Cisco Systems ME3400G2CSA manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Cisco Systems ME3400G2CSA. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Cisco Systems ME3400G2CSA ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Cisco Systems ME3400G2CSA décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Cisco Systems ME3400G2CSA devrait contenir:
- informations sur les caractéristiques techniques du dispositif Cisco Systems ME3400G2CSA
- nom du fabricant et année de fabrication Cisco Systems ME3400G2CSA
- instructions d'utilisation, de réglage et d’entretien de l'équipement Cisco Systems ME3400G2CSA
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Cisco Systems ME3400G2CSA ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Cisco Systems ME3400G2CSA et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Cisco Systems en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Cisco Systems ME3400G2CSA, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Cisco Systems ME3400G2CSA, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Cisco Systems ME3400G2CSA. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 Cisco ME 340 0 Ethernet A ccess Switc h S of t w are Conf iguration Guide Cisco IOS Release 12.2(25) EX No vem ber 2005 Custome r Order Numb er: DO C-78170 58= Text Pa r[...]

  • Page 2

    THE SPECIFICATIONS AND INFORMATION REG ARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOU T NOTICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TAKE FULL RESPON SIBILITY FOR THEIR AP PLICATION OF ANY PRO[...]

  • Page 3

    iii Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 CONTENTS Preface xx xiii Audienc e xxxii i Pur pose xxxi ii Conv enti ons xxxiii Rela te d Publi cation s xxxiv Obtain ing Docu mentati on xxxv Cisco. com xxxv Produc t Documentat ion DVD xx xv Orderi ng Documenta tion xxxv Document ation F eedback xxxvi Cisco Pr od[...]

  • Page 4

    Cont ent s iv Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Defau lt Se ttin gs Aft er I nitial Sw itch C onfigu rat ion 1-8 Netw ork Confi gur atio n Ex ampl es 1-1 1 Multid welling or Ether net-to -the-S u bscri be r Networ k 1-11 Laye r 2 VPN Applic ation 1-13 Multi-V RF C E App lic atio n 1-14 Wher e to Go N ex[...]

  • Page 5

    Content s v Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Manua lly As sign ing IP Infor matio n 3-9 Checki ng and Sav in g the Runn i ng Configu ration 3-10 Modi fy in g th e Sta rt up Co nf igur at ion 3-1 2 Defau lt B oot Conf igur atio n 3-13 Automa ticall y Download ing a Con fi gurati on File 3-13 Specif ying[...]

  • Page 6

    Cont ent s vi Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Config urin g NTP 5-4 Defaul t NTP Conf ig urati o n 5-4 Config urin g NTP Authent icatio n 5-5 Config urin g NTP As socia tions 5-6 Config urin g NTP Broadca st Serv ic e 5-7 Config urin g NTP Ac cess Res tricti on s 5-8 Config urin g th e Source IP Addre[...]

  • Page 7

    Content s vii Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 CHAPTER 6 Configur ing S DM Templates 6-1 Underst anding th e SDM Templa tes 6-1 Config urin g the Switch SDM Templat e 6-2 Defaul t SDM Template 6-2 SDM Templ ate Confi guratio n Guideli nes 6-2 Setti ng the SDM Temp late 6-3 Displa ying the SDM Te mplate[...]

  • Page 8

    Cont ent s viii Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Config urin g RADI US 7-20 Defaul t RADIUS Confi gu ration 7-20 Identi fying t he RADI US Serv er Host 7-20 Config urin g RADI US Login A uth enti cat ion 7-23 Defini ng AAA Server Groups 7-25 Config urin g RADI US Authori zation f or User Pri vi leged A[...]

  • Page 9

    Content s ix Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Config urin g IEEE 802. 1x Authe nt icat io n 8-9 Defa ul t IEEE 8 02.1x Conf igur at ion 8-9 IEEE 802 .1x Con figurat ion Guid elines 8-1 0 Config urin g IEEE 802. 1x Authe nt icat io n 8-11 Config urin g th e Switch -t o-RADI US- Server Commun icat io n 8[...]

  • Page 10

    Cont ent s x Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Config urin g Auto-MDIX on an Inte rface 9-18 Adding a De scrip ti on for an I nterf ac e 9-19 Config urin g Layer 3 I nterfa ces 9-20 Config urin g th e System MTU 9-21 Monitor ing an d Mainta inin g th e Inte rface s 9-22 Moni tori ng In terfa ce S tat us[...]

  • Page 11

    Content s xi Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Defau lt Laye r 2 Et he rn et Int erfa c e VL A N Co nf ig ura tio n 11-16 Config urin g an Etherne t Inter face as a Trunk Port 11-16 Intera ctio n wit h O ther F eat ures 11-16 Config urin g a Trunk Por t 11-17 Defin in g the Allo w e d V LA N s on a Tr u[...]

  • Page 12

    Cont ent s xii Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Config urin g a Lay er 2 Inter face as a Pri vate -V LAN Host Por t 12-12 Config urin g a Lay er 2 Inter face as a Pri vate -V LAN Promi scu ous Por t 12-13 Mapp ing Seco nda ry VLA Ns to a Prim ary VLAN La yer 3 VLA N In terf ace 12 -14 Moni tori ng P ri[...]

  • Page 13

    Content s xiii Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Spannin g-Tr ee Mode s and Pro tocols 14-9 Support ed Sp anning- Tree I nstances 14-10 Spannin g-Tr ee I nterope rabili ty and Ba ckwa rd Compat i bilit y 14-10 STP and IE EE 802. 1Q Tr unks 14-10 Config urin g Spanning -Tree F ea tures 14-11 Defaul t Spa[...]

  • Page 14

    Cont ent s xiv Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Config urin g MSTP Feat ures 15-11 Defaul t MSTP Conf ig uration 15-12 MSTP Confi gurati on Guideline s 15-1 2 Specif ying the MST Re gion Conf igura ti on and Enabl ing MSTP 15-13 Config urin g the Root Swi tch 15-1 4 Config urin g a Sec ondar y Root Swi[...]

  • Page 15

    Content s xv Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 CHAPTER 17 Configur ing F lex Lin ks 17-1 Underst anding Fl ex Links 17-1 Config urin g Flex Lin ks 17-2 Defau lt F lex Link Conf igur atio n 17-2 Flex Li nk Config urati on Guidel ines 17-2 Config urin g Flex Link s 17-3 Moni tori ng F lex Link s 17-4 CHAP[...]

  • Page 16

    Cont ent s xvi Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 CHAPTER 19 Configur ing Dynamic ARP Ins pectio n 19-1 Underst anding Dyn amic ARP Ins pection 19-1 Inter face Trus t State s an d Network Securit y 19-3 Rate Lim iting of ARP P ack ets 19-4 Relati ve Prior ity o f ARP ACL s and DHCP Sn ooping Ent ries 19-[...]

  • Page 17

    Content s xvii Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Unde rsta nding Mult icas t V LAN R egi strati on 20-16 Using MV R in a Multic ast Telev isi on Applica tion 20-16 Config urin g MVR 20-18 Defaul t MVR Configu ration 20-1 8 MVR Conf igura tion G uideli nes and Limita tions 20-19 Config urin g MV R Global[...]

  • Page 18

    Cont ent s xviii Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 CHAPTER 22 Configur ing C DP 22-1 Underst anding CDP 22-1 Config urin g CDP 22-2 Defaul t CDP Conf ig urati on 22-2 Config urin g the CDP Chara cter is tics 22-2 Disab ling an d En abli ng CD P 22-3 Disab ling an d En abli ng CD P o n an I nter fac e 22[...]

  • Page 19

    Content s xix Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Config urin g Local SPAN 24-10 SPAN Confi gurati on Gui deline s 24-10 Creati ng a Local SPAN S ession 24-11 Creati ng a Loca l SP AN Sessio n and Confi guring I ngress Tr affi c 24-13 Specif ying VLANs t o Filter 24-15 Config urin g RSPAN 24 -16 RSPA N Co[...]

  • Page 20

    Cont ent s xx Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 CHAPTER 27 Configur ing SNMP 27-1 Underst anding SNMP 27-1 SNMP Vers ions 27-2 SNMP Manage r Fu nctions 27-3 SNM P Age nt Fu nc ti ons 27-4 SNMP Communi ty Str ings 27-4 Using SNMP to Access MIB Variabl es 27-4 SNMP No tific ations 27-5 SNMP if Ind e x MIB[...]

  • Page 21

    Content s xxi Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Applyi ng an IPv4 ACL to an Inter face 28-1 9 Hardwa re and Soft ware Treat ment of IP ACL s 28-21 IPv4 A CL Conf igur atio n Ex ampl es 28-21 Numbered ACL s 28-2 3 Exten ded AC Ls 28-23 Named ACLs 28-23 Time Range Applied t o an IP ACL 28-24 Comme n te d [...]

  • Page 22

    Cont ent s xxii Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Classi ficati on 30-5 Class Maps 30-6 The match Co mmand 30 -7 Classi ficati on Base d on Layer 2 CoS 30-7 Classi ficati on Base d on IP Prece dence 30-8 Classi ficati on Base d on I P DSCP 30-8 Classi ficati on C ompariso ns 30-9 Classi ficati on Base d[...]

  • Page 23

    Content s xxiii Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Displa ying QoS In format ion 30-55 QoS Stati stics 30-55 Config urati o n Exampl es for Po li cy Maps 30-56 QoS Confi guratio n for Cu stomer A 30-56 QoS Confi guratio n for Cu stomer B 30-58 Modi fy in g O ut pu t Po lici es an d Ad d i n g or De le ti[...]

  • Page 24

    Cont ent s xxiv Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 CHAPTER 32 Configur ing IP Unicast Routing 32-1 Underst anding I P Routing 32-2 Type s of Routin g 32-2 Steps for Conf igur ing Routi ng 32-3 Config urin g IP Address ing 32-4 Defaul t Addres sing Conf igur at ion 32-4 Assig n in g IP Add re s se s to Ne[...]

  • Page 25

    Content s xxv Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Config urin g EIGRP 32-32 Defaul t EIGRP Conf igur ation 32-34 Config urin g Bas ic EIGRP Par ameter s 32-3 5 Config urin g EIGRP Int erfaces 32-36 Config urin g EIGRP Route Authen ticati on 32 -37 Monitor ing an d Ma intain ing EI GRP 32- 38 Config urin g[...]

  • Page 26

    Cont ent s xxvi Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Filt er in g Ro u tin g Info r mat io n 32-79 Setti ng Passive Inter fa ces 32-79 Contro lling Adv ertisi ng and Proc essin g i n Routing Upd ates 32-80 Filte ring S ource s of Ro utin g Info rmatio n 32 -81 Managing Auth enticat ion Ke ys 32-82 Monit or[...]

  • Page 27

    Content s xxvii Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Config urin g a Rendezvo us Poin t 34-1 0 Manua lly As sign ing a n RP t o Mu lticas t Gr oups 34-1 1 Config urin g Auto-RP 34-12 Config urin g PIMv2 BSR 34-16 Using Aut o-RP an d a BSR 34-2 0 Monitor ing the RP Mapp ing Info rmation 34-21 Troubl eshoo t[...]

  • Page 28

    Cont ent s xxvii i Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Contr ollin g Sou rce Infor matio n th at Yo ur S witch Or iginat es 35-8 Redist ributi ng So urces 35-9 Filt er in g So u rc e-A ct iv e R eq ue s t Mes s ag e s 35-1 1 Contro lling So urce Info rmation t hat You r Swi tch Forwar ds 35 -12 Using a Fi[...]

  • Page 29

    Content s xxix Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Using TDR 36-17 Underst anding TDR 36-17 Running TDR and Dis pl aying the Result s 36-17 Using Deb ug Commands 36-18 Enabli ng Debug ging on a Spe cific Fe ature 36-18 Enabli ng All -System Diagn ostics 36-1 9 Redire ctin g Debu g and Err or Messa ge Ou t[...]

  • Page 30

    Cont ent s xxx Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Copyin g Configur ation Fi les By Usin g FTP B-1 1 Prepa ring to Down load or U plo ad a C onf igurat ion File By Using FT P B-12 Download ing a Con fi gurati on File By Us ing FTP B-13 Uploadi ng a Conf igurat ion File By Using FTP B-14 Copyin g Configur[...]

  • Page 31

    Content s xxxi Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 IGMP Snoopi ng Commands C-2 Unsuppor ted Globa l Conf ig uration Commands C-2 Inter face Comma nds C-3 Unsuppor ted Priv ileged EXEC Command s C-3 Unsuppor ted Globa l Conf ig uration Commands C-3 Unsuppor ted Inte rfac e Con figurat ion Co mma nds C- 3 I[...]

  • Page 32

    Cont ent s xxxii Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Span ning Tre e C-9 Unsuppor ted Globa l Conf ig uration Command C-9 Unsuppor ted Inte rfac e Con figurat ion Co mma nd C-9 VLAN C-10 Unsuppor ted Globa l Conf ig uration Commands C-10 Unsuppor ted User EX EC Commands C-10 I NDEX[...]

  • Page 33

    xxxii i Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Preface Audience This gu ide i s f or t he ne twor king pr ofession al ma na ging the Cisc o Me tro E ther net (ME ) 340 0 Se rie s Ethern et Access switch, hereaft er referr ed to as the swi tc h . Be fo re u s in g th is gu id e, y ou sho ul d h ave experien c[...]

  • Page 34

    xxxiv Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Preface Related Publi ca tions Inter acti ve exampl es use these con ventio ns: • T erminal sessions and system displays are in screen font. • Informa tio n y ou e nter is in boldf ace sc reen f ont. • Nonpri nting ch aract ers, such a s passwords or tabs , [...]

  • Page 35

    xxxv Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Pre face Obtaining Docume ntation • Cisco Gigabit Ethernet T ransceiver Modules Compat ibility Matrix (not order able but available on Cisco.com) • Cisco 100-Me gabit Etherne t SFP Modules Comp atibility Ma trix (not order able but av a ilable on Cisco.com) •[...]

  • Page 36

    xxxvi Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Preface Docum ent ation Fe edback Nonregistere d Cisco.c om users can order technic al documen tation from 8:00 a.m . to 5:00 p.m. (0800 to 1700 ) PDT by calling 1 86 6 4 63-348 7 in t he U nite d State s and Ca nada , or el sewhere by calling 011 408 519- 5055. Y[...]

  • Page 37

    xxxvi i Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Pre face Ob taining Technical Assistance Reporting Se curity Problems in Cisco P roducts Cisco is committ ed to deli vering secure produc ts. W e test our products internally before we releas e them, and we striv e to correct a ll vulnerabilities quickly . If yo[...]

  • Page 38

    xxxvii i Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Preface Obtain in g Technical Assis ta nce Note Us e t he Ci sco Prod uct Identi fication (CPI ) to ol to loc ate your pr odu ct s er ial n umb er bef ore subm itt ing a web or phon e request for service. Y ou can ac cess the CPI tool fr om the Cisco T echni ca[...]

  • Page 39

    xxxix Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Pre face Ob ta ining Additional Publications and Information Obtaining Ad ditional Public ations and In formation Informa tion ab out Cisco pro ducts, tec hn ologie s, and net wor k solutions is available from various onlin e and printe d source s. • Cisco Ma rk[...]

  • Page 40

    xl Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Preface Obtainin g Addi ti ona l Publicat io ns and Info rmatio n[...]

  • Page 41

    C HAPTER 1-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 1 Overview This chap ter pro vides these topics about the Cis co Metro Ether net (ME) 3400 Series Ethernet Access switch software: • Feat ures , page 1- 1 • Defa ult Settings After In itial Swi tch Conf iguration, page 1-8 • Network Configu ratio n Ex[...]

  • Page 42

    1-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Feature s The swi tch h as thes e featu res: • Performa nce Feat u res, pa ge 1- 2 • Managem ent Options, page 1-3 • Managea bil ity Featu re s, page 1- 3 (inc ludes a feat ure requ iring th e crypto graph ic versions of the software) ?[...]

  • Page 43

    1-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 1 Overview Features • IGMP f ilte ring for con trolling the se t of mu lticast grou ps to which hosts on a swit ch port ca n belong • IGMP throttl ing for conf iguring the actio n when the maximum number of entries is in the IGMP forwarding t abl e • I[...]

  • Page 44

    1-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Feature s • Cisco IOS File System (IFS) for provi ding a single interf ace to all f ile systems that the switch uses • In-band ma nageme nt access fo r up to 16 sim ultaneo us T elnet conn ections for multipl e CLI-base d sessions ove r t[...]

  • Page 45

    1-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 1 Overview Features VLAN Fea tur es • Support fo r up to 100 5 VLANs for assigni ng users to VLA Ns associ ate d with appropr iate network resourc es, tr affic patterns, and band widt h • Support for VL AN IDs in t he f ull 1 t o 4094 r an ge a llowed by[...]

  • Page 46

    1-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Feature s • Configuration file secu rity so that onl y authe nticated and author ized users have access to the configuration file, p r ev enting use rs fr om acce ssing the configu ratio n file by using the p assword recovery process • Mu[...]

  • Page 47

    1-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 1 Overview Features • W e ighted tail d rop ( WTD) a s the conge stion- av oidance m echanis m for mana ging the que ue le ngths and providi ng drop pre cedenc es for differen t traffic classifications • T ab le maps for map ping DSCP , CoS, and IP prec [...]

  • Page 48

    1-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Default Set t ings After I nit i al Switch Conf iguratio n • Protocol-Inde pendent Multicast (PI M) for multicast routing within the network, allo wing for de vices in the netw ork to recei ve the multicast feed requested an d for switches [...]

  • Page 49

    1-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 1 Overview Default Settings After Initial Switch Configuration If you d o not c onfi gure the switch a t all, the Cisc0 ME 3 400 switch oper ates with the def ault se ttings sho wn in Ta b l e 1 - 1 . T able 1 -1 Def ault Settings Aft er Initial S witc h Con[...]

  • Page 50

    1-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Default Set t ings After I nit i al Switch Conf iguratio n T unneli ng • 802.1Q tu nne ling (re qu ire s metro I P acc ess or m etro ac cess imag e) Disabled Chapter 13, “ Configuring IEEE 802.1Q and La yer 2 Pr otoco l T unnel ing” ?[...]

  • Page 51

    1-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 1 Overview Network Configuration Examples Network Config uration E xamples This se cti on pr ovides ne twork co nfiguration c once pts and inc lude s examples of using th e s wit ch to creat e dedica ted network segment s and int erconne ctin g the segment [...]

  • Page 52

    1-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex ample s denial -of -service attac ks are a vo ided. T he Cis co ME swit ch als o pro vides mecha nisms such as p ort securi t y and IP Sour ce Guar d to pro tect again st MAC or IP spoofing. By usin g advanced acc[...]

  • Page 53

    1-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 1 Overview Network Configuration Examples Layer 2 VPN Application Enterprise c ustomers need n ot only high band width, b ut also the a bility to e x tend their pri vate ne twork across the s ervice p rovider’ s shared infrastructure. W ith Ethernet in th[...]

  • Page 54

    1-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Netwo rk Conf igurati on Ex ample s Multi-VRF CE Application A VPN is a collect ion of si tes sharing a common r outing tab le. A custo mer site is c onnected to the service -pro vider netw ork by one or more interf aces, an d the servic e p[...]

  • Page 55

    1-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 1 Overview Where t o Go Next Where to Go Next Before conf iguring the switch, re vie w these sections for startup informatio n: • Chapter 2, “Us ing the Comm and-Li ne Inter fa ce” • Chapter 3, “ Assigning the Switch IP Address and Def ault Gate w[...]

  • Page 56

    1-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Ch ap ter 1 Ov er vi ew Where to Go Nex t[...]

  • Page 57

    C HAPTER 2-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 2 Using the Command-Line Interface This c hapte r descr ibes t he Cisc o IOS comm and-li ne in terface ( CLI) and how to use it to configure your Cisco ME 3400 Eth ernet Acc ess switch. It con tains these sec tions: • Understa nding C ommand Mo des, pa ge[...]

  • Page 58

    2-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Unders tan ding Comm and Mode s For more detail ed info rmat ion on the command mode s, see the c omma nd refe rence g uide for th is re lease . T able 2-1 Command Mo de Summa ry Mod e Acce ss Meth od Promp t Exi[...]

  • Page 59

    2-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 2 Using the Comm a nd-Line In terface Understa nding the Hel p System Understandin g the Help Syste m Y ou can enter a qu es t ion ma rk (? ) at th e s y s tem pr om p t to d is p lay a lis t of co mm an d s a v ailab l e f or eac h comma nd mode . Y ou can [...]

  • Page 60

    2-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Unders tan ding no and de fault Fo rms of Comm ands Understandin g no and def ault Fo rms of Comma nds Almos t e v ery co nf iguration comma nd also has a no form. In ge neral, us e the no form to di sable a feat[...]

  • Page 61

    2-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 2 Using the Comm a nd-Line In terface Using Com mand History Changing the Command Hist ory Buffer Size By default, the switch records ten command lines in its history b uf fer . Y ou can alter this number for a curre nt term inal s ession or for all se ssion[...]

  • Page 62

    2-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Using E diting Feature s Using Editing Fea tures This secti on descri bes the ed iting fea tures tha t can help you ma nipul ate the com mand line . It cont ains these sectio ns: • Ena bling and Dis abli ng Ed [...]

  • Page 63

    2-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 2 Using the Comm a nd-Line In terface Using Edit ing Featu res Press Esc Y . Recall the ne xt b uf fer entry . The buf fer co ntains only the last 10 items that you have deleted or cut. If y ou pre ss Esc Y more than ten times, you cy cle to the fi rst buf f[...]

  • Page 64

    2-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Searching and F iltering O utput of show and more Com man ds Editing C ommand Lines that Wrap Y o u can use a w rapa ro und f ea ture for c om mands tha t ext end b eyond a si ngle li ne o n the sc reen . W he n [...]

  • Page 65

    2-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 2 Using the Comm a nd-Line In terface Acce ssi ng th e C L I Accessing the CLI Y o u can ac cess the CL I t hro ugh a c ons ole co nne ctio n, thro ugh T e lnet , or by u s ing th e browser . Accessing the CLI throu gh a Co nsole Conn ection or through Telne[...]

  • Page 66

    2-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 2 Us i ng th e Com ma n d-L i ne In terfa ce Access ing the CLI[...]

  • Page 67

    C HAPTER 3-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 3 Assigning the Switch IP Address and Default Gateway This chap ter de scribe s ho w to creat e the initial s witch conf iguration (for e xampl e, assign ing the switch IP addre ss and defau lt gateway informa tion) fo r the Cisco Metro Ethe rnet (M E) 3400[...]

  • Page 68

    3-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n • Initial izes the fla sh f ile sys tem on the system boar d. • Loads a default operating sy stem softw are image into memory and boot s the switc h. The bo ot loader [...]

  • Page 69

    3-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information These sec tions co ntain this configura tion info rmat ion: • Default Swi tch Informa tion, page 3-3 • Understa nding DHCP- Based Aut oconfiguratio n, page 3-3 • [...]

  • Page 70

    3-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n Figure 3-1 shows th e sequen ce of mess age s that ar e e xchanged betw een the DHCP c lient an d the DHC P server . Figur e 3-1 DHCP Client and Serv er Messag e Exc hange[...]

  • Page 71

    3-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information Configuring DHCP-Based Autoconfiguration These sec tions co ntain this configura tion info rmat ion: • DHCP Serv er Config urati on Guidelin es, page 3- 5 • Configu[...]

  • Page 72

    3-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n If you did no t speci fy t h e configurat i on filename, the TFT P ser ver , or if t he configurat i on file could not be do wnloaded, the switch attempts to do wn load a [...]

  • Page 73

    3-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information Note If the switch is act ing a s the relay de vic e, co nf igure th e int erfac e as a r outed port. Fo r more in formatio n, see th e “Route d Ports” sec tion o n[...]

  • Page 74

    3-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Assign ing Swi tch Info rmatio n After obtaini ng its hostname from the default conf igurati on file or the DHCP reply , the switch reads the con figurat ion f ile that has the sa me name as it s hostname[...]

  • Page 75

    3-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Assigning Switch Information DNS Ser ver Conf iguration The DNS server ma ps the TF TP server name tftpserver to IP addre ss 10. 0.0.3 . TFTP Serve r Conf iguration (on UNIX) The TF TP server base [...]

  • Page 76

    3-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Checking and Saving th e Run ning Confi gura tion T o remov e the switch IP address , use the no ip address interfa ce con figuratio n command . If you are remo ving the address through a T elnet session[...]

  • Page 77

    3-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Chec king and Savin g the Ru nnin g Co nfig ur atio n ! vlan 2,10 ! class-map match-all test1 class-map match-all class2 class-map match-all class1 ! ! policy-map test class class1 police cir perc[...]

  • Page 78

    3-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g th e Startup Config uration session-timeout 120 exec-timeout 120 0 speed 115200 line vty 0 4 password cisco no login line vty 5 15 no login ! ! end T o store t he conf igura tion o r change s [...]

  • Page 79

    3-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Modifying the Startup Configuration Default Boot Configuration Ta b l e 3 - 3 shows the d efault bo ot configu ratio n. Automatically Downloading a Configuration File Y o u can auto matica lly dow[...]

  • Page 80

    3-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Modifyin g th e Startup Config uration Booting Manua lly By default, the swit ch automati cally boo ts; howe ver , you c an configure it to manu ally boot. Beginning in p rivileged EXEC m ode, fo llow th[...]

  • Page 81

    3-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Modifying the Startup Configuration T o return to the default setting, use the no boot system globa l c onfigurat ion com ma nd. Controlling Environment Variables W ith a n orm all y oper at ing s[...]

  • Page 82

    3-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Re load of the S oft w are Image Y o u can c hange t he sett ings of t he environmen t variables by acc essing the boo t load er or by using Cisco IOS comman ds. Under norma l circumstance [...]

  • Page 83

    3-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigni ng the Swi tch IP Addr ess an d Defa ult Ga tewa y Schedul ing a Rel oad of the Sof tware Ima ge Configur ing a Sc he duled Relo ad T o conf igure your switch to relo ad the softw are i mage at a later time, use o ne of th ese co mmands in privile[...]

  • Page 84

    3-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduli ng a Re load of the S oft w are Image Displaying Scheduled Reload Information T o display infor mation ab out a previousl y schedu led reload or to find out if a reload has been sche duled on th[...]

  • Page 85

    C HAPTER 4-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 4 Configuring Cisco IOS CNS Age nts This chap ter des cribes how t o conf igure the Ci sco IOS CNS agents on the Cisco ME 3400 switch. Note For complete confi guratio n informatio n for the Cisco Conf igurati on Engine, see th is URL on Cisco.c om http://ww[...]

  • Page 86

    4-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 4 Configurin g Cisco I OS CNS Agent s Unders tan din g Cisco Conf ig urat ion Engin e Software Figur e 4-1 Configur ation Eng ine Ar chit ectural O vervie w These secti ons cont ain this co nceptu al in forma tion: • Configuration Ser vice , pa ge 4 -2 ?[...]

  • Page 87

    4-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 4 Configuring Cisco IOS CNS Agen ts Understanding Cisco Configuration Engine S oftware Event Servic e The Ci sco C onfigur ation E ngine uses t he Event Se rv ice f or re ceipt an d g en erati on of c on figurati on e ven ts. The e v ent agent is on the swit[...]

  • Page 88

    4-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 4 Configurin g Cisco I OS CNS Agent s Unders tan din g Cisco Conf ig urat ion Engin e Software DeviceID Each co nfigured swit ch parti cipati ng on the ev ent bus has a unique D eviceID, which is a nalogou s to the switch source ad dress so that the switch [...]

  • Page 89

    4-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 4 Configuring Cisco IOS CNS Agen ts Understanding Cisco IOS Agents Understandin g Cisco IOS Age nts The CNS e vent agen t feature allo ws the swit ch to publish and sub scribe to ev ents on the e vent b us and works with the Cisc o IOS agent. Th e Cisco IOS [...]

  • Page 90

    4-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 4 Configurin g Cisco I OS CNS Agent s Configuring Cisco I OS A ge nts Incremental (Partial) Configur ation After t he ne twork is r unn ing, new serv ice s c an b e adde d by usi ng t he Cisc o IOS a gent . In cr em en tal (partia l) co nfigurations can be [...]

  • Page 91

    4-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 4 Configuring Cisco IOS CNS Agen ts Configuring Cisco IOS Agents Note For more informatio n about running the setup program and cr eating templates o n the Configurat ion Engine , see the Cisc o Configuration En gine Inst allat ion and Setup G uide, 1.5 for [...]

  • Page 92

    4-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 4 Configurin g Cisco I OS CNS Agent s Configuring Cisco I OS A ge nts Enabling th e CNS Ev ent Agent Note Y ou mus t enabl e the CNS e vent agent on the switch before you en able the C NS con figu ration agent. Beginn ing in pri vilege d EXEC mode, follo w [...]

  • Page 93

    4-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 4 Configuring Cisco IOS CNS Agen ts Configuring Cisco IOS Agents Enabling th e Cis co IOS CNS Ag ent After enabling the CNS e vent agent, start the Cisco IOS CNS a gent on th e switch. Y ou can enab le the Cisco IOS ag ent with the se commands : • The cns [...]

  • Page 94

    4-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 4 Configurin g Cisco I OS CNS Agent s Configuring Cisco I OS A ge nts Step 7 cn s id interfac e num { dns-re verse | ipaddress | mac-addr ess } [ ev en t ] or cns id { hardware -serial | hostname | string string } [ eve n t ] Set th e uni qu e EventI D or [...]

  • Page 95

    4-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 4 Configuring Cisco IOS CNS Agen ts Configuring Cisco IOS Agents T o disab le the C NS Cis co IOS agent, use t he no cns conf ig initial { ip-address | hostname } global configurati on comm a nd. This e xample sho ws ho w to configure an in itia l co nf igu[...]

  • Page 96

    4-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 4 Configurin g Cisco I OS CNS Agent s Displaying CNS Con figuration Displaying CNS Confi guration Y o u can use the privileged EXE C command s in Ta b l e 4 - 2 to displa y CNS c onfiguratio n in forma tion. T able 4-2 Displa ying CNS Co nfiguratio n Comma[...]

  • Page 97

    4-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 4 Configuring Cisco IOS CNS Agen ts Displaying CNS Configuration[...]

  • Page 98

    C HAPTER 5-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 5 Administering the Switch This chap ter describ es how to perform one-ti me operat ions to admini ster the Cisco M E 3400 Ethe rnet Access switch. This chap ter cons ists of th ese sectio ns: • Managin g the System Time and Da te, pa ge 5-1 • Configuri[...]

  • Page 99

    5-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Understand ing the S ystem Clock The heart o f the time serv ice is the system clock. This cl ock runs from th e moment the syste m starts up and keeps tra ck of the da te and tim e. The sy stem [...]

  • Page 100

    5-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Cisco’ s impleme ntation of N TP does not su pport stra tum 1 serv ice; it is not po ssible to connect to a radio or atom i c clock. W e re comme nd that t he ti me servic e for y our [...]

  • Page 101

    5-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Configuring NTP The switc h does not have a hardware-sup ported clo ck and cann ot function as an NTP maste r clock to which p eers syn chronize themselv es when an e xternal NT P source is not a[...]

  • Page 102

    5-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Configuring NTP Authentication This proced ure mus t be coordinat ed with the ad ministr ator o f the N TP ser ver; the i nformation you co nf igu re in this procedure must be matched by[...]

  • Page 103

    5-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Configuring NTP Associations An NTP associat ion can be a pe er asso cia tio n (this swi tch ca n eit her sync hroni ze to th e othe r device or allow the other device to sync hronize to it), or [...]

  • Page 104

    5-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Configuring NTP Broadcast Service The co mmunic ations bet ween devices run ning NTP (k nown as associations ) are us ually statically configured ; each device is giv en th e IP addresse[...]

  • Page 105

    5-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the Syste m Time and Date Beginning in privileged EXEC mode, follow these st eps to co nfigure the switc h to rec eiv e NTP broa dcast packets from c onnect ed peers: T o disable an interface fro m receiv ing NTP broadcas[...]

  • Page 106

    5-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Creating an Access Gro up and Assigni ng a Basic IP Access List Beginn ing in pri vilege d EXEC mode, follo w these steps to contro l access to NTP services b y using access lists: The a[...]

  • Page 107

    5-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the Syste m Time and Date T o remov e access control to the sw itch NTP servi ces, use the no ntp access-gr oup { query-only | serve -only | serve | peer } global con figuration com mand. This e x ample sho ws how to co [...]

  • Page 108

    5-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e The specif i ed interface is u sed for the sour ce address for all pack ets sent to all destinations. If a source addr ess is to be used f or a specif ic association, use the source ke [...]

  • Page 109

    5-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the Syste m Time and Date This example shows ho w to manually set the system cl ock to 1:32 p.m . on July 23, 2001 : Switch# clock set 13:32:00 23 July 2001 Displaying the Time and Dat e Configuration T o display the tim[...]

  • Page 110

    5-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Mana gi ng th e S y stem Tim e an d Da t e Configuring Summer Time (Daylight Saving Time) Beginning in pr ivileged EXEC mode, fo llow these steps t o co nfigure summer time (dayligh t saving time) in areas wh ere it starts an d [...]

  • Page 111

    5-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Configur ing a Sys tem Nam e and Prompt Beginning in privileged EX EC mode, fol low these steps if summ er time in your area do es not follow a recurr ing patt ern (con figure the exact dat e and time of the next summer tim e ev e[...]

  • Page 112

    5-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Confi guring a S ystem Name an d Prompt These sec tions co ntain this configura tion info rmat ion: • Default Syste m Name and Prom pt Configuration , page 5-15 • Configuring a Syste m N ame , page 5-15 • Understa ndin g D[...]

  • Page 113

    5-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Configur ing a Sys tem Nam e and Prompt These sec tions co ntain this configura tion info rmat ion: • Default DN S Configuration, page 5-16 • Setting Up DNS, pag e 5-16 • Displayin g the DNS Configurat ion, page 5-1 7 Defaul[...]

  • Page 114

    5-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Creat ing a Bann er If you u se t he switc h IP ad dress a s its hostnam e, the IP a ddress i s used and no DNS query oc curs. I f you configure a ho stname that contai ns no periods (.), a period foll owed by the defaul t domai[...]

  • Page 115

    5-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Creating a Banner Configurin g a Mess age-of-the -Day Log in Bann er Y ou can create a sin gle o r mult ilin e m essage ban ner tha t a ppea rs on th e scr een when so meo ne lo gs in to the switch. Beginning in privileged EX EC m[...]

  • Page 116

    5-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Managin g the MAC Addre ss Table Configurin g a Login B anner Y o u can co nfigure a log in banne r to be displ aye d on all conn ec ted ter mina ls. T hi s bann er ap pear s a fter the M O TD ba nn er a nd befo re the lo gin pr[...]

  • Page 117

    5-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the MAC A ddre ss Table These sec tions co ntain this configura tion info rmat ion: • Building the A d dress T able, pa ge 5 -20 • MA C Addres ses an d VLAN s, page 5-20 • Default MAC Address T able Configuratio n,[...]

  • Page 118

    5-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Managin g the MAC Addre ss Table If the switch is runnin g the metro IP acc ess or metr o acces s image, you can disabl e MA C address learnin g on a per-VLAN basis. Customers in a servic e provider network ca n tunnel a large n[...]

  • Page 119

    5-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the MAC A ddre ss Table Beginn ing in pr iv ileged EXEC mode, follo w thes e steps to conf igure the dynamic a ddress table aging time: T o return to th e default v alue, use t he no mac addr ess-table aging-time global [...]

  • Page 120

    5-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Managin g the MAC Addre ss Table Beginning i n privileged E X EC mo de , follow these s teps to c on figure th e switc h t o send M A C a ddress notif ication traps to an NMS host: Command Purpos e Step 1 configur e terminal Ent[...]

  • Page 121

    5-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the MAC A ddre ss Table T o disable the sw itch from se nding MAC address notificati on traps, use th e no snmp-ser ver ena ble traps mac-notification global con f igura tion co mman d. T o disable the M A C address noti[...]

  • Page 122

    5-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Managin g the MAC Addre ss Table Beginning i n privileged EX EC mo de , follo w these steps to add a static address: T o remove st at ic en tr i es fr om t he a ddr es s t abl e, u se th e no mac address-t able static mac-addr v[...]

  • Page 123

    5-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the MAC A ddre ss Table • If you add a uni cast MA C address as a static address and con figure u nicast MA C address filte ring, the switc h eithe r add s the MA C address as a static ad dress or dr ops pa ck ets with[...]

  • Page 124

    5-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Adminis ter ing the Switch Managin g the MAC Addre ss Table Foll ow these gui delines when d isabling MA C address le arning on a VLAN: • Disabling MA C addre ss learni ng on a VLAN is suppor ted onl y if the switc h is runn ing the m etro I P acce ss o[...]

  • Page 125

    5-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 5 Administering the Switch Managin g the ARP Table Displaying A ddress Table Entries Y o u can displa y the MAC address table by using one or more of the privileged EXE C command s describe d in Ta b l e 5 - 4 : Managing the ARP Ta ble T o communi cate wi t[...]

  • Page 126

    C HAPTER 6-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 6 Configuring SDM Templates This chapte r describes ho w to conf igure the Switch Data base Management (SDM ) templates on the Cisco ME 3400 Ether net Access switch. SDM template configu ration is supported only wh en the switch is runni ng the metro IP acc[...]

  • Page 127

    6-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 6 Configuring SDM T emplates Conf igu rin g th e Swi tch SDM T empl ate Ta b l e 6 - 1 sho ws the approxim ate number of each resourc e supported in e ach of the two te mplates for a switch r unning the metro IP access image. The v alues in the te mplate are[...]

  • Page 128

    6-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 6 Configuring SD M Te mplates Config uring t he Swit ch SDM Te mplate • Do not use the def ault tem pla te if you do not ha ve routing enabled on you r switc h. The sdm pr efer default global c onfigu ration c omma nd prevents other f eature s f rom u sing[...]

  • Page 129

    6-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 6 Configuring SDM T emplates Display ing the SDM Tem p lates This e x ample sho ws how to conf igure a switch w ith the layer -2 templa te. Switch(config)# sdm prefer layer-2 Switch(config)# end Switch# reload Proceed with reload? [confirm] Displaying the SD[...]

  • Page 130

    C HAPTER 7-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 7 Configuring Switch-Based Authentication This chapte r describes ho w to conf igure switch-b ased authentica tion on the Cisco ME 3400 switch. This chap ter cons ists of th ese sectio ns: • Pre ve nting Unauthorized Acc ess to Y our Switch, page 7-1 • [...]

  • Page 131

    7-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Protecting Access to Privileged EXEC Command s A simpl e way of p rovidin g te rmi nal acces s c ontr ol i n you r netwo rk i s to use p ass words a nd as sign privile[...]

  • Page 132

    7-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds Setting o r Changin g a Static Enab le Pa ssword The en able password control s access to the privileged EXEC mode. Beginning in privileged EXEC mode, follo[...]

  • Page 133

    7-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Protecting En able and E nable Secre t Passw ord s with Enc ryption T o provide an additiona l layer of security , particul arly for passwords that cross the netw ork [...]

  • Page 134

    7-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds If bo th the en able and e nable sec ret pas sword s are de f ined, us ers must enter th e enable s ecret p asswo rd. Use th e level keyword to define a pas[...]

  • Page 135

    7-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds T o re-ena ble pa ssword r ecovery , us e th e service pass word- reco v ery global con figuration com mand. Note Disabling password recov ery will not w ork if you ha[...]

  • Page 136

    7-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds Configuring Us ername and P assword Pairs Y o u can co nfigure usernam e and password pairs, wh ich are loca lly stored on the switc h. These pa irs are ass[...]

  • Page 137

    7-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Protecting A ccess to Privileged EXE C Comman ds Configuring Multiple Privilege Level s By default, the Cisco IO S software has two modes of passwor d security: use r EXEC and privileged EXEC. Y ou ca n configure up [...]

  • Page 138

    7-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Prote c ting Acce ss t o Priv i lege d EX EC Co mman ds When y ou set a command to a pr i vile ge le vel, all co mmands whose s yntax is a subs et of th at com mand are al so set to th at le vel. For exa mple, if[...]

  • Page 139

    7-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ Logging into and Exiting a Privilege Level Beginn ing in pri vile ged EXEC mode, f ollo w these steps to log in to a s pe cif ie d p ri vi l e ge l e ve l and to e x i t to [...]

  • Page 140

    7-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Figur e 7 -1 T ypical T ACA CS+ Netw or k Conf igur ation T A CAC S+, adm inistered thro ugh the AAA se curity services, can p rovid e these services : • Authent ication?[...]

  • Page 141

    7-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ TACACS+ Ope ration When a use r attempts a sim ple ASCII login by authent icating to a switch using T A CA CS+, this process occurs: 1. When th e connection is establishe d,[...]

  • Page 142

    7-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ Configuring TACACS+ This se ction de scri bes how to c onfigure yo ur swi tch to su ppo rt T A CA C S+. A t a m i nimu m, yo u must identify the host or hosts maintainin g [...]

  • Page 143

    7-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ Beginn ing in pr iv ileged EXEC mode, f ollo w these steps to identify the IP host o r host m aintaining T A CA CS+ server and opt ionall y set the encr yption key: T o remo[...]

  • Page 144

    7-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ authe nticate users; if that m ethod fails to resp ond, the software selects the next a uthenti cation m ethod in the method list. This process contin ues until there is su[...]

  • Page 145

    7-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controlling Sw itch Acce ss w ith TACACS+ T o disa ble A AA, u se t he no aaa new-model glo bal co nfigurat ion co mma nd. T o disa ble A AA authenti cation, use th e no aaa aut hent ica tion l ogin { default | list[...]

  • Page 146

    7-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with TACACS+ T o disable au thoriz ation , use t he no aaa aut horizati on { network | exec } method1 gl obal c onfigurat ion comm an d. Starting TACACS+ Accounting The AA A accou nting[...]

  • Page 147

    7-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Controlling Switch Access with RADIUS This secti on descri bes how to enable and co nfigure the RAD IUS, which provides detai led accou nting inform ation a nd flexible ad [...]

  • Page 148

    7-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS RADIUS is not suitable in these netw ork security situations: • Multipr otocol acce ss en vironmen ts. RADIUS do es not supp ort AppleT alk Remote Access (A RA), NetBI OS [...]

  • Page 149

    7-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Configuring RADIUS This se ctio n de scri bes how to c onfigure yo ur sw itch to su ppo rt R ADI US. At a mi nim um, y ou mus t identify t he host or host s that ru n the R[...]

  • Page 150

    7-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Y ou identify RADIUS security ser vers by the ir hostname or IP address, host name and specif ic UDP port numbers, or their I P addre ss and specific UD P port num bers. The[...]

  • Page 151

    7-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Step 3 radius-server host { hostname | ip-addr ess } [ au th-p ort por t-n umbe r ] [ acct-po rt port-n umbe r ] [ timeout second s ] [ retr ansmit r etries ] [ key str ing[...]

  • Page 152

    7-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o remove th e specifie d RADIUS server , use the no radius-serv e r host hostname | ip- address global configurati on comm a nd. This exampl e sho ws ho w to conf igure on[...]

  • Page 153

    7-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Beginn ing in pri vilege d EXEC mode, follo w th ese steps to conf ig ure login authenticat ion. This procedu re is re quir ed. Comma nd Pu rpos e Step 1 conf igure t ermin[...]

  • Page 154

    7-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o disa ble A AA, u se t he no aaa new-model glo bal co nfigurat ion co mma nd. T o disa ble A AA authenti cation, use th e no aaa aut hent ica tion l ogin { default | list[...]

  • Page 155

    7-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Be ginning in pri v ile ged EXEC mode, fo llo w these step s to def ine the AAA ser ver group and associate a particula r RADIUS serve r with it: Comma nd Pu rpos e Step 1 [...]

  • Page 156

    7-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS T o remove th e specifie d RADIUS server , use the no radius-serv e r host hostname | ip- address global configurati on comm and. T o remove a server group fro m the configu[...]

  • Page 157

    7-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS Beginn ing in pri vile ged EXEC mo de, follo w these ste ps to specif y RADIUS author ization for privile ged EXEC a cce ss an d n etwor k ser vi ces: T o disable author iz[...]

  • Page 158

    7-29 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring Settings for All RADIUS S ervers Beginning i n privileged E X EC mo de , follow these s teps to c on figure gl obal com mun ica tion sett ings between the switch[...]

  • Page 159

    7-30 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Switch A cce ss wit h RA DIUS For ex ample, this A V pair acti vates Cisco’ s mul tiple named ip addr ess pools featur e during IP authorization (during PPP IPCP add ress assignment): cisco-avpair= ?[...]

  • Page 160

    7-31 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with RADIUS Configuring the Switch for Vendor-Proprietar y RADIUS Server Communication Although an IET F draft stand ard for R ADI US specifies a m ethod f or co mmunic ating vendor-pro[...]

  • Page 161

    7-32 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Sw itch Acce ss with Kerb eros Controlling Switch Access with Kerberos This sec tion describ es ho w to enab le and c onfi gure the Ke rberos sec urity system, wh ich auth enticates requests fo r networ[...]

  • Page 162

    7-33 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos This soft ware rel ease sup port s Kerberos 5, w hich a llows organizatio ns that are alr eady using Kerberos 5 to use the same K erberos au thenticatio n database on the [...]

  • Page 163

    7-34 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Controllin g Sw itch Acce ss with Kerb eros Kerberos Operation A K erb eros serv er can be a Cisc o ME sw itch that is co nf igu red a s a netw ork securi ty se rv er an d that ca n authe nticat e remote use rs by u[...]

  • Page 164

    7-35 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Controlling Switch Access with Kerberos Authenticating t o a B oundary S witch This se cti on de scri bes t he first laye r of se cu rity t hroug h w h ich a re mo te u ser must p ass. T he use r mu st fi rst au[...]

  • Page 165

    7-36 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Configur ing the Switc h fo r Local Au thentica tion and A uthorizat ion Configur ing Ke rber os So that remo te u ser s can a uthenticate to netw ork serv ices, y ou m ust co nf igure the hosts and the KDC in the K[...]

  • Page 166

    7-37 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o disa ble A AA, u se t he no aaa new-model glo bal co nfigurati on comm a nd. T o disa ble aut hor izat ion, use the no aaa autho rizat ion { network | exec } method1 g[...]

  • Page 167

    7-38 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l Understand ing SSH SSH is a pr otocol that p rovides a s ecur e, rem ote co nnection to a device. SSH provi des more securi ty for remote connec tions th an T elnet d[...]

  • Page 168

    7-39 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell Configuring SSH This section has this conf igurat ion information: • Configuration Gu idelines, page 7-39 • Setting Up the Swi tch to Run SSH, pa ge 7-39 (required) ?[...]

  • Page 169

    7-40 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l T o delete the RSA ke y pair , use the cr ypto k ey zer oiz e rsa global configur ati on c om mand. A fte r t he RSA ke y pair is deleted, the SSH serv er is automati[...]

  • Page 170

    7-41 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuri ng Sw itch-Ba sed Auth entication Configuring the Switch for Secure Shell T o return to the def ault SSH contr ol paramete rs, use the no ip ssh { tim eout | authenti cation- ret ries } global configurat ion comm and. Displaying th e SSH Co nfig[...]

  • Page 171

    7-42 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 7 Configuring Switch-Based Authentication Conf igu rin g th e Swi tch for S ec ure S hel l[...]

  • Page 172

    C HAPTER 8-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 8 Configuring IEEE 802.1x Port-Based Auth enticat ion This ch ap ter desc ribe s how to c onfigure IEEE 8 02.1x por t-ba sed aut hent icat ion on th e Cisco M E 3 400 Ether net Acce ss switch. As L ANs extend to hote ls, airp orts, and corporat e lobbies an[...]

  • Page 173

    8-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Unders tanding IE EE 802.1x Port-Ba sed Au th enticati on These sec tions descr ibe IEE E 802.1x po rt-b ased authe nticat ion: • Device Roles, pa ge 8-2 • Authentic ation Initiat ion and Messag e Ex[...]

  • Page 174

    8-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Underst anding I EEE 8 02.1x P ort-Based Authent ication • Switc h ( edge swi tch or w ireless acce ss point)— control s the physical access to the net work base d on the auth entica tion status of [...]

  • Page 175

    8-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Unders tanding IE EE 802.1x Port-Ba sed Au th enticati on Figur e 8-2 Messag e Exc han g e Ports in Au thorized and Un authorized S tates Depend ing on the sw itch port s tate, the switch can grant a cli[...]

  • Page 176

    8-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Underst anding I EEE 8 02.1x P ort-Based Authent ication If the cl ient is s ucces sf u lly aut he nti cat ed (r ece i ves an Accep t fr am e fr o m the au th en tic atio n serv er), the port s tate cha[...]

  • Page 177

    8-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Unders tanding IE EE 802.1x Port-Ba sed Au th enticati on Y o u can view the A V pai rs that ar e being sen t by the switch by enabl ing the debug radius accounting or debug aaa accounting pri vilege d E[...]

  • Page 178

    8-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Underst anding I EEE 8 02.1x P ort-Based Authent ication Figur e 8-3 Multiple Hos t Mode Exampl e Using IEEE 802.1x with Port Security Y ou can conf igure an IEEE 80 2.1x port with p ort secur ity in ei[...]

  • Page 179

    8-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Unders tanding IE EE 802.1x Port-Ba sed Au th enticati on Using IEEE 802.1x with VLAN Assignment The RADIUS s erv er sends the VLA N assign ment to con fig ure the switch port. Th e RADIUS serv er databa[...]

  • Page 180

    8-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion Configuring IEEE 802.1x Authentication These sec tions co ntain this configura tion info rmat ion: • Default IE EE 8 02. 1x Configura tion, p ag e 8-9 • IEE[...]

  • Page 181

    8-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Configur ing IEEE 802 .1x Authen ticatio n IEEE 802.1x Configuration Guidelines These ar e the IE EE 802.1x authe nticat ion configur ation guideli nes: • When IEE E 802.1 x is enab l ed, port s are a[...]

  • Page 182

    8-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion • Y o u can co nfigure IEEE 802.1x on a private-VLAN por t, but do not configure IE EE 802. 1x with port securi ty on priv ate-VLA N ports. • Befor e globa[...]

  • Page 183

    8-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Configur ing IEEE 802 .1x Authen ticatio n Configuring the Switch-to-RADIUS-Server Communication RADIUS se curity servers are identi fied by their ho stname or IP ad dress, hostname and specific UDP por[...]

  • Page 184

    8-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion T o delete the specif ied RADIUS serv er , use the no ra dius -server hos t { hostn ame | ip-address } global configurati on comm a nd. This exam ple sh ows ho[...]

  • Page 185

    8-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Configur ing IEEE 802 .1x Authen ticatio n Thi s exa mple sho ws ho w to en able pe riod ic re-a uthe nti cation an d set th e numbe r of se conds betwee n re-authe nticat ion atte mpts to 400 0: Switch[...]

  • Page 186

    8-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion Changing the Sw itch-to-Clie nt Retran smission Time The client respon ds to the EAP-request/id entity frame fro m the switch with an EAP-response/i dentity fr[...]

  • Page 187

    8-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Configur ing IEEE 802 .1x Authen ticatio n T o return to the default retransmissio n number , use the no dot1x m ax-req interf ace configu ration comm and. This example shows ho w to set 5 as the numbe [...]

  • Page 188

    8-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Configur ing IEEE 802.1x Auth enticat ion Configuring the Host Mode Beginn ing in pri vilege d EXEC mode, follo w these steps to allo w multiple hosts (clients) on an IEEE 802.1x-au thorized port that [...]

  • Page 189

    8-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Configur ing IEEE 802 .1x Authen ticatio n Configuring IEEE 802.1x Accounting Enabling AAA sy stem accounting wi th IEEE 802.1x acc ounting allo ws s ystem reload ev ents to be sent to the a ccount ing [...]

  • Page 190

    8-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuri ng IEEE 802. 1x Port-Ba sed Auth entication Displayi ng IEEE 802.1x Statistics and Status Displaying IEEE 802.1x Statistics an d Status T o display I EE E 802 .1 x s ta ti stic s fo r a ll port s, use t he show dot1x all statistics privileged EX[...]

  • Page 191

    8-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 8 Configuring IEEE 802.1x P ort-Based Aut hentica tion Displaying IEEE 802.1x St atistics and St atus[...]

  • Page 192

    C HAPTER 9-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 9 Configuring Interface Cha racteristics This ch apter d efines the type s of interfa ces on the Cis co ME 340 0 Ether net Acc ess switch an d desc ribes ho w to conf igure th em. The chapte r consists of these sectio ns: • Understa ndin g I nte rface T y[...]

  • Page 193

    9-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Unders tan ding Inte rfa ce Type s Port-Based VLANs A VLAN is a switched netwo rk that is logically segmented b y function, team, or application, witho ut reg ard to the physic al location of the user s. For more in fo[...]

  • Page 194

    9-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Unde rsta ndi n g In t erf ac e Ty p es Note Whe n you put an int erface that is in Layer 3 mod e into La yer 2 mode, the previous configuration informatio n related to the a ff ected i nterfac e might b e lost, and[...]

  • Page 195

    9-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Unders tan ding Inte rfa ce Type s the y are enabled . Dynamic acc ess ports o n the switch are as signed to a VLAN b y a VLAN Membership Policy Server (V MPS). T he VMPS ca n be a C atalyst 6 500 ser ies switc h; the [...]

  • Page 196

    9-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Unde rsta ndi n g In t erf ac e Ty p es Note En ter ing a no switchport inte rface co nfigu ration command s huts do wn the interf ace and then re-en ables it, which mi ght genera te message s on the device to whic [...]

  • Page 197

    9-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Unders tan ding Inte rfa ce Type s EtherChann el Port Groups EtherC hannel port groups treat multip le switch por ts as one switc h port. Thes e port gro ups act as a single logical por t for high-ba ndwidth c onnectio[...]

  • Page 198

    9-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Using Inte rface C onfigu ration Mo de When the metro IP access ima ge is running on the switch, routin g can be enabled on the switch. Whenever possible, to maint ain high perf ormance , forwardi ng is done by the [...]

  • Page 199

    9-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Using I nterface Configu ration Mode Note Y ou do not n eed to add a s pace betwee n the interf ace ty pe and interf ace number . For exam ple, in the prec ed ing l ine, you can spe cif y eit her fastether net 0 /1 , f[...]

  • Page 200

    9-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Using Inte rface C onfigu ration Mo de When usin g the interf ace range glob al con figuration co mman d, note th ese gui delin es: • V alid entries for port- r ang e : – vlan vlan -ID - vlan-I D , where the VLA[...]

  • Page 201

    9-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Using I nterface Configu ration Mode Configur ing and Us ing Inter f ace R ang e Mac ros Y ou can crea te an inte rface range macr o to aut omatically select a range of i nterf aces fo r conf igur ation. Befo re you c[...]

  • Page 202

    9-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Configuring Ethernet Interfaces • All inter faces defined as in a rang e must be th e same type (a ll Fast Ethern et ports, all Gigabit Ethernet por ts, all EtherChan nel ports, or all VL ANs), b ut you can com b[...]

  • Page 203

    9-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Configur ing Ethernet Int erfaces Default Ethernet Interface Configuration Ta b l e 9 - 1 sho ws the Ethernet inte rface de fault conf iguration for NNIs, and Ta b l e 9 - 2 shows the Ethernet interf ace def ault conf[...]

  • Page 204

    9-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Configuring Ethernet Interfaces Configuring Us er Netwo rk and Netwo rk Node In terfaces By default, all the 10/100 ports on the Cisco ME swit ch are configured as UNIs, and the SFP module ports ar e conf igured as[...]

  • Page 205

    9-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Configur ing Ethernet Int erfaces Beg i n n i ng i n p riv i l e ge d E X E C m o de , fo l low t h e se s te p s t o conf igure the port type on an interface: This e xample shows h ow to change a port from a UNI to a[...]

  • Page 206

    9-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Configuring Ethernet Interfaces Speed and Duplex Configuration Gui delines When configur ing an inte rface spee d and duplex mode , note these guideli nes: • Y o u can co nfigure interface speed on Fast Ether net[...]

  • Page 207

    9-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Configur ing Ethernet Int erfaces Use the no spee d and no duplex interf a ce c onf iguration comman ds to re turn th e inte rface to th e def ault speed and duple x settin gs (autone gotiate ). T o return all interf [...]

  • Page 208

    9-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Configuring Ethernet Interfaces Configuring IEEE 802.3x Flow Control IEEE 80 2.3x f low control e nable s connec ted Ethe rnet ports to contr ol traffic rates d uring co ngesti on by allowing cong ested nod es to p[...]

  • Page 209

    9-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Configur ing Ethernet Int erfaces Configuring Auto-MDIX on an Interface When automatic medium-depen dent interfa ce crosso ve r (auto-MDI X) is enabled on an interf ace, the interf ace automatic ally detects the requi[...]

  • Page 210

    9-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Configuring Ethernet Interfaces This exam pl e s h ows how to en able a ut o -MDI X on a p ort: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no shutdown Switch(config-i[...]

  • Page 211

    9-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Configur ing Layer 3 In ter faces Configuring Laye r 3 Interfa ces The Ci sco 3 400 M E sw itch mu st be runn i ng th e me tro IP acc ess i mage to su pport Lay er 3 i nterfac e s. The Cisco ME switch supports these t[...]

  • Page 212

    9-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Confi guring the S ystem MTU T o remo ve an IP a ddress f rom a n interf ace, u se the no ip address interf ace con fig uratio n command . This exam ple shows how to co nfigure a port as a r oute d port and to a ss[...]

  • Page 213

    9-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Monito rin g and Mai nt aining th e In terfaces Note If Layer 2 Gigabi t Ethern et interf aces are co nfi gured to accept fra mes grea ter than the 10/1 00 interf aces, jumbo fra mes rece iv ed on a L ayer 2 Gigabi t [...]

  • Page 214

    9-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring In te rface Charac teristics Monitoring and Maintaining the Interfaces Monitoring Interface Status Command s entere d at the privileged EXEC pro mpt displ ay info rmati on about th e interfac e, includ ing the ver sions of the softwar e and th[...]

  • Page 215

    9-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 9 Configuring Interface Characteristics Monito rin g and Mai nt aining th e In terfaces Clearing and Resetting Interfaces and Counters Ta b l e 9 - 5 lists the privileged EXEC mode clear commands t hat y ou c an use to cl ear co unte rs and r es et interf a[...]

  • Page 216

    C HAPTER 10-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 10 Configuring Command Mac ros This cha pter d escrib es how to configu re a nd appl y co mm an d m acr os o n th e Cisc o 3400 M E swi tch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d ref[...]

  • Page 217

    10-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 10 Configuring Command Macro s Conf igu rin g Com mand Macr os Configuring Co mmand Macros Y o u can cre ate a new com mand macro or use an exist ing mac ro as a te mplat e to cre ate a new macr o that is speci fic to your appli cation. After you create the[...]

  • Page 218

    10-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 10 Configuring Comman d Macro s Conf iguring Command Macros • Some CLI c ommands ar e specif ic to cer tain inte rface types. If a macro is applied to an inter face that does not accept the con fig uratio n, the macr o will fail th e syntax ch eck or the [...]

  • Page 219

    10-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 10 Configuring Command Macro s Conf igu rin g Com mand Macr os Applyi ng C omman d Mac ro s Beginning i n privileged EX EC mode , foll ow these s te ps t o app l y a com mand m acro : Comma nd Pu rpos e Step 1 conf igure t erminal Enter globa l configurati [...]

  • Page 220

    10-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 10 Configuring Comman d Macro s Displaying Command Macros Y o u can del ete a glob al macr o-applie d configurati on on a swit ch only by ente ring the no versi on of ea ch comm and th at is in t he macro. Y ou c an del ete a m acr o-app lied co nfigurati o[...]

  • Page 221

    10-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 10 Configuring Command Macro s Displaying Comma nd Macros[...]

  • Page 222

    C HAPTER 11-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 11 Configuring VLANs This c hapt er d escri b es how to c onfigure norm al -ra nge V LAN s (V L AN IDs 1 to 100 5) and extended-ra ng e VLAN s ( VLA N I Ds 10 06 to 4094) o n th e Cisc o M E 34 00 Ethe rne t A cce ss swi tch . It include s info rmation abo[...]

  • Page 223

    11-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Unders tan ding VLAN s Figure 11-1 shows an exam ple of V L ANs segmented into l ogica lly defined n etwor ks. Figur e 1 1 -1 VLAN s as Logica lly Defined N etwor ks VLANs are of ten assoc iated with IP su bnetw orks. F or ex ample, all[...]

  • Page 224

    11-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Unde rst an din g VLA Ns Supporte d VLANs VLANs are id en tified wit h a num be r fro m 1 t o 4094. V LAN IDs 1 002 thr oug h 1 005 are r es erved fo r T o ken Ring and FDDI VL ANs. VLAN ID s greater tha n 1005 are extende d-range VLAN[...]

  • Page 225

    11-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Unders tan ding VLAN s • Ring number fo r FDDI and T rCRF VLAN s • Pa rent VL AN num ber for T rCRF VLANs • Spanning Tree Protoc ol ( STP) type for TrCRF VLANs • VLAN n umb er to use whe n tra nsla ting f rom o ne V L AN type to[...]

  • Page 226

    11-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Unde rst an din g VLA Ns For more de tail ed definitions of ac cess a nd t runk mo des a nd the ir f uncti ons, se e T able 11-4 on page 11-1 5 . When a port belongs to a VLAN , the switch l earns and mana ges the add resses assoc iate[...]

  • Page 227

    11-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Creating and M odifyin g VL ANs • UNI co mmunity VLAN—Lo cal switchi ng is all ow ed among UNIs on the switc h that belong to t he same UN I commu nity VL AN. If U NIs be long to t he same c ustome r , and y ou want to switch packet[...]

  • Page 228

    11-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Creati ng and Modi fying VLANs These sec tions co ntain VLAN con figuration info rmati on: • Default Eth erne t VLAN Configur ation , page 11-7 • VLAN Co nfigurat ion Gu ide line s, page 11 -8 • Creatin g or Modify ing an Eth ern[...]

  • Page 229

    11-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Creating and M odifyin g VL ANs VLAN Configuration Guidelines Foll ow th ese guidelines when crea ting and modifyi ng VLANs in your netw ork: • The switc h supports 100 5 VLAN s. • Normal -ra nge Eth er net VL ANs a re ide nti fied [...]

  • Page 230

    11-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Creati ng and Modi fying VLANs Creating or Modifyin g an Et hernet VLAN T o access VLAN con fig uration mode, enter the vlan global con figura tio n co mma nd wi th a VL AN ID. Enter a ne w VLAN ID to create a VLAN, or en ter an e x is[...]

  • Page 231

    11-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Creating and M odifyin g VL ANs T o delete a VLAN, use the no vlan vlan -id global con figuration comm a nd. Y ou c annot dele t e VLAN 1 or VLAN s 1002 to 100 5. Cautio n When you delete a VL AN, an y ports a ssigned to th at VLAN bec[...]

  • Page 232

    11-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Creati ng and Modi fying VLANs T o return an interfac e to its default conf igura tion, use the defaul t interface interface-id interface configurati on comm a nd. This exampl e shows ho w to configure a por t as an access por t in VL[...]

  • Page 233

    11-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Creating and M odifyin g VL ANs Configuring UNI VLANs By default , every VLAN co nfigured on t he swit ch i s a U N I iso l ate d VL A N. Y ou c an c ha nge VLA N conf igura tion to that of a UNI community VLAN, a pri va te VLAN. or an[...]

  • Page 234

    11-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Creati ng and Modi fying VLANs Configuring UNI VLANs By def ault, e very VLAN c reated on the switch is a UNI isola ted VLAN. Y ou can c hange th e conf igura tion to UNI commu nity VLAN or to a pri vate VLAN or RSP AN VLAN. Fo r proc[...]

  • Page 235

    11-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Displa ying VL ANs Displaying VLANs Use the show vlan privi leged EXE C command to display a list of all VLANs on the switch, including extended -range V LANs. Th e displa y includ es VLAN status, port s, and configurat ion inf ormati [...]

  • Page 236

    11-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Config uri n g VL AN Tr unk s • T o enable trunki ng, use the switchport mode trunk interface configurat ion comm and to chan ge the interf ace to a trunk. IEEE 802.1Q Configuration Considerations The IE EE 8 02.1Q tr unk s imp ose [...]

  • Page 237

    11-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configur ing VLAN Trunk s Default Layer 2 Ethernet Interface VLAN Configuration T ab le 11-5 shows th e de fault Lay er 2 E ther ne t i nte rface VLA N co nfigurat ion. Configuring a n Ethern et Interface as a Trunk P ort These sec tio[...]

  • Page 238

    11-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Config uri n g VL AN Tr unk s Configuring a Trunk Port Beginning i n privileged EX EC mode , foll ow these s te ps t o con figure a port as an IE EE 80 2. 1Q trunk p ort: T o return an interfac e to its default conf igura tion, use th[...]

  • Page 239

    11-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configur ing VLAN Trunk s Note VLA N 1 is the default VLAN on all trunk ports in all Cisco sw itches, an d it has previously been a requir ement tha t VLAN 1 always be ena bled on every trunk link. Th e VLA N 1 minimi zation fe ature a[...]

  • Page 240

    11-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Config uri n g VL AN Tr unk s Configuring the Native VLAN for Untagged Traff ic A tru nk por t configu red w it h IE EE 80 2.1Q ta gging c an r ece ive both tag ge d and un tag ged tr affic. By def ault, the switch forw ards untagge d[...]

  • Page 241

    11-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configur ing VLAN Trunk s Load Sharing Using STP Port Priorities When two ports on the same switch form a l oop, the switch use s the STP port priori ty to decide which port is enab led an d which port is in a blocki ng state. Y ou ca [...]

  • Page 242

    11-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Config uri n g VL AN Tr unk s Follow the same steps on Switch B to configure the trunk port for T run k 1 with a spanni ng-tree port priorit y of 16 for VLA Ns 8 through 10 , and the co nfigure tr unk port for T runk 2 with a spa nnin[...]

  • Page 243

    11-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configur ing VLAN Trunk s Beginn ing in pri vileged EXEC mode, follo w these steps to conf igure th e netw o r k sho wn in Figure 11 -4 : Follow the same steps on Switch B to configure the trunk port for T run k 1 with a pat h cost of [...]

  • Page 244

    11-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Configuring VMPS Configuring VMPS The VL AN Q ue ry Protoc ol (V QP) su ppor ts dy namic -a ccess po rts, wh ich ar e not perma ne ntly a ssi gned to a VL AN , but give VLAN assign me nts b ased on the MAC source a ddress es seen on t[...]

  • Page 245

    11-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configuring VMPS If the sw itch recei ves an a cces s-de nied response from the VMPS, it continue s to block traffic to and from the host MA C address. The switch continues to monito r the packets directed to the port and sends a query[...]

  • Page 246

    11-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Configuring VMPS VMPS Configuration Guidelines These guide li nes and re stric tio ns app l y to dy nami c- acces s port VL AN me mber shi p: • Y o u should configure the VM PS bef ore you configure po rts a s dynam ic- access por t[...]

  • Page 247

    11-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configuring VMPS Configuring Dynamic-Access Ports on VMPS Clients Cautio n Dynamic -acce ss p ort VLA N m em bersh ip i s for e nd stati ons or h ubs c onnec ted to en d sta tions. Connecti ng dynami c-acces s ports to oth er switch es[...]

  • Page 248

    11-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Configuring VMPS Changing the Reconfirmation In terval VMPS clien ts period ical ly reconfirm t he VLA N mem bership in format ion re ceived from the VMPS.Y ou can se t t he nu mb er of m i nute s aft er wh ich rec onfirmat ion occ ur[...]

  • Page 249

    11-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configuring VMPS • VMPS Actio n—the result of t he most recent reco nfir mation atte mpt. A reconf irmation attempt can occur aut omatically when the reconf irmatio n interv al exp ired, or you can for ce it by enter ing the vmps r[...]

  • Page 250

    11-29 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLA Ns Configuring VMPS Figur e 1 1 -5 Dyn amic P ort VLAN M embership Con figur ation Primar y VMPS Ser ver 1 Catalyst 6500 series Secondar y VMPS Ser ver 2 Catalyst 6500 series Secondar y VMPS Ser ver 3 172.20.26.150 172.20.26.151 Catalyst[...]

  • Page 251

    11-30 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 11 Configuring VLANs Configuring VMPS[...]

  • Page 252

    C HAPTER 12-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 12 Configuring Private VLANs This ch apter d escrib es how to configure p riv ate VLAN s on the C isco ME 3400 E thernet Ac cess swit ch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d refere[...]

  • Page 253

    12-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Unders tan din g Pri vate VLANs Types of P rivate VLANs a nd Private-VL AN Ports Pri vate VLANs partition a r egular VLAN do main into subdomains. A su bdomain is represented by a pair of VLANs: a primary VLAN and a secondary VL[...]

  • Page 254

    12-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Privat e VLA Ns Unde rs tan din g Priv at e VLA Ns • Isolate d—A n iso lat ed p ort is a host po rt th at be longs t o an is ola ted seco nda ry V LAN . It has comp lete Layer 2 separation from other ports withi n the sam e priv a te VLAN[...]

  • Page 255

    12-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Unders tan din g Pri vate VLANs IP Addressin g Scheme with Private V LANs Assign ing a separate VLAN to each c ustomer cr eates an ine ff icie nt IP ad dressi ng sch eme: • Assigning a block of add resses to a cu stomer VLAN c[...]

  • Page 256

    12-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Privat e VLA Ns Confi guring P rivate VLANs Private VLANs and Unicast, Broadcast, and Multicast Traffic In re gular VLANs, d ev ices in the same VL AN can com municate with e ach other at t he Layer 2 le v el, b ut de vices connect ed to inte[...]

  • Page 257

    12-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Configur ing Priv at e VLANs • Conf iguring a La yer 2 Inte rface as a Pri v ate-VL AN Promis cuous Por t, page 12 -13 • Mapping Sec on dary VLA Ns t o a Prim ar y VLAN L ayer 3 V LAN Int erface, p age 12-14 Tasks for Config[...]

  • Page 258

    12-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Privat e VLA Ns Confi guring P rivate VLANs Secondary and Primary VLAN Conf iguration Foll ow these gui delines when conf iguring pri vate VLANs: • Y o u use VLA N configur ation m ode to configur e priv ate VLA Ns. For mor e infor matio n [...]

  • Page 259

    12-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Configur ing Priv at e VLANs • When a fra me is Layer 2 fo rwar ded within a pri vat e VLAN, the s ame VLAN map i s a pplied at the receiving and sending side s. When a frame is routed from i nside a pr iv ate VLAN to an exter[...]

  • Page 260

    12-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Privat e VLA Ns Confi guring P rivate VLANs Limitations with Other Features When conf iguring pri v ate VLANs, remember these lim itations with other feat ures: Note In some cases , the conf iguration is accepte d with no erro r mess ages, b [...]

  • Page 261

    12-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Configur ing Priv at e VLANs Configuring and Associating VLANs in a Private VLAN Beginning i n privileged E XEC mo de, foll ow these s teps to c on figure a private VLAN : Note Th e private- vlan co mmand s d o n ot t ake e ffe[...]

  • Page 262

    12-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Privat e VLA Ns Confi guring P rivate VLANs When you as sociate s econdary VLANs with a primary VLAN, note this syntax in format ion: • The seco ndary_vla n_list par ameter canno t contain spac es. It can conta in multiple co mma-separate [...]

  • Page 263

    12-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Configur ing Priv at e VLANs Configur ing a Lay er 2 In ter face a s a P riv ate-V LAN Host P ort Beginning i n privileged E XEC mo de , fol low these s teps t o con figure a Laye r 2 in terfa ce a s a priv a te -VLA N h ost po[...]

  • Page 264

    12-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Privat e VLA Ns Confi guring P rivate VLANs Configur ing a Lay er 2 In ter fac e as a Priv ate- VLAN Prom isc uous P ort Y o u can con figure only NNI s as pr om iscuo us po rts. B eginni ng in pr ivileged EXEC m ode, f ol low these steps t [...]

  • Page 265

    12-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Configur ing Priv at e VLANs Mapping S econd ary VLAN s to a Primary VLAN Layer 3 VLAN Interfa ce If the switch is running the metro IP access image and the priv ate VLAN will be used for inter -VLAN routing, yo u co nfigure a [...]

  • Page 266

    12-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Privat e VLA Ns Monitoring Private VLANs Monitoring Private VLANs T ab le 12-1 shows the pri vileged EXEC commands for monitoring pri vate-VLAN ac tiv ity . This i s a n exam ple of the o utput from t he show vlan private- vlan co mmand : Sw[...]

  • Page 267

    12-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 12 Configuring Private VLANs Monito rin g Private VLAN s[...]

  • Page 268

    C HAPTER 13-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 13 Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling V irtual pri vate ne tworks (VPNs) p rovide en terprise-sc ale connecti vity on a shared infrastruc ture, often Etherne t-based, with the same se curity , prioritizatio n, reliab ility , an d manage[...]

  • Page 269

    13-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Unders tanding IE EE 802.1Q Tunnel in g Custome r traff ic tagged in th e normal way with appropr iate VLAN IDs comes from a n IEEE 802.1 Q trunk port on the custom er device and into a t unnel po[...]

  • Page 270

    13-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Understanding IEEE 802.1Q Tunneling Figur e 13-2 Or iginal (Nor mal), I EEE 802.1Q , and Double-T agg ed Ether net P ac k et F or mats When the pack et enters the tru nk port of the service-pro [...]

  • Page 271

    13-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Configur ing IEEE 802 .1Q Tunnel ing Configuring IEE E 802.1Q Tunneling These sec tions co ntain this configura tion info rmat ion: • Default IE EE 802.1Q T u nneling Configu ration, pa ge 13-4 [...]

  • Page 272

    13-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Configuring IEEE 802.1Q Tunneling These are some wa ys to solv e this p roblem: • Use ISL tru nks betw een core switches in the servi ce-provi der network. Althoug h custome r interfaces conne[...]

  • Page 273

    13-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Configur ing IEEE 802 .1Q Tunnel ing IEEE 802.1 Q Tunn eling and Oth er Featu res Although IEEE 802.1Q tunneling works well for Layer 2 packet switching, there are incompatibilities betwee n s ome[...]

  • Page 274

    13-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Configuring IEEE 802.1Q Tunneling Use the no switchport mode dot1q- tunnel int erface c onfi guration c ommand to return the port to the def ault state of ac cess. Use the no vlan dot1q tag nati[...]

  • Page 275

    13-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Unders tanding L ayer 2 Pro tocol Tunn eling Understandin g Layer 2 Protocol Tun neling Cust omers a t dif ferent si tes c onnect ed acr oss a s ervic e-pro vider netw ork need to use v ario us La[...]

  • Page 276

    13-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Un derstandi ng Layer 2 P rotocol Tun neling Figur e 13-4 Lay er 2 Prot ocol T unneling Figur e 13-5 Lay er 2 Networ k T opolog y withou t Pr oper Con v e r gence In an SP net work, y ou c an u [...]

  • Page 277

    13-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Configur ing Layer 2 Prot oco l Tunne ling For exam ple, in Figure 13- 6 , Customer A has two switc hes in the same VLAN that are connected through the SP network. When th e network tun nels PDUs[...]

  • Page 278

    13-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Configu ring Laye r 2 Protoco l Tunnel ing address. These do uble-ta gged packets have the metro VL AN tag of 40, as well as an inne r VLAN tag (for e xample, VLAN 100). When the double-tag ged[...]

  • Page 279

    13-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Configur ing Layer 2 Prot oco l Tunne ling • The switc h supports P AgP , LA CP , and UDLD tunneling for emula ted poin t-to-poi nt network topologi es. Pr otocol tunnel ing i s disable d by de[...]

  • Page 280

    13-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Configu ring Laye r 2 Protoco l Tunnel ing Use the no l2protocol-tunnel [ cdp | stp | vtp ] int erfac e configura tio n com ma nd t o disa ble prot ocol tunnel ing for one of the Laye r 2 proto[...]

  • Page 281

    13-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Configur ing Layer 2 Prot oco l Tunne ling Switch# show l2protocol COS for Encapsulated Packets: 7 Port Protocol Shutdown Drop Encapsulation Decapsulation Drop Threshold Threshold Counter Counter[...]

  • Page 282

    13-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Configu ring Laye r 2 Protoco l Tunnel ing Use the no l2pr otocol-tunnel [ point-to-point [ pag p | lacp | udld ]] inter fa ce co nf ig urati on com mand to disable po int-t o-point p rotoco l [...]

  • Page 283

    13-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Configur ing Layer 2 Prot oco l Tunne ling Use the no switchport mode trunk , the no udld enable , and th e no channel group channel-gr oup-n umber mo de desirabl e interface con figurat ion comm[...]

  • Page 284

    13-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEE E 80 2.1Q and L ay er 2 Protocol Tun neling Configu ring Laye r 2 Protoco l Tunnel ing Switch(config)# interface gigabitethernet0/2 Switch(config-if)# switchport access vlan 20 Switch(config-if)# switchport mode dot1q-tunnel Switch(confi[...]

  • Page 285

    13-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 13 Configuring IEEE 802. 1Q and Layer 2 P rotocol Tu nneling Monito rin g and Maint ain ing Tunnel ing Statu s Monitoring and Main taining Tun neling Sta tus T ab le 13-2 shows the pri vileged EXEC comma nds for monitoring and maint aining IEEE 802.1 Q and[...]

  • Page 286

    C HAPTER 14-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 14 Configuring STP This chapt er desc ribes how to configure the Sp anni ng T ree Protocol (ST P) on por t-base d VLANs on t he Cisco ME 3 400 Et hernet Access switc h. The swi tch uses the per -VLAN spanni ng-t ree pl us (PVST +) protoc ol based on the IE[...]

  • Page 287

    14-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures • Spanning -Tree Modes and Pr ot ocols, pa ge 1 4-9 • Supporte d Spanning -T ree In stances, pa ge 14-1 0 • Spanning- T ree Interoper ability and Backwar d Compatibility , page 14-10 • STP[...]

  • Page 288

    14-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res Note The switch sends kee paliv e messages (t o ensure the connecti on is up) only on inter faces that do not hav e small form-fa ctor pluggable (SFP) m odules. Spannin g- Tr ee To polo gy and BP DU[...]

  • Page 289

    14-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures • A des ignated switc h for eac h LAN se gment is se lected. The d esignated swi tch incur s the lo west path cost whe n forwardi ng packets from that LAN t o the root switch. Th e port thr ough[...]

  • Page 290

    14-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res Each L aye r 2 inte rface o n a swit ch using spa nnin g tr ee (or on a Cisco M E switc h, e ach Laye r 2 NNI ) exi sts in one of th ese states: • Blocking —The in ter face doe s n ot p artic ip[...]

  • Page 291

    14-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures When t he spanni ng-tree al gori thm place s a Layer 2 spannin g-tre e interf ace in the forwa rding st ate, t his process oc curs: 1. The interf ace is in the liste ning state while spanning tree[...]

  • Page 292

    14-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res Forwarding State A Layer 2 interface i n the forwa rding state forwar ds frames. The inte rface ente rs the fo rwardin g state from the learning st ate. An interf ace in the forw arding state perfo [...]

  • Page 293

    14-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures When t he spann ing-tr ee top ology is calc ulated based on de fault par amete rs, th e pat h bet ween source and destinat ion e nd stati ons in a swit ched ne twork mi ght not be id eal. For inst[...]

  • Page 294

    14-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tanding Spanni ng-Tree Featu res Accelerated Aging to Retain Connectivity The default for aging dy namic addr esses is 5 minu tes, the defaul t setting of th e mac address-table aging-time g lo bal configur ation c om mand. H owev [...]

  • Page 295

    14-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Unders tan ding Spa nni ng-Tree Fea tures Supporte d Spa nning-Tree Ins tances In PVST+ or rapi d-PVST+ mo de, the swi tch suppor ts up to 128 spann ing-tre e instance s. In MSTP mode, the switc h supp orts up t o 16 MST insta nces. The [...]

  • Page 296

    14-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Configuring Sp anni ng-Tree Features These sec tions co ntain this configura tion info rmat ion: • Default Spanni ng-Tree Co nfiguration, p age 14- 11 • Spanning-Tree Co nfiguration Gui del ines[...]

  • Page 297

    14-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Spannin g- Tr ee Co nf igura tion Guideli ne s If more VL A Ns a re de fined th an the re a re s panni ng -tre e i nsta nc es, y ou can en ab le PVST+ or r ap id PVST+ on NNIs in onl y 128 VLANs on[...]

  • Page 298

    14-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Changing the Spa nning-Tree M ode. The sw itch s upports th ree spanning -tree mo des: PV ST+, ra pid PVST +, o r MSTP . By default, the swi tch runs th e rapid PVST+ pr otoc ol o n all N NIs. Begin[...]

  • Page 299

    14-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s T o return to the d efault se tting, use the no spanning-tr ee mode g lobal configurati on comma nd. T o return the NNI to its def a ult spanning-t ree setti ng, u se th e no spanning-t r ee link- [...]

  • Page 300

    14-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Note If your net work consist s of swi tches that both do a nd do not suppor t the extende d system ID, it i s unlikel y that the switc h with the e xtended system ID support will be come the root s[...]

  • Page 301

    14-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Configur ing a Se co ndar y R oot S witch When you con figure a switch as the secondary root, the switc h priori ty is modified from t he default value (32768 ) to 28672. Th e switc h is then likel[...]

  • Page 302

    14-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Beginn ing in pri vileg ed EXEC mode, follo w these steps to confi gure the port prior ity of an NNI. This procedur e is optional. Note Th e show spanning-tree int erface interface- id privileged EX[...]

  • Page 303

    14-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Configuring Path Cost The spanni ng-tr ee path c ost defaul t v alue i s derived from the med ia speed of an i nterface (N NI or port chan nel of mult iple NNI s). If a loop oc curs, spanning t ree[...]

  • Page 304

    14-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res T o return to the default setting, use the no spanning-tr ee [ vl an vl an-id ] co st in terface co nfiguration comman d. For inf ormat ion on h ow to configure lo ad sha ring on t runk po rts by us[...]

  • Page 305

    14-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Configur ing Span ning-T ree F eature s Configuring S pannin g-Tree Timers T ab le 14-4 descr ibes th e timer s that af fect the entire spannin g-tree perfor mance. The sectio ns that f ollow prov ide the c onfi guration ste ps. Configur[...]

  • Page 306

    14-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Confi guring S panni ng-Tree Featu res Configuring the Forwarding -Delay Time fo r a VLAN Beginning i n privileged E XEC mo de , fol low these s teps t o con figure t h e for war ding -de lay ti me for a VLAN. Th is proc edure is opt ion[...]

  • Page 307

    14-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 14 Configuring STP Displaying the Spannin g-Tree Stat us Displaying the Sp anning-Tre e Status T o display th e spannin g-tree stat us, us e one or mor e of the pri vileged EXE C command s in T a ble 14-5 : Y o u can cle ar spanni ng-tree co unters by usin[...]

  • Page 308

    C HAPTER 15-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 15 Configuring MSTP This chapte r describes ho w to config ure the Cisco impl ementation of the IEEE 802.1s Multi ple STP (MSTP) on the Cisco ME 3400 Ethe rnet A ccess swi tch. On the Ci sco ME swi tch, STP is sup ported only on network node interfaces (NN[...]

  • Page 309

    15-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Unders tan din g MSTP Understandin g MSTP MSTP , whi ch uses RSTP for ra pid conver gence, en ables VL ANs to be grouped into a spanni ng-tree instan ce, wi th e ach inst anc e havin g a s pan ni ng-t ree t opol ogy inde pende nt o f oth[...]

  • Page 310

    15-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Unde rsta ndi n g MS TP All MST instances with in the same reg ion share the same protocol timer s, but eac h MST instance has its own topology para meters , such as root switch ID, ro ot path cost, and so fort h. By default, a ll VLANs [...]

  • Page 311

    15-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Unders tan din g MSTP Figur e 15-1 MS T Regions, IST Mas te rs, and the CS T Root Figure 15-1 does n ot sh ow additional MST instance s for eac h region. Note tha t the to pology of M ST instan ce s ca n be di fferent f rom th at o f t h[...]

  • Page 312

    15-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Unde rsta ndi n g MS TP maximu m v alue. When a switch r ecei ves thi s BPD U, i t decr emen ts the r ecei ved rem ainin g ho p coun t b y one and propagate s this v alue as the r emaining hop count i n the BPDUs it generate s. When the [...]

  • Page 313

    15-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Unders tan din g RSTP If all the le gac y switches o n the link are RSTP switches, they c an process MS TP BPDUs as if they are RSTP BPDUs . Therefo re, MSTP swit ches send either a V ersion 0 co nf igurat ion and TCN B PDUs or V e rsion[...]

  • Page 314

    15-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Understa nding RST P T o be consistent with Cisco STP implement ations, this guide docu ments the port state as blo c king instead of discar ding . Designated ports start i n the listening sta te. Rapid Con vergenc e The RSTP provides fo[...]

  • Page 315

    15-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Unders tan din g RSTP The switc h lea rns the link t ype from the por t dup lex mode: a fu ll- dup lex port is consid ered to have a poi nt-to-po int co nnectio n; a half-du plex port is co nsidered to h av e a shared connec tion. Y ou c[...]

  • Page 316

    15-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Understa nding RST P Figur e 15-3 Sequence of Eve nts Dur ing Rapid Con ver gence Bridge Protoco l Data Unit Format an d Process ing The R STP BP DU for mat is th e sam e as t he IEEE 802.1D BPD U fo rmat exce pt tha t th e proto col ver[...]

  • Page 317

    15-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Unders tan din g RSTP The RSTP does not have a separate topol ogy chan ge notificati on (TCN) BPDU . It uses the topology change (T C) flag to sho w the to pology cha nges. Ho wev er , f or interoper ability with 802 .1D switches, th e [...]

  • Page 318

    15-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Confi guring MST P Featu res • Propagat ion—When an RSTP switch re ceives a TC messa ge from anot her switch t hrough a designat ed or r oot por t, it pro pagat es the cha ng e t o al l o f it s non ed ge, d esig na ted por ts a nd [...]

  • Page 319

    15-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Configur ing MSTP F eatures Default MSTP Configuration T ab le 15-3 shows the de fault M ST P configur ation . For informat ion about the suppor ted number of spanning- tree in stance s, see the “Supporte d Spanning -Tree Instan ce s?[...]

  • Page 320

    15-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Confi guring MST P Featu res of the MST regions mu st contain th e CST root, and al l of th e ot her MST r egions must have a better path to the r oot co ntaine d with in t he MST cl oud t han a pat h th rou gh the PVST+ or ra pid- PVST[...]

  • Page 321

    15-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Configur ing MSTP F eatures T o return t o th e default MST r egion configur ation , use the no spanning-tree mst conf iguration global conf iguration c ommand. T o return to the default VLAN-to-instan ce map, use t he no instance insta[...]

  • Page 322

    15-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Confi guring MST P Featu res If an y root switch for the specif ied instance has a switch p riority lo wer than 24576, the switc h sets its o wn prior ity to 4096 less than the lo west switch priority . (4096 is the v alue of t he least[...]

  • Page 323

    15-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Configur ing MSTP F eatures Configur ing a Se co ndar y R oot S witch When you c onfigure a swi tc h wi th the extend ed sys te m ID support as t he se conda ry root , t he sw it ch priorit y is mo dified from t he default value (3276 8[...]

  • Page 324

    15-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Confi guring MST P Featu res Configuring Port Priority If a loop o ccurs, the MST P uses the port prio rity when selectin g an NNI to pu t into the forwardi ng state . Y ou can assig n high er prio rity v alues (lo wer numerica l v alue[...]

  • Page 325

    15-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Configur ing MSTP F eatures Configuring Path Cost The MSTP path cost default va lue is deri ved from the me dia speed of an NNI. I f a loop occu rs, the MS TP uses cost when selecting an interfa ce to put in the forw arding stat e. Y ou[...]

  • Page 326

    15-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Confi guring MST P Featu res Configuring the Switch Priority Y ou can conf igure the switch prior ity and make it more likely that th e switch will be chosen as the root switch. Note Exercis e care when using this comm and. F or mos t s[...]

  • Page 327

    15-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Configur ing MSTP F eatures Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure the hello time for al l MST instances. This pro cedure is optional. T o return the switch to its d ef ault setting , use th e no spannin[...]

  • Page 328

    15-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Confi guring MST P Featu res Configuring the Maxi mum-Aging Time Beginning in privileged EX EC mode, fol low these steps to con figure the maxi mum- aging tim e for all MST inst ance s. This proc edure is optio nal. T o return the switc[...]

  • Page 329

    15-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Configur ing MSTP F eatures Specifying the Link Type to Ensure Rapid Transitions If you con ne ct an NN I to a no ther NN I t hro ugh a po i nt-to- poi nt lin k an d t he lo cal po rt beco me s a designated por t, the RSTP negoti ates a[...]

  • Page 330

    15-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Displaying the MST Configuration and Status T o r e start the prot ocol mi grat ion proc ess on a spe cific inte rface , use the clear spanning -tr ee detecte d-pr otocol s interface in terface-id privileged EXEC c omma nd. Displaying t[...]

  • Page 331

    15-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 15 Configuring MSTP Displaying the MST Configu rat ion and Status[...]

  • Page 332

    C HAPTER 16-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 16 Configuring Optional Spannin g-Tree Features This c hapter descri bes how to con figure opt ional spa nning-t ree f eatures on th e Cisco ME 3400 Eth ernet Access s witch. Y o u can conf igure all of thes e feature s when your s witch is runn ing per -V[...]

  • Page 333

    16-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 16 Configurin g Optiona l Spann ing-Tree Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures Understand ing Port Fa st Port Fast imm ed iately br ings an N NI co nfigured as a n acc ess or tr unk port t o the fo rwarding st ate from a bloc king[...]

  • Page 334

    16-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Understan ding Optio nal Spanni ng-Tr ee Features The BPDU guard feat ure pr ovides a secur e response t o in valid configurati ons becau se you must manually p ut the in terface back in service. Use the BP[...]

  • Page 335

    16-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 16 Configurin g Optiona l Spann ing-Tree Featu res Unders tan ding Opti on al Spann ing -Tree Fe at ures If a switch outside the SP net work beco mes the ro ot switch, t he interf ace is bl ocked (r oot-inconsisten t state), and spannin g tree sele cts a n[...]

  • Page 336

    16-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures Configuring Optio nal Spanning-Tre e Feature s These sec tions co ntain this configura tion info rmat ion: • Default Opt iona l Sp ann ing- Tree Configuratio[...]

  • Page 337

    16-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 16 Configurin g Optiona l Spann ing-Tree Featu res Configur ing Optiona l Spanning- Tree Fea tures Beginn ing in pri vile ged EXEC mode, follo w these steps to enab le Port Fast. Th is procedure is optional. Note Y ou ca n use the spanning-tree portfast de[...]

  • Page 338

    16-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures Cautio n Configure Po rt Fast on l y on N NIs t hat conn ec t to e nd stati ons ; othe rwi se , an a ccide nta l topo lo gy lo op could ca use a data pa cket l[...]

  • Page 339

    16-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 16 Configurin g Optiona l Spann ing-Tree Featu res Configur ing Optiona l Spanning- Tree Fea tures Y o u can also use the spanning-tree bpduf ilter enable inte rface c onf iguration command to enable BPDU filteri ng on any NNI w ithout also enab ling the P[...]

  • Page 340

    16-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 16 Configuring Op tiona l Spa nni ng-Tree Features Configurin g Optional Spanni ng-Tree Fe atures T o disabl e the Ethe rChan nel gu ard f eature, use the no spanning-tre e etherchannel guard misconf ig global configurat ion comm and. Y o u can use th e sho[...]

  • Page 341

    16-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 16 Configurin g Optiona l Spann ing-Tree Featu res Displaying the Spannin g-Tree Stat us Note Y ou canno t ena bl e bo th loo p g ua rd a nd roo t gu ar d at th e sam e t ime . Y o u can en ab le this fea ture if yo ur switc h i s r unn ing PVST +, r ap i[...]

  • Page 342

    C HAPTER 17-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 17 Configuring Flex Link s This cha pter d escrib es how to configure Flex L inks, a p air of i nte rface s o n th e Cisco M E 34 00 sw itch that are used to provide a mutual ba ckup. Thi s featur e is available only when the sw itch is runn ing the metro [...]

  • Page 343

    17-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 17 Configuring Flex Links Configur ing Flex L inks port 2 (the back up link) an d switch C is not for warding tra f f ic. If port 1 goes down, port 2 comes up and starts forwarding traffic to switch C. When port 1 comes ba ck up, it goes i nto standby mod e[...]

  • Page 344

    17-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 17 Configuring Fl ex L inks Configur ing Flex Links • A back up lin k do es not h ave to be the sa me t y pe (Fa st Et hern et , G igabi t E the rne t, or p or t ch an nel) as the a ctive link. Ho wev er , you should conf igure both Fle x Links with simil[...]

  • Page 345

    17-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 17 Configuring Flex Links Monito ring Flex L inks Monitoring Flex Link s T ab le 17-1 shows th e privileged E X EC co mm an d f or m oni tor ing Fl ex Li nk c onfigurat ion . T able 17 -1 Flex Link Monit or ing Command Comma nd Pu rpos e show interf ace [ i[...]

  • Page 346

    C HAPTER 18-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 18 Configuring DHCP Features and IP Source Gua rd This ch apt er descri bes how to configur e DHC P snoopi ng and t he o ption-82 d ata in sertion featu res on the Cisco ME 34 00 Eth erne t A cce ss wi tch. It a lso de scri bes how to c onfigure t h e IP s[...]

  • Page 347

    18-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Unders tan din g D HCP Feature s DHCP Server The DHCP server as signs IP a ddresse s from specified address poo ls on a switch or r outer to DHCP clients a nd manag es them . If the D HCP server ca nnot [...]

  • Page 348

    18-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 18 Configuring DH CP Features and IP Sou rce G uard Understa nding DHCP Fe atures The s witch d rops a DHCP pack et when one of the se si tuations occur s: • A pack et from a DHCP serv er , such as a DHCPOFFER, DHCP ACK, DHCPN AK, or DHCP LEA SEQU ER Y p [...]

  • Page 349

    18-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Unders tan din g D HCP Feature s Figur e 18-1 DHCP Rela y A gent in a Metr opolitan E ther net Netw or k When you ena ble the DHCP snoo ping info rmation option 82 on th e switch, this se quence of eve n[...]

  • Page 350

    18-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 18 Configuring DH CP Features and IP Sou rce G uard Understa nding DHCP Fe atures In the port field of th e circu it ID subopt ion, the port numbers st art at 3. For example , on a switch wi th 24 10/100 p orts and sma ll form-factor pluggable (SFP) module [...]

  • Page 351

    18-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Configur ing DHCP Fe at ures This is the format of the f ile that has the bindings: <initial-checksum> TYPE DHCP-SNOOPING VERSION 1 BEGIN <entry-1> <checksum-1> <entry-2> <chec[...]

  • Page 352

    18-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 18 Configuring DH CP Features and IP Sou rce G uard Config uring DHC P Features Default DHCP Configuration T ab le 18-1 shows the de fault DH CP co nfiguration. DHCP Snooping Configuration Guidelines These ar e the configur ation g uidelin es for DHCP snoo [...]

  • Page 353

    18-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Configur ing DHCP Fe at ures • Before co nfiguring the DHCP sn ooping inf ormatio n optio n on your switch, be sure to configure t he de vice t hat is actin g as the DHCP serv er . F or ex ample, you m[...]

  • Page 354

    18-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 18 Configuring DH CP Features and IP Sou rce G uard Config uring DHC P Features Specifying the Packet F orwarding Ad dress If the D HCP s erver and t he DHCP c lients are on different networ ks or subn ets and the switch i s run ning the metro IP a ccess im[...]

  • Page 355

    18-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Configur ing DHCP Fe at ures Enabling DHC P Snoo ping and Op tion 82 Beginning in privileged E XEC mo de, fol low these s teps t o ena ble DHC P snoo pi ng on the swi tch : Comma nd Pu rpos e Step 1 con[...]

  • Page 356

    18-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 18 Configuring DH CP Features and IP Sou rce G uard Config uring DHC P Features T o di sable DHCP sno oping, use the no ip dhcp snooping glob al con figuration co mman d. T o disabl e DHCP snoo ping o n a VLA N or r ange of VL A Ns, use t he no ip dhcp sno[...]

  • Page 357

    18-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Configur ing DHCP Fe at ures Enabling th e DHCP Sn ooping Bind ing Data base Agen t Beginning in privileged E XEC mo de, fol low these s teps t o ena ble and c onfigure t he D HCP snoo ping binding d at[...]

  • Page 358

    18-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 18 Configuring DH CP Features and IP Sou rce G uard Displaying DHCP Snooping Information Displaying DHCP Snoopi ng Information T o display the DH CP sno opi ng inf orm atio n, use on e or m ore of th e pr ivileged EX EC co mma nds in T ab le 18-2 : Underst[...]

  • Page 359

    18-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Conf igu ring I P Sourc e Guar d Source IP Address Filtering When IP so urce guard is enabled with this option, IP traf f ic is f iltered based on t he source I P address. The sw itc h for war ds IP tra[...]

  • Page 360

    18-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 18 Configuring DH CP Features and IP Sou rce G uard Confi g uring IP S our ce Gu ard IP Source Gua rd Config uration Guidelin es Note IP sour ce guard is supporte d only when the metro ac cess or metro IP access image is running on the switch. These ar e t[...]

  • Page 361

    18-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 18 Configuri ng DHCP Fe atures and IP So urce Gua rd Display ing IP Sou rce Gua rd In formatio n T o disable IP source guard with source IP addr ess f iltering, use the no ip veri fy sou rce interface configurati on comm a nd. T o d ele te a st atic IP so[...]

  • Page 362

    C HAPTER 19-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 19 Configuring Dynamic ARP Insp ectio n This chapt er desc ribes how to configure dynam ic Addr ess Resolu tion Proto col inspec tion ( dynami c ARP inspectio n) on the Cisco ME 3 400 switc h. This f eatur e helps prevent malici ous att acks on the switch [...]

  • Page 363

    19-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Unders tan din g Dynamic ARP Inspec tion Figur e 19-1 ARP Cache P oisoning Hosts A, B, and C are connected to the switch on interfaces A, B and C, all of which are on the same subnet. Th eir IP a nd MAC addresses a [...]

  • Page 364

    19-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 19 Configuring Dy namic A RP In sp ectio n Understandi ng Dynami c ARP Inspect ion Y o u can configure dynamic ARP inspect ion to drop ARP packets when the IP addre sses in the pac kets are i nv a lid or whe n the MAC addresses in t he body o f th e ARP p a[...]

  • Page 365

    19-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Unders tan din g Dynamic ARP Inspec tion Dynamic ARP inspe ctio n e nsure s tha t h osts ( on un truste d in terfa ces) conne ct ed to a sw itch run ning dynami c ARP inspect ion do not po ison the ARP ca ches of ot[...]

  • Page 366

    19-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 19 Configuring Dy namic A RP In sp ectio n Configuring Dynamic ARP Inspection Y o u use the ip arp inspection lo g-buff er global co nfigur atio n c omm and to con figure the numbe r o f entries in the b uf fer and the number of entr ies needed in the speci[...]

  • Page 367

    19-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Insp ect ion Dynamic ARP In spectio n Configuratio n Guidelin es These are the dynamic ARP inspectio n conf iguratio n guideline s: Note This feature is supported only whe n the metr o IP a[...]

  • Page 368

    19-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 19 Configuring Dy namic A RP In sp ectio n Configuring Dynamic ARP Inspection Configuring Dynamic ARP Inspection in DHCP Environments This pro cedure shows how to configure dynamic ARP insp ecti on when two switches supp ort th is feat ure. Host 1 is connec[...]

  • Page 369

    19-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Insp ect ion T o disable dy namic ARP inspect ion, use t he no ip arp inspecti on vlan vlan-range globa l con figuration command. T o return the interf aces to an untrust ed state, use the [...]

  • Page 370

    19-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 19 Configuring Dy namic A RP In sp ectio n Configuring Dynamic ARP Inspection Step 3 permi t ip host sender-ip mac host sende r-mac [ log ] Permi t ARP pack ets fro m th e spec if ied host (Host 2). • For se nder-ip , enter th e IP addres s of Host 2 . ?[...]

  • Page 371

    19-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Insp ect ion T o remov e the ARP A CL, use the no ar p access-list global c onfiguration c ommand. T o remove the ARP A CL attached to a V LAN, use the no ip arp inspecti on filt er arp-a [...]

  • Page 372

    19-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 19 Configuring Dy namic A RP In sp ectio n Configuring Dynamic ARP Inspection For configurat ion gui delines f or ra te limit ing tr unk port s and E therCha nnel ports, see the “Dynamic AR P Inspecti on Configuration G uidelin es” sectio n on page 19 [...]

  • Page 373

    19-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Insp ect ion Perfor ming Valid ation Chec ks Dynami c ARP inspection intercepts , logs, and d iscard s ARP pack ets with in valid IP-to-MA C addres s bindings. Y ou ca n configure the swit[...]

  • Page 374

    19-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 19 Configuring Dy namic A RP In sp ectio n Configuring Dynamic ARP Inspection Configuring the Log Buffer When th e sw itc h d r op s a p ac k e t , i t pl ace s an entry in th e lo g b uf fer and then g en er ates s y stem m es sag es on a ra te-controlled[...]

  • Page 375

    19-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Display ing Dyna mic ARP Insp ectio n In format ion T o return to the default log b uf fer settings , use the no ip arp inspection log-b uffer { entries | logs } global configurati on com mand. T o return to the de[...]

  • Page 376

    19-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 19 Configuring Dy namic A RP In sp ectio n Displaying Dynamic ARP Inspection Information T o clear or display dynamic ARP inspectio n statistics, use the pri vileged EXEC comma nds in T ab le 19-3 : For t he show ip arp inspec tion statisti cs c om mand, t[...]

  • Page 377

    19-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt er 19 Configur ing Dynami c ARP Inspec tion Display ing Dyna mic ARP Insp ectio n In format ion[...]

  • Page 378

    C HAPTER 20-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 20 Configuring IGMP Sno oping an d MVR This cha pt er descr ibes how to configure Inte rnet G roup Ma na gement Pro tocol ( IGMP) snoo ping on th e Cisco ME 3400 Ethernet Access switch, includin g an application of local IG MP snooping, Multicast VLAN Regi[...]

  • Page 379

    20-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Unders tan ding IGM P Snoo ping Note For mor e inf ormat ion on IP m ultica st a nd IGM P , see RFC 11 12 and RFC 223 6. The multica st router sends out periodic gener al queri es to all VL ANs. All hosts intereste d in[...]

  • Page 380

    20-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Note IGM Pv3 join an d leave messages are not suppo rted on switc hes runnin g IGMP filtering or MV R. An IGMPv 3 sw itc h ca n r ece ive messages f rom a nd forwa rd me ssage s to a device [...]

  • Page 381

    20-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Unders tan ding IGM P Snoo ping The switc h hardware ca n distingui sh IGMP in format ion packets fr om other pa ckets for the mu lticast group. T he in format ion in the table te lls the swit ching engine t o send fram[...]

  • Page 382

    20-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Understanding IGMP Snooping Leaving a Multicast Group The router sends periodic multicast general querie s, and the switch forwar ds these queries through all ports in the VLAN. Interested hosts respo nd to the queries[...]

  • Page 383

    20-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Configuring IG MP Sn ooping IGMP Report S uppress ion Note IGMP report suppression is supported only when t he multicast query h as IGMPv1 and IGMPv2 re ports. This fea ture is not supp orted when the query inc ludes IG[...]

  • Page 384

    20-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Enabling or Disa bling IGM P Sn oopin g By default, IGM P snoopin g is globall y enab led on the swit ch. When glob ally en abled or disabled, i t is also enabled or disa bled in all existin g[...]

  • Page 385

    20-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Configuring IG MP Sn ooping Configuring a Multicast Router Port T o add a multicast router p ort (add a static connec tion to a multicast ro uter), us e the ip igmp snooping vlan mrouter global c onfigura tio n com mand[...]

  • Page 386

    20-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Beginn ing in pri vile ged EXEC mode, follo w the se steps to add a Layer 2 port a s a member of a multicast group: T o remov e the Layer 2 port fro m the multicast group , use the no ip igmp [...]

  • Page 387

    20-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Configuring IG MP Sn ooping T o disabl e IGMP Immed iate Lea ve o n a VLAN, use the no ip igmp snooping vlan vlan- id immediate-lea ve global c onfigurati on com mand. This exam ple sh ows how to enab le IG MP Imme dia[...]

  • Page 388

    20-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configur ing TCN-R elated C omman ds These sec tions de scr ibe how to c ont rol flood ed m ult ica st t raffic during a T CN event: • Controlling the Multic ast Floodin g T ime After a TC [...]

  • Page 389

    20-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Configuring IG MP Sn ooping Beginn ing in pri vilege d EXEC mode, follo w these steps to enab le the switch sends the global lea ve message whether or not it is the span ning-t ree root : T o return to the def ault que[...]

  • Page 390

    20-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring IGMP Snooping Configuring th e IGMP S nooping Qu erier Follow these guideli nes wh en configuring t he IGMP snoo ping queri er: • Conf igure the VLAN in glob al conf iguration mode. • Conf igure an IP [...]

  • Page 391

    20-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Configuring IG MP Sn ooping This exam ple sh ows how to set the IGM P sn oop ing q ue rie r s ource a ddre ss to 10 .0. 0.64: Switch# configure terminal Switch(config)# ip igmp snooping querier 10.0.0.64 Switch(config)[...]

  • Page 392

    20-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Displaying IGMP Snooping Information Displaying IGMP Snooping Information Y o u can displ ay I G MP snoo pi ng inf orm ation f or dyn am ical ly l ear ned an d sta ti cal ly c on figured route r ports and V LAN interf[...]

  • Page 393

    20-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Unde rs ta n din g Mu ltic as t V LAN Reg i stra t io n For more inf orm ati on abou t t he keywords a nd option s in the se co mm an ds, se e the com ma nd refe renc e for th is rel eas e. Understandin g Multicast VL [...]

  • Page 394

    20-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Underst anding Multicast VLAN Registration this recei ver p ort and VLAN as a forwar ding destin ation of the specif ied multicast stream wh en it is recei ved from the multica st VLAN. U plink por ts that send and re[...]

  • Page 395

    20-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Conf igu rin g MVR IGMP lea ve was rece iv ed. As soon as the lea ve mes sage is recei ved, the rece i ver po rt is remov ed from multic ast group me mber ship, whi ch speeds up leave laten cy . En able the Imme diate-[...]

  • Page 396

    20-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring MVR MVR Configuration Guidelines and Limitations Foll ow these gui delines when conf iguring MV R: • Receiver ports can onl y be ac c ess ports; they cannot be tr unk p orts. Rece iv er port s on a swit [...]

  • Page 397

    20-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Conf igu rin g MVR T o return the switch to its defa ult settin gs, use the no mvr [ mode | group ip-a dd ress | querytime | vlan ] global configurati on comm ands. This e x ample sho ws how to en able MVR, con fig ure[...]

  • Page 398

    20-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring MVR T o return the interfa ce to its default setti ngs, use the no mvr [ ty pe | immediate | vlan vl an-id | gr oup ] interf ace conf iguration com mands. This exam pl e sh ows how to co nfigure a por t a [...]

  • Page 399

    20-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Disp l ay in g MV R Info rma t ion Displaying MVR Information Y ou can display MVR information for th e switch or f or a spec ifie d interfa ce. Be ginning in pri vilege d EXEC mode, use th e comm ands in Ta b l e 2 0 [...]

  • Page 400

    20-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling IGMP f iltering is applicab le only to the dynamic learnin g of IP multicast group addresse s, not static configurat ion. W ith the IG MP thro t tling fe at ure, yo u ca n s e[...]

  • Page 401

    20-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Con figur ing IGM P Fil ter in g an d Thr o tt li ng • permit : Spec ifie s that matc hing addresses are perm itted. • rang e : Specif ies a ra nge o f IP addre sses for the pr of ile. Y ou can enter a sing le IP a[...]

  • Page 402

    20-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling Applying IGMP P rofil es T o control access as defined i n an IGMP profile, u se th e ip igmp fil ter interfa ce conf iguration c ommand to apply the prof ile to the appropria[...]

  • Page 403

    20-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Con figur ing IGM P Fil ter in g an d Thr o tt li ng Beginning in privileged EX EC mo de, fol low these steps to se t the m aximum nu mber o f IGMP gr oups in the forw ardi ng table: T o remove the maximum gro up limit[...]

  • Page 404

    20-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Sno oping and M VR Configuring IGMP Filtering and Throttling T o prevent the swi tc h f rom r em oving t he for war ding- tab le entr i es, y ou can co nfigure t he IG M P throttlin g action b efore an in terface adds e ntries to the fo[...]

  • Page 405

    20-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 20 Configuring IGMP Snooping and M VR Displaying IGMP Filterin g and Thro tt ling Co nfigurat ion Displaying IGMP Filtering and Throttling Configuration Y o u can di splay IG MP profile cha racter istics, and yo u can di splay the IGMP profile and maximu m[...]

  • Page 406

    C HAPTER 21-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 21 Configuring Port-Base d Traffic Control This chap ter de scribe s ho w to conf igur e the port-b ased tr af fic co ntrol fe atures on the Cisco ME 34 00 Ethernet Access switc h. Note For c omplete s yntax and usag e info rmation for th e com mands us ed[...]

  • Page 407

    21-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Stor m Control Storm contro l use s one o f these metho ds to m easure t raf fic acti vity: • Bandwidth as a perc entage of the tot al av ailable bandwidth of the por t that can be used b y the broad[...]

  • Page 408

    21-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Configuring Storm Control Default Storm Control Configuration By default, unic ast, bro adcast , an d multic ast sto r m contr ol a re di sab led on th e swit ch inter f ac es; that i s, the suppression le ve l i[...]

  • Page 409

    21-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Stor m Control Step 4 sto rm- con tr ol { broadcast | multicast | unicast } le vel { le vel [ lev el-low ] | bps bps [ bps-low ] | pps pps [ pps -lo w ]} Conf igure broadcast , multicast, or unicast st[...]

  • Page 410

    21-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Configuring Protected Ports T o disabl e storm co ntrol, use the no storm-control { broadcast | multicast | unicast } lev el interface configurati on comm a nd. This exa mple shows how to ena ble un icast stor m [...]

  • Page 411

    21-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Protected Po rts Protected Port Configuration Guidelines Y o u can co nfigure prote cted ports on a physic al int erface that is configure d as an NN I (for examp le, Gigabit E the rnet p ort 1) or a n[...]

  • Page 412

    21-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Configuring Port Blocking Configuring Po rt Blocking By default, the swi tch flo ods pa ckets wi th u nknown desti nat ion MAC addresses o ut of a ll po rt s. If unkno wn unicast and multic ast tra f f ic i s for[...]

  • Page 413

    21-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Port Security This e xample shows h ow to block unica st and multicast flooding on a port: Switch# configure terminal Switch(config)# interface fastethernet0/1 Switch(config-if)# no shutdown Switch(con[...]

  • Page 414

    21-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty • Dynam ic secure MA C address es—Th ese are dyn amically co nf igured, stored only in the addre ss tabl e, and r emo ved when the swi tch res tart s. • Stic ky secu re MAC addre[...]

  • Page 415

    21-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Port Security • shutdown—a por t secur ity viola tion c auses the interfac e to beco me er ror-disabled and to s hut down immediatel y , and the port LED tur ns of f. An SNMP trap is sen t, a sysl[...]

  • Page 416

    21-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty • When y ou en te r a maximu m s ecur e a ddress v alue for an in ter f a ce, an d th e n e w valu e i s gr ea ter th an the pre vious v alue, the ne w value o verwrites th e previo[...]

  • Page 417

    21-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Port Security Step 6 switchport port-security [ maximum value [ vlan vlan-list | acces s ] (Opti onal) Set th e maximu m number of se cure MAC addresses for the interfa ce. The ma ximum nu mber of sec[...]

  • Page 418

    21-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty Step 8 switchport port-security [ mac-addre ss mac-ad dr ess [ vlan { vlan-id | { access }}] (Optiona l) En ter a secu re M A C a ddress fo r th e i nte rfac e. Y ou c an u s e t his [...]

  • Page 419

    21-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Port Security T o return the inter fac e to the de fault conditi on as not a secure p ort, use the no switchport port -security interf ace co nf igurati on com mand. If you enter this comman d when st[...]

  • Page 420

    21-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Confi guring Port Securi ty This e xa mple sho ws ho w to enable stick y por t secu rity on a port, t o manual ly co nf igur e MA C addresse s for data VLAN, and to set the tot al maxim um number of se cure addr[...]

  • Page 421

    21-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Configuring Port Security T o disable por t securit y aging for all sec ure addr esses on a port , use the no switchport port-security aging tim e interfac e conf iguration comma nd. T o disabl e aging fo r only [...]

  • Page 422

    21-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port -B ased Tra ffic Control Displayin g Port-Bas ed Traff ic Contr ol Setti ngs Displaying Port-Based Traffic Control Settings The show i nterfa ces i nterface-id switchport privileged EXEC com ma nd disp lays (am ong othe r char acte rist[...]

  • Page 423

    21-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 21 Configuring Port-Based Traffic Co ntro l Displaying Port-Base d Traffic Cont rol Settings[...]

  • Page 424

    C HAPTER 22-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 22 Configuring CDP This chapt er desc ribes how to configure Cis co Discovery Protocol (CDP) on t he Cisc o ME 3400 Ethe rnte Access switch. Note For c omplete s yntax and usag e info rmation for th e com mands us ed in this cha pter , see the comman d ref[...]

  • Page 425

    22-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 22 Co nfigu ri n g CDP Conf igu rin g CD P Configuring CDP These sec tions co ntain this configura tion info rmat ion: • Default CDP Configurat ion, pa ge 22-2 • Conf iguring the CD P Characteri stics, page 22-2 • Dis ablin g an d Ena bli ng CDP , pa[...]

  • Page 426

    22-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 22 Configuring CDP Configuring CDP Use the no form of the CDP commands to return to the def ault settings. This e xample sho ws how to conf igur e CDP characteri stics. Switch# configure terminal Switch(config)# cdp timer 50 Switch(config)# cdp holdtime 120[...]

  • Page 427

    22-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 22 Co nfigu ri n g CDP Conf igu rin g CD P Disabling an d Enab ling CDP on a n Interfac e CDP is enabled by def ault on all supported inter faces to send and to rece iv e CDP information . Beginning in privileged E XEC mo de , fol low these s teps to d isa[...]

  • Page 428

    22-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 22 Configuring CDP Monitoring and Maintaining CDP Monitoring and Maintaining CDP T o m on ito r and m ainta in CDP on yo ur device, p erfor m one o r more of thes e t asks, beginnin g i n privileged EXEC mo de . Command Description clear cdp counters Reset [...]

  • Page 429

    22-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 22 Co nfigu ri n g CDP Monito rin g and Mai nt aining CDP[...]

  • Page 430

    C HAPTER 23-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 23 Configuring UDLD This c hap ter d esc rib es how to configu re t he U n iDire ctio nal Lin k D et ecti on (UD LD) prot ocol o n th e Cisco ME 3400 Et her net A ccess sw itch . Note For c omplete s yntax and usag e info rmation for th e com mands us ed i[...]

  • Page 431

    23-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 23 Configuring UDLD Unders tan ding UDL D In norm al mode, UDL D detect s a unidirec tional li nk when f iber strand s in a fi ber -opt ic port are misconnecte d and the Layer 1 mechanisms do not de tect this misconnec tion. If the po rts are connected corr[...]

  • Page 432

    23-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 23 Configuring UD LD Understand ing UDLD • Ev ent-dr iv en detection and echoin g UDLD re lies on echo ing as its detec tion m echanism . Whene ver a U DLD d ev ice lear ns ab out a n ew neighb or or receives a resynchro nizati on request from an out-of-s[...]

  • Page 433

    23-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 23 Configuring UDLD Conf igu ring U DLD Configuring UDLD These sec tions co ntain this configura tion info rmat ion: • Default UD LD Configurati on, page 23-4 • Configuration Gu idelines, page 23-4 • Ena bling UDLD Gl oball y , page 23-5 • Ena bling[...]

  • Page 434

    23-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 23 Configuring UD LD Configur ing UDLD Enabling UDL D Globally Beginn ing in pri vilege d EXEC mode, follo w th ese steps to enable UDLD in the aggressiv e or n ormal mode a nd to se t th e co nfigurab le m e ssage tim er o n all fiber-optic p ort s on t he[...]

  • Page 435

    23-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 23 Configuring UDLD Displa ying U DLD Statu s Resetting an Interface Disabled by UDLD Beginn ing in pri vilege d EXEC mode, follo w these steps to reset all ports disable d by UDLD: Y o u can also br ing up the port by using these com mands : • The shutdo[...]

  • Page 436

    C HAPTER 24-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 24 Configuring SPAN and RSPAN This chap ter des cribes ho w to conf igure Switc hed Port Analyzer (S P AN) and Remot e SP AN (RSP AN) on the Cisco ME 3 400 Etherne t Access switc h. Note For c omplete s yntax and usag e info rmation for th e com mands us e[...]

  • Page 437

    24-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Understan din g SPA N and RSPAN These secti ons cont ain this co nceptu al in forma tion: • Local SP AN, page 24- 2 • Remo te SP AN, page 24-2 • SP AN a nd RSP AN Conce pts a nd T ermino logy , page 24 -3 • SP AN a nd R[...]

  • Page 438

    24-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN Figur e 24-2 Example o f RSP AN Configur ation SPAN and RS PAN Conc epts a nd Terminology This secti on descri bes conce pts and te rminology associate d with SP A N and RSP AN configuration. SPAN[...]

  • Page 439

    24-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Understan din g SPA N and RSPAN An RSP AN sour ce session is very similar to a local SP AN session, e xcept fo r where the pa cket s tream is directe d. In an RSP AN source session, SP AN packets a re relabe led with the RSP AN[...]

  • Page 440

    24-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN • T rans mit (T x) SP AN—Th e go al of tran sm it (or egress) SP AN is to m onit or as mu ch as pos s ibl e a ll the p ackets sent b y the sou rce int erfac e aft er all m odif ication and pro[...]

  • Page 441

    24-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Understan din g SPA N and RSPAN • It can b e any port type —for examp le, Et herCh an nel, Fast Ethe rn et, Giga bit Et herne t, us er networ k interfac e (UNI) , network nod e interfac e (NNI) , and so fort h. • For Ethe[...]

  • Page 442

    24-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Understandi ng SPAN and RS PAN Destination Port Each local SP AN sessio n or RSP AN destination session m ust have a destination port (a lso called a monitoring po rt ) th at receives a copy of traffic from the sourc e ports or[...]

  • Page 443

    24-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Understan din g SPA N and RSPAN RSPAN V LAN The RSP AN VLAN carr ies SP AN tra ff ic between RSP AN source and destination se ssions. It has these special ch aracter istics: • All traf fic i n the R SP AN VLAN i s alw ays f l[...]

  • Page 444

    24-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Config uring SPAN and RSPAN • Ether Channel —Y o u can co nfigure an Eth erChann el gro up as a source po rt but not as a SP AN destinat ion po rt. Wh en a g rou p is co nfigured a s a SP AN sour ce , t he e nti re g ro up [...]

  • Page 445

    24-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN and RSPAN Default SPAN and RSPAN Configuration T ab le 24-1 shows the de fault SP AN an d RS P A N c onfiguration . Configuring Local SPAN These sec tions co ntain this configura tion info rmat ion: • SP AN [...]

  • Page 446

    24-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Config uring SPAN and RSPAN • Y o u can limi t SP AN traffic to specific VLANs by using the filter vlan keyword. I f a trunk p ort is being monitored , only traff ic on the VLANs specif ied with this ke yword is monitored. B[...]

  • Page 447

    24-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o d elete a SP AN session, use the no mo nitor session session _number gl obal c onfigura tion c omm and. T o r e move a source o r desti nat ion port or V L AN fr om the SP A N sessio n, use t he [...]

  • Page 448

    24-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Config uring SPAN and RSPAN The mo nitoring of traffic receiv ed on port 1 is disabled, but traff ic sent from t his port co ntinue s to be monitored. This example shows how to remov e any existing configuration on SP AN sessi[...]

  • Page 449

    24-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o d elete a SP AN session, use the no mo nitor session session _number gl obal c onfigura tion c omm and. T o r e move a source o r desti nat ion port or V L AN fr om the SP A N sessio n, use t he [...]

  • Page 450

    24-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Config uring SPAN and RSPAN Specifying VLANs to Filter Beginn ing in p ri vil eged EXEC mode , follo w these steps to limit SP AN source traf fic to sp ecif ic VLANs: T o monitor all VLANs on the trunk port, use th e no monito[...]

  • Page 451

    24-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This example shows how to remov e any existing configuration on SP AN session 2, configure SP A N sess ion 2 t o monito r tra ff ic rece iv ed on Giga bit Ether net tr unk po rt 2, and se nd traf fi [...]

  • Page 452

    24-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Config uring SPAN and RSPAN Configuring a VLAN as an RSPAN VLAN Create a n ew VL AN to be the RSP AN VLAN for the RSP AN session. Y ou must create the RSP AN VLAN in all switches that will par ticipate in RSP AN. Y ou must con[...]

  • Page 453

    24-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN and RSPAN T o delete a SP AN session, use the no monitor session sessi on_num ber glo ba l configur ation c om mand. T o remove a source port or VLAN fro m th e SP AN sess ion, use the no monitor session sessi[...]

  • Page 454

    24-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Config uring SPAN and RSPAN Creating an RSPAN Destination Sessio n Y ou configu re the RSP AN destination session on a dif ferent switch; th at is, not the swit ch on which the source sess ion was configured. Beginn ing in pri[...]

  • Page 455

    24-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Configuring SPAN and RSPAN This example shows ho w to configure VLA N 901 as the sou rce remo te VLAN and por t 1 as the destinatio n interface: Switch(config)# monitor session 1 source remote vlan 901 Switch(config)# monitor [...]

  • Page 456

    24-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Config uring SPAN and RSPAN T o delete an RSP AN session, use the no monitor session session_numb er global configurat ion comman d. T o remove a destinat ion port from the RSP A N session, u se the no monit or session session[...]

  • Page 457

    24-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 24 Configuring SPAN and RSPAN Display ing SPAN and RSPAN Status T o monitor all VLANs on the trunk port, use the no monitor session session_num ber filter vlan globa l configurati on comm a nd. This exam pl e shows how to remove any existing c onfiguration[...]

  • Page 458

    C HAPTER 25-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 25 Configuring RMON This c hapt er d escri bes how to c onfigure Re mo te Networ k Mo ni toring ( RMO N) on the C isc o M E 3400 Ethernet Access switc h. RMON i s a st anda rd m onit ori ng specificati on t hat defines a se t of sta tis tics a nd func tion[...]

  • Page 459

    25-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 25 Configuring RMON Conf igu ring R MON Figur e 25-1 Remot e Monit or ing Example The switc h supports t hese RM ON groups (defined in RFC 1757) : • Statistics ( RMON group 1)—Collects Ethernet statistics ( including F ast Ether net and Gig abit Ethern [...]

  • Page 460

    25-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 25 Configuring RMON Confi guring RMON Default RMON Configuration RMON is disa bled by default ; no alarms or events are configured . Only RMON 1 is supp orted on the switch. Configuring R MON Alarms a nd Events Y o u can co nfigure you r s wit ch f or RMO N[...]

  • Page 461

    25-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 25 Configuring RMON Conf igu ring R MON T o disable an al arm, use the no rm on al arm nu mber global c onfigurat ion com mand on e ach al arm you configured . Y ou ca nno t disa ble a t on ce al l the a la rms t hat yo u con figured. T o di sabl e a n even[...]

  • Page 462

    25-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 25 Configuring RMON Confi guring RMON Collecting Group History Statistics on an Interface Y o u must first configure RM ON al arms an d events to di spla y colle ctio n i nfor ma tion. Beginn ing in pri vileged EXE C mode, follo w these steps to colle ct gr[...]

  • Page 463

    25-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 25 Configuring RMON Displa ying RM ON Sta tus Collecting Group Ethernet Statistics on an Interface Beginn ing in pr iv ileged EXEC mode, follo w thes e steps to collect g roup Ethernet statistic s on an interf ace. This proc edure is optional. T o disabl e [...]

  • Page 464

    C HAPTER 26-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 26 Configuring System Message Logg ing This chapt er describes how to configure system messag e logging on the Cisco ME 3400 Ethe rnet Acc ess switch. Note For c omplete sy ntax a nd usag e info rmation for th e comman ds used in th is chapt er , see the C[...]

  • Page 465

    26-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing Configuring Sy stem Me ssage Logging These sec tions co ntain this configura tion info rmat ion: • System Log Me ssage Format, page 26-2 • Default Syste m Message Logg ing Con[...]

  • Page 466

    26-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Configuring Sys te m Message L ogging Co nfiguri ng System Message Logg ing This example shows a partial switch system message : 00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1[...]

  • Page 467

    26-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing Beginning i n privileged EX EC mode , foll ow these s te ps t o d isab le messag e logg ing. T his p roc edur e is optional. Disabling the logging proce ss ca n slo w down th e sw[...]

  • Page 468

    26-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Configuring Sys te m Message L ogging Co nfiguri ng System Message Logg ing The logging buffered globa l configur ation comm and c opies l ogging messa ges to a n inte rnal buffer . The buf fer is c irc ula r, so newer message s overwrite o lder m ess ag[...]

  • Page 469

    26-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing is retu rned. Ther efore , unsolici ted messag es and deb ug command output ar e not inter sperse d with solicite d device o utput an d p rom pts. Aft er t he un sol icit ed m es [...]

  • Page 470

    26-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Configuring Sys te m Message L ogging Co nfiguri ng System Message Logg ing Enabling a nd Disab ling Time S tamps on Log M essages By default, log message s are not time-stam ped. Beginning in privileged EX E C mode, follow these st eps to en able t i me[...]

  • Page 471

    26-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing T o disable seq uence num bers, use the no service seque nce-numbers global configur ation co mmand. This example shows part of a logging displa y with sequenc e numbe rs enabled [...]

  • Page 472

    26-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Configuring Sys te m Message L ogging Co nfiguri ng System Message Logg ing T ab le 26-3 descri bes the level ke ywords. I t a lso li sts t he co rrespo nding U NIX sy slog definition s from the most se vere le vel to the least sev ere le vel. The sof tw[...]

  • Page 473

    26-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Confi guring S ystem Message Logging Configur ing System Mes sage Logg ing When the histor y table is full (i t contains th e maximum num ber of messa ge entries s pecified with the log gi ng his t ory s i ze glob al conf iguration command), the olde st[...]

  • Page 474

    26-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Configuring Sys te m Message L ogging Co nfiguri ng System Message Logg ing Step 3 Mak e su re th e sy slog daem on re ads the ne w ch anges : $ kill -HUP `cat /etc/syslog.pid` For more informa tion, see the man syslog.conf and man syslogd com mand s on[...]

  • Page 475

    26-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 26 Confi guring S ystem Message Logging Display ing the Log gi ng Configur ation Displaying the Log ging Configuration T o display th e loggi ng configur ation and th e conte nts of t he log buf fer , use the show logging pri vile ged EXEC co mmand. F or i[...]

  • Page 476

    C HAPTER 27-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 27 Configuring SNMP This chapt er describ es ho w to configure the Sim ple Network Mana gement Protocol (SNM P) on the Cisco ME 3400 Et her net A ccess sw itch . Note For comp lete syntax and usag e informa tion for th e comman ds used i n this c hapter , [...]

  • Page 477

    27-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Unders tan ding SNMP • Using SNMP to Access MIB V ariables, page 27-4 • SNMP Notif ications, page 27-5 • SNMP ifIn dex MIB Object V al ues, pa ge 27-5 SNMP Versio ns This sof tware rel ease su ppor ts t hese SNM P version s: • SN[...]

  • Page 478

    27-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNM P Underst anding SN MP T ab le 27-1 identifie s the charac teristics of the dif ferent combinations of secur ity models and le vels. Y o u must configure t he SNMP age nt to use the SNMP versio n supporte d by the manageme nt station. Bec[...]

  • Page 479

    27-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Unders tan ding SNMP SNMP Agen t Fun ctions The SNMP a gent responds to SNMP manage r requests as follo ws: • Get a MIB v ariable—Th e SNM P ag ent be gins this functi on in response to a requ est from the NM S. The agent r etriev es[...]

  • Page 480

    27-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNM P Underst anding SN MP SNMP Notifications SNMP allo ws the switch to send n otifica tions to SNMP manager s when p articular ev ents oc cur . SNMP notifications ca n be sent as tr aps or inform request s. In com mand synt ax, un less ther[...]

  • Page 481

    27-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Conf igu rin g SNMP Configuring SNMP These sec tions co ntain this configura tion info rmat ion: • Default SNMP Con figuration, page 27-6 • SNMP Configuration Gu idelines, page 27-6 • Disablin g the SNMP Agent, page 27-7 • Config[...]

  • Page 482

    27-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNM P Configuring SNMP When configur ing SNMP , follow thes e guideli nes: • When configuring an SNMP group , do not specif y a notify view . The snmp - server ho s t globa l configurat ion c omma nd au toge ne rat es a no tif y v iew for t[...]

  • Page 483

    27-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Conf igu rin g SNMP Configuring Community Strings Y o u use the SNM P c om muni ty st rin g to define t he r ela tionshi p betw een t he SN MP mana ger and th e agent. The co mmunity string acts like a password to perm it access to the a[...]

  • Page 484

    27-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNM P Configuring SNMP Note T o dis able a ccess for an SNMP c ommunity , set the commu nity s tring for th at com munity to the n ull string (do not enter a value for th e communi ty string ). T o remove a spe cific communit y string, use th[...]

  • Page 485

    27-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Conf igu rin g SNMP Step 3 s nmp- server group g r oupname { v1 | v2c | v3 { auth | noauth | priv }} [ re ad re a d v i e w ] [ write writevi ew ] [ notify notifyvie w ] [ access access -list ] Configure a ne w SNMP gro up on the remote[...]

  • Page 486

    27-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNM P Configuring SNMP Configuring SNMP Notifications A trap manag er is a mana geme nt statio n that recei ves and process es traps. T raps are sy stem aler ts that the switc h gen erates wh en cert ain events occu r . By default, no trap m[...]

  • Page 487

    27-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Conf igu rin g SNMP T able 2 7 -5 Switc h Notifica tion T ypes Notification T yp e Keyword Description bgp Gene rates Bo rde r Gateway Protocol (B GP) state c hange t ra ps. This opt ion is only a v ailable when the m etro IP access ima[...]

  • Page 488

    27-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNM P Configuring SNMP Note Th oug h visibl e in the c om mand -l ine help stri ngs, t he cpu [ thr esho ld ], flash insertion, flash re moval, fru-ctrl , and vtp k eywords are not supp orted. The snmp-serv er enable informs global configura[...]

  • Page 489

    27-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Conf igu rin g SNMP The snmp-serv er host co mmand s pecif ies which ho sts rec eiv e the notif ications. T he snmp-server enab le trap command global ly enables the me chanism f or the speci f ied notif ication (fo r traps and informs [...]

  • Page 490

    27-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNM P Configuring SNMP Limiting TFTP Servers Used Through SNMP Beginning i n privileged EX EC mode , foll ow these s te ps t o li mit t he T FTP ser vers us ed for saving a nd loading c onfigu ration f iles thro ugh SNMP to the server s spec[...]

  • Page 491

    27-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 27 Configuring SNMP Displaying SNM P Status This e xample shows h ow to allo w read-only access for all objects to members of access list 4 that use the coma ccess community string. No other SNMP mana gers have access to any objects. SNMP Authentic ation F[...]

  • Page 492

    C HAPTER 28-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 28 Configuring Network Security with ACLs This c hapter de scribes h ow to configure network securi ty on the Cisco ME 3 400 Eth ernet A ccess swi tch by u sing access co ntrol lists (A CLs), which are also refe rred to in c ommands and tab les as access l[...]

  • Page 493

    28-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Unders tandin g A CLs which type s of t ra ff ic are f orward ed or bl ocked a t ro ut er int erfac es. For exampl e, you ca n all ow e-mail traffic to be forwarded but no t T elnet t raff ic. A CLs can be config[...]

  • Page 494

    28-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Unde rsta ndi n g AC Ls • When a VLAN map, input router A CL, and input port A CL exist in an SVI, incomin g packets recei ved on the ports to whic h a port A CL is applie d are only f iltered b y the port A CL[...]

  • Page 495

    28-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Unders tandin g A CLs Figur e 28-1 Using A CLs to Contr ol T ra ffic t o a Netw or k When you apply a port A CL to a trunk port, the A CL filters tra ff ic on all VLANs present on the trunk port. W ith port A CLs[...]

  • Page 496

    28-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Unde rsta ndi n g AC Ls As w ith p ort A CLs, t he sw itch exam ines A CLs ass oci ated wi th f eatur es co nfigur ed on a given in terface . Howe ver , ro uter ACLs are su ppo rte d in bo th di r ecti ons. A s p[...]

  • Page 497

    28-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls Some ACEs do not chec k Layer 4 info rmati on and th eref ore can be appl ied to al l packet f ragment s. A CEs that do test Layer 4 informatio n cannot be applied in the stand ard manne[...]

  • Page 498

    28-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs The switc h does not supp ort these Ci sco IOS rout er A CL-rel ated feat ures: • Non -IP prot ocol A CLs (s ee T abl e 28-1 on pa ge 28 -8 ) or bri dge-g roup A CLs • IP accoun ting •[...]

  • Page 499

    28-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls IPv4 Access List Numbers The num ber you use to denote you r IPv4 ACL sho ws the typ e of access list that you ar e cre ating. T ab le 28-1 lists the ac cess-l ist number an d correspon [...]

  • Page 500

    28-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs The f irst packet that tr iggers t he A CL causes a logg ing messa ge righ t a way , and subseq uent pac ket s are collec ted over 5-minut e intervals befo re they app ear or logge d. Th e l[...]

  • Page 501

    28-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls This exampl e shows ho w to creat e a standard ACL to deny access to IP host 171 .69.1 98.102, pe rmit access to an y others, and display the results. Switch (config)# access-list 2 den[...]

  • Page 502

    28-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs Beginn ing in pri vileg ed EXEC mode, follo w these steps to create an exte nded A CL: Command Purpo se Step 1 co nfi gure terminal Enter glob al configura tion mo de. Step 2a access-list a[...]

  • Page 503

    28-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls or access-list access- list-num ber { deny | permit } pr otocol any any [ prec edence pr eceden ce ] [ tos tos ] [ fragmen ts ] [ log ] [ log-input ] [ time-r ange ti me-range-na me ] [[...]

  • Page 504

    28-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs Use the no a ccess-lis t a ccess-list-number gl obal conf igurat ion command to dele te the entire access list. Y o u canno t dele te i n dividual ACEs from n umb er ed acc ess l ist s. Thi[...]

  • Page 505

    28-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls After c reating a numb ered e xtended A CL, you can apply it to termina l lines (see the “ Applying an IPv4 A CL to a T ermi nal Line” sec tio n on page 28-18 ), to inter faces (see[...]

  • Page 506

    28-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs T o remov e a named stan dard A CL, use the no ip access-list standard na me g loba l c onfiguratio n comm and. Beginn ing in pri vilege d EXEC mode, follo w th ese steps to create an ex te[...]

  • Page 507

    28-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls This example shows ho w you can delet e individual A CEs fro m the named ac cess lis t bor der-list : Switch(config)# ip access-list extended border-list Switch(config-ext-nacl)# no per[...]

  • Page 508

    28-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs Repeat the steps if you ha ve multiple items that you w ant in ef fect at dif ferent times. T o remov e a configu red time -range limit ation, use the no time-r ange time -range-name gl oba[...]

  • Page 509

    28-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls This exampl e uses name d A CLs to perm it and deny the same traff ic. Switch(config)# ip access-list extended deny_access Switch(config-ext-nacl)# deny tcp any any time-range new_year_[...]

  • Page 510

    28-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs Beginning i n privileged EX EC mod e, fo llow these st eps t o restri ct i ncom ing a nd ou tgoing co nne ction s betwee n a virtual termin al line an d the addre sses in an ACL: T o remov [...]

  • Page 511

    28-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls Beginn ing in pr iv ilege d EXEC mode, follo w these steps to control a ccess to an interf ace: T o remov e the specif ied access group, use the no ip acce ss-group { access-list-number[...]

  • Page 512

    28-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs Hardware and Softw are Treatment of IP ACLs A CL processing is primar ily accom plished in hardwar e, b ut re quires fo rwardin g of some tr af f ic f lo ws to the CPU for so ftwar e pr oce[...]

  • Page 513

    28-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls Use rout er ACLs to do this in one of two ways: • Crea te a stan dard ACL, and filter tr aff ic com ing to th e server from Port 1 . • Create an ex tended A CL, and filter traf fic [...]

  • Page 514

    28-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs Numbered ACLs In this e xampl e, netw ork 36.0.0.0 is a Class A netw ork whose second oc tet specif ie s a subnet; th at is, its subnet ma sk is 255.2 55.0.0 . The thi rd and fou rth oct et[...]

  • Page 515

    28-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Conf iguri ng I Pv4 AC Ls The market ing_group A CL allo ws an y TCP T elnet traf fic to the destinatio n address and wildcar d 171.6 9.0.0 0. 0.255. 25 5 and de nie s a ny other TC P t raffic. It per mit s I CM[...]

  • Page 516

    28-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring IPv4 ACLs In this examp le of a name d A CL, t he Jo ne s subne t i s not al lowed ac cess: Switch(config)# ip access-list standard prevention Switch(config-std-nacl)# remark Do not allow Jones subne[...]

  • Page 517

    28-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Creating Nam e d MAC Exten ded ACL s This i s a an exampl e of a lo g f or a n exte nded ACL: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 1 packet 01:25:14:%SEC-6-IPAC[...]

  • Page 518

    28-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Creati ng Na med M AC Exte nde d AC L s Use the no mac access-list extended name global conf iguration co mmand to dele te the entir e A CL. Y ou can a lso d ele te in dividual ACEs from n am ed M AC extended AC[...]

  • Page 519

    28-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Creating Nam e d MAC Exten ded ACL s Applying a MAC ACL to a La yer 2 Interfa ce After y ou cr ea te a M AC A CL, you ca n appl y it to a Laye r 2 in terfa ce t o filter non -I P tra ffic coming in that inte rfa[...]

  • Page 520

    28-29 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring VLAN Maps Configuring VLAN Ma ps This section descr ibes how to con figu re VLAN maps, which is the only way to con trol filte ring within a VLA N. V LAN ma ps h ave no direct ion. T o filter tra ff [...]

  • Page 521

    28-30 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Configur ing VLA N Maps VLAN Map C onfiguration Gu idelines Foll ow these gui delines when conf iguring VL AN maps: • If th ere is n o A CL conf igur ed to den y traf f ic on an inte rface and no VLAN ma p is [...]

  • Page 522

    28-31 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring VLAN Maps Creating a VL AN Map Each VLA N map consi sts of an ordered ser ies of entri es. Beginning i n privileged EXEC mode, follow thes e step s to crea te, ad d to, or de lete a VLAN map entr y: [...]

  • Page 523

    28-32 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Configur ing VLA N Maps This exampl e shows how to c rea t e a V LAN map to pe rmit a packet. ACL ip2 permits UDP pack ets and any pack ets that m atch the ip2 A CL are fo rwarded. In th is ma p, any IP p ackets[...]

  • Page 524

    28-33 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring VLAN Maps Switch(config)# mac access-list extended good-protocols Switch(config-ext-macl)# permit any any decnet-ip Switch(config-ext-macl)# permit any any vines-ip Switch(config-ext-nacl)# exit Swit[...]

  • Page 525

    28-34 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Configur ing VLA N Maps Using VLAN Maps in Your Network These sec tions descr ibes some typ ical uses for VLAN maps: • W iring Closet Configuration , page 28-34 • Denying Acc ess to a Server on Anot her VLAN[...]

  • Page 526

    28-35 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Configuring VLAN Maps Switch(config)# ip access-list extended match_all Switch(config-ext-nacl)# permit ip any any Switch(config-ext-nacl)# exit Switch(config)# vlan access-map map2 20 Switch(config-access-map)#[...]

  • Page 527

    28-36 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Using VL AN Ma ps wi th Rout er AC Ls Step 2 Def ine a VLAN map usin g this A CL that w ill drop IP p acket s that matc h SER VER1_A CL and forwa rd IP packets tha t do not match the ACL. Switch(config)# vlan ac[...]

  • Page 528

    28-37 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Using VLAN Maps with Router ACLs • Whene ver possible, try to write the A CL with all entries ha ving a single act ion e xcept for the f inal, default act ion of the ot her type. T hat is , write the ACL using[...]

  • Page 529

    28-38 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Using VL AN Ma ps wi th Rout er AC Ls Figur e 28-6 Applyin g ACLs o n S witched P ack ets ACLs and Routed Packe ts Figure 28-7 sho ws ho w A CLs ar e appl ied on route d pack ets. F or rout ed pack ets, the A CL[...]

  • Page 530

    28-39 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Configuring Net work Securi t y with ACLs Displaying IPv4 ACL Configu ration ACLs and Multicast Pa ckets Figure 28-8 shows ho w A CLs are applied o n pa ck ets that ar e r ep lic ated f o r IP m ul tica stin g. A m u ltica st packet be ing ro ut ed ha s[...]

  • Page 531

    28-40 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 28 Co n figuring Network Security w ith ACLs Display ing IPv4 ACL Co nfigurat ion Y ou can also d isplay info rmation abou t VLAN ac cess maps or VLAN f ilters. U se the pri vileged EXEC comm ands in Ta b l e 2 8 - 3 to display VLAN map i nformation. show [...]

  • Page 532

    C HAPTER 29-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 29 Configuring Control-Plane Sec urity This c hapter describe s the c ontrol -plan e sec urity fe ature in t he Cisc o ME 34 00 Et hernet Access switc h. In any network, Lay er 2 and Layer 3 sw itches exchange cont rol packets wit h other sw itches in the [...]

  • Page 533

    29-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 2 9 Con f igurin g C ontr ol-Pl an e Sec urity Unders tan din g Control-Plan e Security These ty pes of contr ol packets ar e droppe d or rate-l imited : • Layer 2 pro tocol contr ol packets: – Control packets that are always dropp ed on UNIs, such as [...]

  • Page 534

    29-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 29 Configuring Control -Pl ane Security Underst anding Con trol-P lane Secu rity The swit ch automatic ally alloca tes 27 control- plane secu rity policer s fo r CPU protectio n. At syst em bootup , it assigns a po licer t o each port nu mbere d 0 to 26. Th[...]

  • Page 535

    29-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 2 9 Con f igurin g C ontr ol-Pl an e Sec urity Configuring Cont rol-Plane Securi ty This exampl e s hows the defau lt police rs assigned to NN Is. Most pr otocol s have no po licers assi gned to NNIs. A value o f 2 55 me ans that no pol ic er is assign ed [...]

  • Page 536

    29-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 29 Configuring Control -Pl ane Security Monitor ing Con trol-P lane Secu rity This exam ple sh ows how to set the CPU p rote ction t hresh old to 1000 0 b ps an d to verify the configurat ion. Switch# config t Enter configuration commands, one per line. End[...]

  • Page 537

    29-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapte r 2 9 Con f igurin g C ontr ol-Pl an e Sec urity Monitorin g Control-Plane Security[...]

  • Page 538

    C HAPTER 30-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 30 Configuring QoS This chapte r describes ho w to conf igure quality of service (QoS) b y using the modular QoS comm and-lin e inte rface (C LI), or MQC, co mman ds on th e Cisco M E 340 0 Ether net Ac cess swi tch. With QoS, you can pro vide pref erent i[...]

  • Page 539

    30-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Figur e 30-1 Modular Qo S CLI Model Basi c QoS inc ludes thes e acti ons. • Pa ck et class if ica tion allo ws you to o r gan ize tr af f ic on the bas is of whet he r or not the t raf f ic matches a speci fic [...]

  • Page 540

    30-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS Modular QoS CLI Modula r Q oS C LI (MQ C) a llo ws use rs t o cr ea te tra ffic po l icies a nd att ach t hes e po l icies t o int erfa ces . A traf fic policy contain s a traf fic clas s and one or more QoS featur[...]

  • Page 541

    30-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Step 3 Attach the t raf fi c polic y to a n interf ace. Y o u u se th e s ervic e-p oli cy interface con f igurat ion command to attac h the polic y map to an interf ace for packet s entering or lea v ing t he in[...]

  • Page 542

    30-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS Output Policy Maps Output policy ma p class ifi cation crit eria inc lude matchi ng a CoS, a DSCP , an IP precedence, or a QoS group values. Out put policy maps can hav e any of these ac tions: • Queuing ( queue-[...]

  • Page 543

    30-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Figur e 30-3 QoS Class ification La yers in Fr ames and P ack ets These section s contain additional in formation about cla ssifica tion: • “Class Ma ps” secti on on page 3 0-6 • “The match Comma nd” [...]

  • Page 544

    30-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS Y o u can mat ch more than on e cri terion for c lassificati on. Y ou can also crea te a class ma p that re quires that al l matchi ng criteria in the class m ap be in the p acket header b y using the class map mat[...]

  • Page 545

    30-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS This example shows how to creat e a class map to match a C oS value of 5: Switch(config)# class-map premium Switch(config-cmap)# match cos 5 Switch(config-cmap)# exit Classification Based on IP Precede nce Y o u [...]

  • Page 546

    30-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS cs6 Match packets with CS6(precedence 6) dscp (110000) cs7 Match packets with CS7(precedence 7) dscp (111000) default Match packets with default dscp (000000) ef Match packets with EF dscp (101110) For more info rm[...]

  • Page 547

    30-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Classification Based on QoS ACLs Packets can also be c lassified in input policy ma ps b ased on an A CL looku p. The ACL classificati on is communi cate d to a n outp ut po licy by assign ing a QoS g rou p o r [...]

  • Page 548

    30-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS T o communicat e an A CL classi f ica tio n t o an outp ut po lic y , you assig n a QoS n u mb er to sp ecif y pa ck ets at ingress. This e xample identi fies specif ic packets as part of QoS group 1 for later pro[...]

  • Page 549

    30-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS The swi tch sup ports a maxim um of 2 56 uni que ta ble ma ps. Y ou ca n ente r up to 6 4 differen t map from – to entries in a ta ble map. T hese t able maps are suppor ted on t he switch : • DSCP to CoS ?[...]

  • Page 550

    30-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS These sect ions de scri be the typ es of po l icing sup port ed on the swi tc h: • Individual Polic ing, pag e 30- 13 • Aggregate Polici ng, page 30 -14 • Unconditio nal Priority Policing, pag e 30-15 Indivi[...]

  • Page 551

    30-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS After you creat e a table ma p, you co nfigure a po licy-map police r to use the table ma p. • Y o u can c onfigure on ly one exceed-act ion police mar kdown table m ap of each type (Co S, DSC P , or IP prece [...]

  • Page 552

    30-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS After yo u conf igure the aggre gate policer , you creat e a policy map and an asso ciate d class map, associate the policy map wit h the aggr egate policer, and appl y the service policy to a port. Note On ly one[...]

  • Page 553

    30-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS This exam ple shows how to use the priority with police comm an ds t o c onfigure ou t-class1 as t he priorit y queue, with tra ff ic going to t he queue limited t o 20,00 0,000 bps so that th e priori ty queu e[...]

  • Page 554

    30-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS Note Y ou c onfigure onl y one set ac tion wit h a table map in a class. Y ou ca nnot co nfigure any other set action in the same class a s a set action wi th table map. Figure 30-6 sho ws the proced ures for m ar[...]

  • Page 555

    30-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS This exam ple u s es a policy map t o re mark a p acket. The first m arking (the set command) app lies to the QoS def ault class m ap that m atches all tr af fic not matche d by cl ass AF31-AF 33 and set s all t[...]

  • Page 556

    30-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS These sec tions co ntai n addi tiona l i nfor ma tio n abo ut sc he dulin g: • T raffi c Shap ing, page 30-19 • Class-Ba sed W e ighte d Fair Q u eu ing, page 3 0-2 1 • Priority Que uing , page 30 -22 Traffi[...]

  • Page 557

    30-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Port S hapi ng T o configure po rt shapi ng ( a tran smit po rt sh aper), crea te a policy ma p that cont ains onl y a default c lass, and use the shape average co mmand to specify th e maximu m bandwi dth for a[...]

  • Page 558

    30-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS Class-Based Weighted Fair Queuing Y ou can c onfigure cla ss-based w eighted fair queuing (CBWFQ) to set the rela tive precedenc e of a queu e by allo cating a portio n of the total bandwidth that is av ailable fo[...]

  • Page 559

    30-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Switch(config)# interface fastethernet 0/1 Switch(config-if)# service-policy output out-policy Switch(config-if)# exit This exampl e shows ho w to a l l ocate t he excess band widt h am ong queues by co nfigurin[...]

  • Page 560

    30-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS Note When priority is configured in an output poli cy map without the police command, y ou can only co nf igur e the ot her qu eues f or shari ng b y usin g the bandwidt h remaining percent polic y-map command to [...]

  • Page 561

    30-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Unders tan ding QoS Congestio n Avoida nce and Q ueuing Conges tion av oidanc e uses alg orithm s such as tai l drop to con trol the num ber of packe ts entering t he queuing a nd sche duling st age to av oid c onges tio n a nd ne [...]

  • Page 562

    30-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Under sta n din g Q oS This e xam ple co nf ig ures class A to matc h DCSP values and a polic y map, PM1 . The DSCP v alues of 30 and 50 are ma pped to unique t hresho lds (32 and 64, resp ectively). The D SCP values of 40 and 60 ar e m[...]

  • Page 563

    30-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS • A WTD qualif ier in the queue-lim it comma nd must be th e same as at le ast one ma tch qual ifie r in the asso ciated cl ass map. This exam ple sh ows how to con figure ban dw idt h an d q ue ue l imi t so t[...]

  • Page 564

    30-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Default QoS Configuration There ar e no po l icy ma ps, c lass ma ps, t abl e ma ps , o r poli cer s configu re d. A t the egre ss por t , al l t raffic goes thro ugh a single default queu e tha t is giv en the full op[...]

  • Page 565

    30-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS Creating IP Standard ACLs Beginn ing in pri vilege d EXEC mode, follo w th ese steps to create an IP standard A CL for IP traff ic: T o delete an acces s list, u se the no access-list acc ess-list-numbe r global [...]

  • Page 566

    30-29 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Creating IP Exte nded ACLs Beginn ing in pri vileg ed EXEC mode, follo w these steps to create an IP ex tended A CL for IP traf f ic: Command Purpose Step 1 conf igure t erminal E nter g loba l c onfigurati on m ode . [...]

  • Page 567

    30-30 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS T o delete an acces s list, u se the no access-list acc ess-list-numbe r global con figuration co mmand . This e xamp le sho ws ho w to create an A CL that permit s IP traf f ic from an y source to an y d estinat[...]

  • Page 568

    30-31 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S T o delete an acces s list, u se the no mac acces s-list exte nded access-list- name global con figuration comm and. This e xample sh ow s ho w to create a Laye r 2 MA C A CL with two permit sta temen ts. Th e f ir st [...]

  • Page 569

    30-32 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS Beginn ing in pr i vilege d EXEC mode, follo w these steps to create a class map and to d efi ne the ma tch criteri on to classify traff ic: Command Purpose Step 1 conf igure t erminal E nter g loba l c onfigurat[...]

  • Page 570

    30-33 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Use t he no form o f the approp riate comm and to delete an existi ng cla ss map or r emove a ma tch cr iterion . This e xample sh o ws how to create access list 103 and co n f igure the class map calle d class1 . Th e[...]

  • Page 571

    30-34 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS Beginn ing in pr iv ilege d EXEC mode, follo w these steps to create a table map: T o delete a table map, use the no table- map ta ble-m ap-na me global con figurat ion co mm an d. This e xamp le sho ws how to cr[...]

  • Page 572

    30-35 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Attaching a Traffic Policy to an Interface Y o u us e th e service-po licy interf ace conf igu ration co mmand t o attach a traf f ic po licy to an inte rface and to specif y the direc tion in w hich the policy should [...]

  • Page 573

    30-36 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS • When an input polic y map with only Laye r 2 classific ation is attached to a routed port or a switch port cont ai ning a rout ed SV I , th e ser vi ce poli cy ac ts on ly o n sw itch ing eli gibl e t raffic [...]

  • Page 574

    30-37 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Step 4 police { r ate-bps | cir cir-bps } [ bu rst -b y tes | bc b urst- bytes ] Def ine a policer for th e class of traf fic. By default, no poli cer is de fined. • Fo r rate -b ps , specify a ve rage traf fic rate [...]

  • Page 575

    30-38 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS After you ha ve created an input polic y map, you attach it to an interfa ce in the input directio n. See the “ Attaching a T raff ic Policy to an Interf ace” section on pa ge 30-35 . Use the no form of the a[...]

  • Page 576

    30-39 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S This exam ple sh ows how to use po licy-m ap c las s po lice c onfiguratio n m ode to set excee d ac ti on mark-do wn using tab le-maps. The polic y map sets a committed information rate o f 23000 bps and a confo rm bu[...]

  • Page 577

    30-40 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS Beginn ing in pri vileg ed EXEC mode, follo w these steps to create an aggre gate police r: After you have creat ed an aggregat e poli cer, you atta ch it to a n ingr ess port. S ee the “ Att aching a T raf f i[...]

  • Page 578

    30-41 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S T o remove the specified aggr egate polic er fr om a p oli cy map, use th e no police ag gr egate aggr egate-poli cer-name pol icy m ap c onfigu ratio n m ode . T o del ete a n ag gregate p olic er an d it s parame ter[...]

  • Page 579

    30-42 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS Use the no f or m of th e app r op r iate co m man d to d el e te a po l ic y map or t a ble ma p or rem o v e an assi gned CoS, DSCP , prec ede nce, or Q oS-gr oup value. This exam ple u s es a policy map t o re[...]

  • Page 580

    30-43 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Configuring Output Policy Maps Y o u use o utput p olicy maps to m anag e conge stion avoidance, q ueuing, and sche dulin g of packe ts leaving the switch . The switch h as four egress queue s, and you use output poli [...]

  • Page 581

    30-44 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS • Y o u can att ach only one output policy map per por t. • The maxi mum num ber of policy map s configured on t he switch is 256. These sec tions descr ibe how to configure different type s of output poli cy[...]

  • Page 582

    30-45 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S After you have created an outpu t policy ma p, you a ttach it to an egress port. See the “ Attaching a T raf f ic Polic y to an Interfac e” section on page 30-35 . Use the no form of the appro priat e c omma nd t o[...]

  • Page 583

    30-46 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS Configuring Output Pol icy Maps with Class-Based Shaping Y o u use the shape average policy-map cl ass configura tion co mmand t o configure traff ic shaping . Class-based shaping is a control mechanism that is a[...]

  • Page 584

    30-47 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S This exam ple s ho ws ho w to conf igure tra ff ic shaping for o utgoi ng traf fi c on a Fast Ethe rnet po rt so that outclass1 , outclass2 , and outc lass3 ge t a ma ximum o f 50, 20 , an d 10 Mbps of the available po[...]

  • Page 585

    30-48 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS After yo u hav e created the hier archical output poli cy map, you attach it to an e gress por t. See the “ Attaching a T raff ic Policy to an Interf ace” section on pa ge 30-35 . Use the no form of the appro[...]

  • Page 586

    30-49 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Beginn ing in pri vileg ed EXEC mode, follo w these steps to confi gure a strict priority queu e: After you have created an outpu t policy ma p, you a ttach it to an egress port. See the “ Attaching a T raf f ic Poli[...]

  • Page 587

    30-50 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS This exam ple sh ows how to configure the class out-class 1 as a stri ct priority queue so that all pack ets in that cl ass are sent bef ore an y oth er class of traf f ic . Other tr af fic queues ar e con figur [...]

  • Page 588

    30-51 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Step 6 police { r ate-bps | cir cir-bps } Define a polic er for th e prio rit y cla ss of tr aff ic. • For ra te -b ps , specify a verage tra f f ic rate in bits per second (bps). T he r a nge i s 64000 t o 1000 000 [...]

  • Page 589

    30-52 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS After you have created an outpu t policy ma p, you a ttach it to an egress port. See the “ Attaching a T raf f ic Polic y to an Interfac e” sect ion on pa ge 30-35 . Use th e no form of the ap propri ate comm[...]

  • Page 590

    30-53 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Confi guring Qo S Configuring Output Pol icy Maps with Weighted Tail Drop W e igh ted tai l drop (WTD) adjust s the qu eue si ze (buffer size) assoc iate d with a t raffic class. Y ou configure WT D by using the queue-limit policy-map c[...]

  • Page 591

    30-54 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rin g QoS After yo u have created an output policy map, you att ach i t to an egre ss port. Se e the “Configuri ng Outp ut Policy Maps” sect ion on page 30-4 3 . Use the no form of the ap propri a te c omma nd to dele [...]

  • Page 592

    30-55 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Displaying QoS Information Displaying QoS Information T o display QoS info rmat ion, use on e or more of the privileged EX EC comman ds in Ta b l e 3 0 - 2 . For explanat ion s a bou t available keyword s, see th e co mm an d ref er enc[...]

  • Page 593

    30-56 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rat ion Exam ples for Poli cy Maps Configuration E xamples for Po licy Maps This secti on include s configurati on examples fo r configuring QoS po licies on the Cisco ME switch, includi ng configuration limita tions an d [...]

  • Page 594

    30-57 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Configuration Examples for Policy Maps This e xample co nf igures cla sses fo r input ser vice policies and def ine s three classe s of serv ice: gold, silv er , and bronze. Because a match-all classification ( the de fault ) c an have [...]

  • Page 595

    30-58 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rat ion Exam ples for Poli cy Maps This exam ple configu res a se cond ou t put s erv ice poli cy to be a ppli ed t o Fast Et hern et U NIs 1 t o 8, providing stric t priorit y to the gold cla ss and distr ibuting the rema[...]

  • Page 596

    30-59 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Configuration Examples for Policy Maps This e xamp le conf igures a third outp ut serv ice pol icy to be a ttache d to F ast Et hernet UNIs 9 through 12, prov iding a minimum guaran teed bandwid th of 50 Mbps to the gold class, 20 Mbps [...]

  • Page 597

    30-60 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rat ion Exam ples for Poli cy Maps Modifying O utput Po licies and Chan ging Que uing or S chedu ling Parameters This section pro vides e xamples of updating an ex isting set of output polic y maps to modify the parame ter[...]

  • Page 598

    30-61 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Configuration Examples for Policy Maps • Reattach the outp ut policy to the app ropriate ports. • T ake t he ports out of the shutdown state. Note these restrict ions for con fig uring output policies: • Y o u can define up to thr[...]

  • Page 599

    30-62 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rat ion Exam ples for Poli cy Maps This is the ov erall sequence of conf iguration: • Shut down all active ports. • Detach the outpu t policies fro m all F ast Ether net and Gigabit E thernet po rts. • Delete t he cl[...]

  • Page 600

    30-63 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 30 Configuring Qo S Configuration Examples for Policy Maps These s teps acti v ate a ll appl icable Fas t Ether net a nd Gigab it Et hernet ports : Switch(config)# interface range gigabitethernet0/1-2, fastethernet0/1-12 Switch(config-if-range)# no shutdow[...]

  • Page 601

    30-64 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapt e r 30 Conf igur ing Q o S Conf igu rat ion Exam ples for Poli cy Maps[...]

  • Page 602

    C HAPTER 31-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 31 Configuring EtherChannels This cha pter describ es how to configure EtherCha nnels on La yer 2 an d Layer 3 ports on the Cisco ME 3400 Ethe rnet Acc ess swi tch . EtherC han ne l provides fault-tol era nt hi gh-spe ed links betw ee n switc hes, router s[...]

  • Page 603

    31-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Unders tan ding Ether Channels EtherChann el Overview An EtherCh annel consi sts of individual Fast Ethe rnet or Giga bit Ethern et links bundled int o a single logical lin k as shown in Figu re 31 -1 . Figur e 31 -1 T ypica[...]

  • Page 604

    31-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Understa nding Et herChann els Y o u can co nfigure an Ether Chann el in one of the se modes: Port Aggregation Prot oco l (P AgP), Link Aggregation C ont rol Pro toco l (L ACP), or On mo de. P A gP and LACP are available only [...]

  • Page 605

    31-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Unders tan ding Ether Channels Figur e 31 -2 Relationship of Ph ysical P orts , Logical P ort Cha nnels, and Channel G roup s After y ou co nf igu re an Eth erC hann el , conf iguration change s ap plie d to the po rt- chan [...]

  • Page 606

    31-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Understa nding Et herChann els PAgP Modes T ab le 31-1 shows the use r-configurable Et herC ha nnel P A g P mo des f or the channel-group interfa ce configurat ion comm and on an NNI. Switch por ts exchange P AgP pac kets only[...]

  • Page 607

    31-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Unders tan ding Ether Channels Link Aggreg ation Control Pro tocol The LACP is defi ned in IEEE 802. 3ad stand ard and ena bles Cisco sw itches to manag e Ethernet chan nels between switches th at conform t o the stan dard. [...]

  • Page 608

    31-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Understa nding Et herChann els EtherChann el On Mode EtherC hanne l on mod e can b e us ed to m anua ll y configur e an Et herC hannel . The on mode fo rces a p ort to join an EtherC hannel w ithou t negotia tions. It ca n be [...]

  • Page 609

    31-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Unders tan ding Ether Channels W i th desti nation-I P-addr ess-base d forward ing, w hen pac kets are f orwarded to an Ether Channel , they are distributed across the ports in the EtherCh annel base d on the destin ation-IP[...]

  • Page 610

    31-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Config uring Et herCh annels Configuring Eth erChannels These sec tions co ntain this configura tion info rmat ion: • Default Eth erCha nnel Configurat ion, pa ge 31-9 • Ether Channe l C onfigurat ion G uide line s, pa ge [...]

  • Page 611

    31-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Configur ing Eth erChann els EtherChann el Configuratio n Guidelin es If imp rop erl y co nfigure d, so me Et her Chann el por ts are a utom atic all y disa bled to avoid network lo ops and othe r problem s. Follow these gu[...]

  • Page 612

    31-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Config uring Et herCh annels • For Layer 2 EtherC hannels : – Assign all p orts in the Eth erChannel to the same VLAN, o r conf igure them a s trunks. Ports with different nat ive V LAN s cannot for m an Et herChann el. ?[...]

  • Page 613

    31-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Configur ing Eth erChann els T o remove a p ort fr om the Eth er Chann el gro up, us e t he no channel-group interface configurat ion comm and. Step 4 channel- group c hann el-group-number mo de { auto [ non- sile nt ] | de[...]

  • Page 614

    31-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Config uring Et herCh annels This example shows how to configure an EtherChann el. It assigns two po rts as static-acces s ports in VLAN 1 0 to c hanne l 5 wi th t he P AgP mode desirable : Switch# configure terminal Switch(c[...]

  • Page 615

    31-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Configur ing Eth erChann els T o remove th e por t- ch an ne l, u s e the no interface port-channel port-channel-nu mber glob al configurati on comm a nd. This example shows ho w to create t he logical po rt chann el 5 and [...]

  • Page 616

    31-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Config uring Et herCh annels Step 5 chan nel-g roup channel-g roup -number mode { auto [ non- sile nt ] | desirable [ non-silen t ] | on } | { active | passive } Assign th e port to a ch annel gr oup, an d specify the P Ag P [...]

  • Page 617

    31-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Configur ing Eth erChann els This example shows ho w to configure an Ethe rChannel . It assign s two ports to cha nnel 5 with the LACP mode ac tive : Switch# configure terminal Switch(config)# interface range gigabitetherne[...]

  • Page 618

    31-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Config uring Et herCh annels Configuring the PAgP Learn Method and Priority Network devices are cla ssified as P AgP physic al lea rner s o r a gg regate-por t l ear ne rs. A d evice is a physical learn er i f i t lea rns a d[...]

  • Page 619

    31-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Configur ing Eth erChann els Beginning i n privileged E X EC mo de , follow these s teps to c on figure your sw itch as a P AgP physical- port lea rner a nd to a djust the p riority so th at the sa me por t in the bundle is[...]

  • Page 620

    31-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Config uring Et herCh annels Note LACP is only av a ilable on NN Is. If you configure more than eight links for an EtherC hannel group , the soft ware automa ticall y decides which of the hot-stand by ports to make acti v e b[...]

  • Page 621

    31-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Configur ing Eth erChann els T o return the LA CP system priority to the defa ult v alue, use the no lacp system-prio rity global configurati on comm a nd. Configuring the LACP Port Pr iority By def ault, all p orts use t h[...]

  • Page 622

    31-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Configuring Eth erCh annels Displaying EtherC hannel, P AgP, and LACP Status Displaying EtherCh annel, PAgP, a nd LACP Status T o displ ay Eth erCha nne l, P AgP , and LA CP status i nfor matio n, use t he pri vile ged EX EC com mands describe d in Ta b[...]

  • Page 623

    31-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 31 Confi guri ng EtherC hannel s Displaying Eth erChannel, PA gP, and LACP Status[...]

  • Page 624

    C HAPTER 32-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 32 Configuring IP Unicast Ro uting This chapt er describ es ho w to configure IP V ersi on 4 (IPv4) unicas t routing on t he Cisco ME 3400 Ethernet Access switc h. Note Rou ting is supporte d only on switch es that are runnin g the metro IP ac cess image. [...]

  • Page 625

    32-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Unders tan din g IP Routing Understandin g IP Routing In some network en vironment s, VLAN s are associ ated wit h individual networks or subnetwork s. In an IP network, each subnet work is ma pped to an i ndividual VLA N. [...]

  • Page 626

    32-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Steps f or Conf iguri ng Routi ng • Routers usi n g link -sta te pro tocols ma inta in a com plex d ataba se of network top ology , based o n the exc hange of link-state ad vertisem ents (LSAs) between routers. LSAs ar[...]

  • Page 627

    32-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu ring I P Ad dres sing Configuring IP Addre ssing A required task for conf iguring IP routing is to assign IP addresses to Layer 3 networ k interface s to enable t he interf aces an d allo w communication wit h the [...]

  • Page 628

    32-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring IP Address ing Assigning IP Address es to Netwo rk Interface s An IP ad dress identif ies a locatio n to whi ch IP pa ckets can be sent. Som e IP add resses ar e reser ved f or special u ses an d ca nnot be [...]

  • Page 629

    32-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu ring I P Ad dres sing Use of Subnet Zero Subnetti ng with a subnet a ddress o f z ero is st ron gly disc ourag ed beca use of th e proble ms that c an arise if a network a nd a subne t have the same addr esses. For[...]

  • Page 630

    32-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring IP Address ing In Figure 32 -3 , the rou ter in network 128 .20.0 .0 is conne cted to subne ts 128.20.1.0 , 128.20 .2.0, and 128.20.3 .0. If the host sends a packet to 120.20 .4.1, because the re is no ne tw[...]

  • Page 631

    32-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu ring I P Ad dres sing The swi tch can use these fo rms of addr ess reso lution : • Address Resolut ion Protoc ol (ARP) i s used to associa te IP ad dress wi th MA C addresses. T aki ng an IP addre ss as i nput, A[...]

  • Page 632

    32-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring IP Address ing T o remove an entr y from t he ARP cach e, use t he no arp i p - a d d re s s h a rd w a re - a d d re s s t yp e gl obal conf iguratio n command. T o remov e all nonstatic e ntries fro m the [...]

  • Page 633

    32-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu ring I P Ad dres sing Enable Proxy ARP By default, the sw itch uses pro xy ARP to help hosts learn MA C addresses of hosts on ot her network s or subnets. Beginning i n privileged E X EC mo de , follow these s tep[...]

  • Page 634

    32-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring IP Address ing Default Gate way Another m etho d for loca ting ro utes is t o define a defaul t route r or default gat eway . All non local pa ckets are sen t to th is rou t er, which eit her r oute s t hem[...]

  • Page 635

    32-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu ring I P Ad dres sing If you chang e the maxadvertinterv al va l u e , th e holdtime and minadvertinterval v alues also cha nge, so it is important t o f irst ch ange the maxadvertinte rval value, before ma nuall [...]

  • Page 636

    32-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring IP Address ing Routers pro vide some protectio n from broadcast storms by limiting their ex tent to the local cable. Bridges (inc luding intelligen t bridges), b ecause th ey are Layer 2 de vices, forwar d [...]

  • Page 637

    32-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu ring I P Ad dres sing Use the no ip directed -broa dcas t interfa ce con figurat ion co mm and t o disa ble tra nsla tion of dire c ted broadca st t o phy sica l br oadc asts . U se t he no ip forward-protocol gl [...]

  • Page 638

    32-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring IP Address ing Use the no ip helper -address int erfac e co nfigur ati on com ma nd to d is able th e for warding of b roa dca st pack ets to s pecif ic ad dresse s. Use the no ip f orward-protocol global c[...]

  • Page 639

    32-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu ring I P Ad dres sing T o be consid ered for floo ding, pa ckets mus t meet thes e cr iteria. (No te tha t thes e ar e the same cond itions used t o co nside r pack et forwar ding u sing I P helper addr esses. ) ?[...]

  • Page 640

    32-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Enablin g IPv4 Unicast Routing Monitoring and Maintaining IP Addressing When the co ntents of a par ticular ca che, table , or datab ase ha v e become or ar e suspect ed to be in val id, you ca n r emove al l it s c ont[...]

  • Page 641

    32-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g RI P Use the no ip routing global con figuration com mand to disa ble rout ing. This exam ple sh ows how to enable I P r outing usi ng R IP a s the ro uti ng pro t ocol : Switch# configure terminal Enter con[...]

  • Page 642

    32-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring RIP These sec tions co ntain this configura tion info rmat ion: • Default RI P Co nfiguration, p age 32-19 • Configuring Ba sic RI P Para meter s, page 32 -19 • Conf iguring RIP Authenticatio n, page 3[...]

  • Page 643

    32-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g RI P Beginning in privileged EXEC mo de, foll ow these steps to enable and configure RIP: Command Purpose Step 1 conf igure t erminal E nter g loba l c onfigurati on m ode . Step 2 ip ro uting Enable IP rout[...]

  • Page 644

    32-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring RIP T o turn of f the RI P ro uting proc ess, use the no r outer rip global configurati on comm and. T o display the par ame ters and cu rren t state of the ac tive routing proto col proc ess, use the show i[...]

  • Page 645

    32-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g RI P Note In general, di sabling split horizon i s not reco mmended un less you are certain t hat your a pplicati on requires it to proper ly adv ertise r outes. If you want t o configur e an int erfac e run[...]

  • Page 646

    32-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring OS PF Configuring Split Horizon Router s conne cted t o bro adca st-ty pe I P networ ks and us in g distan ce -vect or r outing p rotoc ols no rm all y use th e split-horiz on mechanism to reduce the possib[...]

  • Page 647

    32-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring OSPF The Cisco implementation conforms to the OSPF V ersion 2 specifications with these ke y features: • Definition of stub areas is suppor ted. • Routes lear ned th rough any IP routi ng protoc ol can be r[...]

  • Page 648

    32-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring OS PF Area Authentication type: 0 ( no authen tication). Default c ost: 1. Rang e: Dis abl ed. Stub: No stub ar ea defined. NSSA: No NSSA area defi ned. Auto c ost 1 00 M bps. Default- informati on originat[...]

  • Page 649

    32-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring OSPF Configuring Basic OSPF Parameters Enabling OSPF requires that you create an OSPF routing process, specify the r ange of IP addr esses to be asso ciated with the routing pro cess, an d assign area IDs to be[...]

  • Page 650

    32-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring OS PF Use the no form of these comm ands to re mov e the conf igured par ameter v alue or return to the default value. Configuring OSPF Area Parameters Y ou can op tionally confi g ure sev eral OSPF area pa[...]

  • Page 651

    32-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring OSPF Rout e summariz ation is the cons olidati on of adv ertis ed addres ses into a si ngle summ ary route to be advertis ed by other areas. If network num bers are c ontigu ous, you can use the area ra nge rou[...]

  • Page 652

    32-29 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring OS PF Configuring Other OSPF Parameters Y ou can option ally confi gure other OSPF parameters in router conf iguration mode. • Route summa rization: When redist ributing routes fr om other pr otocols as d[...]

  • Page 653

    32-30 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring OSPF Changing LSA Gro up Pa cing The OSPF LS A gr oup pa cing featur e a llows the router to gr oup OSPF L SAs and pac e the refr eshing, check- summi ng, and a ging functions f or mo re efficient rout er use .[...]

  • Page 654

    32-31 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Config uring OS PF T o return to the default v alue, u se the no timers lsa-gr oup-pacing ro uter c on figurat ion co mma nd . Configurin g a Lo opback In terface OSPF uses the highest IP address configured on the inter[...]

  • Page 655

    32-32 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing EIG R P Configuring EIGRP Enhanc ed IGRP (E IGRP) is a Cisco p rop rieta ry enha nce d vers ion of the IGRP . E IGR P use s t he sa me dista nce v ector algo rithm and d istance informa tion as IGRP; ho wev er[...]

  • Page 656

    32-33 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring EIGRP • Arbitr ary route s ummari zation. • EIGRP scal es to larg e networks . EIGRP has these fo ur bas ic c omponen ts: • Neighbor di scovery and recovery is the process th at routers use to dynamic [...]

  • Page 657

    32-34 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing EIG R P Default EIGRP Configuration T ab le 32-7, Part 1 sho ws the defa ult EIGRP config uration. T able 32-7 , P ar t 1 Def ault EIGRP Conf igur ation Feature D e fault Se tting Auto summa r y Enabled. Sub p[...]

  • Page 658

    32-35 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring EIGRP T o create an EIGRP rout ing process, yo u must enable EIGRP and asso ciat e networks. EIG RP sends updates to the interf aces in the specif ied networks. If you do not specify an interface netw ork, i[...]

  • Page 659

    32-36 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing EIG R P Configuring EIGRP Interfaces Other o pt iona l E IGRP pa rame ter s c an b e configure d on a n in terfa ce bas is. Beginn ing in pri vilege d EXEC mode, follo w th ese steps to conf igure EIGRP interf[...]

  • Page 660

    32-37 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring EIGRP Configuring EIGRP Route Authentication EIGRP r oute aut hent ic ati on pr ovides MD 5 au th ent ica tion o f rou tin g upda tes fr om the EIG RP rout ing protocol to prev ent the introdu ction of unaut[...]

  • Page 661

    32-38 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Monitoring and Maintaining EIGRP Y o u can de lete nei ghbors fr om the neighbo r tabl e. Y ou can a lso di splay various EIG RP routing stati stics. T ab le 32-8 list s the privileged E X EC c omm an ds[...]

  • Page 662

    32-39 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP Figur e 32-4 EBGP , IBGP , and Multiple A ut onomous S yst ems Before exch anging in format ion with an external AS, BGP en sures that ne tworks wi thin the AS c an be reached by defining inte rnal BGP p[...]

  • Page 663

    32-40 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP BGP V e rsion 4 suppo rts cla ssless inte rdomain ro uting (C IDR) so you can reduc e the size of you r routi ng table s by creat ing ag gregate rout es, res ulti ng in superne ts . CIDR eliminates the c[...]

  • Page 664

    32-41 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP BGP confede ration iden tif ier/peers • Identifie r: Non e conf igured . • Peers: Non e identif ied. BGP Fa st ex ternal f allo ver Enabled . BGP loc al prefere nce 100 . The ra nge is 0 to 4294 9672[...]

  • Page 665

    32-42 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Enabling BGP Routing T o e nable BGP r outing, you establis h a BGP rou ting proc ess and define the lo cal network. Be cause BGP must completel y recognize the relationship s with its neighbors, you mus[...]

  • Page 666

    32-43 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP The sw itc h supp ort s th e use of pr ivate AS num ber s, usual ly a ssign ed by ser vic e prov ide rs and given to systems whose r outes a re not advertised to external n eighbor s. Th e private AS nu [...]

  • Page 667

    32-44 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Use the no router bgp au tonomous-syste m globa l configura tion com mand to remove a BGP AS. Use the no network ne twork-n umbe r router co nfiguration comma nd to remove the network from t he BGP table[...]

  • Page 668

    32-45 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP Managing Routing Polic y Change s Routing pol icies fo r a peer i nclude al l the con figurations tha t might affec t inb ound or ou tboun d routi ng table u pdates. Wh en you have defined two rout ers a[...]

  • Page 669

    32-46 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Configuring BGP Decision Attributes When a BGP speak er receiv es updates f rom multiple autonomous systems th at describe dif ferent paths to the sa me destination, it must cho ose the singl e best path[...]

  • Page 670

    32-47 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP 9. Prefer the route that ca n be reac hed thro ugh the cl osest IG P nei g hbor (t he lowest IGP metric). This means tha t the router will prefer the shortest internal p ath within t he AS to re ach the [...]

  • Page 671

    32-48 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Use the no form of ea ch comma nd to return t o the defau lt stat e. Configuring BGP Filtering with Route Maps W ithin B GP , ro ute m aps c an be used to cont ro l a nd t o m odif y routin g i n forma t[...]

  • Page 672

    32-49 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP Configuring BGP Filtering by Neighbor Y ou can filter BGP adv ertisements by using AS-path fil ters, such as the as-path access-li st glob al configurat ion c omm and an d th e neighbor filt er - list ro[...]

  • Page 673

    32-50 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Configuring Prefix Lists for BGP Filtering Y ou can use pr efix lists as an alternati v e to access lis ts in man y BGP route f iltering commands, in cluding the neighbor dist rib ute-list route r config[...]

  • Page 674

    32-51 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP T o delete a pref ix list and a ll of its entries, use the no ip pref ix-list list-name global co nfiguration command. T o delete an entry from a pr efix list, us e the no ip pre fix- list seq seq-value [...]

  • Page 675

    32-52 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Beginn ing in pri vilege d EXEC mode, follo w th ese steps to create and to apply a commu nity list: Configur ing BGP Ne igh bors and P e er Gr oups Often m any BGP ne ighbo rs are c onfigured wi th t he[...]

  • Page 676

    32-53 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP Beginning in privileged E XEC mo de, use thes e c omma nds to con figure B GP pee rs: Command Purpo se Step 1 co nfi gure terminal En ter glob al configurat ion mode . Step 2 r o uter bgp autonomous-syst[...]

  • Page 677

    32-54 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP T o disable an exis ting B GP nei ghb or or ne ighb or pee r g rou p, use the neighbor shutdown router configurat i on comm and. T o enab le a previously exist ing neig hbor or nei g hbor pee r group tha[...]

  • Page 678

    32-55 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP T o delete an ag gre gate en try , u se the no aggregate-address addr e ss mask r outer c onfiguration comma nd. T o return opt ions to th e def ault v alues, use the co mmand with ke ywor ds. Configurin[...]

  • Page 679

    32-56 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Configuring BG P Route Reflectors BGP requ ires tha t all of the IB GP speake rs be ful ly mesh ed. When a rout er rece i ves a ro ute from an ext ernal nei ghbor , it must adv ertise it to all internal [...]

  • Page 680

    32-57 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring BGP Configurin g Route Damp enin g Route f l ap da mp enin g is a B GP fe at ure de signed to min imize t he p rop agati on of f l apping rout es acro ss an interne twork. A rou te is considered to be flappi[...]

  • Page 681

    32-58 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Conf igu rin g BGP Monitoring and Maintaining BGP Y ou can remo ve all c ontents of a p articular c ache, table, or databa se. This might be n ecessary wh en the contents of the partic ular structu re hav e become or are s[...]

  • Page 682

    32-59 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring Multi-VRF CE Configuring Multi -VRF CE V irtua l Priv a te Networks (V PNs) provide a secu re way for custom ers to share ba ndwidth over an ISP backbon e network . A VPN is a colle ction of sites sharin g a[...]

  • Page 683

    32-60 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring Mul ti-VRF CE sites partic ipate in the same VPN. Each V PN is m apped to a specif ied VRF . A fter learnin g local VPN rout es from CEs, a PE ro uter excha nges VPN rou ting infor matio n with other PE rou ter[...]

  • Page 684

    32-61 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring Multi-VRF CE This is the packet-fo rwarding proce ss in a multi- VRF-CE-enabled netwo rk: • When the switch rece i ves a packe t from a VPN , the sw itch looks up the routing table based on the input pol i[...]

  • Page 685

    32-62 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring Mul ti-VRF CE • Multi-VRF CE lets multip le customer s share t he same p hysical link between t he PE and t he CE. T r unk ports with multiple VLANs separate packets among customers. Each customer has its own[...]

  • Page 686

    32-63 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring Multi-VRF CE Use t h e no ip vrf vrf-name global con figu ration command to delete a VRF and to remov e all inter faces from it. Use the no ip vrf f or warding inter face c onf igura tion comm and to remo v [...]

  • Page 687

    32-64 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Use t he no r o uter ospf pr ocess-id vrf vrf-nam e global con figuration c ommand t o disass ociat e the V PN forwarding table from the OSPF routing p rocess. Configuring BG P PE to CE Routing Se[...]

  • Page 688

    32-65 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring Multi-VRF CE Figur e 32-6 Multi-VRF CE Conf igur ation Example Configur ing Switch A On Switch A, enable routing and conf igure VRF . Switch# configure terminal Enter configuration commands, one per line. En[...]

  • Page 689

    32-66 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Switch(config)# interface gigabitethernet1/0/5 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# no ip address Switch(config-if)# [...]

  • Page 690

    32-67 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Configuring Multi-VRF CE Switch(config-router)# address-family ipv4 vrf vl1 Switch(config-router-af)# redistribute ospf 1 match internal Switch(config-router-af)# neighbor 38.0.0.3 remote-as 100 Switch(config-router-af)[...]

  • Page 691

    32-68 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configuring Mul ti-VRF CE Router(config-vrf)# exit Router(config)# ip cef Router(config)# interface Loopback1 Router(config-if)# ip vrf forwarding v1 Router(config-if)# ip address 3.3.1.3 255.255.255.0 Router(config-if)# e[...]

  • Page 692

    32-69 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Confi guring Protocol -Ind ependent Fe atures Configuring Proto col-Independ ent Features This secti on descri bes how to configure IP routing pro tocol -independ ent fea tures. For a comp lete descript ion of the I P r[...]

  • Page 693

    32-70 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing Protocol-I nde penden t Feature s detail pri vileged EXE C comm and ca n be u seful t o debug soft ware-f orwarded traffic. T o enabl e CEF o n an interf ace for the softw are-forw arding path, use the ip rout[...]

  • Page 694

    32-71 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Confi guring Protocol -Ind ependent Fe atures Use the no maximum-paths router con figurati on comm and to rest ore the de fault value. Configuring Static Unicast Routes Static uni cast rout es are use r-d ef ined route [...]

  • Page 695

    32-72 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing Protocol-I nde penden t Feature s Static rout es tha t po int to an int erfac e a re a dver tised t hrough RI P , IGR P , and oth er dy nami c r outi ng protocol s, w heth er o r n ot sta tic re d is t r i bu [...]

  • Page 696

    32-73 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Confi guring Protocol -Ind ependent Fe atures When default in format ion is passed th rough a dy namic ro uting pro tocol, no fur ther con figuration i s required. The system pe riodically scans its routing table to cho[...]

  • Page 697

    32-74 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing Protocol-I nde penden t Feature s Beginning in privileged EXEC mo de, follow these steps t o con f ig ur e a route map for redistribution : Comma nd Pu rpos e Step 1 conf igure t erminal Enter glob al configur[...]

  • Page 698

    32-75 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Confi guring Protocol -Ind ependent Fe atures T o delete an entry , use the no route-map map tag global c onfiguration c ommand or the no match or no set route- map con f igurati on comm ands. Y o u can distri bute rout[...]

  • Page 699

    32-76 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing Protocol-I nde penden t Feature s Beginn ing in pr i vilege d EXEC mode, follo w these steps to contro l route redistrib ution. No te that the keywords are the same as defined in th e previous proce dure. T o [...]

  • Page 700

    32-77 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Confi guring Protocol -Ind ependent Fe atures W ith PBR, you class ify traf fic usi ng access con trol list s (A CLs) and then mak e traf fic go thr ough a dif ferent path. PBR is appl ied to inco ming pack ets. All pa [...]

  • Page 701

    32-78 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing Protocol-I nde penden t Feature s Enabling PBR By default, PBR is d isable d on t he sw itch. T o ena ble PBR, y ou mu st create a r oute m ap tha t sp eci fies the match crite ria and the resulting actio n if[...]

  • Page 702

    32-79 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Confi guring Protocol -Ind ependent Fe atures Use the no route-map map-tag g l obal configura tio n com ma nd or t he no match or no set rou te-ma p conf iguratio n commands to delete an entry . Use the no ip policy r o[...]

  • Page 703

    32-80 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing Protocol-I nde penden t Feature s Beginn ing in pri vileg ed EXEC mode, follo w these steps to conf igure passi ve interfac es: Use a net work monit oring privileged EXEC co mman d such as show ip ospf interf [...]

  • Page 704

    32-81 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Confi guring Protocol -Ind ependent Fe atures Use the no distr ibute-list in router con fi guratio n command to ch ange or c ancel a f ilter . T o cancel suppressi on of ne twork a dvertise ment s in u pdat es, u se the[...]

  • Page 705

    32-82 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Configur ing Protocol-I nde penden t Feature s Managing Authen tication Keys Ke y manageme nt is a meth od of co ntrolling a uthent ication keys used by routing protoc ols. Not all protocol s can use key manageme nt. Authe[...]

  • Page 706

    32-83 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unic as t Rou ting Monitoring and Maintaining the IP Network Monitoring and Maintaining the IP Network Y o u can remove all conte nts of a parti cular cache, ta ble, or data base. Y ou can al so display spe cific statistics. Use the pri v[...]

  • Page 707

    32-84 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 32 Configuring IP Unicast Routing Monito rin g and Mai nt aining th e IP Ne twork[...]

  • Page 708

    C HAPTER 33-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 33 Configuring HSRP This ch apter descr ibes how to us e Hot Sta ndby Router Protoco l (HSRP) on th e Cisco ME 34 00 Etherne t Access sw itch to provi de ro uti ng redu ndancy f or ro uti ng IP traffic witho ut be ing de pend en t on the av ailab ility of [...]

  • Page 709

    33-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Unders tan din g H SRP HSRP provides hi gh network availability by providing redundan cy for IP traff ic fro m hosts on ne tworks. In a gr oup o f r oute r inter fac es, th e ac tive router is th e rou ter of cho ic e f or ro utin g pack[...]

  • Page 710

    33-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Unde rsta ndi n g HS RP Figur e 33-1 T ypical HSRP Configur ation Multiple HSRP The switch sup ports Mu ltip le H SRP (MHSRP), an e xten sio n of HSRP that a llo ws load sharing betw een two or more HSRP gr oups. Y ou can c onfigure MHSR[...]

  • Page 711

    33-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Configuring HSRP Figu re 33- 2 M HSR P Load Sharing Configuring HSRP These sec tions co ntain this configura tion info rmat ion: • Default HS RP Configuration , page 33-4 • HSRP Configur ation G uide lin es, pa ge 33 -5 • Enab lin [...]

  • Page 712

    33-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Configur ing HSR P HSRP Configuration Guidelines Foll ow these guide lines when con figurin g HSRP: • HSRP ca n b e co nfigur ed on a m ax imum o f 32 VL AN or r out ing in te rface s. • In the procedu res, the specif ied interface m[...]

  • Page 713

    33-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Configuring HSRP Use the no standby [ gr oup- number ] ip [ ip- addr ess ] inte rfa ce co nfigurat ion c omm and to disa ble HS RP . This example shows ho w to activ ate HSRP fo r group 1 on a port . The IP a ddress use d by the hot stan[...]

  • Page 714

    33-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Configur ing HSR P • The hig hest number ( 1 to 255 ) represe nts the hi ghest prior ity (most likely t o become the ac tiv e router ). • When setting the prio rity , preempt, or both, you must specify at least one ke ywor d ( priori[...]

  • Page 715

    33-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Configuring HSRP Use the no standby [ gr oup-numbe r ] priority priority [ preempt [ delay delay ]] and no standby [ gr oup-num ber ] [ priority p riority ] pr eempt [ delay delay ] interface conf igurati on commands to restore def ault [...]

  • Page 716

    33-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Configur ing HSR P Configuring MHSRP T o enable M HSRP and lo ad ba lancing, you co nfigure two rou ters as ac tiv e routers for thei r groups, w ith virtual rou t ers as st andby rout ers. This exam ple shows ho w to en ab le the MHSRP [...]

  • Page 717

    33-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Configuring HSRP Beginning in privileged EXE C mo de , us e on e o r m ore of t hes e ste ps to c onfigu re H SRP au then t ica tio n and ti mers on an interf ace: Use the no standby [ gr oup- number ] authenti cati on string interfac e[...]

  • Page 718

    33-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Displaying HSRP Configu rations Enabling HS RP Sup port for ICMP Redirect M essage s IC M P ( In t e r ne t C o n tr o l Me s sa g e P r o to c o l ) redirect messages are automatically enab led on interfaces configured with HSRP . Th i[...]

  • Page 719

    33-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 33 Configuring HSRP Displaying HSRP Configu rations[...]

  • Page 720

    C HAPTER 34-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 34 Configuring IP M ulticast R outing This c hapt er d escri b es how to c onfigure IP mul tica st ro ut ing on the Cisco ME 3 400 Et herne t A cce ss switch . IP multicas ting is a more ef fic ient way to use network resour ces, especi ally for bandwidt h[...]

  • Page 721

    34-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Unders tan ding Cisco ’ s Im plement at ion of IP Mu lticast Rout in g Understandin g Cisco’s Imp lementati on of IP Multicast Ro uting The swit ch supports these protocols to implem ent IP multic ast routin g: • In[...]

  • Page 722

    34-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Unde rstanding Cisco’s Implementa tion of IP Multicast Routing IGMP Version 1 IGMP V ersion 1 (IGMPv1) p rimar ily u ses a q u ery-r esponse m o del th at e nab les the m u ltica st r oute r and multilaye r switch to [...]

  • Page 723

    34-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Unders tan ding Cisco ’ s Im plement at ion of IP Mu lticast Rout in g PIM Modes PIM can oper ate in dense mode (DM), sparse mode (SM), o r in sparse- dense m ode ( PIM DM -SM), which hand les both spars e groups and de[...]

  • Page 724

    34-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Unde rstanding Cisco’s Implementa tion of IP Multicast Routing switch es to a stati cal ly conf igu red RP th at wa s def ined with the ip pim r p-addr ess global configura tion command. If no staticall y conf igured [...]

  • Page 725

    34-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Unders tan ding Cisco ’ s Im plement at ion of IP Mu lticast Rout in g Some multica st routing protocols m aintain a separate multicast r outing table and use it for the RPF check. Howe ver , PIM uses the unica st routi[...]

  • Page 726

    34-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring IP Multicast Routing Configuring IP Multicast Routing These sec tions co ntain this configura tion info rmat ion: • Default Mu lticast Routing Con f igura tion, page 34-7 • Multicast Routing Conf igu rat[...]

  • Page 727

    34-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con fi gur ing IP Mu ltic ast R ou ti ng PIMv1 and PIMv2 Interop erability The Cisco PIMv2 implementat ion prov ides interoperability and transition between V e rsion 1 and V e rsion 2 , altho ugh there might be some min [...]

  • Page 728

    34-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring IP Multicast Routing • If you have non-Cisco PIMv2 routers that ne ed to inter operat e with Cisco PIMv1 ro uter s and multilaye r switches, bo th Auto-RP and a BSR are required. W e recommend that a Cisco[...]

  • Page 729

    34-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con fi gur ing IP Mu ltic ast R ou ti ng T o disable multicasting, use the no ip multic ast-routing distribut ed gl obal configura tion com mand. T o return to the def ault PIM v ersion, use the no ip pim version interfa[...]

  • Page 730

    34-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring IP Multicast Routing Manually Assigning an RP to Multicast Groups This se cti on expla ins how to manu al ly co nfigure an RP . If t he RP f or a group i s le a rned thro ugh a dynami c me cha nis m (suc h [...]

  • Page 731

    34-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con fi gur ing IP Mu ltic ast R ou ti ng T o remov e an RP address , use the no ip pi m rp-addre ss ip-addr ess [ access-l ist-number ] [ override ] global configurat ion comm and. This example shows ho w to configure th[...]

  • Page 732

    34-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring IP Multicast Routing Adding A uto-RP t o an Existing Sparse-Mode Cloud This sec tion contains some suggestio ns for the initial de ployment of Auto-RP i nto an e xisting sparse-mod e cloud to minimize disru[...]

  • Page 733

    34-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con fi gur ing IP Mu ltic ast R ou ti ng T o remove the PIM device configur ed as t h e cand id ate R P , u se the no ip pim send-rp-announce interface- id global configu ration c omma nd. T o rem ove the sw itch as the [...]

  • Page 734

    34-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring IP Multicast Routing Filtering Incoming RP Announcement Messa ges Y o u can ad d configur ation comma nd s to t he mapping agen ts to prevent a malici ously con figured ro uter from masq uera ding as a cand[...]

  • Page 735

    34-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con fi gur ing IP Mu ltic ast R ou ti ng This exam ple sh ows a samp le configur ati on on a n Au to -RP ma pp ing a gen t that i s us ed to prevent candida te RP annou ncements from be ing accep ted from unau thorize d [...]

  • Page 736

    34-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring IP Multicast Routing T o remov e the PIM bord er , use the no ip pim bsr -border interf ace conf iguration comm and. Figur e 34-2 Constr aining PIM v2 BSR Me ssag es Defini ng the IP Multi cast Bou ndary Y [...]

  • Page 737

    34-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con fi gur ing IP Mu ltic ast R ou ti ng T o remove the bounda ry , use th e no ip multicast boundary in terface conf igura tion comman d. This e xample sho ws a portion of an IP multicast boundary configu ration that de[...]

  • Page 738

    34-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring IP Multicast Routing This examp le shows ho w to configu re a candida te BSR, whi ch uses the IP a ddress 1 72.21.24. 18 on a p ort as the adv ertised BSR addr ess, uses 30 bits as th e hash-ma sk-len gth, [...]

  • Page 739

    34-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con fi gur ing IP Mu ltic ast R ou ti ng T o remo ve this de vice as a cand idate RP , use th e no ip pim rp-candidate interface-id global configurati on comm a nd. This e x ample sho ws how to conf igure t he switch to [...]

  • Page 740

    34-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Confi guring Ad vanced P IM Feat ures Monitoring the RP Mapping Information T o monitor the RP mapping information, use th ese commands in pri vileged EXEC mode: • show i p pim bsr displays infor mation about the ele[...]

  • Page 741

    34-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Configur ing Advan ced PIM Fea tures Figur e 34-3 Shar e d T re e and Sour ce T ree (Shor test -P ath T re e) If the d ata r ate warr an ts , le af rou ters (r oute rs with out any downst ream c onn ect ions) o n th e sh[...]

  • Page 742

    34-23 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Confi guring Ad vanced P IM Feat ures Delaying the Use of PIM S hortest-Path Tree The ch ange from shar ed to sour ce tr ee ha ppens wh en the first da ta packe t arrives at the las t-hop rou ter (Route r C in Figur e [...]

  • Page 743

    34-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Configur ing Advan ced PIM Fea tures T o return to the default setting, use the no ip pim spt-thre shold { kbps | infinity } global co nfigurati on comm and. Modifying th e PIM R outer-Query Mes sage Interval PIM routers[...]

  • Page 744

    34-25 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring Optional IGMP Features Configuring Optio nal IGMP Features These sec tions co ntain this configura tion info rmat ion: • Default IG MP Configurat ion, pa ge 34-25 • Configuring the Swi tch as a Me mber [...]

  • Page 745

    34-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con f i gur ing Op ti o n a l IG M P Fea tu res Beginn ing in pr i vilege d EXEC mode, follo w these steps to conf ig ure the switch to be a m ember of a group. T his pro cedu re is opti onal. T o cancel mem bersh ip in [...]

  • Page 746

    34-27 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring Optional IGMP Features T o disable gro ups on an interfa ce, use the no ip igmp access-g roup interfac e conf iguration comman d. This exampl e shows ho w to configure hosts attache d to a port as able to j[...]

  • Page 747

    34-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con f i gur ing Op ti o n a l IG M P Fea tu res T o return to the default setting, use the no ip igmp v ersion inter face con fig urat ion comman d. Modifying th e IGMP Host-Qu ery Messa ge In terval The switch pe riodic[...]

  • Page 748

    34-29 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring Optional IGMP Features Changing the IGMP Q uery Timeo ut for IGMPv 2 If you are usi n g IGMPv 2 , you can spe cify the p eriod of time bef ore the swit ch takes over as the que rier for the interf ace. By d[...]

  • Page 749

    34-30 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Con f i gur ing Op ti o n a l IG M P Fea tu res T o return to the default setting, use the no ip igmp query-max -resp onse-time interf ace conf igurati on comm and. Configurin g the Switc h as a S tatically C onnected Me[...]

  • Page 750

    34-31 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring Optional Multicast Routing Features Configuring Optio nal Multicast Routin g Feature s These sections describe how to configur e optional multicast rou ting features: • Configuring sd r L ist ener Sup por[...]

  • Page 751

    34-32 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Configur ing Optiona l Multic as t Routing Feat ures Limiting How Long an sdr Cache Entry Exists By default, en tries are ne ver deleted from the sdr cache . Y ou can limit ho w long the entry remains acti ve so that if [...]

  • Page 752

    34-33 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Configuring Optional Multicast Routing Features Figur e 34-4 A dministr atively -Scope d Boundar ies Y o u can d efine an ad minist rativ e ly-sco ped b oundary on a routed inter face for m ultica st group addr esses. [...]

  • Page 753

    34-34 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Mon i tor in g an d Mai nt a in in g IP M ultic as t Rou ting T o remove the bounda ry , use th e no ip multicast boundary in terf ace conf igura tion comman d. This example shows ho w to set up a bounda ry for all ad mi[...]

  • Page 754

    34-35 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Mu ltic ast Routing Monitoring and Maintaining IP Multicast Routing Y o u can displ ay i n forma tio n to le ar n r esour ce u t iliz ation a nd solve ne twork p rob lem s. Y ou can al so display i nformation a bout node r eachability and[...]

  • Page 755

    34-36 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 34 Configuring IP Multicast Routing Mon i tor in g an d Mai nt a in in g IP M ultic as t Rou ting[...]

  • Page 756

    C HAPTER 35-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 35 Configuring MSDP This ch apter descr ibes ho w to conf igure the Multicas t Source Disco very Proto col (MSDP) on the Cisco ME 3400 Ethe rnet Access sw itch. The MSDP co nne ct s multip le Pro toco l-In de pende nt Mu ltic ast sparse-m ode (PIM-S M) dom[...]

  • Page 757

    35-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Unders tan din g MSDP MSDP Operation Figure 35-1 sho ws MSDP operati ng bet ween two MSD P peers . PIM uses MSD P as the st andard mechanis m to re gister a so urce with the RP of a domain. When MSDP is co nf igured, th is sequen ce oc[...]

  • Page 758

    35-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Understandi ng MSDP Figur e 35-1 MSDP Running Be tween RP P eers MSDP Benefits MSDP has these benef its: • It break s up the shared mu lticast distr ib ution tree. Y ou can mak e the shar ed tree lo cal to your domain. Y our local memb[...]

  • Page 759

    35-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP Configuring MSDP These sec tions co ntain this configura tion info rmat ion: • Default MS DP Configurati on, page 35-4 • Configuring a D efault MSD P Pe er, page 35 -4 (r equire d) • Cachin g Sour ce -Ac tive [...]

  • Page 760

    35-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Configuring MSDP Figur e 35-2 Def ault MSDP P eer Netw or k Beginning in pr i vileged EXEC mode, fo llow these step s to specify a de fault MSDP peer . This procedur e is required. ISP A PIM domain ISP C PIM domain SA Router A Switch B 1[...]

  • Page 761

    35-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP T o remov e the def ault peer , use the no ip msdp default-peer ip- ad dress | name globa l c on figuration comm and. This exam ple shows a partia l co nfiguration of Ro uter A and Ro uter C in F igure 3 5-2 . Each [...]

  • Page 762

    35-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Configuring MSDP Beginn ing in pri vileged EXE C mode, follo w these steps to enab le the c aching of source /group pairs. This procedur e is optional. Note An alternati v e to this co mmand is th e ip msdp sa-re quest globa l configurat[...]

  • Page 763

    35-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP Requestin g Source Info rmation fro m an MSDP Peer Local RPs can send SA r eq uests and ge t i mmed iat e r esponse s f or a ll act ive sources fo r a given group. By default, the swi tch does no t se nd any SA r eq[...]

  • Page 764

    35-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Configuring MSDP Redistributing Sources SA message s ori ginat e on RPs to which sou rces have registered. By defau lt, a ny sour ce that regist ers with an RP is adv ertised. The A fl ag is s et in the RP wh en a source is re g ister ed[...]

  • Page 765

    35-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP T o remove th e filte r , use the no ip msdp redi stribut e globa l c onfigurati on com ma nd. Step 3 access-list access-list- number { deny | permit } sourc e [ sour ce -wi ldca r d ] or access-list access-list- n[...]

  • Page 766

    35-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Configuring MSDP Filtering Source- Active R equest Messages By default, only switc hes tha t are ca ch in g SA informa tion can respon d to SA req uests. By def ault, such a switch honor s all SA reque st messages fr om its MSDP peers a[...]

  • Page 767

    35-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP Controlling Source Information that Your Switch Forwards By def ault, the switch forw ards all SA messages i t recei ves to all its MSDP pee rs. Ho we ver , you can prev ent o utgoi n g me ssag es fr om bei ng forw[...]

  • Page 768

    35-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Configuring MSDP T o remove th e filte r , use the no ip msdp sa-f ilter out { ip- ad dress | nam e } [ list access-list-number ] [ ro ut e -m a p map- tag ] glo bal configurat ion com ma nd. This e xample sho ws how to allo w only ( S,[...]

  • Page 769

    35-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP Using TTL to Limit the Multicast Data Sent in SA Messages Y ou can use a TTL v alue to co ntrol what data is en capsula ted in th e fir st SA messag e for e v ery sour ce. Only mu lticast pa ckets w ith an IP- head[...]

  • Page 770

    35-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Configuring MSDP Beginn ing in pri vilege d EXEC mode, follo w th ese steps to apply a f ilter . This procedure is optional. T o remove th e filte r , use the no ip msdp sa-filt er in { ip-address | name } [ list access-list- number ] [[...]

  • Page 771

    35-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP Config ur ing an MS DP Mes h Gr ou p An MSDP me sh gro up is a gro up of M SDP spea kers tha t hav e fully me shed MSDP c onnect i vity amo ng one anot her . A ny SA messages re ceived from a peer in a mesh group a[...]

  • Page 772

    35-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Configuring MSDP Beginning in privileged EXEC mo de, f ollow these step s to shut down a peer . This pro cedure is o ptiona l. T o bring the pe er back up , use the no ip msdp shutdown { peer -name | peer address } glob al conf iguratio[...]

  • Page 773

    35-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Conf igu ring M SDP Note that the ip msdp originator -id global conf iguration command also identif ies an inter face to be used a s the RP addr ess. If both the ip msdp border sa-addr ess and t he ip msdp originator -id glob al confi[...]

  • Page 774

    35-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 35 Configuring MSDP Monitoring and Maintaining MSDP Monitoring and Maintaining MSDP T o monitor MSD P SA messages , peers, sta te, or peer status, use one or more of the privileged EXEC comm ands in Ta b l e 3 5 - 1 : T o clear MSDP conne ctions, stati sti[...]

  • Page 775

    35-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chap ter 35 Configur ing MSDP Monito rin g and Maint ain ing MSDP[...]

  • Page 776

    C HAPTER 36-1 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 36 Troubleshooting This chapter descr ibes ho w to identify and resolv e software pro blems relat ed to the Cisco IOS software on the Cisco ME 3 400 switch. Y ou can use the comm and-line in terfa ce (CLI) to id entify and solve pr oblems. Additional troub[...]

  • Page 777

    36-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Recovering f rom Corrupt ed Software By Using the Xmode m Protocol Recovering fro m Corrupte d Softwa re By Using the Xmodem Protocol Switch software can be cor ru pted du ring an up grade , by downloadin g the wr ong file to the swi tc[...]

  • Page 778

    36-3 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Recovering fr om a Lost or Forgot ten Password Step 6 Press the break k ey , an d at th e sam e time , reco nnect t he po wer cord to the switch . Y o u can rel ease the bre ak key a second or two after t he LED ab ove port 1 goes off. [...]

  • Page 779

    36-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Recoveri ng f rom a Lost or F org otten Pass word The C isco ME swi tch boo t load er use s br eak- key dete ction to stop the a ut oma tic boot seque nc e for the password r ecovery purpo se. Note The break ke y character is di f feren[...]

  • Page 780

    36-5 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Recovering fr om a Lost or Forgot ten Password • If you see a messag e that begins wit h this: The password-recovery mechanism has been triggered, but is currently disabled. proceed to th e “Procedure w ith Password Recovery Disable[...]

  • Page 781

    36-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Recoveri ng f rom a Lost or F org otten Pass word Step 7 A t th e sw itch pr om pt, en ter privileged EXE C m ode: Switch> enable Step 8 Rename the conf iguration f ile to its original name: Switch# rename flash: config.text.old flas[...]

  • Page 782

    36-7 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Recovering fr om a Lost or Forgot ten Password Procedure w ith Password R ecovery Dis abled If the p assword-rec overy mechanism is disabled, this message appears : The password-recovery mechanism has been triggered, but is currently di[...]

  • Page 783

    36-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Preventing Autone gotiati on M ismatche s Step 6 En ter glob al configur ation mode : Switch# configure terminal Step 7 Cha nge the password: Switch (config)# enable secret password The secre t passwo rd can b e from 1 to 25 alphan umer[...]

  • Page 784

    36-9 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng SFP Module Security and Identification SFP Module Security and Iden tification Cisco small form -factor plugga ble (SFP) mo dules have a serial EEPRO M that contai ns the modu le serial number, the v endor na me and I D, a unique securi[...]

  • Page 785

    36-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Using P in g Using Ping These se ctions conta in this inf ormation: • Understa ndin g Ping , page 36 -10 • Using Ping, pa ge 3 6-1 0 Understand ing Ping The Ci sco M E swit ch sup por ts I P pi ng , w hich yo u can use t o test co [...]

  • Page 786

    36-11 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Using Ping All Softwa re Ver sions For all softw are image s for th e Cisco ME swit ch, you can us e a Layer 3 service policy to enab le pings from the switch to a host connecte d to a UN I. Note For a sw itc h ru nnin g the m etro IP [...]

  • Page 787

    36-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Using P in g IP Routing and SVI IP rout ing is onl y suppor ted on UN Is w hen t he switc h is ru nning t he m etr o IP a cce ss im age . Y o u can use this con figuration to ena ble IP ro uting and e nable pings fro m an SVI t o a hos[...]

  • Page 788

    36-13 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Using Layer 2 Tr aceroute Summary Keep these guideli nes in mind while pingi ng: • IP routing is a v ailable only with the metro IP access image and is disable d by defa ult. • T o pi ng a host in a di fferent IP subnetwor k from t[...]

  • Page 789

    36-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Using La ye r 2 Tracer oute Layer 2 Tracerou te Usage Gu idelines These a re the Layer 2 trac eroute usag e guideli nes: • Cisco Discovery Protocol (CDP) must be enabled on a ll the devices in the ne twork. For Layer 2 tracero ute t [...]

  • Page 790

    36-15 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Using IP Traceroute Displaying the Physical Path Y o u can displa y the physic al path tha t a packet takes fro m a sourc e device to a destinat ion device by using on e of the se pr ivileged EXE C c omma nds: • tracet route mac [ in[...]

  • Page 791

    36-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Using I P Trac eroute port-unreachable error to the so urce. Be cause all errors e xcept por t-unre achable errors co me from intermediate hops, t he receip t of a port-unreac hable er ror means th at this message wa s sent b y the des[...]

  • Page 792

    36-17 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Usin g TD R T o end a trace in pr ogress , enter the escape seque nce ( Ctrl- ^ X by default ). Simu ltane ously pr es s and release th e Ctrl , Shif t , and 6 keys , and then pres s the X key . Using TDR These se ctions conta in this [...]

  • Page 793

    36-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Using D ebug Command s Using Debug Commands These sec tions explains how you use debug comma nds to di agnose an d reso l ve int erne twork ing problems: • Enab ling D e bugging o n a Spe cific Fea ture , page 36- 18 • Enab ling A [...]

  • Page 794

    36-19 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Using the show platf orm forwa rd Command Enabling All-Sy stem Diag nostics Beginn ing in pri vileged EXE C mode, ent er this comm and to enabl e all-system d iagnostics: Switch# debug all Cautio n Because debugging ou tput ta kes prio[...]

  • Page 795

    36-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Using the s how pl atform fo rward Com m and This is an example of t he output from the s h ow p l a tfo rm fo r w a r d com mand on Giga bit Ethe rnet port 1 in VLAN 5 wh en the pac ket ente ring that port is addr essed t o unknown MA[...]

  • Page 796

    36-21 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troublesho oti ng Using the show platf orm forwa rd Command ------------------------------------------ Packet 1 Lookup Key-Used Index-Hit A-Data OutptACL 50_0D020202_0D010101-00_40000014_000A0000 01FFE 03000000 Port Vlan SrcMac DstMac Cos Dscpv Gi0/2 00[...]

  • Page 797

    36-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Chapter 36 Troubl eshoot ing Using t he c rashinfo File Using the crashinfo File The crashinfo f ile sav es information that helps Cisco technical support repr esentati v es to debug problems t ha t c aused t he Cisco IO S imag e to f ail (cr ash). T he swi tch wr[...]

  • Page 798

    A- 1 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 APPEND IX A Supported MIBs This a ppend ix lis ts t he supp orte d mana geme nt i nfor ma tio n base (MIBs) f or t his r ele as e on t he Cisco ME 3400 E thernet Access switc h. It cont ains thes e se ctions: • MIB List, pa ge A-1 • Usin g F TP to Acce ss th e [...]

  • Page 799

    A- 2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendi x A Suppor ted MIBs MIB Li st • CISCO- L2L3 -INT ERF A CE-CON FIG-M IB • CISCO-LAG-MIB • CISCO-MAC-NO TI FICA TION-MIB • CISCO- MEM OR Y -POO L-M IB • CISCO-P A E-MIB • CISC O- P AGP-MI B • CISCO-PING-MIB • CISCO- POR T -QO S-MIB • CISCO-P[...]

  • Page 800

    A-3 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix A Support ed MIBs Using FTP to Access the MIB Files • RFC1213-MIB (Fun ctionality is as per the agent capabilities specified in the CISCO-RFC1 213-CAP A BILITY .my .) • RFC1253-M IB (OSPF-MIB) • RMON-M IB • RMON2-MIB • SNMP -FRAM EWOR K-MIB • S[...]

  • Page 801

    A- 4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendi x A Suppor ted MIBs Using FTP t o Acces s the MIB Fi le s[...]

  • Page 802

    B-1 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 APPEND IX B Working with the Cisco IOS File System, Configuration Files, an d Software Images This ap pendix descr ibes how to ma nipula te the Cisco ME 3400 Ethern et Ac cess swit ch flas h file system, how to copy configurati on files, and h ow to archive (upload [...]

  • Page 803

    B-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w it h t he F lash File Sy st em Displaying Available File Systems T o di splay the available file s ystem s o n your sw itch , use t he show file systems pri vi[...]

  • Page 804

    B-3 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with the Flash File System Setting the Default File System Y ou can specif y the f ile system o r direct ory that the system uses a s the def ault file syst[...]

  • Page 805

    B-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w it h t he F lash File Sy st em Creating and Rem oving Directo rie s Beginning i n privileged E XEC mo de , fol low th ese s tep s t o cr ea te an d re move a d[...]

  • Page 806

    B-5 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with the Flash File System Some in valid combin ation s of source and dest inatio n exist. Specificall y , you cannot copy these comb inat ion s: • From a[...]

  • Page 807

    B-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w it h t he F lash File Sy st em Creating a tar File T o create a ta r f ile and w rite f iles into it, use this pri vileged EX EC command: ar chiv e tar /cr eat[...]

  • Page 808

    B-7 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with the Flash File System This e xample shows h ow to display the contents of a switch tar f ile that is in flash memory: Switch# archive tar /table flash:[...]

  • Page 809

    B-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files Working with Configuration Files This sec tion describes h o w to crea te, load, and mainta in conf iguratio n file s. Configuration f[...]

  • Page 810

    B-9 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Configuration Files Note Th e co py { ftp: | r cp: | tftp: } system:running-conf ig pri vileged EXEC co mmand loads t he conf igura tion f iles on the [...]

  • Page 811

    B-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files Copying Configuration Files By Using TFTP Y o u can configure th e switch by using co nfiguration files you cr eate, download fro m a[...]

  • Page 812

    B-11 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Configuration Files Step 3 Lo g in to the s witc h th rou gh the conso le por t or a T eln et sess ion. Step 4 Download the c onfigu ration f ile f ro[...]

  • Page 813

    B-12 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files When you c opy a co nfigurati on file fro m th e switc h t o a s er ver by usin g FT P , th e Ci sco I OS sof t ware sends the fir st[...]

  • Page 814

    B-13 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Configuration Files Downloading a Configura tion File By Using FTP Beginn ing in pri vile ged EXEC mode, follo w these steps to do wnloa d a config ur[...]

  • Page 815

    B-14 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files Uploading a Configuration File By Using FTP Beginn ing in pr iv ileged EXEC mode, f ollo w these steps to upload a c onfig uration f [...]

  • Page 816

    B-15 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Configuration Files Copying Configuration Files By Using RCP The RCP provide s another method of downloadi ng, uplo ading, a nd copyin g configuration[...]

  • Page 817

    B-16 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working w ith Con figuration Files • When you upload a f ile to the RCP server , it must be pr operly conf igur ed to acc ept the RCP write request fro m the user on [...]

  • Page 818

    B-17 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Configuration Files This exam ple sh ows how to specify a rem ote us er name of netadmi n1 . Then it copies th e conf iguration fil e host2-con fg fro[...]

  • Page 819

    B-18 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images This e x ample sho ws how to store a star tup conf iguration f ile on a server: Switch# configure terminal Switch(config)# ip rcmd remote[...]

  • Page 820

    B-19 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Software Images Y o u upload a swi tch image f ile to a TFT P , FTP , or RCP server for ba ckup purpo ses. Y ou can u se this uploaded image fo r futu[...]

  • Page 821

    B-20 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images Note Disr egard the st ack ing_ numbe r field. It does n ot app ly to the swi tch. Copying Imag e Files By Us ing TF TP Y ou can do wnloa[...]

  • Page 822

    B-21 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Software Images Preparing to Download or Uploa d an Image File By Using TFTP Before yo u begin dow nload ing or uplo ading an i mage file by using TFT[...]

  • Page 823

    B-22 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The do wnload algori thm veri fies that th e image is appropriate for the switch model and that enough DRAM is prese nt, or it abor ts th[...]

  • Page 824

    B-23 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Software Images Uploading an Image File By Using TFTP Y ou can upload an image f rom the switc h to a TFTP serv er . Y ou can la ter do wnload this im[...]

  • Page 825

    B-24 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images Preparing to Download or Uploa d an Image File By Using FTP Y o u can copy ima ges files to or from an FTP server . The FTP pr otoc ol r [...]

  • Page 826

    B-25 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Software Images Downloading an Image File By Using FTP Y ou can do wnload a n ew image f ile and o ver write the curren t image or k eep the curr ent [...]

  • Page 827

    B-26 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The do wnload algori thm veri fies that th e image is appropriate for the switch model and that enough DRAM is prese nt, or it abor ts th[...]

  • Page 828

    B-27 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Software Images Uploading an Image File By Using FTP Y ou can upload an image from the switch to an FTP serv er . Y ou can later down load this image [...]

  • Page 829

    B-28 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images Copying Image Files By Using RCP Y ou can do wnload a sw itch imag e fro m an RCP serv er or upload the im age from the swit ch to an RCP[...]

  • Page 830

    B-29 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Software Images Before yo u begin dow nload ing or upload ing an image file b y using RCP , do these tasks: • Ensure that the wor kstat ion acting a[...]

  • Page 831

    B-30 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The do wnload algori thm veri fies that th e image is appropriate for the switch model and that enough DRAM is prese nt, or it abor ts th[...]

  • Page 832

    B-31 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix B Workin g w ith the Cisco I OS File System, Conf igurati on F il es , and Softwa re Images Working with Software Images The alg orithm instal ls the downloaded image ont o the system boa rd flas h device (flash:). The imag e is placed into a ne w di rect[...]

  • Page 833

    B-32 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix B Working with the Cisco IOS File System , Co nfigurat ion Files, and S oftware Imag es Working wi th Soft ware Images The a rc hive upl oad-sw pri vileged EXE C command b uilds an image f ile on t he serve r by u ploading thes e fi les in order: in fo, th[...]

  • Page 834

    C-1 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 APPEND IX C Unsupported Co mmands in Cisco IOS Release 1 2.2(25) EX This app endix lists som e of the co mmand-line in terface (CLI) comm ands that ap pear when y ou enter t he question mark ( ?) a t t he C isco M etro Et herne t ( ME) 340 0 Et hern et Ac cess swi t[...]

  • Page 835

    C-2 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix C Unsupported C o mmands in Cisc o IOS Release 12.2 (2 5)EX Unsupp ort ed Debug Com m a nds Unsupported Interface Configuration Commands arp probe ip probe pr oxy Unsupported De bug Command s debug platf o rm cli-r edir ection ma in debug p latform c onfigu[...]

  • Page 836

    C-3 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix C Unsupp orted Com mands in Cisco IOS Re lease 12.2(25)E X Interface Command s Interface Command s Unsupporte d Privileged E XEC Co mmands show in terfac es [ interface-id | vlan vlan -id ] [ crb | fair -queue | irb | mac-acco unting | precede nce | irb | [...]

  • Page 837

    C-4 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix C Unsupported C o mmands in Cisc o IOS Release 12.2 (2 5)EX IP Unicas t Rou ti ng Unsupporte d Global Con figuratio n Commands All ip dvmrp commands ip pim accept- rp { addr ess | auto -rp } [ gr oup-access- list-numb er ] ip pim message-interv al seconds i[...]

  • Page 838

    C-5 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix C Unsupp orted Com mands in Cisco IOS Re lease 12.2(25)E X IP Unicast Routing show ip bgp dampene d-paths show ip bgp i nconsistent-as show i p bgp re gexp r e gula r e xpr es sion show i p pref ix-list r e gul ar e xpr ession Unsupporte d Global Con figur[...]

  • Page 839

    C-6 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix C Unsupported C o mmands in Cisc o IOS Release 12.2 (2 5)EX IP Unicas t Rou ti ng Unsupporte d BGP Router Co nfiguration Command s address-family vpn v4 default-inf ormation originate neighbor advert ise-map neighbor allo was -in neighbor default -originate[...]

  • Page 840

    C-7 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix C Unsupp orted Com mands in Cisco IOS Re lease 12.2(25)E X MAC Address C ommands MAC Address Comman ds Unsupporte d Privileged E XEC Co mmands show mac-addr ess-table show mac-addr ess- table addr ess show mac-addr ess-table aging-ti me show mac-addr ess- [...]

  • Page 841

    C-8 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix C Unsupported C o mmands in Cisc o IOS Release 12.2 (2 5)EX MSDP Unsupporte d Privileged E XEC Command s ar chiv e config remote command all sho w archi v e conf ig sho w archi v e log show cabl e-diagnostics prbs test cable-diagnostics prbs Unsupporte d sh[...]

  • Page 842

    C-9 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Append ix C Unsupp orted Com mands in Cisco IOS Re lease 12.2(25)E X QoS QoS Unsupporte d Global Con figuratio n Commands priority-list Unsupported Interface Configuration Commands priority-gr oup RADIUS Unsupporte d Global Con figuratio n Commands aaa nas port exte[...]

  • Page 843

    C-10 Cisco ME 3400 Et hernet Access Switch Software Configuratio n Guide 78-17058-01 Appendix C Unsupported C o mmands in Cisc o IOS Release 12.2 (2 5)EX VLAN VLAN Unsupporte d Global Con figuratio n Commands vlan internal alloca tion policy { ascending | descending } Unsupported Us er EXEC C ommands show running-conf ig vlan show vlan if index[...]

  • Page 844

    IN-1 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 INDEX A abbrev iati ng comm ands 2-3 ABRs 32-24 acces s-class comman d 28- 19 acces s control entries See ACEs access-de nie d res pons e, VM PS 11-23 access group s applyi ng IPv4 AC Ls to inte rface s 28-20 Layer 2 28-20 Layer 3 28-20 access lists See ACLs acces [...]

  • Page 845

    Index IN-2 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 ACLs ( continue d) logging m e ssages 28-8 MAC ex tended 28-26 matc hing 28-7, 28-20 monitori ng 28-39 named, IP v4 28-14 port 28-2 prece denc e of 28-2 QoS 30-10 resequenc ing entr ies 28-14 router 28-2 rout er ACLs and VLA N map conf igur ation guideline s [...]

  • Page 846

    Inde x IN-3 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 ARP config uring 32-8 defined 1-3, 5-28, 32-8 enca psul ation 32-9 static ca che conf igurat ion 32-8 table address resolution 5-28 managing 5-28 ASBRs 32-24 AS-path f ilters, BGP 32-49 assured for war ding, DSCP 30-8 asymmet rica l l inks, and IE EE 802 .1Q[...]

  • Page 847

    Index IN-4 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 BGP (conti nued) enab lin g 32-42 monitori ng 32-58 multipat h support 32-46 neighbors, typ es of 32-42 path selection 32-46 peers, co nfig uring 32-53 prefix filt e ring 32-50 resetting sessions 32-45 route da mpenin g 32-57 route ma ps 32-48 route re flect [...]

  • Page 848

    Inde x IN-5 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 CDP (conti nued) Layer 2 pro tocol tunneling 13-8 monitoring 22- 5 overvi ew 22-1 support fo r 1-3 transmission timer and holdtime, setting 22-2 update s 22-2 CEF defined 32-69 enab lin g 32-70 child policies, QoS 30-20 CIDR 32-54 Cisco C onfig urati on Engi[...]

  • Page 849

    Index IN-6 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 comm and m ode s 2-1 comm ands abbrev iating 2-3 no and defaul t 2-4 commands, set ting privile ge levels 7-8 community li st, BGP 32-52 comm unity port s 12-3 communi ty strings config uring 27-8 overvi ew 27-4 community VLANs 12-2, 12-3 compatibilit y, feat[...]

  • Page 850

    Inde x IN-7 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 config uring mar king in input policy map s 30-41 congest ion avoi dance, QoS 30-2, 30-24 congest ion manage ment, QoS 30-2, 30-18 connec tions, se cure rem ote 7-38 connec tiv ity probl ems 36-10, 36-13, 36-15 console p ort, conn ec ti ng t o 2-9 convent io[...]

  • Page 851

    Index IN-8 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 default conf igur ati on (con tin ued) SPAN 24-10 STP 14-11 system message logging 26-3 system name and prompt 5-15 TACACS+ 7-13 UDLD 23-4 VLAN, La yer 2 Ethe rnet in terfa ces 11-16 VLANs 11-7 VMPS 11-24 default gatew ay 3-10, 32-11 default net wor ks 32-72 [...]

  • Page 852

    Inde x IN-9 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 DHCP sno oping b indi ng da tab ase (cont inu ed) bindings 18-5 clearin g agent stat istics 18-12 config urati on guidelin es 18-8 config uring 18-12 default conf igur ati on 18-7 deleting binding f il e 18-12 bindings 18-12 databa se agen t 18-12 describe d[...]

  • Page 853

    Index IN- 10 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 dynami c addresse s See ad dresses dynamic ARP inspection ARP cache poison ing 19-1 ARP re quest s, de scri bed 19-1 ARP spoof ing att ack 19-1 clearin g log buffer 19-15 statistics 19-15 config urati on guidelin es 19-6 config uring ACLs for non- DHC P env[...]

  • Page 854

    Inde x IN- 11 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 enviro nment va riabl es, functi on of 3-16 equal-cost routin g 1-7, 32-70 error me ssages dur ing comm and entr y 2-4 EtherC hannel 802. 3ad , descri bed 31-6 automatic c reation of 31-4, 31-6 chan nel group s binding physi cal and logic al interfa ces 31[...]

  • Page 855

    Index IN- 12 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 F features, in compatible 21-11 FIB 32-69 fiber- optic, de tecting uni direc tional links 23-1 files copying B- 4 cras hinfo descript ion 36-22 displaying t he contents of 36-22 location 36-22 deleting B-5 displaying t he contents of B-7 tar crea ting B-6 d[...]

  • Page 856

    Inde x IN- 13 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 history chan ging t he b uff er si z e 2-5 describe d 2-4 disabling 2-5 recal ling co mman ds 2-5 history t able , leve l a nd numbe r of sy slog messag es 26-9 host ports config uring 12-12 kinds of 12-3 hosts, limit on dynami c ports 11-28 Hot Standb y R[...]

  • Page 857

    Index IN- 14 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 IGMP (c onti nued ) deleting cache entries 34-34 displaying gr oups 34-35 fast switching 34-30 flooded multic ast traffic contro llin g f lo oding ti me 20-11 disabli ng on an interf ace 20-12 global le ave 20-11 query solicitation 20-11 recove ring fr om f[...]

  • Page 858

    Inde x IN- 15 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 input polic y maps classifica tion criteria 30-4 config urati on guidelin es 30-35 config uring 30-35 displaying stat istics 30-55 interfac e number 9-7 range ma cros 9-10 interfac e comman d 9-7 interfac e config uration mode 2-2 interfac es config urati [...]

  • Page 859

    Index IN- 16 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 IP multica st routing (continued) Auto-RP adding to an existi ng sparse-m ode cloud 34-13 benefit s o f 34-12 clearin g the ca che 34-34 config urati on guidelin es 34-8 filtering incomin g RP announcement messages 34-15 overvi ew 34-4 preventi ng can dida [...]

  • Page 860

    Inde x IN- 17 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 IP routin g connect ing interfaces with 9-7 disabling 32-18 enab lin g 32-17 IP source gua rd and 802.1x 18-15 and DHCP sno oping 18-13 and Ethe rChan nels 18-15 and port se curit y 18-15 and pr ivate VLANs 18-15 and rou ted ports 18-15 and TC AM entries 1[...]

  • Page 861

    Index IN- 18 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 IP unicast rou ting (conti nued) rever se address resolutio n 32-7 routed po rt s 32-3 static routing 32-2 steps to config ure 32-3 subnet ma sk 32-5 subnet zero 32-6 supernet 32-6 UDP 32-14 with SVIs 32-3 See also BGP See also E IGRP See also OSPF See also[...]

  • Page 862

    Inde x IN- 19 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Layer 2 trac erou te and AR P 36-14 and CD P 36-14 broa dcas t tra ffic 36-13 describe d 36-13 IP addresse s and sub nets 36-14 MAC addresses and VLANs 36-14 multicas t traffic 36-14 mul tiple devi ces on a por t 36-14 unicast traf fic 36-13 usage gu ideli[...]

  • Page 863

    Index IN- 20 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 manage ment acce ss in-band CLI session 1-4 SNMP 1-4 out-of- band consol e port co nnectio n 1-4 manageme nt options CLI 2-1 CNS 4-1 overvi ew 1-3 markin g action with agg regate policer s 30-39 describe d 30-2, 30-12 match co mmand , QoS for cla ssi ficati[...]

  • Page 864

    Inde x IN- 21 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 monito ring ( cont inue d) traffic fl owi ng am ong sw itch es 25-1 traffic suppr es sion 21-17 tunneling 13-18 VLAN filters 28-40 maps 28-40 VLANs 11-14 VMPS 11-27 MQC process 30-3 steps to config ure 30-3 MSDP benefit s o f 35-3 clearin g MSDP connecti o[...]

  • Page 865

    Index IN- 22 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 MSTP, conf igurin g (continue d) root switch 15-14 seco ndary r oot switc h 15-16 switch p riority 15-19 CST defined 15-3 operati ons between re gions 15-3 default conf igur ati on 15-12 defau lt option al featur e configur ation 16-5 displaying sta tus 15-[...]

  • Page 866

    Inde x IN- 23 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 multi-VRF CE config urati on exam ple 32-64 config urati on guidelin es 32-61 config uring 32-61 default conf igur ati on 32-61 defined 1-14, 32-59 displaying 32-68 monitoring 32- 68 network c omponent s 32-61 packet -for warding pro cess 32-61 support fo [...]

  • Page 867

    Index IN- 24 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 NTP (continu ed) synchroniz ing devic es 5-6 time services 5-2 synchroniz ing 5-2 O Open Shortest Path First See OSPF optimizing syst em resour ces 6-1 options , manage ment 1-3 OSPF area pa rame ters, co nfigu ring 32-27 config uring 32-26 default conf igu[...]

  • Page 868

    Inde x IN- 25 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 perform an ce f eat ur es 1-2 per-V LAN spanni ng-tree plus See PVST+ PE to CE routin g, config uring 32-64 physica l p orts 9-2 PIM default conf igur ati on 34-7 dense m ode overvi ew 34-4 rendezvou s p oint ( RP), d escribe d 34-4 RPF lookups 34-6 displa[...]

  • Page 869

    Index IN- 26 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 port-based authenticatio n, configuring (conti nued) RADIUS server parame ters on the switch 8-12 switch-to-client fram e-retransmissio n number 8-15, 8-16 switch-to-client retransmission time 8-15 default conf igur ati on 8-9 describe d 8-1 device role s 8[...]

  • Page 870

    Inde x IN- 27 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 primar y VLAN s 12-2, 12-3 priority HSRP 33-6 priority co mmand 30-15 configurin g strict priority queuing 30-48 for QoS schedul ing 30-18 for s trict priori ty que uing 30-22 priority policin g, described 30-15 priority queu es config uring 30-48 describe[...]

  • Page 871

    Index IN- 28 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 Q QoS aggreg ate policer s 30-14 and MQC 30-1 basic mo del 30-2 CBWFQ 30-21 CBWFQ, con figuring 30-44 class-based shaping , described 30-19 classification ACL look up 30-10 bas ed on CoS va lue 30-7 bas ed on D SCP 30-8 base d on IP prec edence 30-8 based o[...]

  • Page 872

    Inde x IN- 29 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 QoS (conti nued) pack et cla ssific atio n 30-2 packet markin g 30-16 pack et polic ing 30-2 parent-c hild hi erarc hy 30-20 policers config uring 30-37, 30-40, 30-51 describe d 30-12 policing aggreg ate 30-14 describe d 30-2, 30-12 individu al 30-13 prior[...]

  • Page 873

    Index IN- 30 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 rapid PVST+ 802.1Q tru nking intero perability 14-10 describe d 14-9 instances supported 14-10 Rapid Span ning Tree Proto col See RSTP RARP 32-8 RCP config urati on files dow nloa ding B-16 overvi ew B-15 prep aring the server B-15 uploadin g B-17 image fi [...]

  • Page 874

    Inde x IN- 31 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 RIP advertisements 32- 18 authenti cation 32-21 config uring 32-19 default conf igur ati on 32-19 describe d 32-18 hop coun ts 32-18 split horizon 32-22 summary addr esses 32-22 support fo r 1-7 RMON default conf igur ati on 25-3 displaying sta tus 25-6 en[...]

  • Page 875

    Index IN- 32 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 RSTP active topolog y 15-6 BPDU format 15-9 processing 15-10 designat ed po rt, de fine d 15-6 designated swi tch, defi ned 15-6 interoper ability with 802.1D describe d 15-5 restar ting migr ation proc ess 15-22 topolo gy chan ges 15-10 overvi ew 15-6 port[...]

  • Page 876

    Inde x IN- 33 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 shape av erage co mmand, QoS 30-18, 30-20, 30-46 shaped roun d ro bin See SRR show access- lists hw-s ummar y comm and 28-21 show and mor e comm and outp ut, filte ring 2-8 show cdp t raffic comman d 22-5 show confi gurat ion comm and 9-19 show forw ard co[...]

  • Page 877

    Index IN- 34 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 snooping , I GMP 20-1 softw a re i m ag es location in flas h B-1 9 recove ry proc edures 36-2 sche duli ng r eload s 3-17 tar fi le for mat, de scr ibed B-19 See also down loadi ng and uplo ading source ad dresses, i n IPv4 ACLs 28-11 source- and-d est ina[...]

  • Page 878

    Inde x IN- 35 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 statistics IEEE 8 02. 1x 8-19 CDP 22-5 interfac e 9-23 IP multica st routing 34-34 OSPF 32-31 RMON group Et herne t 25-6 RMON group hist ory 25-5 SNMP input an d output 27-16 sticky l ear ning 21-9 storm contr ol config uring 21-3 describe d 21-1 disabling[...]

  • Page 879

    Index IN- 36 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 STP (continued) loop gu ar d describe d 16-4 enab lin g 16-9 modes sup port ed 14-9 multi cast addres ses, ef fec t of 14-8 option al featur es suppor ted 1-4 overvi ew 14-2 path costs 11-21, 11-22 Port Fast describe d 16-2 enab lin g 16-5 port prioritie s [...]

  • Page 880

    Inde x IN- 37 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 system clock See also NT P system message logging default conf igur ati on 26-3 defining err or messa ge se veri ty level s 26-8 disabling 26-3 displaying t he c on figur ation 26-12 enab lin g 26-4 facility keywo rds, described 26-11 level key word s, des[...]

  • Page 881

    Index IN- 38 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 templates, SDM 6-2 Terminal Access Contr oller Ac cess C ontrol Sy stem Plus See TACACS+ terminal lines, setting a password 7-6 TFTP config urati on files dow nloa ding B-10 prep aring the server B-10 uploadin g B-11 config uration fi les in base dire ctory[...]

  • Page 882

    Inde x IN- 39 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 trunks allowed-V LAN list 11-17 load sharing setting STP path costs 11-21 using STP port priori ties 11-20 nati ve VL AN fo r un tagge d tr affic 11-19 paralle l 11-21 tunneling defined 13-1 IEEE 8 02. 1Q 13-1 Layer 2 pro tocol 13-8 tunnel p or ts defined [...]

  • Page 883

    Index IN- 40 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 uploadin g ( cont inued) image fi les prep aring B-21, B-24, B-28 reasons for B- 19 using FTP B-27 using RC P B-31 using T FTP B-23 User D ata gram Pr otoc ol See UDP user EXE C mode 2-2 usern ame-base d authentic ation 7-7 user network i nterface See UNI V[...]

  • Page 884

    Inde x IN- 41 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01 VLANs (contin ued) modifyin g 11-9 multicas t 20-16 native, c on figur ing 11-19 normal-r ange 11-1, 11-3 number supp orted 1-5 parame ters 11-3 port m embe rship mode s 11-4 static-access ports 11-10 STP and 802.1Q trunks 14-10 supported 11-3 traff ic bet[...]

  • Page 885

    Index IN- 42 Cisco ME 3400 E thernet Access Switch Software Configurati on Guide 78-17058-01[...]