumes that all full-duplex links are point-to-point links and that half-duplex links are shared links, you can avoid explicitly configuring the link type.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Command Purpose Step 4 Router(config-mst)# show current Displays the current MST configuration from within the MST configuration submode Step 5 Router(config-mst)# name name revision revision_number instance instance_number vlan vlan_range Enters the MST configuration. Step 6 Router(config-mst)# no instance instance_number (Optional) Unmaps all VLANs that were mapped to an instance.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Router# show spanning-tree mst ###### MST00 vlans mapped: 11-4094 Bridge address 00d0.00b8.1400 priority 32768 (32768 sysid Root address 00d0.004a.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Router# show spanning-tree mst 1 detail ###### MST01 vlans mapped: 1-10 Bridge address 00d0.00b8.1400 priority Root this switch for MST01 32769 (32768 sysid 1) FastEthernet4/4 of MST01 is backup blocking Port info port id 160.196 priority 160 cost 1000 Designated root address 00d0.00b8.1400 priority 32769 cost 0 Designated bridge address 00d0.00b8.1400 priority 32769 port id 128.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Configuring MST Instance Parameters To configure MST instance parameters, perform these tasks: Command Purpose Step 1 Router(config)# spanning-tree mst X priority Y Configures the priority for an MST instance Step 2 Router(config)# spanning-tree mst X root [primary | secondary] Configures the bridge as root for an MST instance. Step 3 Router# show spanning-tree mst Verifies the configuration.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Configuring MST Instance Port Parameters To configure MST instance port parameters, perform these tasks: Command Purpose Step 1 Router(config-if)# spanning-tree mst x cost y Configures the MST instance port cost. Step 2 Router(config-if)# spanning-tree mst x port-priority y Configures the MST instance port priority. Step 3 Router# show spanning-tree mst x interface y Verifies the configuration.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST To restart the protocol migration process (force the renegotiation with neighboring switches) on the entire switch, you can use the clear spanning-tree detected-protocols privileged EXEC command. Use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command to restart the protocol migration process on a specific interface.
Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 16 Configuring Optional STP Features This chapter describes how to configure optional STP features. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 16 Configuring Optional STP Features Understanding How PortFast Works Understanding How PortFast Works STP PortFast causes a Layer 2 LAN interface configured as an access port to enter the forwarding state immediately, bypassing the listening and learning states. You can use PortFast on Layer 2 access ports connected to a single workstation or server to allow those devices to connect to the network immediately, instead of waiting for STP to converge.
Chapter 16 Configuring Optional STP Features Understanding How UplinkFast Works When you enable PortFast BPDU filtering globally and set the port configuration as the default for PortFast BPDU filtering (see the “Enabling PortFast BPDU Filtering” section on page 16-10), then PortFast enables or disables PortFast BPDU filtering. If the port configuration is not set to default, then the PortFast configuration will not affect PortFast BPDU filtering.
Chapter 16 Configuring Optional STP Features Understanding How BackboneFast Works If Switch C detects a link failure on the currently active link L2 on the root port (a direct link failure), UplinkFast unblocks the blocked port on Switch C and transitions it to the forwarding state without going through the listening and learning states, as shown in Figure 16-2. This switchover takes approximately one to five seconds.
Chapter 16 Configuring Optional STP Features Understanding How BackboneFast Works Figure 16-3 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B L1 L2 L3 11241 Blocked port Switch C If link L1 fails, Switch C cannot detect this failure because it is not connected directly to link L1. However, because Switch B is directly connected to the root bridge over L1, it detects the failure and elects itself the root and begins sending BPDUs to Switch C indicating itself as the root.
Chapter 16 Configuring Optional STP Features Understanding How EtherChannel Guard Works Figure 16-5 Adding a Network Device in a Shared-Medium Topology Switch A (Root) Switch B (Designated Bridge) Switch C Blocked port 11245 Added switch Understanding How EtherChannel Guard Works EtherChannel guard detects a misconfigured EtherChannel where interfaces on the Catalyst 6500 series switch are configured as an EtherChannel while interfaces on the other device are not or not all the interfaces on the ot
Chapter 16 Configuring Optional STP Features Understanding How Loop Guard Works If you enable loop guard on a channel and the first link becomes unidirectional, loop guard blocks the entire channel until the affected port is removed from the channel. Figure 16-6 shows loop guard in a triangle switch configuration.
Chapter 16 Configuring Optional STP Features Enabling PortFast – If a channel is blocked by loop guard and the channel breaks, spanning tree loses all the state information. The individual physical ports may obtain the forwarding state with the designated role, even if one or more of the links that formed the channel are unidirectional. Note • You can enable UniDirectional Link Detection (UDLD) to help isolate the link failure.
Chapter 16 Configuring Optional STP Features Enabling PortFast To enable the default PortFast configuration, perform this task: Command Purpose Step 1 Router(config)# spanning-tree portfast default Configures the PortFast default. Step 2 Router(config)# show spanning-tree summary totals Verifies the global configuration. Step 3 Router(config)# show spanning-tree interface x detail Verifies the effect on a specific port.
Chapter 16 Configuring Optional STP Features Enabling PortFast BPDU Filtering Router# show spanning-tree interface fastEthernet 4/4 detail Port 196 (FastEthernet4/4) of VLAN0010 is forwarding Port path cost 1000, Port priority 160, Port Identifier 160.196. Designated root has priority 32768, address 00d0.00b8.140a Designated bridge has priority 32768, address 00d0.00b8.140a Designated port id is 160.
Chapter 16 Configuring Optional STP Features Enabling BPDU Guard To enable PortFast BPDU filtering on a nontrunking port, perform this task: Command Purpose Step 1 Router(config)# interface fastEthernet 4/4 Selects the interface to configure. Step 2 Router(config-if)# spanning-tree bpdufilter enable Enables BPDU filtering. Step 3 Router# show spanning-tree interface fastEthernet 4/4 Verifies the configuration.
Chapter 16 Configuring Optional STP Features Enabling UplinkFast This example shows how to verify the configuration: Router# show spanning-tree summary totals default Root bridge for:VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID is disabled Portfast is enabled by default PortFast BPDU Guard is disabled by default Portfast BPDU Filter is enabled by default Loopguard is disabled by default UplinkFast is disabled BackboneFast is disabled Pathcost method used is long Name Blockin
Chapter 16 Configuring Optional STP Features Enabling BackboneFast This example shows how to verify that UplinkFast is enabled: Router# show spanning-tree uplinkfast UplinkFast is enabled Router# Enabling BackboneFast Note BackboneFast operates correctly only when enabled on all network devices in the network. BackboneFast is not supported on Token Ring VLANs. This feature is supported for use with third-party network devices.
Chapter 16 Configuring Optional STP Features Enabling EtherChannel Guard Enabling EtherChannel Guard To enable EtherChannel guard, perform this task: Command Purpose Router(config)# spanning-tree etherchannel guard misconfig Enables EtherChannel guard. Router(config)# no spanning-tree etherchannel guard misconfig Disables EtherChannel guard. Step 2 Router(config)# end Exits configuration mode.
Chapter 16 Configuring Optional STP Features Enabling Loop Guard Enabling Loop Guard Use the set spanning-tree guard command to enable or disable the spanning tree loop guard feature on a per-port basis. To enable loop guard globally on the switch, perform this task: Command Purpose Step 1 Router(config)# spanning-tree loopguard default Enables loop guard globally on the switch. Step 2 Router(config)# end Exits configuration mode.
Chapter 16 Configuring Optional STP Features Enabling Loop Guard This example shows how to verify the configuration: Router# show spanning-tree interface fastEthernet 4/4 detail Port 196 (FastEthernet4/4) of VLAN0010 is forwarding Port path cost 1000, Port priority 160, Port Identifier 160.196. Designated root has priority 32768, address 00d0.00b8.140a Designated bridge has priority 32768, address 00d0.00b8.140a Designated port id is 160.
C H A P T E R 17 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2 This chapter describes how to configure IP unicast Layer 3 switching for Policy Feature Card 2 (PFC2), Distributed Forwarding Cards (DFCs), and Multilayer Switch Feature Card 2 (MSFC2). Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the publications at this URL: http://www.cisco.
Chapter 17 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2 Understanding How Layer 3 Switching Works Understanding Hardware Layer 3 Switching on PFC2 and DFCs Hardware Layer 3 switching allows the PFC2 and DFCs, instead of the MSFC2, to forward IP unicast traffic between subnets. Hardware Layer 3 switching provides wire-speed forwarding on the PFC2 and DFCs, instead of in software on the MSFC2. Hardware Layer 3 switching requires minimal support from the MSFC2.
Chapter 17 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2 Understanding How Layer 3 Switching Works A received IP unicast packet is formatted (conceptually) as follows: Layer 2 Frame Header Layer 3 IP Header Destination Destination Source TTL Checksum Destination B IP Source A IP n calculation1 Source MSFC2 MAC Source A MAC Data FCS After the switch rewrites an IP unicast packet, it is formatted (conceptually) as follows: Layer 2 Frame Header Destination Layer 3 IP Header S
Chapter 17 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2 Default Hardware Layer 3 Switching Configuration Default Hardware Layer 3 Switching Configuration Table 17-1 shows the default hardware Layer 3 switching configuration.
Chapter 17 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2 Configuring Hardware Layer 3 Switching Configuring Hardware Layer 3 Switching Note For information on configuring unicast routing on the MSFC2, see Chapter 12, “Configuring Layer 3 Interfaces.” Hardware Layer 3 switching is permanently enabled on Supervisor Engine 2 with PFC2, MSFC2, and Distributed Feature Card (DFC). No configuration is required.
Chapter 17 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2 Displaying Hardware Layer 3 Switching Statistics Displaying Hardware Layer 3 Switching Statistics Hardware Layer 3 switching statistics are obtained on a per-VLAN basis. To display hardware Layer 3 switching statistics, perform this task: Command Purpose Router# show interfaces {{type {port-channel number}} 1 slot/port} | Displays hardware Layer 3 switching statistics. 1.
C H A P T E R 18 Configuring IP Multicast Layer 3 Switching This chapter describes how to configure IP multicast Layer 3 switching on the Catalyst 6500 series switches. Note For more information on the syntax and usage for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 18 Configuring IP Multicast Layer 3 Switching Understanding How IP Multicast Layer 3 Switching Works IP Multicast Layer 3 Switching Overview Policy Feature Card 2 (PFC2) provides Layer 3 switching for IP multicast flows using the hardware replication table and hardware Cisco Express Forwarding (CEF), which uses the forwarding information base (FIB) and the adjacency table on the PFC2.
Chapter 18 Configuring IP Multicast Layer 3 Switching Understanding How IP Multicast Layer 3 Switching Works The Layer 3 switching cache contains flow information for all active Layer 3-switched flows. After the switching cache is populated, multicast packets identified as belonging to an existing flow can be Layer 3 switched based on the cache entry for that flow. For each cache entry, the PFC maintains a list of outgoing interfaces for the IP multicast group.
Chapter 18 Configuring IP Multicast Layer 3 Switching Understanding How IP Multicast Layer 3 Switching Works The PFC rewrites the packet as follows: • Changes the source MAC address in the Layer 2 frame header from the MAC address of the host to the MAC address of the MSFC (this MAC address is stored in the multicast Layer 3 switching cache entry for the flow) • Decrements the IP header Time to Live (TTL) by one and recalculates the IP header checksum The result is a rewritten IP multicast packet tha
Chapter 18 Configuring IP Multicast Layer 3 Switching Understanding How IP Multicast Layer 3 Switching Works Partially Switched Flows with PFC2 In PFC2 systems, (*,G) flows will be partially switched on the last-hop leaf router if the shared-tree to shortest-path-tree (SPT) threshold is not equal to infinity. This allows the flow to transition from SPT. Note With a PFC2, flows matching an output ACL on an outgoing interface are routed in software.
Chapter 18 Configuring IP Multicast Layer 3 Switching Understanding How IP Multicast Layer 3 Switching Works Figure 18-1 Redundant Multicast Router Configuration in a Stub Network Rest of network Router A Router B Network A, B, C.0 Network A, B, D.0 55645 Mulitcast traffic non-RPF traffic Filtering of RPF Failures for Stub Networks PFC1, PFC2, and the DFCs support ACL-based filtering of RPF failures for sparse mode stub networks.
Chapter 18 Configuring IP Multicast Layer 3 Switching Default IP Multicast Layer 3 Switching Configuration NetFlow-Based Rate Limiting of RPF Failures With NetFlow-based rate limiting of RPF failures, a NetFlow entry is created for each non-RPF flow. When a non-RPF packet arrives, the MSFC communicates information about the group, the source, and the interface on which the packet arrived to the PFC.
Chapter 18 Configuring IP Multicast Layer 3 Switching IP Multicast Layer 3 Switching Configuration Guidelines and Restrictions IP Multicast Layer 3 Switching Configuration Guidelines and Restrictions These sections describe IP Multicast Layer 3 switching configuration restrictions: • PFC2 with MSCF2, page 18-8 • PFC1 with MSFC or MSCF2, page 18-8 • PFC1 and PFC2 General Restrictions, page 18-9 • Unsupported Features, page 18-9 PFC2 with MSCF2 In systems with PCF2 and MSFC2, IP multicast Layer 3 s
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching • If the SPT bit for the flow is cleared when running PIM sparse mode for the interface or group. • For packets that require fragmentation and packets with IP options. However, packets in the flow that do not specify IP options are Layer 3 switched. • For source traffic received on tunnel interfaces (such as MBONE traffic).
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Source Specific Multicast with IGMPv3, IGMP v3lite, and URD For complete information and procedures about source specific multicast with IGMPv3, IGMP v3lite, and URL Rendezvous Directory (URD), refer to this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtssm5t.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching This example shows how to enable PIM sparse mode on an interface: Router(config-if)# ip pim sparse-mode Router(config-if)# Enabling IP Multicast Layer 3 Switching on Layer 3 Interfaces IP multicast Layer 3 switching is enabled by default on the Layer 3 interface when you enable PIM on the interface.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching This example shows how to configure the Layer 3 switching threshold to 10 packets per second: Router(config)# mls ip multicast threshold 10 Router(config)# Enabling Installation of Directly Connected Subnets In PIM sparse mode, a first-hop router that is the designated router for the interface may need to encapsulate the source traffic in a PIM register message and unicast it to the rendezvous point.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Step 3 Command Purpose Router(config-if)# mls ip multicast non-rpf netflow Enables NetFlow-based rate limiting of RPF failures on the Layer 3 interface. Router(config-if)# no mls ip multicast non-rpf netflow Disables NetFlow-based rate limiting of RPF failures on the Layer 3 interface. 1.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching This example shows how to enable the hardware shortcut-consistency checker: Router (config)# mls ip multicast consistency-check Router (config)# Configuring ACL-Based Filtering of RPF Failures When you configure ACL-based filtering of RPF failures, ACLs that filter RPF failures in hardware are downloaded to the hardware-based ACL engine and applied on the interface you specify.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching To display IP multicast Layer 3 switching information for an IP PIM Layer 3 interface, perform one of these tasks: Command Purpose Router# show ip pim interface [{{vlan vlan_ID} | {type1 slot/port} | {port-channel number}}] count Displays IP multicast Layer 3 switching enable state information for all MSFC IP PIM Layer 3 interfaces.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching IP fast switching is enabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is enabled IP Fast switching turbo vector IP Normal CEF switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Outgoing interface list: GigabitEthernet4/9, Forward/Sparse-Dense, 00:14:31/00:00:00, H (132.206.72.28, 224.2.136.89), 00:14:31/00:01:40, flags:CJT Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD Outgoing interface list:Null Router# Note The RPF-MFD flag indicates the flow is completely hardware switched. The H flag indicates the flow is hardware switched on the outgoing interface.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching (10.1.0.19, 224.2.2.19) Incoming interface: Vlan10, Packets switched: 1970 Hardware switched outgoing interfaces: MFD installed: Vlan10 (10.1.0.11, 224.2.2.11) Incoming interface: Vlan10, Packets switched: 0 Hardware switched outgoing interfaces: MFD installed: Vlan10 (10.1.0.10, 224.2.2.10) Incoming interface: Vlan10, Packets switched: 2744 Hardware switched outgoing interfaces: MFD installed: Vlan10 (10.1.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Table 18-2 IP Multicast Layer 3 Switching Debug Commands (continued) Command Description [no] debug mls ip multicast group group_id group_mask Turns on debugging for a subset of flows. [no] debug mls ip multicast messages Displays IP multicast Layer 3 switching messages from and to hardware switching engine. [no] debug mls ip multicast all Turns on all IP multicast Layer 3 switching messages.
Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Note The features described in this chapter are supported only on Supervisor Engine 1, the policy feature card (PFC), and the Multilayer Switch Feature Card (MSFC or MSFC2). For information about Supervisor Engine 2, PFC2, and MSFC2, see Chapter 17, “Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Understanding How IP MLS Works Understanding How IP MLS Works These sections provide an overview of IP MLS and describe how IP MLS works: • IP MLS Overview, page 19-2 • IP MLS Flows, page 19-2 • Layer 3 MLS Cache, page 19-3 • Flow Masks, page 19-3 • Layer 3-Switched Packet Rewrite, page 19-4 • IP MLS Operation, page 19-5 IP MLS Overview IP MLS provides high-performance hardware-based Layer 3 switching for Catalyst 6500
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Understanding How IP MLS Works Layer 3 MLS Cache The PFC maintains a Layer 3 switching table (the Layer 3 MLS cache) for Layer 3-switched flows. The cache also includes entries for traffic statistics that are updated in tandem with the switching of packets. After the MLS cache is created, packets identified as belonging to an existing flow can be Layer 3 switched based on the cached information.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Understanding How IP MLS Works • Security ACLs—Does not affect flow mask. • Reflexive ACLs—Does not affect flow mask. • TCP intercept—Does not affect flow mask. • Policy Based Routing (PBR)—Does not affect flow mask. • ISLB (IOS Server Load Balancing)—When packets are processed by the ISLB process, a full-flow-ip mask is used.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Understanding How IP MLS Works After the PFC performs the packet rewrite, the packet is formatted (conceptually) as follows: Frame Header IP Header Payload Destination Source Destination Source TTL Checksum Host B MAC MSFC MAC Host B IP n-1 Host A IP Data Checksum calculation2 IP MLS Operation Figure 19-1 shows a simple IP MLS network topology. In this example, Host A is on the Sales VLAN (IP subnet 171.59.1.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Default IP MLS Configuration Default IP MLS Configuration Table 19-1 shows the default IP MLS configuration.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Configuring IP MLS Disabling and Enabling IP MLS on a Layer 3 Interface IP MLS is permanently enabled globally but can be disabled and enabled on a specified interface. To enable IP MLS on a specific interface, perform this task: Command Purpose Step 1 Router(config)# interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}} Selects an interface to configure.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Configuring IP MLS IP Flow switching is disabled IP CEF switching is enabled IP Fast switching turbo vector IP Normal CEF switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe prox
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Displaying IP MLS Cache Entries To display the IP MLS flow mask configuration, perform this task: Command Purpose Router# show mls netflow flowmask With Release 12.1(8a)E and later releases, displays the flow mask configuration. Router# show mls flowmask With releases earlier than Release 12.1(8a)E, displays the flow mask configuration.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Displaying IP MLS Cache Entries This example shows how to display IP MLS information: Router# show mls ip DstIP SrcIP DstVlan-DstMAC Pkts Bytes ----------------------------------------------------------------------SrcDstPorts SrcDstEncap Age LastSeen -------------------------------------172.20.52.122 0.0.0.0 5 : 00e0.4fac.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Clearing IP MLS Cache Entries This example shows how to display MLS entries for a specific source IP address: Router# show mls ip source 172.20.52.122 any DstIP SrcIP DstVlan-DstMAC Pkts Bytes ----------------------------------------------------------------------SrcDstPorts SrcDstEncap Age LastSeen -------------------------------------172.20.52.122 0.0.0.0 5 : 00e0.4fac.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Clearing IP MLS Cache Entries • slot—Clears only the entries associated with a specific slot number. The flow keyword specifies the following additional flow information: • Protocol family (protocol)—Specifies tcp or udp.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Clearing IP MLS Cache Entries To show the MLS contention table and VLAN statistics, perform this task: Command Purpose Router# show mls table-contention [detailed | summary] Displays the MLS contention table.
Chapter 19 Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 Troubleshooting IP MLS Vlan 1 Statistics Information: ------------------------------65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 3 ======= (Information Deleted) Router# Troubleshooting IP MLS Table 19-2 describes IP MLS-related debugging commands that you can use to troubleshoot IP MLS problems.
C H A P T E R 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Note The features described in this chapter are supported only on Supervisor Engine 1, PFC, and MSFC or MSFC2. For information about Supervisor Engine 2, PFC2, and MSFC2 see Chapter 17, “Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2.” Supervisor Engine 1 with PFC and MSFC or MSFC2 provide Layer 3 switching with Multilayer Switching (MLS).
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Understanding How IPX MLS Works Understanding How IPX MLS Works These sections provide an overview of MLS and describe how MLS works: • IPX MLS Overview, page 20-2 • IPX MLS Flows, page 20-2 • Layer 3 MLS Cache, page 20-2 • Flow Masks, page 20-3 • Layer 3-Switched Packet Rewrite, page 20-3 • IPX MLS Operation, page 20-4 IPX MLS Overview IPX MLS provides high-performance hardware-based Layer 3 switching for Catalyst 65
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Understanding How IPX MLS Works The state and identity of the flow are maintained while packet traffic is active; when traffic for a flow ceases, the entry ages out. You can configure the aging time for IPX MLS entries kept in the MLS cache. If an entry is not used for the specified period of time, the entry ages out and statistics for that flow can be exported to a flow collector application.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Understanding How IPX MLS Works Received IPX packets are formatted (conceptually) as follows: Layer 2 Frame Header Layer 3 IPX Header Data FCS Destination Source Checksum/ IPX Length/ Transport Control Destination Net/ Node/ Socket Source Net/ Node/ Socket MSFC MAC Source A MAC n Destination B IPX Source A IPX The PFC rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address of Host B
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Default IPX MLS Configuration Figure 20-1 IPX MLS Example Topology Source IPX Destination Rewrite Src/Dst Address IPX Address MAC Address Destination VLAN 01.Aa 03.Bb Dd:Bb Marketing 01.Aa 02.Cc Dd:Cc Engineering 02.Cc 01.Aa Dd:Aa Sales MAC = Bb MAC = Dd MSFC ng ti arke M / 3 Net 03 Net 1/Sales 01 Net Host A 2/E ngin eer 02 Data Host B ing MAC = Cc Aa:Dd 01.Aa:02.Cc Host C Data 01.Aa:02.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Configuring IPX MLS – The no ipx routing command purges all IPX MLS cache entries and disables IPX MLS. – The ipx security interface command disables IPX MLS on the interface. • In IPX, the two end points of communication negotiate the maximum transmission unit (MTU) to be used. MTU size is limited by media type.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Configuring IPX MLS To display the IPX MLS interface configuration, perform this task: Command Purpose Router# show [ipx [interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}}] | nde] Displays MLS details for an interface. 1.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Displaying IPX MLS Information Configuring the Minimum IPX MLS Flow Mask You can configure the minimum granularity of the flow mask for the MLS cache on the PFC. The actual flow mask used will be at least of the granularity specified by this command. For information on how the different flow masks work, see the “Flow Masks” section on page 20-3.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Displaying IPX MLS Information Displaying IPX MLS Cache Entries The show mls ipx command displays IPX shortcut cache entries. You can specify the following parameters to focus the information displayed: • source and destination parameters display the source and or destination IPX network addresses associated with those entries. • interface arguments display only entries associated with a specific interface number.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Displaying IPX MLS Information Displaying IPX MLS Cache Entries for a Specific Destination Address To display IPX MLS cache entries for a specific destination IPX address, perform this task: Command Purpose Router# show mls ipx [destination ipx_addr] Displays IPX MLS entries for a specific destination address (net_address.node_address).
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Displaying IPX MLS Information Displaying IPX MLS Cache Entries for a Specific Interface To display IPX MLS entries for a specific interface, perform this task: Command Purpose Router# show mls ipx interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}} Displays IPX MLS cache entries for a specific interface. 1.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Displaying IPX MLS Information To show the MLS contention table and VLAN statistics for the switch, perform this task: Command Purpose Router# show mls table-contention [detailed | summary] Displays the IPX MLS contention table.
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Clearing IPX MLS Cache Entries Vlan 1 Statistics Information: ------------------------------65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 3 ======= Vlan 1 Statistics Information: ------------------------------65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 4 ======= Vlan 1 Statistics Infor
Chapter 20 Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1 Troubleshooting IPX MLS Troubleshooting IPX MLS Table 20-2 describes debug commands that you can use to troubleshoot IPX MLS problems. Table 20-2 IPX MLS Debug Commands Command Description [no] debug l3-mgr events Displays Layer 3 manager-related events. [no] debug l3-mgr packets Displays Layer 3 manager packets. [no] debug l3-mgr global Displays bug trace of IP global purge events.
C H A P T E R 21 Configuring IGMP Snooping This chapter describes how to configure Internet Group Management Protocol (IGMP) snooping on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 21 Configuring IGMP Snooping Understanding How IGMP Snooping Works IGMP Snooping Overview You can configure the switch to use IGMP snooping in subnets that receive IGMP queries from either IGMP or the IGMP snooping querier. IGMP snooping constrains multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward multicast traffic only to those ports that want to receive it.
Chapter 21 Configuring IGMP Snooping Understanding How IGMP Snooping Works Figure 21-1 Initial IGMP Join Message Router A 1 IGMP report 224.1.2.3 VLAN PFC CPU 0 45750 Forwarding table 2 3 4 5 Host 1 Host 2 Host 3 Host 4 Multicast router A sends a general query to the switch, which forwards the query to ports 2 through 5, all members of the same VLAN. Host 1 wants to join multicast group 224.1.2.
Chapter 21 Configuring IGMP Snooping Understanding How IGMP Snooping Works Figure 21-2 Second Host Joining a Multicast Group Router A 1 VLAN PFC CPU 0 45751 Forwarding table 2 Host 1 3 Host 2 4 Host 3 5 Host 4 Table 21-2 Updated IGMP Snooping Forwarding Table Destination Address Type of Packet Ports 0100.5exx.xxxx IGMP 0 0100.5e01.
Chapter 21 Configuring IGMP Snooping Understanding How IGMP Snooping Works response to the general query, it removes the group entry and relays the IGMP leave to the multicast router. If the multicast router receives no reports from a VLAN, the multicast router removes the group for the VLAN from its IGMP cache. The interval for which the switch waits before updating the table entry is called the “last member query interval.
Chapter 21 Configuring IGMP Snooping Default IGMP Snooping Configuration Understanding IGMP Version 3 Support With Release 12.1(8a)E and later releases, IGMP snooping supports IGMP version 3. Because the Layer 2 table is (MAC-group, VLAN) based, with IGMPv3 hosts it is preferable to have only a single multicast source per MAC-group. A single multicast source per group allows IGMPv3 hosts connected to specific ports to receive traffic from a specific (source, group).
Chapter 21 Configuring IGMP Snooping Enabling the IGMP Snooping Querier Periodically, the IGMP querier sends IGMP queries that trigger IGMP report messages from the switch that wants to receive IP multicast traffic. IGMP snooping listens to these IGMP reports to establish appropriate forwarding. In a normal network with IP multicast routing, the IP multicast router acts as the IGMP querier.
Chapter 21 Configuring IGMP Snooping Configuring IGMP Snooping Command Purpose Step 3 Router(config-if)# end Exits configuration mode. Step 4 Router# show ip igmp interface vlan vlan_ID | include querier Verifies the configuration.
Chapter 21 Configuring IGMP Snooping Configuring IGMP Snooping Enabling IGMP Snooping To enable IGMP snooping globally, perform this task: Command Purpose Router(config)# ip igmp snooping Enables IGMP snooping. Router(config)# no ip igmp snooping Disables IGMP snooping. Step 2 Router(config)# end Exits configuration mode. Step 3 Router# show ip igmp interface vlan vlan_ID | include globally Verifies the configuration.
Chapter 21 Configuring IGMP Snooping Configuring IGMP Snooping Configuring IGMP Snooping Learning To configure IGMP snooping learning, perform this task: Command Purpose Step 1 Router(config)# interface vlan vlan_ID Selects a VLAN interface. Step 2 Router(config-if)# ip igmp snooping mrouter learn {cgmp | pim-dvmrp} Configures the learning method. Router(config-if)# no ip igmp snooping mrouter learn {cgmp | pim-dvmrp} Reverts to the default learning method.
Chapter 21 Configuring IGMP Snooping Configuring IGMP Snooping Configuring the IGMP Query Interval You can configure the interval for which the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group. Note When both IGMP fast-leave processing and the IGMP query interval are configured, fast-leave processing takes precedence.
Chapter 21 Configuring IGMP Snooping Configuring IGMP Snooping Configuring a Host Statically Hosts normally join multicast groups dynamically, but you can also configure a host statically for a Layer 2 LAN port. To configure a host statically for a Layer 2 LAN port, perform this task: Command Purpose Step 1 Router(config)# interface vlan vlan_ID Selects a VLAN interface.
Chapter 21 Configuring IGMP Snooping Configuring IGMP Snooping This example shows how to display the multicast router interfaces in VLAN 1: Router# show ip igmp snooping mrouter interface vlan 1 vlan ports -----+---------------------------------------1 Gi1/1,Gi2/1,Fa3/48,Router Router# Displaying MAC Address Multicast Entries To display MAC address multicast entries for a VLAN, perform this task: Command Purpose Router# show mac-address-table multicast vlan_ID [count] Displays MAC address multicast en
Chapter 21 Configuring IGMP Snooping Configuring IGMP Snooping Multicast TTL threshold is 0 Multicast designated router (DR) is 172.20.52.94 (this system) IGMP querying router is 172.20.52.94 (this system) No multicast groups joined IGMP snooping is globally enabled IGMP snooping is enabled on this interface IGMP snooping fast-leave is enabled on this interface IGMP snooping querier is disabled on this interface Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 22 Configuring RGMP This chapter describes how to configure Router-Port Group Management Protocol (RGMP). Release 12.1(3a)E3 and later releases support RGMP.
Chapter 22 Configuring RGMP Default RGMP Configuration Table 22-1 provides a summary of the RGMP packet types. Table 22-1 RGMP Packet Types Description Action Hello When RGMP is enabled on the router, no multicast data traffic is sent to the router by the Catalyst 6500 series switch unless an RGMP join is specifically sent for a group. Bye When RGMP is disabled on the router, all multicast data traffic is sent to the router by the Catalyst 6500 series switch.
Chapter 22 Configuring RGMP Enabling RGMP on Layer 3 Interfaces • The following properties of RGMP are the same as for IGMP snooping: – RGMP constrains traffic based on the multicast group, not on the sender’s IP address. – If spanning tree topology changes occur in the network, the state is not flushed as it is with Cisco Group Management Protocol (CGMP). – RGMP does not constrain traffic for multicast groups 224.0.0.x (x = 0...
Chapter 22 Configuring RGMP Enabling RGMP on Layer 3 Interfaces Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 23 Configuring Network Security This chapter contains network security information unique to the Catalyst 6500 series switches, which supplements the network security information and procedures in these publications: • Cisco IOS Security Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/index.htm • Cisco IOS Security Command Reference, Release 12.1, at this URL: http://www.cisco.
Chapter 23 Configuring Network Security Hardware and Software ACL Support With the ip unreachables command enabled (which is the default), a Supervisor Engine 2 drops most of the denied packets in hardware and sends only a small number of packets to the MSFC2 to be dropped (10 packets per second, maximum) , which generates ICMP-unreachable messages.
Chapter 23 Configuring Network Security Guidelines and Restrictions for Using Layer 4 Operators in ACLs • Flows that require logging are processed in software without impacting nonlogged flow processing in hardware. • The forwarding rate for software-processed flows is substantially less than for hardware-processed flows. • When you enter the show ip access-list command, the match count displayed does not include packets processed in hardware.
Chapter 23 Configuring Network Security Guidelines and Restrictions for Using Layer 4 Operators in ACLs Determining Logical Operation Unit Usage Logical operation units (LOUs) are registers that store operator-operand couples. All ACLs use LOUs. There can be up to 32 LOUs; each LOU can store two different operator-operand couples with the exception of the range operator.
Chapter 23 Configuring Network Security Configuring the Cisco IOS Firewall Feature Set Configuring the Cisco IOS Firewall Feature Set Note Release 12.1(11b)E and later releases include firewall feature set images.
Chapter 23 Configuring Network Security Configuring the Cisco IOS Firewall Feature Set Note • Security server support • Network address translation • Neighbor router authentication • Event logging • User authentication and authorization Catalyst 6500 series switches support the Intrusion Detection System Module (IDSM) (WS-X6381-IDS). Catalyst 6500 series switches do not support the Cisco IOS firewall IDS feature, which is configured with the ip audit command.
Chapter 23 Configuring Network Security Configuring the Cisco IOS Firewall Feature Set Configuring CBAC on Catalyst 6500 Series Switches You need to do additional CBAC configuration on the Catalyst 6500 series switches. On a network device other than a Catalyst 6500 series switch, when ports are configured to deny traffic, CBAC permits traffic to flow bidirectionally through the port if it is configured with the ip inspect command.
Chapter 23 Configuring Network Security Configuring MAC Address-Based Traffic Blocking Configuring MAC Address-Based Traffic Blocking With 12.1(13)E and later releases, to block all traffic to or from a MAC address in a specified VLAN, perform this task: Command Purpose Router(config)# mac-address-table static mac_address vlan vlan_ID drop Blocks all traffic to or from the configured MAC address in the specified VLAN.
Chapter 23 Configuring Network Security Configuring VLAN ACLs When you configure a VACL and apply it to a VLAN, all packets entering the VLAN are checked against this VACL. If you apply a VACL to the VLAN and an ACL to a routed interface in the VLAN, a packet coming in to the VLAN is first checked against the VACL and, if permitted, is then checked against the input ACL before it is handled by the routed interface.
Chapter 23 Configuring Network Security Configuring VLAN ACLs Routed Packets Figure 23-2 shows how ACLs are applied on routed and Layer 3-switched packets. For routed or Layer 3-switched packets, the ACLs are applied in the following order: 1. VACL for input VLAN 2. Input Cisco IOS ACL 3. Output Cisco IOS ACL 4.
Chapter 23 Configuring Network Security Configuring VLAN ACLs Multicast Packets Figure 23-3 shows how ACLs are applied on packets that need multicast expansion. For packets that need multicast expansion, the ACLs are applied in the following order: 1. Packets that need multicast expansion: a. VACL for input VLAN b. Input Cisco IOS ACL 2. Packets after multicast expansion: a. Output Cisco IOS ACL b. VACL for output VLAN (not supported with PFC2) 3.
Chapter 23 Configuring Network Security Configuring VLAN ACLs • VLAN Access Map Configuration and Verification Examples, page 23-15 • Configuring a Capture Port, page 23-16 VACL Configuration Overview VACLs use standard and extended Cisco IOS IP and IPX ACLs, and MAC-Layer named ACLs (see the “Configuring MAC-Layer Named Access Lists (Optional)” section on page 31-39) and VLAN access maps. VLAN access maps can be applied to VLANs or, with releases 12.
Chapter 23 Configuring Network Security Configuring VLAN ACLs When defining a VLAN access map, note the following syntax information: • To insert or modify an entry, specify the map sequence number. • If you do not specify the map sequence number, a number is automatically assigned. • You can specify only one match clause and one action clause per map sequence. • Use the no keyword with a sequence number to remove a map sequence. • Use the no keyword without a sequence number to remove the map.
Chapter 23 Configuring Network Security Configuring VLAN ACLs Configuring an Action Clause in a VLAN Access Map Sequence To configure an action clause in a VLAN access map sequence, perform this task: Command Purpose Router(config-access-map)# action {drop [log]} | {forward [capture]} | {redirect {{ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port} | {port-channel channel_id}} Configures the action clause in a VLAN access map sequence.
Chapter 23 Configuring Network Security Configuring VLAN ACLs Command Purpose Router(config)# no vlan filter map_name [vlan-list vlan_list | interface type1 number2] Removes the VLAN access map from the specified VLANs or WAN interfaces. 1. type = pos, atm, or serial 2.
Chapter 23 Configuring Network Security Configuring VLAN ACLs This example shows how to define and apply a VLAN access map to forward IP packets. In this example, IP traffic matching net_10 is forwarded and all other IP packets are dropped due to the default drop action. The map is applied to VLAN 12 to 16.
Chapter 23 Configuring Network Security Configuring VLAN ACLs When configuring a capture port, note the following syntax information: • With Release 12.1(13)E and later releases, you can configure any port as a capture port. With earlier releases, only the Gigabit Ethernet monitor port on the IDS module can be configured as a capture port. • When configuring a capture port with Release 12.
Chapter 23 Configuring Network Security Configuring TCP Intercept These restrictions apply to VACL logging: • Supported only with Supervisor Engine 2. • Because of the rate-limiting function for redirected packets, VACL logging counters may not be accurate. • Only denied IP packets are logged.
Chapter 23 Configuring Network Security Configuring Unicast Reverse Path Forwarding Configuring Unicast Reverse Path Forwarding These sections describe configuring Cisco IOS Unicast Reverse Path Forwarding (Unicast RPF): • Understanding Unicast RPF Support, page 23-19 • Configuring Unicast RPF, page 23-19 • Enabling Self-Pinging, page 23-19 • Configuring the Unicast RPF Checking Mode, page 23-20 Understanding Unicast RPF Support The PFC2 supports Unicast RPF with hardware processing for packets th
Chapter 23 Configuring Network Security Configuring Unicast Reverse Path Forwarding This example shows how to enable self-pinging: Router(config)# interface gigabitethernet 4/1 Router(config-if)# ip verify unicast source reachable-via any allow-self-ping Router(config-if)# end Configuring the Unicast RPF Checking Mode There are two Unicast RPF checking modes: Note • Strict checking mode, which verifies that the source IP address exists in the FIB table and verifies that the source IP address is reach
Chapter 23 Configuring Network Security Configuring Unicast Flood Protection This example shows how to enable Unicast RPF exist-only checking mode on Gigabit Ethernet port 4/1: Router(config)# interface gigabitethernet 4/1 Router(config-if)# ip verify unicast source reachable-via any Router(config-if)# end Router# This example shows how to enable Unicast RPF strict checking mode on Gigabit Ethernet port 4/2: Router(config)# interface gigabitethernet 4/2 Router(config-if)# ip verify unicast source reachab
Chapter 23 Configuring Network Security Configuring MAC Move Notification When configuring unicast flood protection, note the following syntax information: • Use the limit keyword to specify the unicast floods on a per source MAC address and per VLAN basis; valid values are from 1 to 4000 floods per second (fps). • Use the filter keyword to specify how long to filter unicast flood traffic; valid values are from 1 to 34560 minutes.
Chapter 23 Configuring Network Security Configuring MAC Move Notification This example shows how to enable the MAC move notification feature: Router(config)# mac-address-table notification mac-move Router# show mac-address-table notification mac-move MAC Move Notification: enabled Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
Chapter 23 Configuring Network Security Configuring MAC Move Notification Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 24 Configuring Denial of Service Protection This chapter contains information on how to protect your system against Denial of Service (DoS) attacks.
Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection Configuring DoS Protection The following sections describe the different DoS protection implementations and give configuration examples: • Supervisor Engine DoS Protection, page 24-2 • Security ACLs, page 24-2 • QoS ACLs, page 24-4 • Forwarding Information Base Rate-Limiting, page 24-5 • ARP Throttling, page 24-5 • Monitoring Packet Drop Statistics, page 24-6 Supervisor Engine DoS Protection The supervisor engine h
Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection When using security ACLs to drop DoS packets, note the following information: • The security ACL must specify the traffic flow to be dropped. • When adding a security ACL to block DoS packets to an interface that already has a security ACL configured, you must merge the DoS security ACL with the existing security ACL. • Security ACLs need to be configured on all external interfaces that require protection.
Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection QoS ACLs Unlike Security ACLs, QoS ACLs can be used to limit the rate of traffic without denying access to all the traffic in a flow. When using QoS ACLs to limit the rate of packets, note the following information: • The QoS ACL must specify the traffic flow to be rate-limited.
Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection Forwarding Information Base Rate-Limiting The forwarding information base (FIB) rate-limiting allows all packets that require software processing to be rate limited. The following FIB rate-limiting usage guidelines apply: • FIB rate-limiting does not limit the rate of multicast traffic. • FIB rate-limiting does not differentiate between legitimate and illegitimate traffic (for example, tunnels, Telnet).
Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection Monitoring Packet Drop Statistics Because the rate-limiting mechanism allows a certain number of packets to be forwarded for software processing, you can view the packet drop statistics by entering NetFlow show commands from the CLI. You can also capture the incoming or outgoing traffic on an interface and send a copy of this traffic to an external interface for monitoring by, for example, a traffic analyzer.
Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection 9.9.9.177 9.9.9.
Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 25 Configuring IEEE 802.1X Port-Based Authentication This chapter describes how to configure IEEE 802.1X port-based authentication to prevent unauthorized devices (clients) from gaining access to the network. Release 12.1(13)E and later releases support 802.1X port-based authentication. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Understanding 802.1X Port-Based Authentication Device Roles With 802.1X port-based authentication, the devices in the network have specific roles as shown in Figure 25-1. Figure 25-1 802.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Understanding 802.1X Port-Based Authentication Authentication Initiation and Message Exchange The switch or the client can initiate authentication. If you enable authentication on a port by using the dot1x port-control auto interface configuration command, the switch must initiate authentication when it determines that the port link state transitions from down to up.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Understanding 802.1X Port-Based Authentication Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Default 802.1X Port-Based Authentication Configuration In a point-to-point configuration (see Figure 25-1 on page 25-2), only one client can be connected to the 802.1X-enabled switch port. The switch detects the client when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state. Figure 25-3 shows 802.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication 802.1X Port-Based Authentication Guidelines and Restrictions Table 25-1 Default 802.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication These sections describe how to configure 802.1X port-based authentication: • Enabling 802.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Command Purpose Step 6 Router(config)# end Returns to privileged EXEC mode. Step 7 Router# show dot1x all Verifies your entries. Check the Status column in the 802.1X Port Summary section of the display. An enabled status means the port-control value is set either to auto or to force-unauthorized. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet When you enable 802.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication • Host name and specific UDP port numbers • IP address and specific UDP port numbers The combination of the IP address and UDP port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on a server at the same IP address.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Note You also need to configure some settings on the RADIUS server. These settings include the IP address of the switch and the key string to be shared by both the server and the switch. For more information, refer to the RADIUS server documentation.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Manually Reauthenticating the Client Connected to a Port Note Reauthentication does not disturb the status of an already authorized port. To manually reauthenticate the client connected to a port, perform this task: Command Purpose Step 1 Router# dot1x re-authenticate interface type1 slot/port Manually reauthenticates the client connected to a port.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication To change the quiet period, perform this task: Command Purpose Step 1 Router(config)# interface type1 slot/port Selects an interface to configure. Step 2 Router(config-if)# dot1x timeout quiet-period seconds Sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client. The range is 0 to 65535 seconds; the default is 60.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Setting the Switch-to-Client Retransmission Time for EAP-Request Frames The client notifies the switch that it received the EAP-request frame. If the switch does not receive this notification, the switch waits a set period of time, and then retransmits the frame. You may set the amount of time that the switch waits for notification from 1 to 65535 seconds. (The default is 30 seconds.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Configuring 802.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Displaying 802.1X Status To allow multiple hosts (clients) on an 802.1X-authorized port that has the dot1x port-control interface configuration command set to auto, perform this task: Command Purpose Step 1 Router(config)# interface type1 slot/port Selects an interface to configure. Step 2 Router(config-if)# dot1x multi-hosts Allows multiple hosts (clients) on an 802.1X-authorized port.
Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Displaying 802.1X Status Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 26 Configuring Port Security This chapter describes how to configure the port security feature. Release 12.1(13)E and later releases support the port security feature. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 26 Configuring Port Security Default Port Security Configuration Note If the port shuts down, all dynamically learned addresses are removed. After the maximum number of secure MAC addresses is configured, they are stored in an address table. To ensure that an attached device has the full bandwidth of the port, set the maximum number of addresses to one and configure the MAC address of the attached device.
Chapter 26 Configuring Port Security Configuring Port Security Configuring Port Security on an Interface To restrict traffic through a port by limiting and identifying MAC addresses of the stations allowed to access the port, perform this task: Command Purpose Step 1 Router(config)# interface interface_id Enters interface configuration mode and enters the physical interface to configure, for example, gigabitethernet 3/1.
Chapter 26 Configuring Port Security Configuring Port Security To return the interface to the default condition (not a secure port), enter the no switchport port-security interface configuration command. To return the interface to the default number of secure MAC addresses, enter the no switchport port-security maximum value command. To delete a MAC address from the address table, enter the no switchport port-security mac-address mac_address command.
Chapter 26 Configuring Port Security Displaying Port Security Settings To configure port security aging, perform this task: Command Purpose Step 1 Router(config)# interface interface_id Enters interface configuration mode for the port on which you want to enable port security aging. Step 2 Router(config-if)# switchport port-security aging time aging_time Sets the aging time for the secure port. Router(config-if)# no switchport port-security aging time Disables aging.
Chapter 26 Configuring Port Security Displaying Port Security Settings To display traffic control information, enter one or more of these commands: Command Purpose Router# show port-security [interface interface_id] Displays port security settings for the switch or for the specified interface, including the maximum allowed number of secure MAC addresses for each interface, the number of secure MAC addresses on the interface, the number of security violations that have occurred, and the violation mode.
C H A P T E R 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1 Note Layer 3 protocol filtering is supported with Supervisor Engine 1. Layer 3 protocol filtering is not supported with Supervisor Engine 2. This chapter describes how to configure Layer 3 protocol filtering on Layer 2 LAN ports on the Catalyst 6500 series switches.
Chapter 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1 Configuring Layer 3 Protocol Filtering You can configure a Layer 2 LAN port with any one of these modes for each protocol group: on, off, or auto. If the configuration is set to on, the port allows all traffic for that protocol. If the configuration is set to off, the port does not allow any traffic for that protocol.
Chapter 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1 Configuring Layer 3 Protocol Filtering This example shows how to enable Layer 3 protocol filtering globally: Router# configure terminal Router(config)# protocol-filtering Configuring Layer 3 Protocol Filtering on a Layer 2 LAN Interface To configure Layer 3 protocol filtering on a Layer 2 LAN port, perform this task: Command Purpose Step 1 Router(config)# interface {{type1 slot/port} | {port-channel number}} Selects the interfac
Chapter 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1 Configuring Layer 3 Protocol Filtering Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 28 Configuring Traffic Storm Control This chapter describes how to configure the traffic storm control feature on the Catalyst 6500 series switches. Release 12.1(12c)E1 and later releases support traffic storm control. For earlier releases, refer to Chapter 29, “Configuring Broadcast Suppression.” Note • For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 28 Configuring Traffic Storm Control Default Traffic Storm Control Configuration Traffic storm control monitors the level of each traffic type for which you enable traffic storm control in 1-second traffic storm control intervals. Within an interval, when the ingress traffic for which traffic storm control is enabled reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the traffic storm control interval ends.
Chapter 28 Configuring Traffic Storm Control Enabling Traffic Storm Control Step 4 Command Purpose Router(config-if)# storm-control unicast level level[.level] Enables unicast traffic storm control on the interface, configures the traffic storm control level, and applies the traffic storm control level to all traffic storm control modes enabled on the interface. Note The storm-control unicast command is supported only on Gigabit Ethernet interfaces.
Chapter 28 Configuring Traffic Storm Control Displaying Traffic Storm Control Settings Displaying Traffic Storm Control Settings To display traffic storm control information, use the commands described in Table 28-1. Table 28-1 Commands for Displaying Traffic Storm Control Status and Configuration Command Purpose 1 Router# show interfaces [{type slot/port} | {port-channel number}] switchport Displays the administrative and operational status of all Layer 2 LAN ports or the specified Layer 2 LAN port.
C H A P T E R 29 Configuring Broadcast Suppression This chapter describes how to configure broadcast suppression on the Catalyst 6500 series switches. Releases earlier than Release 12.1(12c)E1 support broadcast suppression. Use traffic storm control with Release 12.1(12c)E1 and later releases (see Chapter 28, “Configuring Traffic Storm Control”).
Chapter 29 Configuring Broadcast Suppression Broadcast Suppression Configuration Guidelines and Restrictions Figure 29-1 Broadcast Suppression Total number of broadcast packets or bytes 0 T1 T2 T3 T4 T5 Time S5706 Threshold The broadcast suppression threshold numbers and the time interval combination make the broadcast suppression algorithm work with different levels of granularity. A higher threshold allows more broadcast packets to pass through.
Chapter 29 Configuring Broadcast Suppression Enabling Broadcast Suppression Enabling Broadcast Suppression To enable broadcast suppression, perform this task: Command Purpose 1 Step 1 Router(config)# interface {{type {port-channel number}} Step 2 Router(config-if)# broadcast suppression threshold Enables broadcast suppression. Router(config-if)# no broadcast suppression Disables broadcast suppression. Step 3 Router(config-if)# end Exits configuration mode.
Chapter 29 Configuring Broadcast Suppression Enabling Broadcast Suppression Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 30 Configuring CDP This chapter contains information about how to configure Cisco Discovery Protocol (CDP) on the Catalyst 6500 series switches, which supplements the information in these publications: • The Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.1, “Cisco IOS System Management,” “Configuring Cisco Discovery Protocol (CDP)” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt3/fcd301c.
Chapter 30 Configuring CDP Configuring CDP Note • Displaying the CDP Interface Configuration, page 30-3 • Monitoring and Maintaining CDP, page 30-3 With Release 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command. Enabling CDP Globally To enable CDP globally, perform this task: Command Purpose Router(config)# cdp run Enables CDP globally.
Chapter 30 Configuring CDP Configuring CDP Step 2 Command Purpose Router(config-if)# cdp enable Enables CDP on the port. Router(config-if)# no cdp enable Disables CDP on the port. 1.
Chapter 30 Configuring CDP Configuring CDP Command Purpose Router# show cdp traffic Displays CDP counters, including the number of packets sent and received and checksum errors. Router# show debugging Displays information about the types of debugging that are enabled. Refer to the Debug Command Reference publication for more information about CDP debug commands. 1.
C H A P T E R 31 Configuring PFC QoS This chapter describes how to configure quality of service (QoS) as implemented on the policy feature card (PFC) on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this publication, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works QoS selects network traffic (both unicast and multicast), prioritizes it according to its relative importance, and uses congestion avoidance to provide priority-indexed treatment; QoS can also limit the bandwidth used by network traffic. QoS makes network performance more predictable and bandwidth utilization more effective.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works • The PFC does not provide QoS for FlexWAN module ports. Refer to the following publications for information about FlexWAN module QoS features: – Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/index.htm – Cisco IOS Quality of Service Solutions Command Reference, Release 12.1: http://www.cisco.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Note On LAN ports configured as Layer 2 ISL trunks, all traffic is in ISL frames. On LAN ports configured as Layer 2 802.1Q trunks, all traffic is in 802.1Q frames except for traffic in the native VLAN. – Layer 3 IP precedence values—The IP version 4 specification defines the three most significant bits of the 1-byte Type of Service (ToS) field as IP precedence.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Table 31-1 IP Precedence and DSCP Values 3-bit IP Precedence 6 MSb1 of ToS 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 0 0 1 1 0 0 1 1 0 1 0 1 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 0 0 1 1 0 0 1 1 2 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 3 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 1 1 1 1 8 7 6 3-bit IP Precedence 6 MSb1
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works PFC QoS Feature Flowcharts Figure 31-1 show how traffic flows through the components that support PFC QoS features.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Figure 31-3 Ingress LAN Port Layer 2 PFC QoS Features Frame enters switch Port set to untrusted? Ethernet ingress port classification, marking, scheduling, and congestion avoidance Yes Apply port CoS No Apply port CoS No ISL or 802.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Figure 31-4 PFC Classification, Marking, and Policing PFC QoS Features Trust CoS Policer Marker DSCP Trusted Ingress LAN Port Received Layer 3 ToS byte Received Layer 2 CoS Layer 2 CoS drop thresholds DSCP Map Map CoS CoS* Trust DSCP DSCP Policer Marker DSCP Untrusted Ingress LAN Port Map Received Layer 3 ToS byte Received Layer 2 CoS Egress Interface Write Layer 3 ToS byte CoS* Always apply Layer 2 CoS Ingress OSM Port Rece
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Figure 31-5 Marking with PFC2 and Multilayer Switch Feature Card 2 From PFC2 Multilayer Switch Feature Card 2 (MSFC2) marking IP traffic Yes from PFC2? Write ToS byte into packet No 55845 Route traffic CoS = IP precedence for all traffic (not configurable) To egress port Figure 31-6 Marking with PFC1 and Multilayer Switch Feature Card 1 or 2 From PFC Multilayer Switch Feature Card (MSFC) marking IP traffic Yes from PFC? Write ToS by
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Figure 31-7 Egress WAN Port Marking From PFC2 or MSFC2 OSM switching module marking IP traffic Yes from PFC? Write ToS byte into packet 68834 No OSM QoS Features Transmit OSM traffic Figure 31-8 Egress LAN Port Scheduling, Congestion Avoidance, and Marking From switching engine or MSFC Ethernet egress port scheduling, congestion avoidance, and marking PFC3 only Drop thresholds IP traffic Yes from PFC? Yes Write ToS byte into pack
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works PFC QoS Feature Summary These sections summarize the PFC QoS features: • Ingress LAN Port Features, page 31-11 • Ingress OSM Port Features, page 31-11 • PFC QoS Features, page 31-11 • Egress LAN Port Features, page 31-12 • Egress OSM Port Features, page 31-12 • MSFC Features, page 31-12 Ingress LAN Port Features PFC QoS supports classification, marking, scheduling, and congestion avoidance using Layer 2 CoS values at ingress LAN po
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Egress LAN Port Features PFC QoS supports egress LAN port scheduling and congestion avoidance using Layer 2 CoS values. Egress LAN port marking sets Layer 2 CoS values and Layer 3 DSCP values. See the “LAN Egress Port Features” section on page 31-21. Egress OSM Port Features Ingress PFC QoS sets Layer 3 DSCP values that can be used by the OSM egress QoS features.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Marking at Untrusted Ingress LAN Ports PFC QoS marks all frames received through untrusted ingress LAN ports with the ingress port CoS value (the default is zero). PFC QoS does not implement ingress port congestion avoidance on untrusted ingress LAN ports. Note • To use the ingress port CoS value applied to untrusted traffic as the basis of egress DSCP, configure a trust-CoS policy map that matches the ingress traffic.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works • 1p1q0t indicates one strict-priority queue and one standard queue with no configurable threshold (effectively a tail-drop threshold at 100 percent). • 1p1q8t indicates one strict-priority queue and one standard queue with eight thresholds, each configurable as either WRED-drop or tail-drop, and one non-configurable (100 percent) tail-drop threshold. Strict-priority queues are queues that are serviced in preference to other queues.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works – Using standard receive-queue tail-drop threshold 3, the switch drops incoming frames with CoS 4 when the receive-queue buffer is 80 percent or more full. – Using standard receive-queue tail-drop threshold 4, the switch drops incoming frames with CoS 6 or 7 when the receive-queue buffer is 100 percent full.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Note The explanations in this section use default values. You can configure many of the parameters (see the “Configuring PFC QoS” section on page 31-33). All LAN ports of the same type use the same drop-threshold configuration. Figure 31-9 illustrates the drop thresholds for a 1q4t ingress LAN port. Drop thresholds in other configurations function similarly.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Note • Policers, page 31-19 • Attaching Policy Maps, page 31-21 • Egress CoS and ToS Values, page 31-21 Filtering for PFC QoS can use Layer 2, 3, and 4 values. Marking uses Layer 2 CoS values and Layer 3 IP precedence or DSCP values.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works For all egress traffic, PFC QoS uses a configurable mapping table to derive a CoS value from the internal DSCP value associated with traffic (see the “Mapping Internal DSCP Values to Egress CoS Values” section on page 31-67). PFC QoS sends the CoS value to the egress LAN ports for use in scheduling and to be written into ISL and 802.1Q frames.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works • Untrusted—Sets the internal DSCP value to a configured DSCP value. Note With the default values, PFC QoS applies DSCP zero to traffic from ingress LAN ports configured as untrusted.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Note • Aggregate policing works independently on each DFC-equipped switching module and independently on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from different DFC-equipped switching modules. You can display aggregate policing statistics for each DFC-equipped switching module and for the PFC2 and any non-DFC-equipped switching modules supported by the PFC2.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works Attaching Policy Maps You can configure each ingress LAN port for either physical port-based PFC QoS (default) or VLAN-based PFC QoS (see the “Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports” section on page 31-52) and attach a policy map to the selected port (see the “Attaching a Policy Map to an Interface” section on page 31-49).
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works • 1p3q1t indicates one strict-priority queue and three standard queues, each with one threshold configurable as either WRED-drop or tail-drop, and one nonconfigurable tail-drop threshold. • 1p2q1t indicates one strict-priority queue and two standard queues, each with one configurable WRED-drop threshold and one nonconfigurable tail-drop threshold. All port types have a low-priority and a high-priority standard transmit queue.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works 2q2t Ports For 2q2t ports, each transmit queue has two tail-drop thresholds that function as follows: • Frames with CoS 0, 1, 2, or 3 go to the low-priority transmit queue (queue 1): – Using transmit queue 1, tail-drop threshold 1, the switch drops frames with CoS 0 or 1 when the low-priority transmit-queue buffer is 80 percent full.
Chapter 31 Configuring PFC QoS Understanding How PFC QoS Works 1p2q1t Ports 1p2q1t ports have a strict-priority queue and two standard transmit queues. The standard transmit queues each have one WRED-drop threshold and one nonconfigurable tail-drop threshold. • Frames with CoS 5 go to the strict-priority transmit queue (queue 3), where the switch drops frames only when the buffer is 100 percent full.
Chapter 31 Configuring PFC QoS PFC QoS Default Configuration PFC QoS Default Configuration Table 31-2 shows the PFC QoS default configuration. Table 31-2 PFC QoS Default Configuration Feature Default Value PFC QoS global enable state Disabled Note With PFC QoS enabled and all other PFC QoS parameters at default values, PFC QoS sets Layer 3 DSCP to zero and Layer 2 CoS to zero in all traffic transmitted from the switch.
Chapter 31 Configuring PFC QoS PFC QoS Default Configuration Table 31-2 PFC QoS Default Configuration (continued) Feature Default Value With PFC QoS enabled Ingress LAN port trust state 2q2t transmit-queue size percentages 1p2q2t transmit-queue size percentages 1p2q1t transmit-queue size percentages Untrusted • Low priority: 80% • High priority: 20% • Low priority: 70% • High priority: 15% • Strict priority 15% • Low priority: 70% • High priority: 15% • Strict priority 15% 1p2q1t st
Chapter 31 Configuring PFC QoS PFC QoS Default Configuration Table 31-2 PFC QoS Default Configuration (continued) Feature Default Value 1p1q4t port receive-queue CoS value and drop-threshold mapping and threshold percentages Standard receive queue: • Threshold 1: – CoS 0 and 1 – Tail-drop: 50% • Threshold 2: – CoS 2 and 3 – Tail-drop: 60% • Threshold 3: – CoS 4 – Tail-drop: 80% • Threshold 4: – CoS 6 and 7 – Tail-drop: 100% Strict-priority receive queue: 1p1q0t port receive-queue CoS value an
Chapter 31 Configuring PFC QoS PFC QoS Default Configuration Table 31-2 PFC QoS Default Configuration (continued) Feature Default Value 1p1q8t receive-queue port CoS value and drop-threshold mapping Standard receive queue: • Threshold 1: – CoS 0 – Tail-drop: 70% – WRED-drop: 40% low, 70% high • Threshold 2: – CoS 1 – Tail-drop: 70% – WRED-drop: 40% low, 70% high • Threshold 3: – CoS 2 – Tail-drop: 80% – WRED-drop: 50% low, 80% high • Threshold 4: – CoS 3 – Tail-drop: 80% – WRED-drop: 50% low,
Chapter 31 Configuring PFC QoS PFC QoS Default Configuration Table 31-2 PFC QoS Default Configuration (continued) Feature Default Value 1p2q2t port transmit-queue CoS value and Standard transmit queue 1 (low priority): drop-threshold mapping and threshold • Threshold 1: percentages – CoS 0 and 1 – WRED-drop: 40% low, 70% high • Threshold 2: – CoS 2 and 3 – WRED-drop: 70% low, 100% high Standard transmit queue 2 (high priority): • Threshold 1: – CoS 4 – WRED-drop: 40% low, 70% high • Threshold 2: –
Chapter 31 Configuring PFC QoS PFC QoS Default Configuration Table 31-2 PFC QoS Default Configuration (continued) Feature Default Value 1p3q1t transmit-queue CoS value and drop-threshold mapping Standard transmit queue 1 (low priority): • Threshold 1: – CoS 0 and 1 – Tail drop (disabled): 100% – WRED-drop (enabled): 70% low, 100% high Standard transmit queue 2 (medium priority) tail-drop threshold: • Threshold 1: – CoS 2, 3, and 4 – Tail drop (disabled): 100% – WRED-drop (enabled): 70% low, 100% h
Chapter 31 Configuring PFC QoS PFC QoS Configuration Guidelines and Restrictions Table 31-2 PFC QoS Default Configuration (continued) Feature Default Value Transmit-queue size ratio Low priority: 100% (other queues not used) CoS value and drop threshold mapping All CoS values mapped to the low-priority queue. PFC QoS Configuration Guidelines and Restrictions Follow these guidelines and restrictions when configuring PFC QoS: Guidelines: • With an MSFC2, Release 12.
Chapter 31 Configuring PFC QoS PFC QoS Configuration Guidelines and Restrictions Within each range, PFC QoS programs the PFC hardware with rate values that are multiples of the granularity values.
Chapter 31 Configuring PFC QoS Configuring PFC QoS – output service-policy keyword – class class_name destination-address, class class_name input-interface, class class_name protocol, class class_name qos-group, or class class_name source-address policy map commands – bandwidth, priority, queue-limit, or random-detect policy map class commands Configuring PFC QoS These sections describe how to configure PFC QoS on the Catalyst 6500 series switches: Note • Enabling PFC QoS Globally, page 31-33 • Ena
Chapter 31 Configuring PFC QoS Configuring PFC QoS Command Purpose Step 2 Router(config)# end Exits configuration mode. Step 3 Router# show mls qos Verifies the configuration.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Creating Named Aggregate Policers To create a named aggregate policer (see the “Policers” section on page 31-19), perform this task: Command Purpose Router(config)# mls qos aggregate-policer policer_name bits_per_second normal_burst_bytes [maximum_burst_bytes] [pir1 peak_rate_bps] [[[conform-action {drop | set-dscp-transmit2 dscp_value | set-prec-transmit2 ip_precedence_value | transmit}] exceed-action {drop | policed-dscp | transmit}] violate-action1 {
Chapter 31 Configuring PFC QoS Configuring PFC QoS The maximum_burst_bytes parameter is supported with PFC2. The maximum_burst_bytes parameter is not supported with PFC, but can be entered with a value equal to the normal_burst_bytes parameter.
Chapter 31 Configuring PFC QoS Configuring PFC QoS – Enter the policed-dscp-transmit keyword to cause all matched out-of-profile traffic to be marked down as specified in the markdown map (see the “Configuring DSCP Markdown Values” section on page 31-68). – For marking without policing, enter the transmit keyword to transmit all matched out-of-profile traffic.
Chapter 31 Configuring PFC QoS Configuring PFC QoS These commands configure traffic classes and the policies to be applied to those traffic classes and attach the policies to ports: • access-list (Optional for IP traffic. You can filter IP traffic with class-map commands.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Configuring MAC-Layer Named Access Lists (Optional) In Release 12.1(1)E and later releases, you can configure named access lists that filter DECnet, AppleTalk, VINES, or XNS traffic based on Layer 2 addresses. To configure a MAC-Layer named access list, perform this task: Step 1 Step 2 Command Purpose Router(config)# mac access-list extended list_name Configures a MAC-Layer named access list.
Chapter 31 Configuring PFC QoS Configuring PFC QoS • 0x6005—diagnostic—DEC DECnet Diagnostics • 0x6007—lavc-sca—DEC Local-Area VAX Cluster (LAVC), SCA • 0x6008—amber—DEC AMBER • 0x6009—mumps—DEC MUMPS • 0x8038—dec-spanning—DEC LANBridge Management • 0x8039—dsm—DEC DSM/DDP • 0x8040—netbios—DEC PATHWORKS DECnet NETBIOS Emulation • 0x8041—msdos—DEC Local Area System Transport • 0x8042—etype-8042—DEC unassigned • 0x809B—appletalk—Kinetics EtherTalk (AppleTalk over Ethernet) • 0x80F3—aarp
Chapter 31 Configuring PFC QoS Configuring PFC QoS To configure filtering in a class map, perform one of these tasks: Command Purpose Router(config-cmap)# match access-group name acl_index_or_name (Optional) Configures the class map to filter using an ACL. Router(config-cmap)# no match access-group name acl_index_or_name Clears the ACL configuration from the class map.
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to create a class map named ipp5 and how to configure filtering to match traffic with IP precedence 5: Router# configure terminal Enter configuration commands, one per line. Router(config)# class-map ipp5 Router(config-cmap)# match ip precedence 5 Router(config-cmap)# end Router# End with CNTL/Z.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Creating a Policy Map Class and Configuring Filtering Note • With an MSFC2, Release 12.1(13)E and later releases support the class class_name protocol policy map command, which configures NBAR and sends all traffic on the Layer 3 interface, both ingress and egress, to be processed in software on the MSFC2. To configure NBAR, refer to this publication: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Configuring Policy Map Class Actions When configuring policy map class actions, note the following: • For hardware-switched traffic, PFC QoS does not support the bandwidth, priority, queue-limit, or random-detect policy map class commands. You can configure these commands because they can be used for software-switched traffic. • With Release 12.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Configuring the Policy Map Class Trust State To configure the policy map class trust state, perform this task: Command Purpose Router(config-pmap-c)# trust {cos | dscp | ip-precedence} Configures the policy map class trust state, which selects the value that PFC QoS uses as the source of the internal DSCP value (see the “Internal DSCP Values” section on page 31-17).
Chapter 31 Configuring PFC QoS Configuring PFC QoS Configuring a Per-Interface Policer To configure a per-interface policer (see the “Policers” section on page 31-19), perform this task: Command Purpose Router(config-pmap-c)# police [flow] bits_per_second normal_burst_bytes [maximum_burst_bytes] [pir1 peak_rate_bps] [[[conform-action {drop | set-dscp-transmit2 dscp_value | set-prec-transmit2 ip_precedence_value | transmit}] exceed-action {drop | policed-dscp | transmit}] violate-action1 {drop | police
Chapter 31 Configuring PFC QoS Configuring PFC QoS – Because the token bucket must be large enough to hold at least one frame, set the parameter larger than the maximum Layer 3 packet size of the traffic being policed. – For TCP traffic, configure the token bucket size as a multiple of the TCP window size, with a minimum value at least twice as large as the maximum Layer 3 packet size of the traffic being policed. The maximum_burst_bytes parameter is supported with the PFC2.
Chapter 31 Configuring PFC QoS Configuring PFC QoS • (Optional—Not supported with the flow keyword) For traffic that exceeds the PIR, you can specify a violate action as follows: – For marking without policing, you can enter the transmit keyword to transmit all matched out-of-profile traffic. – The default violate action is equal to the exceed action.
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to verify the configuration: Router# show policy-map max-pol-ipp5 Policy Map max-pol-ipp5 class ipp5 class ipp5 police flow 10000000 10000 conform-action set-prec-transmit 6 exceed-action policed-dscp-transmit trust precedence police 2000000000 2000000 2000000 conform-action set-prec-transmit 6 exceed-action policed-dscp-transmit Router# Attaching a Policy Map to an Interface Note PFC QoS does not support the output service-policy
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to verify the configuration: Router# show policy-map interface fastethernet 5/36 FastEthernet5/36 service-policy input: pmap1 class-map: cmap1 (match-all) 0 packets, 0 bytes 5 minute rate 0 bps match: ip precedence 5 class cmap1 police 8000 8000 conform-action transmit exceed-action drop class-map: cmap2 (match-any) 0 packets, 0 bytes 5 minute rate 0 bps match: ip precedence 2 0 packets, 0 bytes 5 minute rate 0 bps class cmap2 poli
Chapter 31 Configuring PFC QoS Configuring PFC QoS By default, microflow policers affect only routed traffic. To enable microflow policing of bridged traffic on specified VLANs, perform this task: Command Purpose Step 1 Router(config)# interface {{vlan vlan_ID} | {type1 slot/port}} Selects the interface to configure. Step 2 Router(config-if)# mls qos bridged Enables microflow policing of bridged traffic, including bridge groups, on the VLAN.
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to disable PFC QoS on the VLAN 5 interface: Router# configure terminal Enter configuration commands, one per line. Router(config)# interface vlan 5 Router(config-if)# no mls qos Router(config-if)# end Router# End with CNTL/Z. This example shows how to verify the configuration: Router# show mls qos | begin QoS is disabled QoS is disabled on the following interfaces: Vl5 <...Output Truncated...
Chapter 31 Configuring PFC QoS Configuring PFC QoS Note Configuring a Layer 2 LAN port for VLAN-based PFC QoS preserves the policy map port configuration. The no mls qos vlan-based port command reenables any previously configured port commands. Configuring the Trust State of Ethernet LAN and OSM Ingress Ports By default, all ingress ports are untrusted.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Configuring the Ingress LAN Port CoS Value Note Whether or not PFC QoS uses the CoS value applied with the mls qos cos command depends on the trust state of the port and the trust state of the traffic received through the port. The mls qos cos command does not configure the trust state of the port or the trust state of the traffic received through the port.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Note • Enter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command to see the queue structure of a port (see the “Receive Queues” section on page 31-13 and the “Transmit Queues” section on page 31-21). • 1p1q0t ports have no configurable thresholds.
Chapter 31 Configuring PFC QoS Configuring PFC QoS To configure the drop thresholds, perform this task: Command Purpose Step 1 Router(config)# interface {fastethernet | gigabitethernet} slot/port Selects the interface to configure. Step 2 Router(config-if)# rcv-queue threshold queue_id thr1% thr2% thr3% thr4% {thr5% thr6% thr7% thr8%} Configures the receive-queue tail-drop threshold percentages.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Step 3 Step 4 Step 5 Command Purpose Router(config-if)# wrr-queue random-detect max-threshold queue_id thr1% [thr2%] Configures the high WRED-drop thresholds. Router(config-if)# no wrr-queue random-detect max-threshold [queue_id] Reverts to the default high WRED-drop thresholds. Router(config-if)# end Exits configuration mode. Router# show queueing interface type 1. 1 slot/port Verifies the configuration.
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 | begin Transmit queues Transmit queues [type = 1p2q2t]: Queue Id Scheduling Num of thresholds ----------------------------------------1 WRR low 2 2 WRR high 2 3 Priority 1 queue random-detect-max-thresholds ---------------------------------1 40[1] 70[2] 2 40[1] 70[2] <...Output Truncated...
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to configure receive queue 1/threshold 1 and transmit queue 1/threshold 1 for Gigabit Ethernet port 2/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Chapter 31 Configuring PFC QoS Configuring PFC QoS • Threshold 0 is a nonconfigurable 100-percent tail-drop threshold on these port types: – 1p1q0t (receive) – 1p1q8t (receive) – 1p3q1t (transmit) – 1p2q1t (transmit) • The standard queue thresholds can be configured as either tail-drop or WRED-drop thresholds on these port types: – 1p1q8t (receive) – 1p3q1t (transmit) See the “Configuring Standard-Queue Drop Threshold Percentages” section on page 31-54 for more information about configuring threshold
Chapter 31 Configuring PFC QoS Configuring PFC QoS Mapping CoS Values to Standard Transmit-Queue Thresholds To map CoS values to standard transmit-queue thresholds, perform this task: Command Purpose Step 1 Router(config)# interface {fastethernet | gigabitethernet} slot/port Selects the interface to configure. Step 2 Router(config-if)# wrr-queue cos-map transmit_queue_# threshold_# cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]] Maps CoS values to a standard transmit-queue threshold.
Chapter 31 Configuring PFC QoS Configuring PFC QoS When mapping CoS values to the strict-priority queues, note the following: • The queue number is always 1. • You can enter up to 8 CoS values to map to the queue. This example shows how to map CoS value 7 to the strict-priority queues on Gigabit Ethernet port 1/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Chapter 31 Configuring PFC QoS Configuring PFC QoS To map CoS values to tail-drop thresholds, perform this task: Command Purpose Step 1 Router(config)# interface type1 slot/port Selects the interface to configure. Step 2 Router(config-if)# wrr-queue cos-map transmit_queue_# threshold_# cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]] Maps CoS values to a tail-drop threshold. Step 3 Router(config-if)# no wrr-queue cos-map Reverts to the default mapping.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Allocating Bandwidth Between LAN-Port Transmit Queues The switch transmits frames from one standard queue at a time using a WRR algorithm. WRR uses the ratio between queue weight values to decide how much to transmit from one queue before switching to the other. The more the ratio favors a queue, the more transmit bandwidth is allocated to it.
Chapter 31 Configuring PFC QoS Configuring PFC QoS When setting the receive-queue size ratio, note the following: • The rcv-queue queue-limit command configures ports on a per-ASIC basis. • Estimate the mix of strict priority-to-standard traffic on your network (for example, 80 percent standard traffic and 20 percent strict-priority traffic). • Use the estimated percentages as queue weights.
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to set the transmit-queue size ratio for Gigabit Ethernet port 1/2: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Mapping Received IP Precedence Values to Internal DSCP Values To configure the mapping of received IP precedence values to the DSCP value that PFC QoS uses internally on the PFC (see the “Internal DSCP Values” section on page 31-17), perform this task: Command Purpose Router(config)# mls qos map ip-prec-dscp dscp1 dscp2 dscp3 dscp4 dscp5 dscp6 dscp7 dscp8 Configures the received IP precedence to internal DSCP map.
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to configure internal DSCP values 0, 8, 16, 24, 32, 40, 48, and 54 to be mapped to egress CoS value 0: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Note Note When you create a policer that does not use the pir keyword, and the maximum_burst_bytes parameter is equal to the normal_burst_bytes parameter (which occurs if you do not enter the maximum_burst_bytes parameter), the exceed-action policed-dscp-transmit keywords cause PFC QoS to mark traffic down as defined by the policed-dscp max-burst markdown map.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Configuring PFC QoS Statistics Data Export Note Release 12.1(11b)E and later releases support PFC QoS statistics data export.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Enabling PFC QoS Statistics Data Export for a Port To enable PFC QoS statistics data export for a port, perform this task: Command Purpose 1 Step 1 Router(config)# interface type Step 2 Router(config-if)# mls qos statistics-export Enables PFC QoS statistics data export for the port. Router(config-if)# no mls qos statistics-export Disables PFC QoS statistics data export for the port. Step 3 Router(config)# end Exits configuration mode.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Enabling PFC QoS Statistics Data Export for a Named Aggregate Policer To enable PFC QoS statistics data export for a named aggregate policer, perform this task: Command Purpose Router(config)# mls qos statistics-export aggregate-policer aggregate_policer_name Enables PFC QoS statistics data export for a named aggregate policer.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Enabling PFC QoS Statistics Data Export for a Class Map To enable PFC QoS statistics data export for a class map, perform this task: Command Purpose Router(config)# mls qos statistics-export class-map classmap_name Enables PFC QoS statistics data export for a class map. Router(config)# no mls qos statistics-export class-map classmap_name Disables PFC QoS statistics data export for a class map. Step 2 Router(config)# end Exits configuration mode.
Chapter 31 Configuring PFC QoS Configuring PFC QoS • For data from a VLAN interface: – Export type (“5” for a class map and VLAN) – Class map name – Direction (“in”) – PFC or DFC slot number – VLAN ID – Number of in-profile packets – Number of packets that exceed the CIR – Number of packets that exceed the PIR – Time stamp • For data from a port channel interface: – Export type (“6” for a class map and port channel) – Class map name – Direction (“in”) – PFC or DFC slot number – Port channel ID – Numbe
Chapter 31 Configuring PFC QoS Configuring PFC QoS This example shows how to set the PFC QoS statistics data export interval and verify the configuration: Router(config)# mls qos statistics-export interval 250 Router(config)# end Router# show mls qos statistics-export info QoS Statistics Data Export Status and Configuration information --------------------------------------------------------------Export Status : enabled Export Interval : 250 seconds Export Delimiter : | Export Destination : Not configured
Chapter 31 Configuring PFC QoS Configuring PFC QoS Table 31-3 Supported PFC QoS Data Export Facility Parameter Values (continued) Name Definition Name Definition auth security/authentication messages local3 reserved for local use syslog internal syslogd messages local4 reserved for local use lpr line printer subsytem local5 reserved for local use news netnews subsytem local6 reserved for local use uucp uucp subsystem local7 reserved for local use Table 31-4 lists the supported PF
Chapter 31 Configuring PFC QoS Configuring PFC QoS Setting the PFC QoS Statistics Data Export Field Delimiter To set the PFC QoS statistics data export field delimiter, perform this task: Command Purpose Router(config)# mls qos statistics-export delimiter delimiter_character Sets the PFC QoS statistics data export field delimiter.
Chapter 31 Configuring PFC QoS Configuring PFC QoS Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 32 Configuring UDLD This chapter describes how to configure the UniDirectional Link Detection (UDLD) protocol in Release 12.1(2)E and later releases on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 32 Configuring UDLD Understanding How UDLD Works A unidirectional link occurs whenever traffic transmitted by the local device over a link is received by the neighbor but traffic transmitted from the neighbor is not received by the local device. If one of the fiber strands in a pair is disconnected, as long as autonegotiation is active, the link does not stay up. In this case, the logical link is undetermined, and UDLD does not take any action.
Chapter 32 Configuring UDLD Default UDLD Configuration Default UDLD Configuration Table 32-1 shows the default UDLD configuration.
Chapter 32 Configuring UDLD Configuring UDLD Enabling UDLD on Individual LAN Interfaces With Release 12.1(13)E and later releases, to enable UDLD on individual LAN ports, perform this task: Command Purpose 1 Step 1 Router(config)# interface type Step 2 Router(config-if)# udld port [aggressive] Enables UDLD on a specific LAN port. Enter the aggressive keyword to enable aggressive mode. On a fiber-optic LAN port, this command overrides the udld enable global configuration command setting.
Chapter 32 Configuring UDLD Configuring UDLD Disabling UDLD on Fiber-Optic LAN Interfaces With Release 12.1(13)E and later releases, to disable UDLD on individual fiber-optic LAN ports, perform this task: Command Purpose 1 Step 1 Router(config)# interface type Step 2 Router(config-if)# udld port disable Disables UDLD on a fiber-optic LAN port. Router(config-if)# no udld port disable Reverts to the udld enable global configuration command setting. slot/port Selects the LAN port to configure.
Chapter 32 Configuring UDLD Configuring UDLD Resetting Disabled LAN Interfaces To reset all LAN ports that have been shut down by UDLD, perform this task: Command Purpose Router# udld reset Resets all LAN ports that have been shut down by UDLD. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 33 Configuring NDE This chapter describes how to configure NetFlow Data Export (NDE) on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.
Chapter 33 Configuring NDE Understanding How NDE Works NDE Overview NDE makes routed-traffic statistics available for analysis by an external data collector. You can use NDE to analyze all IP unicast traffic that is Layer 3-switched on the PFC and all IP unicast traffic that is routed in software on the MSFC. The Supervisor Engine 2 stores NetFlow statistics in the NetFlow table. The NDE configuration has no effect on Layer 3 switching in hardware by the PFC2.
Chapter 33 Configuring NDE Understanding How NDE Works • full—A more-specific flow mask. The PFC creates and maintains a separate cache entry for each IP flow. A full entry includes the source IP address, destination IP address, protocol, and protocol-specific Layer 4 port information. • full-interface—The most-specific flow mask. Adds the source VLAN SNMP ifIndex to the information in the full flow mask. The full-interface flow mask is supported on Supervisor Engine 2 with Release 12.
Chapter 33 Configuring NDE Understanding How NDE Works Table 33-2 NDE Version 5 Flow Record Format Flow masks: • X=Populated • A=Additional field (see the “Populating Additional NDE Fields” section on page 33-10) Bytes Content Description 0–3 srcaddr Source IP address 4–7 dstaddr Destination IP address 8–11 nexthop Next hop router’s IP address Destination Destination Source Interface1 Destination Source Full X A 2 Full Interface1 X X X X X X X X A A A A X X 12–13 input Ing
Chapter 33 Configuring NDE Understanding How NDE Works Table 33-3 NDE Version 7 Header Format Bytes Content Description 0–1 version Netflow export format version number 2–3 count Number of flows exported in this packet (1–30) 4–7 SysUptime Current time in milliseconds since router booted 8–11 unix_secs Current seconds since 0000 UTC 1970 12–15 unix_nsecs Residual nanoseconds since 0000 UTC 1970 16–19 flow_sequence Sequence counter of total flows seen 20–24 reserved Unused (zero) by
Chapter 33 Configuring NDE Understanding How NDE Works Table 33-4 NDE Version 7 Flow Record Format (continued) Flow masks: • X=Populated • A=Additional field (see the “Populating Additional NDE Fields” section on page 33-10) Bytes Content Description 42–43 dst_as Autonomous system number of the destination, either origin or peer 44 src_mask Source address prefix mask bits 45 dst_mask Destination address prefix mask bits 46–47 pad2 Pad 2 48–51 MLS RP IP address of MLS router Destination D
Chapter 33 Configuring NDE Default NDE Configuration You can configure sampled NetFlow to use time-based sampling or packet-based sampling. Table 33-5 lists the time-based sampling rates and export intervals.
Chapter 33 Configuring NDE Configuring NDE Configuring NDE These sections describe how to configure NDE: Note • Configuring NDE on the PFC, page 33-8 • Configuring NDE on the MSFC, page 33-13 • Displaying the NDE Address and Port Configuration, page 33-14 • Configuring NDE Flow Filters, page 33-15 • Displaying the NDE Configuration, page 33-17 • You must enable NetFlow on the MSFC Layer 3 interfaces to support NDE on the PFC and on the MSFC.
Chapter 33 Configuring NDE Configuring NDE This example shows how to enable NDE from the PFC: Router(config)# mls nde sender Setting the Minimum IP MLS Flow Mask You can set the minimum granularity of the flow mask for the MLS cache on the PFC. The actual flow mask used will have at least the granularity specified by this command. For information on how the different flow masks work, see the “Flow Masks” section on page 33-2.
Chapter 33 Configuring NDE Configuring NDE Populating Additional NDE Fields With Release 12.1(13)E and later releases, you can configure NDE to populate the following additional fields in the NDE packets: • IP address of the next hop router • Egress interface SNMP ifIndex • Source autonomous system number • Destination autonomous system number Not all of the additional fields are populated with all flow masks. See the “NDE Versions” section on page 33-3 for additional information.
Chapter 33 Configuring NDE Configuring NDE A typical cache entry that is removed is the entry for flows to and from a Domain Name Server (DNS) or TFTP server. This entry might not be used again after it is created. The PFC saves space in the MLS cache for other data when it detects and ages out these entries. If you need to enable MLS fast aging time, initially set the value to 128 seconds.
Chapter 33 Configuring NDE Configuring NDE Configuring Sampled NetFlow Globally To configure sampled NetFlow globally, perform this task: Step 1 Step 2 Command Purpose Router(config)# mls sampling {time-based rate | packet-based rate [interval]} Enables sampled NetFlow and configures the rate. For packet-based sampling, optionally configures the export interval. Router(config)# no mls sampling Clears the sampled NetFlow configuration. Router(config)# end Exits configuration mode.
Chapter 33 Configuring NDE Configuring NDE Configuring NDE on the MSFC This section supplements the NetFlow procedures at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_r/index.
Chapter 33 Configuring NDE Configuring NDE Configuring the NDE Destination To configure the destination IP address and UDP port to receive the NDE statistics, perform this task: Command Purpose Router(config)# ip flow-export destination ip_address udp_port_number Configures the NDE destination IP address and UDP port. Router(config)# no ip flow-export destination Clears the NDE destination configuration.
Chapter 33 Configuring NDE Configuring NDE Version 1 flow records 0 flows exported in 0 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues Router# Configuring NDE Flow Filters These sections describe NDE flow filters: • NDE Flow Filter Overview, page 33-15 • Configuring a Port Flow Filter, page 33-15 • Configuring a Host and Port Filter, page 33-16
Chapter 33 Configuring NDE Configuring NDE Configuring a Host and Port Filter To configure a host and TCP/UDP port flow filter, perform this task: Command Purpose Router(config)# mls nde flow {exclude | include} {destination ip_address mask | source ip_address mask {dest-port number | src-port number}} Configures a host and port flow filter for an NDE flow. Router(config)# no mls nde flow {exclude | include} Clears the port flow filter configuration.
Chapter 33 Configuring NDE Configuring NDE Clearing an NDE Flow Filter To clear the NDE flow filter and reset the filter to the default (all flows exported), perform this task: Command Purpose Router# clear mls nde flow {all | exclude | include} Clears the NDE flow filter.
Chapter 33 Configuring NDE Configuring NDE Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 34 Configuring Local SPAN and RSPAN This chapter describes how to configure local Switched Port Analyzer (SPAN) and remote SPAN (RSPAN) on the Catalyst 6500 series switches. The Catalyst 6500 series switches support RSPAN with Release 12.1(13)E and later releases.
Chapter 34 Configuring Local SPAN and RSPAN Understanding How Local SPAN and RSPAN Work Local SPAN Overview Local SPAN supports source ports, source VLANs, and destination ports on the same Catalyst 6500 series switch. Local SPAN copies traffic from one or more source ports in any VLAN or from one or more VLANs to a destination port for analysis (see Figure 34-1). For example, as shown in Figure 34-1, all traffic on Ethernet port 5 (the source port) is copied to Ethernet port 10.
Chapter 34 Configuring Local SPAN and RSPAN Understanding How Local SPAN and RSPAN Work RSPAN Overview RSPAN supports source ports, source VLANs, and destination ports on different switches, which provides remote monitoring of multiple switches across your network (see Figure 34-2). The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is dedicated for that RSPAN session in all participating switches. The RSPAN source ports can be trunks carrying the RSPAN VLAN.
Chapter 34 Configuring Local SPAN and RSPAN Understanding How Local SPAN and RSPAN Work Monitored Traffic These sections describe the traffic that SPAN (local or remote) can monitor: • Monitored Traffic Direction, page 34-4 • Monitored Traffic Type, page 34-4 • Duplicate Traffic, page 34-4 Monitored Traffic Direction You can configure SPAN sessions to monitor ingress network traffic (called ingress SPAN), or to monitor egress network traffic (called egress SPAN), or to monitor traffic flowing in bo
Chapter 34 Configuring Local SPAN and RSPAN Local SPAN and RSPAN Configuration Guidelines and Restrictions Source VLANs A source VLAN is a VLAN monitored for network traffic analysis. VLAN-based SPAN (VSPAN) uses a VLAN as the SPAN source. All the ports in the source VLANs become source ports. Destination Ports A destination port is a Layer 2 or Layer 3 LAN port to which SPAN sends traffic for analysis. When you configure a port as a SPAN destination port, it can no longer receive any traffic.
Chapter 34 Configuring Local SPAN and RSPAN Local SPAN and RSPAN Configuration Guidelines and Restrictions Local SPAN and RSPAN Source and Destination Limits These are the local SPAN and RSPAN source and destination limits: Sources and Destinations Local SPAN Sessions RSPAN Source Sessions RSPAN Destination Sessions Egress sources 1 (0 with a remote SPAN source session configured) 1 (0 with a local SPAN egress source session configured) 1 RSPAN VLAN Ingress sources 64 64 Destinations per sessi
Chapter 34 Configuring Local SPAN and RSPAN Local SPAN and RSPAN Configuration Guidelines and Restrictions • When enabled, local SPAN or RSPAN uses any previously entered configuration. • When you specify sources and do not specify a traffic direction (ingress, egress, or both), “both” is used by default. • You cannot configure destination ports to receive ingress traffic. • Destination ports never participate in any spanning tree instance.
Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN • MAC address learning is disabled on the RSPAN VLAN. • You can use an output access control list (ACL) on the RSPAN VLAN in the RSPAN source switch to filter the traffic sent to an RSPAN destination. • RSPAN does not support BPDU monitoring. • Do not configure RSPAN VLANs as sources in VSPAN sessions.
Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN Configuring RSPAN VLANs To configure a VLAN as an RSPAN VLAN, perform this task: Command Purpose Step 1 Router(config)# vlan vlan_ID{[-vlan_ID]|[,vlan_ID]) Creates or modifies an Ethernet VLAN, a range of Ethernet VLANs, or several Ethernet VLANs specified in a comma-separated list (do not enter space characters). Step 2 Router(config-vlan)# remote-span Configures the VLAN as an RSPAN VLAN.
Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN • vlan_range is first_vlan_ID - last_vlan_ID • mixed_vlan_list is, in any order, single_vlan , vlan_range , ... When clearing monitor sessions, note the following syntax information: • The no monitor session number command entered with no other parameters clears session session_number.
Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN Configuring a Destination Port as an Unconditional Trunk To tag the monitored traffic with Release 12.1(13)E and later releases, configure the destination port as a trunk.
Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN When configuring monitor sessions, note the following syntax information: • single_interface is interface type slot/port; type is ethernet, fastethernet, gigabitethernet, or tengigabitethernet. • interface_list is single_interface , single_interface , single_interface ... Note In lists, you must enter a space before and after the comma. In ranges, you must enter a space before and after the dash.
Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN This example shows how to display the full details of session 2: Router# show monitor session 2 detail Session 2 -----------Type : Remote Source Session Source Ports: RX Only: TX Only: Both: Source VLANs: RX Only: TX Only: Both: Source RSPAN VLAN: Destination Ports: Filter VLANs: Dest RSPAN VLAN: Fa1/1-3 None None None None None None None None 901 Configuration Examples This example shows how to configure RSPAN source session 2
Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 35 Configuring Web Cache Services Using WCCP This chapter describes how to configure the Catalyst 6500 series switches to redirect traffic to cache engines (web caches) using the Web Cache Communication Protocol (WCCP), and describes how to manage cache engine clusters (cache farms).
Chapter 35 Configuring Web Cache Services Using WCCP Understanding WCCP Understanding WCCP These sections describe WCCP: • WCCP Overview, page 35-2 • Hardware Acceleration, page 35-2 • Understanding WCCPv1 Configuration, page 35-3 • Understanding WCCPv2 Configuration, page 35-4 • WCCPv2 Features, page 35-5 WCCP Overview The Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing technology that allows you to integrate cache engines (such as the Cisco Cache Engine 550) into
Chapter 35 Configuring Web Cache Services Using WCCP Understanding WCCP With Release 12.1(2)E and later releases, WCCP Layer 2 PFC redirection allows Cisco Cache Engines to use hardware-supported Layer 2 redirection. A directly connected Cache Engine can be configured to negotiate use of the WCCP Layer 2 PFC Redirection feature. The WCCP Layer 2 PFC redirection feature requires no configuration on the MSFC.
Chapter 35 Configuring Web Cache Services Using WCCP Understanding WCCP 2. The cache engines send their IP addresses to the control router using WCCP, indicating their presence. Routers and cache engines communicate to each other via a control channel; this channel is based on UDP port 2048. 3. This information is used by the control router to create a cluster view (a list of caches in the cluster).
Chapter 35 Configuring Web Cache Services Using WCCP Understanding WCCP Using WCCPv1, the cache engines were configured with the address of the single router. WCCPv2 requires that each cache engine be aware of all the routers in the service group. To specify the addresses of all the routers in a service group, you must choose one of the following methods: • Unicast—A list of router addresses for each of the routers in the group is configured on each cache engine.
Chapter 35 Configuring Web Cache Services Using WCCP Understanding WCCP The cache engines in service group specify traffic to be redirected by protocol (TCP or UDP) and port (source or destination). Each service group has a priority status assigned to it. Packets are matched against service groups in priority order. Support for Multiple Routers WCCPv2 allows multiple routers to be attached to a cluster of cache engines.
Chapter 35 Configuring Web Cache Services Using WCCP Restrictions for WCCPv2 Restrictions for WCCPv2 The following limitations apply to WCCP v2: • WCCP works only with IP networks. • For routers servicing a multicast cluster, the time to live (TTL) value must be set at 15 or fewer. • Because the messages may now be IP multicast, members may receive messages that will not be relevant or are duplicates. Appropriate filtering needs to be performed.
Chapter 35 Configuring Web Cache Services Using WCCP Configuring WCCP WCCPv1 does not use the WCCP commands from earlier Cisco IOS versions. Instead, use the WCCP commands documented in this chapter. If a function is not allowed in WCCPv1, an error prompt will be printed to the screen. For example, if WCCPv1 is running on the router and you try to configure a dynamic service, the following message will be displayed: “WCCP V1 only supports the web-cache service.
Chapter 35 Configuring Web Cache Services Using WCCP Configuring WCCP Note • A future release of Cisco Application and Content Networking System (ACNS) software (Release 4.2.2 or later) and Release 12.1(13)E and later releases support the ip wccp service accelerated command with a PFC2. • Release 12.1(13)E and later releases support the ip wccp service redirect in interface command in software on the MSFC2.
Chapter 35 Configuring Web Cache Services Using WCCP Configuring WCCP Registering a Router to a Multicast Address If you decide to use the multicast address option for your service group, you must configure the router to listen for the multicast broadcasts on an interface. To configure the router, perform this task: Command Purpose Step 1 Router(config)# ip wccp {web-cache | service-number} group-address groupaddress Specifies the multicast address for the service group.
Chapter 35 Configuring Web Cache Services Using WCCP Configuring WCCP Setting a Password for a Router and Cache Engines MD5 password security requires that each router and cache engine that wants to join a service group be configured with the service group password. The password can consist of up to seven characters. Each cache engine or router in the service group will authenticate the security component in a received WCCP packet immediately after validating the WCCP message header.
Chapter 35 Configuring Web Cache Services Using WCCP Verifying and Monitoring WCCP Configuration Settings To configure an MD5 password for use by the router in WCCP communications, perform this task in global configuration mode: Command Purpose Router(config)# ip wccp web-cache password password Sets an MD5 password on the router.
Chapter 35 Configuring Web Cache Services Using WCCP WCCP Configuration Examples • Setting a Password for a Router and Cache Engines Example, page 35-15 • Verifying WCCP Settings Example, page 35-15 Changing the Version of WCCP on a Router Example The following example shows the process of changing the WCCP version from the default of WCCPv2 to WCCPv1, and enabling the web-cache service in WCCPv1: Router# show ip wccp % WCCP version 2 is not enabled Router# configure terminal Router(config)# ip wccp v
Chapter 35 Configuring Web Cache Services Using WCCP WCCP Configuration Examples . . . WCCP Redirect inbound is enabled WCCP Redirect exclude is disabled . . .
Chapter 35 Configuring Web Cache Services Using WCCP WCCP Configuration Examples The following example configures a router to redirect web-related packets received through interface ethernet 0/1, destined to any host except 209.165.196.51: Router(config)# access-list 100 deny ip any host 209.165.196.
Chapter 35 Configuring Web Cache Services Using WCCP WCCP Configuration Examples interface Ethernet1 ip address 10.4.1.1 255.255.255.0 no ip directed-broadcast ip wccp 99 redirect out no ip route-cache no ip mroute-cache ! interface Serial0 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast no ip route-cache no ip mroute-cache shutdown ! ip default-gateway 10.3.1.1 ip classless ip route 0.0.0.0 0.0.0.0 10.3.1.
C H A P T E R 36 Configuring SNMP IfIndex Persistence This chapter describes how to configure the SNMP ifIndex persistence feature on Catalyst 6500 series switches. Release 12.1(13)E and later releases support SNMP ifIndex persistence.
Chapter 36 Configuring SNMP IfIndex Persistence Configuring SNMP IfIndex Persistence Note To verify that ifIndex commands have been configured, use the more system:running-config command. Enabling and Disabling SNMP IfIndex Persistence Globally SNMP ifIndex persistence is disabled by default. To globally enableSNMP ifIndex persistence, perform this task: Command Purpose Router(config)# snmp-server ifindex persist Globally enables SNMP ifIndex persistence.
Chapter 36 Configuring SNMP IfIndex Persistence Configuration Examples To clear the interface-specific SNMP ifIndex persistence setting and configure the interface to use the global configuration setting, perform this task: Command Purpose Step 1 Router(config)# interface type slot/port Enters interface configuration mode for the specified interface. Note that the syntax of the interface command will vary depending on the platform you are using.
Chapter 36 Configuring SNMP IfIndex Persistence Configuration Examples Clearing SNMP IfIndex Persistence Configuration from a Specific Interface Example In the following example, any previous setting for SNMP ifIndex persistence on Ethernet interface 3/1 is removed from the configuration. If SNMP ifIndex persistence is globally enabled, SNMP ifIndex persistence will be enabled for Ethernet interface 3/1.
C H A P T E R 37 Configuring the Switch Fabric Module This chapter describes how to configure the Switch Fabric Module (SFM) for the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 37 Configuring the Switch Fabric Module Understanding How the Switch Fabric Module Works Switch Fabric Module Slots With a WS-C6513 chassis, install the Switch Fabric Modules in either slot 7 or 8. Note In a WS-C6513 chassis, only slots 9 through 13 support dual-switch fabric interface switching modules (for example, WS-X6816-GBIC). With all other chassis, install the Switch Fabric Modules in either slot 5 or 6.
Chapter 37 Configuring the Switch Fabric Module Configuring the Switch Fabric Module • Truncated mode—The switch uses this mode for traffic between fabric-enabled modules when there are both fabric-enabled and nonfabric-enabled modules installed. In this mode, the switch sends a truncated version of the traffic (the first 64 bytes of the frame) over the switch fabric channel.
Chapter 37 Configuring the Switch Fabric Module Configuring the Switch Fabric Module When configuring the switching mode, note the following syntax information: Caution • To allow use of nonfabric-enabled modules or to allow fabric-enabled modules to use bus mode, enter the fabric switching-mode allow bus-mode command. • To prevent use of nonfabric-enabled modules or to prevent fabric-enabled modules from using bus mode, enter the no fabric switching-mode allow bus-mode command.
Chapter 37 Configuring the Switch Fabric Module Monitoring the Switch Fabric Module Configuring an LCD Message To configure a message for display on the LCD, perform this task: Command Purpose Router(config)# fabric lcd-banner d message d Configures a message for display on the LCD. Router(config)# no fabric lcd-banner Clears the message displayed on the LCD. When configuring a message for display on the LCD, note the following syntax information: • The d parameter is a delimiting character.
Chapter 37 Configuring the Switch Fabric Module Monitoring the Switch Fabric Module This example shows how to display module information: Router# show module 5 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------5 0 Switching Fabric Module WS-C6500-SFM SAD04420JR5 Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------5 0001.0002.0003 to 0001.0002.0003 1.0 6.1(3) 6.2(0.
Chapter 37 Configuring the Switch Fabric Module Monitoring the Switch Fabric Module Displaying the Fabric Status To display the fabric status of one or all switching modules, perform this task: Command Purpose Router# show fabric status [slot_number | all] Displays fabric status.
Chapter 37 Configuring the Switch Fabric Module Monitoring the Switch Fabric Module This example shows how to display fabric errors on all modules: Router# show fabric errors slot channel module crc 1 0 0 3 0 0 3 1 0 4 0 0 4 1 0 6 0 0 6 1 0 7 0 0 7 1 0 Router# module hbeat 0 0 0 0 0 0 0 0 0 module sync 0 0 0 0 0 0 0 0 0 fabric sync 0 0 0 0 0 0 0 0 0 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
C H A P T E R 38 Power Management and Environmental Monitoring This chapter describes the power management and environmental monitoring features in the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
Chapter 38 Power Management and Environmental Monitoring Understanding How Power Management Works Enabling or Disabling Power Redundancy From global configuration mode, enter the power redundancy-mode combined | redundant commands to disable or enable redundancy (redundancy is enabled by default). You can change the configuration of the power supplies to redundant or nonredundant at any time. Specifying the combined keyword disables redundancy.
Chapter 38 Power Management and Environmental Monitoring Understanding How Power Management Works Table 38-1 Effects of Power Supply Configuration Changes (continued) Configuration Change Effect Power supply is removed with redundancy enabled • System log and syslog messages are generated. • No change in module status since power capability is unchanged. Power supply is removed with redundancy disabled • System log and syslog messages are generated.
Chapter 38 Power Management and Environmental Monitoring Understanding How Environmental Monitoring Works Using the CLI to Power Cycle Modules From global configuration mode, enter the power cycle module slot command to power cycle (reset) a module; the module powers off for 5 seconds and then powers on. Determining System Power Requirements System power requirements are dependent on the size of the power supply.
Chapter 38 Power Management and Environmental Monitoring Understanding How Environmental Monitoring Works Table 38-2 Environmental Monitoring for Supervisor Engine and Switching Modules Component Supervisor engine temperature sensor exceeds major threshold1 Alarm Type Major LED Indication 2 STATUS LED red Action 3 Syslog message and SNMP trap generated. If redundancy, system switches to redundant supervisor engine and the active supervisor engine shuts down.
Chapter 38 Power Management and Environmental Monitoring Understanding How Environmental Monitoring Works Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
A P P E N D I X A Acronyms Table A-1 defines the acronyms used in this publication.
Appendix A Table A-1 Acronyms List of Acronyms (continued) Acronym Expansion CEF Cisco Express Forwarding CHAP Challenge Handshake Authentication Protocol CIR committed information rate CLI command-line interface CLNS Connection-Less Network Service CMNS Connection-Mode Network Service COPS Common Open Policy Server COPS-DS Common Open Policy Server Differentiated Services CoS class of service CPLD Complex Programmable Logic Device CRC cyclic redundancy check CRF concentrator re
Appendix A Acronyms Table A-1 List of Acronyms (continued) Acronym Expansion DTR data terminal ready DXI data exchange interface EAP Extensible Authentication Protocol EARL Enhanced Address Recognition Logic EEPROM electrically erasable programmable read-only memory EHSA enhanced high system availability EIA Electronic Industries Association ELAN Emulated Local Area Network EOBC Ethernet out-of-band channel EOF end of file ESI end-system identifier FAT File Allocation Table FEC
Appendix A Table A-1 Acronyms List of Acronyms (continued) Acronym Expansion ISL Inter-Switch Link ISO International Organization of Standardization ISR Integrated SONET router LAN local area network LANE LAN Emulation LAPB Link Access Procedure, Balanced LCP Link Control Protocol LDA Local Director Acceleration LEC LAN Emulation Client LECS LAN Emulation Configuration Server LEM link error monitor LER link error rate LES LAN Emulation Server LLC Logical Link Control LTL L
Appendix A Acronyms Table A-1 List of Acronyms (continued) Acronym Expansion NET network entity title NetBIOS Network Basic Input/Output System NFFC NetFlow Feature Card NMP Network Management Processor NSAP network service access point NTP Network Time Protocol NVRAM nonvolatile RAM OAM Operation, Administration, and Maintenance ODM order dependent merge OSI Open System Interconnection OSM Optical Services Module OSPF open shortest path first PAE port access entity PAgP Por
Appendix A Table A-1 Acronyms List of Acronyms (continued) Acronym Expansion RIB routing information base RIF Routing Information Field RMON remote network monitor ROM read-only memory ROMMON ROM monitor RP route processor or rendezvous point RPC remote procedure call RPF reverse path forwarding RSPAN remote SPAN RST reset RSVP ReSerVation Protocol SAID Security Association Identifier SAP service access point SCM service connection manager SCP Switch-Module Configuration P
Appendix A Acronyms Table A-1 List of Acronyms (continued) Acronym Expansion TCAM Ternary Content Addressable Memory TCL table contention level TCP/IP Transmission Control Protocol/Internet Protocol TFTP Trivial File Transfer Protocol TIA Telecommunications Industry Association TopN Utility that allows the user to analyze port traffic by reports TOS type of service TLV type-length-value TTL Time To Live TVX valid transmission UDLD UniDirectional Link Detection Protocol UDP User
Appendix A Acronyms Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.
I N D E X using with WCCP Numerics 10 access port, configuring 4K VLANs (support for 4,096 VLANs) 802.10 SAID (default) 2 ACEs and ACLs 6 1 IPX MLS, flow masks and 802.
Index blocking state, STP CBAC 8 boot bootldr command boot command CDP 26, 27 configuration task lists 22 boot config command overview 27 3 1 27 cdp enable command description 25 CEF 2 1 configuring 27 boot loader image MSFC2 25, 27 boot system command BPDU guard 5 supervisor engine 21, 26 boot system flash command 22 examples packet rewrite bridge ID 5 3 Layer 3 switching See STP BPDU guard 2 2 CEF for PFC2 See STP bridge ID bridge priority, STP See CEF 30 bridge
Index clearing IPX MLS cache entries clear interface command interfaces 13 register 19 clear ip route command IP MLS restiction changing settings configuration 6 clear ipx route command IPX MLS restiction 23 21 to 24 settings at startup 22 configuration register boot field 5 clear mls command listing value clearing IP MLS cache entries 12 clear mls ip multicast statistics command clearing IP MMLS statistics modification tasks clear mls nde flow command 23 configure command configurin
Index IP MMLS 7 IPX MLS 5 redundancy Embedded CiscoView supervisor engine UDLD enable command 1 enable mode 3 voice VLAN VTP 1 2 10, 23 5 enabling 4 IP MLS, on router interfaces 5 default gateway, configuring default NDE configuration default VLAN 7 IP MMLS 12 on router interfaces 7 11 IPX MLS, on router interfaces 10 denial of service protection enabling IP MLS 1 6 description command 16 encapsulation destination flow mask 3 enhanced high system availability destinati
Index interface port-channel (command) filters, NDE 7 lacp system-priority clearing command example destination host filter, specifying 10 Layer 2 8 load balancing configuring overview 6 protocol 16 firewall 5 16 5 Flash memory 3 PAgP configuration process Understanding loading system image from 5 port-channel load-balance command 25 configuring router to boot from 3 port-channel interfaces security precautions write protection 10, 11 command example flow control 11 25 2
Index frame distribution leave processing See EtherChannel load balancing enabling queries 11 3 query interval G configuring gateway, configuring snooping 12 global configuration mode 11 fast leave 5 global parameters, configuring 3 5 joining multicast group 2 leaving multicast group 4 understanding H 2 snooping querier enabling hardware Layer 3 switching guidelines guidelines and restrictions 4 hello time, STP understanding 32 IGMPv3 history CLI 7 2 10 IGMP v3lite 3
Index range of default configuration 4 restarting disabling 19 shutting down task on router interface interfaces command enabling 4 interfaces range macro command destination-ip Internal Sub Tree Protocol 3, 2 destination-source-ip ip flow See IGMP ip-full IP 12 12 IP accounting, IP MMLS and 3 minimum 8, 9 overview 3, 2 IP addresses flows assigned by BOOTP protocol set to default 3 source-destination-ip 9 3 2 NDE 14 See NDE 14 IP CEF operational overview topology (fi
Index completely and partially switched Layer 3 MLS cache overview 4 clearing cache entries 2 9 13 configuration guidelines 2 packet rewrite interaction with other features 3 router MTU displaying interface information enabling globally 5 disabling on router interface 11 multicast routing table, displaying PIM, enabling 16 6 disabling on interfaces 6 displaying VLAN statistics 10 switch enabling statistics, clearing unsupported features 5 6 default configuration 14 10 enabli
Index Layer 4 port operations (ACLs) J 3 leave processing, IGMP join messages, IGMP jumbo frames 2 enabling 10 11 link negotiation 8 load balancing 15 logical operation unit K See LOU keyboard shortcuts loop guard 3 See STP loop guard LOU L description determining maximum number of LACP system ID configuring interfaces access port trunk 8 defaults 5 M 7 MAC address 14 adding to BOOTP configuration file MAC address-based blocking 4 show interfaces 13, 14, 7, 13 configuring
Index mls flow ipx command overview configuring IPX MLS flow mask RGMP 8 mls ip multicast command enabling IP MMLS configuring a host and port filter configuring a host flow filter configuring a port filter 16 joining 2 leaving 4 multicast multilayer switching multicast RPF 15 mls nde src_address command 6 See IP MMLS 16 configuring a protocol flow filter 8 monitoring 16 2 multicast storms see traffic-storm control multilayer switch feature card traffic suppression see MSFC 5 Mult
Index overview multicast 1 specifying PAgP destination host filters protocol filters understanding 16 destination TCP/UDP port filters configuring enable password 7 NetFlow Data Export enable secret See NDE network fault tolerance 15 network management 1 non-RPF multicast 5 nonvolatile random-access memory See NVRAM 1 See VLANs 16 static enable password TACACS+ 15 16 TACACS+ (caution) encrypting 17 (caution) 17 17 recovering lost enable passwords PBR normal-range VLANs 15 1
Index initializing authentication of a client manual reauthentication of a client quiet period port cost, STP 11 port debounce timer 11 disabling 11 RADIUS server RADIUS server parameters on the switch enabling 8 switch-to-authentication-server retransmission time 13 switch-to-client frame-retransmission number switch-to-client retransmission time 12 See STP PortFast 14 PortFast BPDU filtering See STP PortFast BPDU filtering port negotiation 8 27 ports secure 2 displaying statistics 15
Index isolated VLANs definition 2 ports receive queue community isolated and ToS final L3 Switching Engine values 1 21 and ToS final values from L3 Switching Engine 1 primary VLANs definition 2 secondary VLANs 54 QoS default configuration privileged EXEC mode QoS definitions 5 privileges 21 3 port value, configuring 2 2 25 3 QoS drop thresholds changing default see QoS congestion avoidance 18 configuring QoS DSCP multiple levels 17 definition privilege level 18 intern
Index DSCP markdown values QoS ToS 25, 68 DSCP values to CoS values and CoS final values from L3 Switching Engine 67 IP precedence values to DSCP values QoS markdown QoS marking definition 67 size ratio 4 trusted ports configuring 13 QoS MSFC marking 54 QoS transmit queues 21, 60, 61 QoS trust-cos 9 QoS multilayer switch feature card port keyword 12 QoS OSM egress port feature summary feature summary QoS out of profile 11, 12 QoS trust-dscp port keyword 12 QoS OSM ingress port 1
Index redundancy (RPR+) configuring See redundancy (RPR+) 1 RSTP 6 configuring supervisor engine port roles 5 displaying supervisor engine configuration redundancy command redundancy command 3 related documentation 23 2 23 port states 8 14 S SAID 6 sample configuration reserved-range VLANs 2 to 10 Sampled NetFlow See VLANs description rewrite, packet CEF 13 6, 7 route processor redundancy plus reload command 15 6 saving the configuration file 2 scheduling IP MLS 4 see Q
Index show ciscoview version command show configuration command show debugging command show eobc command displaying IP MMLS configuration 16 show history command 17 show mls ip source command 3 displaying IP MLS source address 18 show hardware command show ibc command show mls ip multicast summary 3 show mls ipx command 3 displaying IPX MLS cache entries 4 show mls nde command 18 show interfaces command 10 clearing interface counters 17 displaying NDE flow IP address 2, 13, 14, 16, 1
Index configuring destinations sources command 8 overview command example 10 10 13, 14 spanning-tree cost command 29, 30 8 12 spanning-tree vlan command 23, 25, 26, 27 spanning-tree vlan cost command 29 spanning-tree vlan forward-time command 32 command example 33 spanning-tree vlan hello-time command 32 spanning-tree vlan max-age command 33 spanning-tree vlan port-priority command forward-delay time 28 spanning-tree vlan priority 32 32 maximum aging time 33 29 port priorit
Index and MST command example 16 configuring understanding 13 figure 12 3 strict-priority queue adding a switch see QoS strict priority 7 spanning-tree backbonefast command configuring 13, 14 command example understanding 13, 14 redundancy spanning-tree portfast bpdu-guard 6 12 configuring 2, 5 See SPAN STP PortFast switch fabric module 16 BPDU filter configuring understanding 8 2 6, 14 13, 14, 7, 13 switchport access vlan example 10, 14 15 switchport mode access 4, 14
Index switchport trunk allowed vlan 11 switchport trunk encapsulation 9 trunks 802.
Index See STP UplinkFast URD configuring (tasks) defaults 10 user EXEC mode 6 extended range 5 9 ID (default) 2 6 interface assignment V name (default) VACLs normal range 8 configuring 11 examples 16 6 2 private See private VLANs Layer 3 VLAN interfaces Layer 4 port operations protocol filtering and 15 reserved range 3 1 2 support for 4,096 VLANs logging configuration example configuring 17 restrictions 18 3 understanding multicast packets overview token ring 18 unde
Index client 2 server 2 transparent monitoring 2 10 overview 1 pruning configuration configuring overview 12 7 3 server, configuring statistics 8 10 transparent mode, configuring 8 version 2 enabling 7 overview 3 W WCCP configuring on a router service groups 2, 15 8 specifying protocol version web browser interface 7 1 Web Cache Communication Protocol See WCCP 1 web caches See cache engines web cache services description 5 web caching See web cache services See also WCCP web s
Index Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.