Cisco Systems WSC4500X16SFP manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Cisco Systems WSC4500X16SFP. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Cisco Systems WSC4500X16SFP ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Cisco Systems WSC4500X16SFP décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Cisco Systems WSC4500X16SFP devrait contenir:
- informations sur les caractéristiques techniques du dispositif Cisco Systems WSC4500X16SFP
- nom du fabricant et année de fabrication Cisco Systems WSC4500X16SFP
- instructions d'utilisation, de réglage et d’entretien de l'équipement Cisco Systems WSC4500X16SFP
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Cisco Systems WSC4500X16SFP ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Cisco Systems WSC4500X16SFP et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Cisco Systems en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Cisco Systems WSC4500X16SFP, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Cisco Systems WSC4500X16SFP, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Cisco Systems WSC4500X16SFP. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Corporate He adquarters Cisco System s, Inc . 170 West Ta sman Drive San Jos e, CA 95134 -1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 Catalyst 450 0 Series S witc h Cisco IOS S of twa re Conf iguration Guide R ele ase 1 2. 2(25 )SG Custome r Order Number : DOC-OL7659= Text Pa rt Num ber: OL -7659-03[...]

  • Page 2

    THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCT S IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUC[...]

  • Page 3

    iii Software Configuration Guide—Release 12.2(25)SG OL-7659-03 CONTENTS Preface xx iii Audienc e xxiii Organi zation xx iii Relat ed Do cume ntatio n xxv Conv enti ons xxvi Commands in Task Tab les xxvii Obtain ing Docu mentati on xxvi i Cisco. com xxv ii Produc t Documentat ion DVD xxvi i Orderi ng Documenta tion xxviii Document ation F eedback [...]

  • Page 4

    Cont ent s iv Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Layer 3 Soft ware Fea tures 1-5 CEF 1-6 HSRP 1-6 IP Ro uting Prot ocols 1-6 Multica st Serv ices 1-8 Policy- Based Rou ting 1-9 Unidir ecti onal L ink Rou ting 1-9 VRF- lite 1-9 Mana geme nt Fe atur es 1-9 Cisco Net work Ass istant an d Embedded Ci scoView 1-10 Dynamic H[...]

  • Page 5

    Content s v Software Configuration Guide—Release 12.2(25)SG OL-7659-03 CHAPTER 3 Configur ing the Switch for the Firs t Time 3-1 Defaul t Switch Conf igurat ion 3-1 Config urin g DHCP-Based Autoconfi gurati on 3-2 Underst anding DHCP -Base d Autoconf igurati on 3-2 DHCP Clie nt Reque st Proces s 3-3 Config urin g the DHCP Serve r 3-4 Config urin [...]

  • Page 6

    Cont ent s vi Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Deplo ying 10 -Gi gabit Et herne t and a Gi gabit Ethern et SFP Po rts 4-6 Config urin g Optional Interf ace Fea tures 4-7 Config urin g Ethernet Inte rface Spee d and Dupl ex Mode 4-7 Config urin g Jumbo Frame Sup port 4-10 Inter acting wi th the Baby Gi ants Feat ure 4[...]

  • Page 7

    Content s vii Software Configuration Guide—Release 12.2(25)SG OL-7659-03 CHAPTER 6 Configur ing Supervi sor Engine Redun dancy Using RPR and SSO 6-1 Underst anding Ci sco IOS NSF-Aware ness Suppo rt 6-2 Underst anding Sup ervi sor Engin e Redundanc y 6-3 Overvi ew 6-3 RPR Operat ion 6-4 SSO Oper atio n 6-4 Underst anding Sup erviso r Engin e Redu[...]

  • Page 8

    Cont ent s viii Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Network As sistant -Relate d Featu res and The ir Default s 9-4 Overvi ew of the CLI Co mmands 9-4 Insta lling N etwo rk As sistan t 9-5 Getti ng Sta rte d with Net work Assis tant 9-5 Launching the Ne twork As sistant 9-6 Connect ing Net work Assis tant to a Devi ce 9[...]

  • Page 9

    Content s ix Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Config urin g Ethernet Inte rfaces fo r Layer 2 Switchin g 11-5 Config urin g an Etherne t Inter face as a Layer 2 Trun k 11-6 Config urin g an Interf ace as a Laye r 2 Acces s Port 11-8 Cleari ng Laye r 2 Config uration 11-9 CHAPTER 12 Configur ing S martPort Macros 12-1 Und[...]

  • Page 10

    Cont ent s x Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 CHAPTER 14 Configur ing S TP Featur es 14-1 Overvi ew of Root Guar d 14-2 Enab ling R oot G uard 14-2 Overvi ew of Loop Guar d 14-3 Enab ling L oop G uard 14-4 Overvi ew of PortFa st 14-5 Enab ling P ortFast 14-6 Overvi ew of BPDU Guard 14-7 Enabli ng B PDU Guard 14-7 Ove[...]

  • Page 11

    Content s xi Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Underst andi ng Port-Ch annel In terface s 16-2 Underst anding How Et herCh annels Are Configur ed 16 -2 Underst anding Lo ad Bala ncing 16-5 EtherC hannel Configur ation Gui deline s and Restr iction s 16-5 Config urin g EtherCha nnel 16-6 Confi guri ng L ayer 3 Et herCh ann[...]

  • Page 12

    Cont ent s xii Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 CHAPTER 18 Configur ing 802 .1Q and Layer 2 Pr otocol Tunnel ing 18-1 Underst anding 80 2.1Q Tunnel ing 18-1 Config urin g 802.1Q Tun neli ng 18-4 802.1Q Tu nneling Configur atio n Guideline s 18-4 802.1Q Tunne ling a nd Othe r Featu res 18-5 Config urin g an 802.1Q Tu [...]

  • Page 13

    Content s xiii Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Logica l Layer 3 VLAN Inter faces 22-2 Phys ical Lay er 3 Inter faces 22-2 Config uratio n Guidel ines 22-3 Confi guri ng Lo gica l Laye r 3 V LAN I nter faces 22-3 Config urin g Physica l Layer 3 Interf aces 22-4 CHAPTER 23 Configur ing C isco Expr ess Forwar ding 23-1 Ove[...]

  • Page 14

    Cont ent s xiv Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Config urati on Exampl es 24-21 PIM Dense Mode Example 24-21 PIM S parse Mod e Exa mple 24 -21 BSR Confi guratio n Exampl e 24-2 1 CHAPTER 25 Configur ing P olicy-Bas ed Routin g 25-1 Overvi ew of Polic y-Based Rou ting 25-1 Underst anding PBR 25-2 Underst anding PBR F [...]

  • Page 15

    Content s xv Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Classi ficati on 27-6 Polici ng a nd Mar king 27-1 0 Mapping Ta bles 27-14 Queuein g and Sche duling 27-14 Packe t Modi ficatio n 27-16 Per Port Per VLAN QoS 27-16 QoS and Soft ware Proce ssed Pa ckets 27-16 Config urin g Auto-QoS 27-1 7 Generat ed Auto- QoS Confi guratio n 2[...]

  • Page 16

    Cont ent s xvi Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 CHAPTER 29 Understa nding and Con figuring 802.1X Port-B ased Authent ication 29- 1 Underst anding 80 2.1X Po rt-Base d Authenti cation 29-1 Device Ro les 29-2 802.1x and Networ k Access Cont rol 29-3 Authe ntica tion Initia tion and Mess age E xchan ge 29-3 Ports i n A[...]

  • Page 17

    Content s xvii Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Config urin g Port Secur ity on an I nterf ace 30-4 Config urin g Trunk Por t Securit y 30-7 Config urin g Port Secur ity Agin g 30-9 Displ aying Por t Secu rity S ettin gs 30-11 CHAPTER 31 Configur ing D HCP Snooping and IP Source Guar d 31-1 Overvi ew of DHCP Snoopi ng 31[...]

  • Page 18

    Cont ent s xviii Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Perfo rming Valid ation Chec ks 32-18 CHAPTER 33 Configur ing Network Secur ity with ACLs 33-1 Underst anding ACL s 33-1 ACL Overvi ew 33-2 Support ed F eatures That U se ACL s 33-2 Router ACLs 33-3 Port A CLs 33-4 VLAN Maps 33-5 Hardwa re and Soft ware ACL Suppo rt 3[...]

  • Page 19

    Content s xix Software Configuration Guide—Release 12.2(25)SG OL-7659-03 PVLAN Trun ks 34-2 PVLANs and VL AN ACL/QoS 34-2 How to Config ure PVL ANs 34-3 PVLAN Configu ration Guidel ines and Re strict ions 34-3 Config urin g a VLAN as a PVLAN 34-5 Asso ciat ing a Sec ondar y VLAN with a Prim ary VL AN 34-6 Config urin g a Layer 2 Int erface as a P[...]

  • Page 20

    Cont ent s xx Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Config urati on Scenar io 37-10 Verif ying a SPAN Conf igurat ion 37-10 CPU Port Sn iffing 37-10 Enca psulati on C onfigur atio n 37-12 Ingres s Packe ts 37-1 2 Access List Fi lterin g 37-13 ACL Confi gurati on Guideli nes 37-13 Config urin g Access Lis t Filte ring 37-1[...]

  • Page 21

    Content s xxi Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Sample Net Flow Enabl ing Schemes 38-14 Sample Net Flow Aggreg ation Con figurat ions 38-14 Sample Net Flow Minimum Pr efix Mask Ro uter-Ba sed Aggrega tion Sche mes 38-16 CHAPTER 39 Diagnost ics on the Catal yst 4500 Swit ch 17 Online Diagno stic s 17 Powe r-On- Self-T est [...]

  • Page 22

    Cont ent s xxii Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03[...]

  • Page 23

    xxiii Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Preface This pr eface d escribes w ho shoul d read this doc ument, how it is organize d, and its conv entions. The preface also tel ls you ho w to obtain Cisco d ocuments, as wel l as how to obtain te chnical a ssistanc e. Audience This guid e is for experien ced net work admin istr[...]

  • Page 24

    xxiv Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Preface Organizati on Chap te r 10 Understanding and Conf iguring VLANs, VTP , and VMPS Describe s ho w to configure VLA Ns, VTP , and VMPS. Chap te r 11 Configuri ng Layer 2 Ethe rnet Inte rfaces Describes how to configure interfaces to supp ort Layer 2 f eatures, includ ing VLA[...]

  • Page 25

    xxv Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Pre face Relat ed Docume ntation Related Documentation The fo llowing publ ications are available for the Cat alyst 45 00 series switche s: • Catalyst 4000 Series Switch Installation Guide • Catalyst 4500 Series Switch Installation Guide • Catalyst 4 500 Seri es Switch Module In[...]

  • Page 26

    xxvi Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Preface Conv ent ions – Securi ty Configuration Guide – Securi ty Command Refe r ence – Switching Servic es Configuration Guide – Switching Servi ces Comman d Refer ence – V oic e, V ide o, and F ax Applic ations Configuration Guide – V oic e, V i deo, and F ax App li[...]

  • Page 27

    xxvii Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Pre face Obtaining Documentat ion Cautions use the fol lo wing conv entions: Cautio n Mean s re a d e r b e c a re f u l . In this situation, you might do something that could resu lt in equipment dam age or loss of dat a. Commands in Task T ables Commands listed in task tables show[...]

  • Page 28

    xxvii i Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Preface Docum entation Fe edback Cisco Ma rketplace: http://www .cisco.com /go/marke tplace/ Ordering Docume ntation Beginning June 30 , 2005, register ed Cisco. com users may orde r Cisco docum entati on at the Produc t Documen tation S tore in the Cisco M arke tplace at this[...]

  • Page 29

    xxix Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Pre face Obtainin g Technica l Assistan ce http://www .cisco.com /go/psirt If you pref er to see advi sories an d notices as th ey are updated in re al time, you can acc ess a Produ ct Securit y Incide nt Resp onse T eam Really Simple Syndicat ion (PSI R T RSS) feed fro m this URL: h[...]

  • Page 30

    xxx Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Preface Obtain ing Technical Assista nce Cisco Tec hnical Support & Do cumentatio n Website The Ci sco T ech nical Support & Docum entat ion web site provi des on line doc ument s and tool s for troublesh ooting and resol ving te chnical issues with C isco produc ts and te[...]

  • Page 31

    xxxi Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Pre face Obtaining Additional Publications and Information Definitions of Servic e Re quest Severity T o ensure that all s ervice re quest s are repor ted in a stand ard for mat, Cisco has establish ed se ver ity def initio ns. Se verity 1 (S1)—Y our ne twork is “ down,” or th [...]

  • Page 32

    xxxii Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Preface Obtainin g Additi onal Publicat ions and Info rmation • Int ernet Pr otocol J ourn al is a quarterly jour nal publis hed by Cisco Systems for engin eering professiona ls inv olved in desi gning, developing , and o perating p ublic a nd priv ate i nternets a nd intranet[...]

  • Page 33

    C HAPTER 1-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 1 Product Overview This chapte r provides an o vervi ew of Catalyst 450 0 series switches and includes the follo wing major sections: • Layer 2 Softwa re Features , page 1-1 • Layer 3 Softwa re Features , page 1-5 • Managem ent Featur es, page 1-9 • Securi ty Featu re[...]

  • Page 34

    1-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Layer 2 Sof tware Featu res 802.1Q an d Layer 2 P rotocol Tu nneling 802.1 Q tunneli ng is a Q-in-Q techni que th at expands t he VLA N space by r etaggin g the ta gged pa ckets that enter the se rvice pro vider infrastru cture. 802.1Q tunnel ing allo ws se[...]

  • Page 35

    1-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 Product Overview Layer 2 Software Features MST all o ws you to build mu ltiple span ning trees ov er trun ks. Y ou can group an d associat e VLANs to spannin g tree inst ances. Each in stance ca n hav e a topo logy ind ependen t of othe r spanni ng tree i nstances. This ne w[...]

  • Page 36

    1-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Layer 2 Sof tware Featu res • Spanning tree B ackbone Fast—Backbon eFast redu ces th e time needed for the span ning tre e to conv erge after a topo logy change caused by an indirec t link failure. Ba ckboneFa st decreases spann ing-tre e con ver gence [...]

  • Page 37

    1-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 Product Overview Layer 3 Software Features VLANs A VLAN configures switche s and ro uters ac cording t o logic al, rath er tha n physical , topol ogies. Using VLANs, a netw ork admin istrator can co mbine any collecti on of LAN segm ents within an in ternetwo rk into an au t[...]

  • Page 38

    1-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Layer 3 Sof tware Featu res • Policy-Based Ro uting, p age 1-9 • Unidirect ional Link Routing, page 1-9 • VRF-lite, page 1-9 CEF Cisco Exp ress Forwarding (CEF) is an advanced Lay er 3 IP-sw itching t echnology . CEF o ptimizes networ k performance an[...]

  • Page 39

    1-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 Product Overview Layer 3 Software Features interface s and their metr ics is used in OSPF L SAs. As routers accumulate link-state informat ion, they use the shortest path first ( SPF) algorithm to cal cula te the shortest path to each node. Additional OSPF features incl ude [...]

  • Page 40

    1-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Layer 3 Sof tware Featu res EIGRP saves bandwidth by send ing routin g updates o nly when rout ing informa tion chan ges. Th e updates contain information only about the lin k that chang ed, not the entir e routing table. EIG RP also takes in to consider at[...]

  • Page 41

    1-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 Product Overview Managem ent Featu res • Protocol Independent Multicas t (PIM)—PIM is protoco l-independent because it can l ev erage whichever unicast ro uting prot ocol is used to popul ate the un icast rout ing table, including EIGRP , OSPF , BGP , or static route. PI[...]

  • Page 42

    1-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Managem ent Feat ures • NetFlow Statis tics, page 1-11 • Secure Shell, page 1-11 • Simple N etwork Man agement Protocol , page 1-11 • SP AN and RSP AN, page 1-11 Cisco Netw ork Assistan t and Embedd ed CiscoV iew W eb- based tool s to configure the[...]

  • Page 43

    1-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 Product Overview Managem ent Featu res NetFlow Statistics NetFlo w Statist ics is a global traf fi c monitoring feat ure that allo ws flo w-le vel monitoring of all IPv4-rout ed traffic throu gh the switch. B oth rou ted an d switche d IP f lows are support ed. For more inf[...]

  • Page 44

    1-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Secu rit y Fea tur es Remote SP AN (RSP AN) is an e x tension of SP AN, whe re source po rts and destinat ion ports a re distrib uted acr oss multiple switches, allo wing remote monitor ing of multi ple switches across the netwo rk. T he tra ff ic for ea c[...]

  • Page 45

    1-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 Product Overview Securi ty Featu res 802.1X Identity-Based Network Securi ty This sec urity feature consists of the follo wing: • 802.1X pr otocol— This feature provides a means for a host that is conne cted to a switch por t to be authenti cated before it is gi ven acc[...]

  • Page 46

    1-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Secu rit y Fea tur es For informat ion on flood bloc king, see Chap ter 35, “Po rt Unicast a nd Multicas t Flood Blocki ng.” IP Source Gua rd Similar to D HCP snooping, t his featur e is enable d on an untruste d 12 port that is co nfigured for DHCP sn[...]

  • Page 47

    1-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 Product Overview Securi ty Featu res Storm Control Broadca st suppress ion is used to prevent LANs from be ing disrupt ed by a broadcast storm on one or more sw itch po rts. A L AN broa dcast sto rm occurs when broadcast packets fl ood the L AN, crea ting excessive traffic [...]

  • Page 48

    1-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 P roduct Overview Secu rit y Fea tur es[...]

  • Page 49

    C HAPTER 2-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 2 Command-Line Interface s This chap ter de scribe s the CLIs you u se to conf igur e the Catalys t 4500 ser ies switch. This chapte r includes the follo wing major sections: • Accessing th e Switch CLI, pa ge 2-1 • Performi ng Comm and-L ine Proc essing, page 2-3 • Per[...]

  • Page 50

    2-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 2 Command-Line In terfaces Access ing the Switch CL I T o access the switch th rough the console interfa ce, perf orm this task : After a ccessing t he swit ch throug h the EIA/TIA- 232 int erface, y ou see this d isplay: Press Return for Console prompt Switch> enable P[...]

  • Page 51

    2-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 Com mand-Line In terfaces Perf orming Co mmand-L ine Pro cessing This example shows how to open a T e lnet session to the switch: unix_host% telnet Switch_1 Trying 172.20.52.40... Connected to 172.20.52.40. Escape character is '^]'. User Access Verification Passwor[...]

  • Page 52

    2-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 2 Command-Line In terfaces Unders tanding Cisco IOS Comman d Modes Understandin g Cisco IOS Command Modes Note For compl ete info rmation about Cisco IO S command mo des, re fer to the Cisc o I OS C onf ig ur atio n Fundame ntals Configuration Guide an d the Cisco IOS Co n[...]

  • Page 53

    2-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 Com mand-Line In terfaces Getting a List of Commands and Syntax The Cisco IOS command interpreter , called the EXEC, int erprets and runs the c ommands you enter . Y ou can abb reviate comm ands an d keywords by entering ju st enough cha racter s to make the c ommand u nique[...]

  • Page 54

    2-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 2 Command-Line In terfaces ROMMO M Command- Line Interface T o l ist keywords or argume nts, en ter a que stion ma rk in pla ce of a keyword or argument. Includ e a spac e before the qu estion m ark. T his for m of he lp is called c ommand syntax help, be cause it remind s[...]

  • Page 55

    C HAPTER 3-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 3 Configuring the Switch for the First Time This chap ter descr ibes ho w to initially con fig ure a Cata lyst 4500 se ries switch. The in formation presente d here supplem ents the admi nistration in formati on and procedur es in these publ ication s: • Cisco IO S Configur[...]

  • Page 56

    3-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Configur ing DHCP-Bas ed Autoconf iguration Configuring DHCP-Based Autoco nfiguration These sections describe how to configure D HCP-ba sed autoc onfiguration. • Understa nding DHCP- Based Autoconfigura tion, page 3-2 • DHCP Cl i[...]

  • Page 57

    3-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Configuring DHCP-Based Autoconfiguration server featur e on your switch for various lease optio ns associated wi th IP addresses. If you are using DHCP t o relay th e configuratio n file locatio n on the network, y ou might a lso n[...]

  • Page 58

    3-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Configur ing DHCP-Bas ed Autoconf iguration Configuring the DHCP Server A switch can act a s both th e DHCP clie nt and t he DHCP serv er . By def ault, t he Cisco IOS DHCP serv er and rela y agent features ar e enab led on your sw i[...]

  • Page 59

    3-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Configuring DHCP-Based Autoconfiguration filename (if any) an d the foll o wing files: ne twork-conf g, ciscone t.cfg, ho stname .conf g, or hostnam e .cfg , where hostname is the curr ent hostn ame of the switch and ro uter -confg[...]

  • Page 60

    3-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Configur ing DHCP-Bas ed Autoconf iguration Figur e 3-2 Rela y Device Use d in A utoconfigur ation Obtaining Config uration Files Depending on the a vailability of the IP addre ss and the co nf iguration f ilena me in the D HCP reser[...]

  • Page 61

    3-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Configuring DHCP-Based Autoconfiguration If the switch c annot read the network- confg , ciscon et.cf g, or t he hostna me file, it read s the router-con fg file. If the swit ch canno t read the rou ter-confg file, it rea ds the ci[...]

  • Page 62

    3-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Conf igu rin g th e Swi tch DNS Ser ver Conf iguration The DNS server maps the TFT P server nam e mar its u to IP address 10. 0.0.3. TFTP Serve r Conf iguration (on UNIX) The TF TP server base dire ctory is se t to /tftpse rver/work/[...]

  • Page 63

    3-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Config uring t he Swi tch Using Config uration Mod e to Configure Your Switch T o conf igure your s witc h from co nf igur ation mode, pe rfo rm this proced ure: Step 1 Connect a co nsole te rminal to the consol e inte rface o f yo[...]

  • Page 64

    3-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Conf igu rin g th e Swi tch hostname Switch <...output truncated...> ! line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi ! end Switch#[...]

  • Page 65

    3-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Config uring t he Swi tch <...output truncated...> ! line con 0 exec-timeout 0 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi ! end Switch[...]

  • Page 66

    3-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Conf igu rin g th e Swi tch T o configur e a static route, perform this task: This exampl e shows how t o use the ip r oute command to co nf igure a stati c rout e to a works tatio n at IP address 171 .10.5.10 on the switch with a s[...]

  • Page 67

    3-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Controlling Access to Privileged EXEC Commands ip default-gateway 172.20.52.35 ip classless ip route 171.20.5.3 255.255.255.255 Vlan1 no ip http server ! ! x25 host z ! line con 0 transport input none line vty 0 4 exec-timeout 0 0[...]

  • Page 68

    3-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Controllin g Access to Privileged EXEC Com mands Using the en able pass word and ena ble secret Co mmands T o provide an additio nal layer of security , partic ularly for passwords tha t cross the network or that are stored on a TF [...]

  • Page 69

    3-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Controlling Access to Privileged EXEC Commands For information on ho w to display the password or access le vel configu ration, see the “Displaying the Password, Access Level, and Pri vilege Level Confi gur ation” sect ion on [...]

  • Page 70

    3-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Controllin g Access to Privileged EXEC Com mands Encrypt ion oc curs when t he curr ent configur ation is written o r when a pa ssword is configur ed. Password encrypt ion is appl ied to all passwor ds, including authentic ation key[...]

  • Page 71

    3-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Controlling Access to Privileged EXEC Commands Changing the Default Pri vilege Level for Lines T o c hange the de fault privilege lev el for a given line or a gr oup of l ines, perfor m this task: For information on ho w to displa[...]

  • Page 72

    3-18 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Recoveri ng a Lost Enable Pas sword This e xample shows h ow to display th e priv ilege le vel config uration: Switch# show privilege Current privilege level is 15 Switch# Recovering a Lost E nable Pass word Note For mor e infor mat[...]

  • Page 73

    3-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Modif ying the S uperviso r Engin e Start up Configu rati on Understanding the ROM Monitor The ROM monitor (ROMMON) is inv oked at switc h bootup, reset, or when a fatal exception oc curs. The switch enters R OMMON mode if the swi[...]

  • Page 74

    3-20 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Modifyin g the Supervis or Engine Startu p Configuration Modifying the Boot Field and Using the boot Command The co nfiguration registe r boot field determi nes whethe r the switch lo ads an operati ng system image and, if so, where[...]

  • Page 75

    3-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Modif ying the S uperviso r Engin e Start up Configu rati on When the boot field is set to eithe r 00 or 01 (0-0 -0-0 or 0-0- 0-1), the syst em ignore s any boot instructi ons in the system conf iguration file and the follo wing o[...]

  • Page 76

    3-22 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Modifyin g the Supervis or Engine Startu p Configuration Step 2 Ente r th e confi gure termin al comm and at the EX EC mode prompt (#) , as follows: Switch# configure terminal Enter configuration commands, one per line. End with CNT[...]

  • Page 77

    3-23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Modif ying the S uperviso r Engin e Start up Configu rati on cisco Catalyst 4000 (MPC8240) processor (revision 3) with 262144K bytes of memory. Processor board ID Ask SN 12345 Last reset from Reload Bridging software. 49 FastEther[...]

  • Page 78

    3-24 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Modifyin g the Supervis or Engine Startu p Configuration Configuring Flash Memory T o c onfigure y our switch to boo t from Flash m emory , perform the f ollowing pro cedure. (Refer t o the appropri ate hardwa re installati on and m[...]

  • Page 79

    3-25 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Sw itch for the First T ime Resetting a Switch to Factory Default Settings Resetting a Switch to Fa ctory Default Settings Manufactu ring and repa ir centers ca n use the erase /all non-default command t o do the following : • Clear the non-v olatile confi[...]

  • Page 80

    3-26 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 Configuring the Switch for the First Time Resett ing a Switch to Fact ory Defau lt Settin gs[...]

  • Page 81

    C HAPTER 4-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 4 Configuring Interfaces This chapter describes ho w to conf igure interf aces for the Ca talyst 4 500 series switches. It also pro vides guideli nes, pr ocedure s, and configura tion examples . This chapte r includes the foll owing major sections: • Overview of Interface C[...]

  • Page 82

    4-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Using the interface Command • Slot numb er—The slot in which t he interfa ce modu le is i nstalled. Sl ots are numbered starti ng with 1, from to p to bo ttom. • Interfa ce numbe r — The inte rface num ber on th e module . The int erface numb e[...]

  • Page 83

    4-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Using the interface Command Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40[...]

  • Page 84

    4-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Configur ing a Range of Interf aces Step 5 Foll ow ea ch interface c ommand with t he inte rface conf iguratio n command s your par ticular interfa ce require s. The commands you enter defi ne the protoco ls and applicat ions that will run on the inter[...]

  • Page 85

    4-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Definin g and Using Interfa ce-Ra nge Macros This e xample sho ws how to reenable all Fast Et hernet interfa ces 5/1 to 5/5: Switch(config)# interface range fastethernet 5/1 - 5 Switch(config-if-range)# no shutdown Switch(config-if-range)# *Oct 6 08:2[...]

  • Page 86

    4-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Deployin g 10-Gigabi t Ethernet and a Gigabit Ethernet SFP Port s T o d efine an interface- range macro, perfor m this t ask: This exampl e shows ho w to define an interfac e-rang e macro name d enet_ list to select Fast E thernet interfaces 5/1 thro u[...]

  • Page 87

    4-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Configuring Optional Interface Features When deployi ng a Catalyst 451 0R chassis, one of three configurati ons is supported : • Enab le the dual 10 -Gigabit Et hernet ports (X2 op tics) only . • Enable the four Gi gabit Ethernet ports (SFP optics[...]

  • Page 88

    4-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Configur ing Optiona l Interface F eatures Y ou can c onfigure the interfa ce spee d and du plex mode pa ramete rs to auto and allow the Catalyst 4500 series swi tch to negotiate the interface speed and dup lex mode betwee n interface s. If you decide [...]

  • Page 89

    4-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Configuring Optional Interface Features T o turn of f the port speed autone gotiation for Gigabit Ethernet in terface 1 /1, perform this task: T o restore autone gotiation, en ter the no speed nonegotiate com mand i n the i nterf ace co nfi guratio n [...]

  • Page 90

    4-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Configur ing Optiona l Interface F eatures Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:54, output never, output hang never Last clearing of "show interface" counters never Input queue: 50/2000/0/0 (size/max/dro[...]

  • Page 91

    4-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Configuring Optional Interface Features Each of the l ast three modul es has two non-blocking ports that ca n support jumb o frames. Other ports a re over-subscribed ports a nd cann ot suppo rt jumbo frame s. Understanding Jumbo Frame S upport These [...]

  • Page 92

    4-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Configur ing Optiona l Interface F eatures Layer 3 and Lay er 2 Ether Chann els W it h Release Cis co IOS Rele ase 12.2 (25)EW and lat er rele ases, you can conf igure a ll the inter face s in an Ethe rChannel provided that they ha ve the same M TU. C[...]

  • Page 93

    4-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Understanding Online Insertion and Removal This exampl e shows ho w to verify the configurat ion: switch# show interface gigabitethernet 1/2 GigabitEthernet1/2 is administratively down, line protocol is down Hardware is C6k 1000Mb 802.3, address is 0[...]

  • Page 94

    4-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Monito ring and Maint aining the In terface Monitorin g Interface an d Controller Status The Cisc o IOS software fo r the Cata lyst 4500 seri es switc h contains commands that you ca n enter at the EXEC prompt to display information about the inter fa[...]

  • Page 95

    4-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Monitoring and Maintaining the Interface Shutting Down and Rest arting an Interface Y o u can disab le an inte rface, whi ch disables all functio ns on the specified in terface and marks the interfac e as una vailable on all monitori ng command displ[...]

  • Page 96

    4-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Monito ring and Maint aining the In terface • logging event link-status use-g lobal - This is the default link stat us logging event configuration on the inte rface; i ts configuratio n should follow the swi tch glob al link status l ogging event se[...]

  • Page 97

    4-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfa ces Monitoring and Maintaining the Interface Result The fol lowing example disp lays a su mmary of the opera ting stat es for th e interfa ce loggi ng ev ent und er different comb ination s of global and interfac e logging sett ings: global setting inter[...]

  • Page 98

    4-18 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 4 Configuring Interfaces Monito ring and Maint aining the In terface 3d00h: %DTP-5-TRUNKPORTON: Port Gi1/4 has become dot1q trunk 3d00h: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/4, changed state to up[...]

  • Page 99

    C HAPTER 5-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 5 Checking Port Statu s and Connectivity This c hapter d escribes how to c heck swi tch port status an d conne ctivity on the Catalyst 45 00 seri es switch. This chapte r includes the foll owing major sections: • Checking Module Sta tus, page 5-1 • Checking In terfaces St[...]

  • Page 100

    5-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 5 C hecking Port Sta tus and Connectivity Checking Interface s Statu s This e xample sho ws how to check m odule status for all mo dules on your switch: Switch# show module all Mod Ports Card Type Model Serial No. ----+-----+--------------------------------------+---------[...]

  • Page 101

    5-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 5 Check ing Port Status and Connectivit y Displaying MAC Ad dresses Displaying MAC Addresses In additi on to displayi ng the MA C address ra nge for a modu le using the show module com mand, y ou can display the MA C address table information of a specif ic MA C address or a s[...]

  • Page 102

    5-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 5 C hecking Port Sta tus and Connectivity Checking Cable Status Usi ng TDR Overview W ith TD R, you c an check the sta tus of copper cables o n the 48-port 10/100/1 000 BASE-T modul es for the Catalyst 4500 se ries switch (WS-X454 8-GB-RJ45, W S-X4548-G B-RJ45V , WS-X4524-[...]

  • Page 103

    5-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 5 Check ing Port Status and Connectivit y Using Tel net Guidelines The fol lo wing guidelin es apply t o the use of TDR: • If you conn ect a po rt undergoi ng a TDR test t o an Auto-M DIX en abled port , the TD R result mi ght be in valid. On certain linecar ds such as WS-X4[...]

  • Page 104

    5-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 5 C hecking Port Sta tus and Connectivity Changing the L ogout T imer Changing the Logo ut Timer The logout t imer aut omatic ally di sconnec ts a u ser from the sw itch w hen th e user is idle for lon ger th an the specif ied time . T o set the logout timer , perform this[...]

  • Page 105

    5-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 5 Check ing Port Status and Connectivit y Using Ping This e xample s ho ws ho w to disc onnect an acti ve co nsole p ort sessio n and an acti ve T elnet session: Switch> disconnect console Console session disconnected. Console> (enable) disconnect tim-nt.bigcorp.com Teln[...]

  • Page 106

    5-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 5 C hecking Port Sta tus and Connectivity Using I P Trac eroute This exampl e shows ho w to ping a remo te host from nor mal executiv e mode: Switch# ping labsparc labsparc is alive Switch> ping 72.16.10.3 12.16.10.3 is alive Switch# This e xample s how s ho w to ente r[...]

  • Page 107

    5-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 5 Check ing Port Status and Connectivit y Using Layer 2 Tr aceroute Running IP Tracerou te T o trace the path that pack ets tak e through the network, perform this ta sk in EXEC or p ri vileged EXEC mode: This example shows use the tr ace comm and to display the rout e a pac k[...]

  • Page 108

    5-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 5 C hecking Port Sta tus and Connectivity Using La yer 2 Tra cerout e Note For more information ab out enabli ng CDP , see Chapter 19, “U nderstandin g and Con figuring CDP .” • All switc hes in the phys ical pa th must have IP conne ctivity . W hen a sw itch is rea[...]

  • Page 109

    5-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 5 Check ing Port Status and Connectivit y Configuring ICMP These example s show how to use t he trac eroute mac a nd tracer oute mac ip commands t o display the physical pa th a packet takes t hrough the net work to reach its destinati on: Switch# traceroute mac 0000.0201.060[...]

  • Page 110

    5-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 5 C hecking Port Sta tus and Connectivity Conf igu rin g IC MP T o e nable t he gene ration o f ICMP Protocol U nreac hable a nd Host U nreacha ble m essages, e nter the follo wing command in interface conf iguration mode: T o limit the rate that Internet Control Message [...]

  • Page 111

    5-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 5 Check ing Port Status and Connectivit y Configuring ICMP Enabling IC MP Mask R eply M essages Occasi onall y , netw ork de vi ces mus t kn o w the subn et ma sk for a pa rtic ular subnet w ork in the internetw ork. T o obta in this info rmation, de vices can send I CMP Mask[...]

  • Page 112

    5-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 5 C hecking Port Sta tus and Connectivity Conf igu rin g IC MP[...]

  • Page 113

    C HAPTER 6-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 6 Configuring Supervisor E ngine Red undancy Using RPR and S SO Catalyst 4500 serie s switc hes allow a r edundant supervis or engine to take ov er i f the active supervisor engine fails. In s oftware , supervi sor engi ne redund ancy is enabled by ru nning t he redu ndant su[...]

  • Page 114

    6-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Unders tanding Cisco IOS NSF -Awareness Support Understandin g Cisco IOS NSF-Awareness Supp ort Cisco IO S Nonstop Forwardi ng (NSF) ha s two primary compone nts: NSF-capabi lity—NSF work s with SSO to minimi[...]

  • Page 115

    6-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 6 Conf iguring Supervisor Engi ne Redundanc y Using RPR and SSO Underst anding S uperviso r Engine R edundancy Ta b l e 6 - 1 lists the s uperv isor engi nes and Ca talyst 4500 ser ies switc hes that s upport N SF-awareness: In Release 12.2 (20)EW A, NSF-awareness is supported[...]

  • Page 116

    6-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Unders tanding Superv isor Engine Red undancy When po wer is fir st applied to a switch, the supervisor en gine that boots fir st becomes the acti v e supervis or engine and r emains act i ve until a switchover[...]

  • Page 117

    6-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 6 Conf iguring Supervisor Engi ne Redundanc y Using RPR and SSO Underst anding S uperviso r Engine R edundancy Because the re dundant supervis or eng ine rec ognize s the ha rdware li nk statu s of every link, ports that were acti v e before the switcho ver will remain acti v [...]

  • Page 118

    6-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Unders tanding Superv isor Engine Red undancy Sy nchronizat ion SSO is compat ible with th e following list of fea tures. Howev er , the protoc ol database for these feat ures is not synchroni zed betwe en the [...]

  • Page 119

    6-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 6 Conf iguring Supervisor Engi ne Redundanc y Using RPR and SSO Supervi sor Engi ne Redun dancy Gui delines a nd Restri ctions SSO Supervis or Engine C onfiguration Sy nchroniza tion When a redund ant super visor eng ine runs in SSO mode , the following events trigger sync hro[...]

  • Page 120

    6-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Configur ing Superviso r Engine Redu ndancy • Startin g with Cisco I OS Releas e 12.2, i f an unsupport ed cond ition is detec ted (s uch as when th e active supervisor engine is running Release 12.2 (20)EW a[...]

  • Page 121

    6-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 6 Conf iguring Supervisor Engi ne Redundanc y Using RPR and SSO Confi guring S uperviso r Engin e Redunda ncy This e xample shows h ow to configur e the system for SSO and display the redundanc y faci lity inform ation: Switch> enable Switch# configure terminal Enter config[...]

  • Page 122

    6-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Configur ing Superviso r Engine Redu ndancy Redundancy Mode (Operational) = Stateful Switchover Redundancy Mode (Configured) = Stateful Switchover Split Mode = Disabled Manual Swact = Enabled Communications = [...]

  • Page 123

    6-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 6 Conf iguring Supervisor Engi ne Redundanc y Using RPR and SSO Performing a Manual Switchover Note Con f igura tion chan ges made to the redundan t supervis or engine throu gh SNMP are not synchroniz ed to the redunda nt superv isor engine . For informat ion on how to handle[...]

  • Page 124

    6-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Performin g a Software Up grade T o p erform a manu al sw itchover , perfor m this task o n the active supervisor engine : Be aware of t hese usa ge gu idel ines: • T o fo rce a switc hover , the redunda nt [...]

  • Page 125

    6-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 6 Conf iguring Supervisor Engi ne Redundanc y Using RPR and SSO Performing a Software Upgrade To perform a software u pgrade, pe rfo r m th i s ta sk : Comm and Purp ose Step 1 Switch# copy source_device : source_filename slot0: target_filename Or: Switch# copy source_device [...]

  • Page 126

    6-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Manipul ating Bo otflash on t he Redundant Supervisor Eng ine This exam ple shows how to per form a software upgrade: Switch# config terminal Switch(config)# config-register 0x2 Switch(config)# boot system fla[...]

  • Page 127

    6-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 6 Conf iguring Supervisor Engi ne Redundanc y Using RPR and SSO Manipulating Bootflash on the Redundant Supervisor Engine Switch# format slaveslot0: target_filename or: Switch# format slavebootflash: target_filename F ormats the slot0: device on the redund ant supe rvisor e n[...]

  • Page 128

    6-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 6 Conf iguring Superv isor En gine Re dundancy Usi ng RPR and SSO Manipul ating Bo otflash on t he Redundant Supervisor Eng ine[...]

  • Page 129

    C HAPTER 7-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 7 Enviro nmental Mon itoring and Po wer Management Note Before reading this chapter , read the "Prepa ring for Installat ion” section of the Catalyst 4500 Series Installation Guide . It is i mportant to ensur e that your installation site has enoug h po wer and cooli n[...]

  • Page 130

    7-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Unders tanding En vironment al Monitori ng Using CLI Co mmands to Mo nitor your Enviro nment Use the show en vironmen t CLI co mmand to mon itor the system . This section gi v es a bas ic o v ervie w of the command and [...]

  • Page 131

    7-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement Power Management This se ction de scribes the power ma nageme nt feat ure in t he Ca talyst 450 0 serie s switc hes and the Catalyst 40 06 switch, a nd it inc ludes the follo wing major sectio ns: • Power Ma[...]

  • Page 132

    7-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement These po wer supplies are inc ompatible with Cata lyst 4500 serie s switches. Since Po wer ove r Ethe rnet (PoE) i s not su pported on the Catal yst 4948 switch , only a limit ed wattage is ne eded. (F[...]

  • Page 133

    7-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement – 1400 W DC Servi ce Provider —Uses up to thre e lines (12.5 A, 15 A, 15 A) of DC in put and deliv ers v aryin g amoun ts of sy stem power ra nging f rom 400 W to 1 400 W de pendin g on th e line s po were[...]

  • Page 134

    7-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement Note On the Catalyst 45 10R switch, the 10 00 W A C pow er suppl y is not enough to support redund ant mode fo r all possible configuratio ns. It i s able t o support redun dant mode for l imited conf [...]

  • Page 135

    7-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement If you atte mpt to inse rt additio nal module s into your switch an d exceed the power supply , the switch immed iately places th e newly inserte d module into re set mode , and t he switch display s these err[...]

  • Page 136

    7-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement M MAC addresses Hw Fw Sw Status --+--------------------------------+---+------------+----------------+--------- 1 005c.9d1a.f9d0 to 005c.9d1a.f9df 0.5 12.1(11br)EW 12.1(20020313:00 Ok 2 0010.7bab.9920 [...]

  • Page 137

    7-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement The fol lowing example shows how to display t he curre nt power redun dancy mode. T he power supplies needed b y system: 1 indicates that the switch is in redundant mode. Switch# show power supplies Power supp[...]

  • Page 138

    7-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement The fol lowing example shows how to display t he curre nt power redun dancy mode. T he power supplie s needed b y system: 2 indicates that the switch is in combined mode. Switch# show power supplies P[...]

  • Page 139

    7-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement Watts Used of System Power (12V) Mod Model currently out of reset in reset ---- ----------------- --------- ------------ -------- 1 WS-X4013+TS 180 180 180 2 WS-X4506-GB-T 60 60 20 3 WS-X4424-GB-RJ45 90 90 50[...]

  • Page 140

    7-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement Available Power for Cat alyst 4500 Series Switches Power Suppli es Ta b l e 7 - 3 lists the po wer a va ilable for use in the var ious Catalyst 4500 series switches po wer supplies. When your switch i[...]

  • Page 141

    7-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement Ke ep in mind the follo wing guidelines when using a 1400 W DC po wer supply with your Catalyst 4500 series switch: • The 140 0 W DC po wer supp ly works with a variety of DC so urces. Th e DC input ca n v [...]

  • Page 142

    7-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement Special Considerations for the 1400 W DC SP Tri ple Input Power Supply Unlike th e 1400 W DC p o wer supply , the 1400 W DC SP power supply has sub-modules (multiple inputs) that can be powered on or [...]

  • Page 143

    7-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement Power Summary Maximum (in Watts) Used Available ---------------------- ---- --------- System Power (12V) 140 1360 Inline Power (-50V) 0 1850 Backplane Power (3.3V) 0 40 ---------------------- ---- --------- T[...]

  • Page 144

    7-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement Power Managemen t for the Catalyst 4006 Switch The power manageme nt feat ure fo r the Catalyst 4006 swi tch is designe d to sup port an optimiz ed Catalyst 400 6 chassis with a li mited module config[...]

  • Page 145

    7-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement T o c hoose a 1+1 re dundancy con figuration, you must chang e the sys tem c onfiguration from the default 2+1 re dundancy m ode to 1 +1 red undancy mo de by us ing the power supplies r equir ed 1 comman d. T[...]

  • Page 146

    7-18 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement The following configu ration r equire s mor e power than a sin gle 400 W power sup ply ca n provide: • WS-X4014 supervis or engin e—110 W • T wo WS-X 4148-RJ modu les in slots 2 and 3—65 W ea [...]

  • Page 147

    7-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 7 Environmenta l Monitoring and Power Ma nagement Power Ma nagement The fo llo wing example shows ho w to display th e current power status of system comp onents and the power redunda ncy mode. The Power supplies needed by system: 1 indicat es t hat the s witch is in 1+1 redu[...]

  • Page 148

    7-20 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 7 Envir onmental Mo nito ring an d Power Mana gement Power Man agement This exam ple shows how to power d o wn mod ule 6: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# no hw-module module 6 power Switch(config)# e[...]

  • Page 149

    C HAPTER 8-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 8 Configuring Power over Ethernet Note Before reading this chap ter , r ead "Prepar ing for I nstallation” sec tion of the Catalyst 4500 Series Installation Guide . It is i mportant to ensur e that your installation site has enoug h po wer and cooli ng to accommodat e [...]

  • Page 150

    8-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Configur ing Powe r over Et hernet Power Ma nagemen t Modes If your switc h has a module capa ble of providing PoE to end stations, you can set eac h interface on the module to automatic ally detect and ap ply PoE if the end station requires po wer . The Catalyst 4500 series[...]

  • Page 151

    8-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Conf iguring Power over Ethernet If you set a no n-PoE-cap able interf ace to automatical ly detect and ap ply po wer , an error me ssage indicates that the conf iguratio n is not valid. The follo wing example sho ws ho w to set the Fast Ethern et interfa ce 4/1 to auto mati[...]

  • Page 152

    8-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Configur ing Powe r over Et hernet Note Whe n manuall y configurin g the consum ption for powered devices , you need to accou nt for the power loss over the cable betw een the switc h and the powered device. T o change the po wer consumptio n for the entire switch, perform t[...]

  • Page 153

    8-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Conf iguring Power over Ethernet This e xample sho ws ho w to set the PoE con sumption to 5000 milli watts for F ast Ethernet inte rface 4/ 1 regardless w hat is mandat ed by the 802.3a f class of the discovered device, o r by any CDP p acket received fro m the powered devic[...]

  • Page 154

    8-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Configur ing Powe r over Et hernet When you use PoE modules wi th type 1/2 shiel ded twisted pair (STP) cab le configurations ( 90 and 125 meters), the m odules p erform th e same as with Category 5 c able for the I EEE 802 .3af stan dard at 10 and 100 Mbp s. The fol lo wing[...]

  • Page 155

    8-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Conf iguring Power over Ethernet This example sho ws how to display the operat ional status for a ll interfaces on modul e 3. Switch# show power inline module 3 Available:677(w) Used:117(w) Remaining:560(w) Interface Admin Oper Power(Watts) Device Class From PS To Device ---[...]

  • Page 156

    8-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Configur ing Powe r over Et hernet The 802 .3af-c ompliant PoE mo dules ca n consume up t o 20 W of PoE to power FPGAs and oth er hardw are componen ts on the m odule. Be su re to ad d at lea st 20 W t o your PoE requiremen ts for eac h 802.3a f-compli ant Po E modu le to en[...]

  • Page 157

    8-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Conf iguring Power over Ethernet Switch# show power detail Power Fan Inline Supply Model No Type Status Sensor Status ------ ---------------- --------- ----------- ------- ------- PS1 PWR-C45-1300ACV AC 1300W good good good PS2 none -- -- -- -- Power supplies needed by syste[...]

  • Page 158

    8-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Configur ing Powe r over Et hernet Switch# show power inline g1/1 Module 1 Inline Power Supply: Available:158(w) Used:128(w) Remaining:30(w) Interface Admin Oper Power(Watts) Device Class From PS To Device --------- ------ ---------- ---------- ---------- ------------------[...]

  • Page 159

    8-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Conf iguring Power over Ethernet Gi2/3 auto on 11.5 10.2 CNU Platform n/a Gi2/4 auto on 11.5 10.2 CNU Platform n/a Gi2/5 auto off 0.0 0.0 n/a n/a Gi2/6 auto off 0.0 0.0 n/a n/a Gi2/7 auto off 0.0 0.0 n/a n/a Gi2/8 auto off 0.0 0.0 n/a n/a Gi2/9 auto on 11.5 10.2 CNU Platfor[...]

  • Page 160

    8-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-02 Chapter 8 Configur ing Powe r over Et hernet[...]

  • Page 161

    C HAPTER 9-1 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 9 Configuring Switche s with Web-Based Tools This chapte r descr ibes ho w to inst all Netw ork Assi stant on the works tation an d conf igure th e Catalyst 4500 (or 4900) series switch to comm unicate wit h Network Assistant . (Heret ofore, the term Catalyst 4500 series swi[...]

  • Page 162

    9-2 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant • Installi ng Network Assistant, page 9-5 • Getting Star ted with Ne twork Assistant, pag e 9-5 • Launch ing the Networ k Assistant, page 9-6 • Connecting Network A ssistan[...]

  • Page 163

    9-3 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant PWR-C45-1 400A C PWR-C45-2 800A C PWR-C45-4 200A C Supervisors WS-X401 3+ WS-X 4013+TS WS-X 4013+10GE WS-X 4515 WS-X 4516 WS-X 4516-10G E WS-X 4948 WS-X 4948-10G E Modules WS-X412 4-[...]

  • Page 164

    9-4 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant Network Ass istant-Related Features an d Their De faults Ta b l e 2 lists th e Netwo rk Assistant-related con figurat ion parameters on a Catalyst 4500 series switch. Overvi ew of [...]

  • Page 165

    9-5 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant Installing Netw ork Assistant T o install Netw ork Assistant on your w orkstation, f ollo w these st eps: Step 1 Go to th is W eb address: http: //www .cisco.com/go /NetworkA ssistan[...]

  • Page 166

    9-6 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant If you plan t o use c lusteri ng, ente r the cluste r run global c onfigurati on comm and on each device and enter the ip address inter face conf iguration command on the cluster c[...]

  • Page 167

    9-7 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant In disc onnect m ode, N etwork A ssistant i s not c onnected to any d e vice , and it canno t manage a standa lone device or the com mand device o f a cluster . Its me nu bar a nd to[...]

  • Page 168

    9-8 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant Note For informati on on ho w to use Networ k Assistant, refer to Gettin g Started with Cisco Network Assistant , av ailable at the URL: http://www .cisco.com/uni vercd/cc/t d/doc/[...]

  • Page 169

    9-9 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant • Cisco Di scovery Protocol (CDP) version 2 is enable d (the de fault) - if you want the device to be autodisc overed. • It ha s HTTP (or HT TPS) enabled . Note A cluster membe r[...]

  • Page 170

    9-10 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant Note Y ou can co nnect to a cl uster only via an IP addre ss. When you sel ect a name it is always for the community . Hostnam es Y o u do not need to assig n a hostname to a star[...]

  • Page 171

    9-11 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant b. In the Communities win dow , select the name of the community to which you would lik e to add a device, and click Modif y . c. T o add a single device manual ly , en ter the IP a[...]

  • Page 172

    9-12 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant Note If a de vice has mo re than one in terfa ce with an IP addr ess and sub net mask, you see more tha n one interf ace listed when you click in the cell. Y ou can choose a diffe[...]

  • Page 173

    9-13 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant Clustering Overvi ew A switc h cluster is a set of up to 16 conne cted, cluster -capable Ca talyst switch es that are mana ged as a single en tity . The switches in t he clust er us[...]

  • Page 174

    9-14 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant Y ou can conf igure th e Ca talys t 45 00 se ries switc h t o supp ort a n ap propr iate numb er of VTY l ine s with the li ne vty configurat ion com mand. For exam ple, the line [...]

  • Page 175

    9-15 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant Note CISC O-CLUSTER_M IB is not supported. Configuring Ne twork Assist ant in Community or Cluster Mode This section pro vides a detai led expl anation of the CLI use d to conf igur[...]

  • Page 176

    9-16 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant This exam ple shows how to con figure Network A ssistant on a net worked switch in com munity m ode: Switch# configure terminal Switch(config)# vtp domain cnadoc Changing VTP doma[...]

  • Page 177

    9-17 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant vtp mode transparent ! ! ! ! ! power redundancy-mode redundant no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending[...]

  • Page 178

    9-18 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant ! ! ! line con 0 password cna login stopbits 1 line vty 0 4 password cna login line vty 5 15 password cna login ! ! end Switch# Configuring Network Assistant in a Netwo rked Switc[...]

  • Page 179

    9-19 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Config uring an d Using the Netw ork Assistant This e xampl e shows how to configure Network Assista nt on a networked switch in clust er mode: Switch# configure terminal Switch(config)# vtp domain cnadoc Switch(config)# cluster[...]

  • Page 180

    9-20 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing and Us ing the Netw ork Assist ant enable password cna ! no aaa new-model ip subnet-zero ! vtp domain cnadoc vtp mode transparent cluster run cluster enable cnadoccluster 0 ! ! ! ! ! power redundancy-mode redundant[...]

  • Page 181

    9-21 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Configur ing Emb edded Cisc oView Su pport interface Vlan1 no ip address ! interface Vlan2 ip address 123.123.123.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 123.123.123.2 ip http server no ip http secure-server ! ! ! line con 0 [...]

  • Page 182

    9-22 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing Embedde d CiscoView Sup port Note Th e default pass word for accessing the switch web pa ge is the enab le-level password of the switch. The fo llowing example shows how to instal l and c onfigure Embe dded Ci scoV[...]

  • Page 183

    9-23 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Configur ing Emb edded Cisc oView Su pport Delete bootflash:cv/Cat4000IOS-4.0.sgz? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_ace.html? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_error.html? [confirm]y Delete bootflash:cv/[...]

  • Page 184

    9-24 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing Embedde d CiscoView Sup port 5 -rw- 9630880 Feb 27 2003 01:25:16 +00:00 kurt70.devtest-enh 6 -rw- 1173 Mar 19 2003 05:50:26 +00:00 post-2003.03.19.05.50.07-passed.txt 7 -rw- 10511956 Mar 26 2003 04:24:12 +00:00 kur[...]

  • Page 185

    9-25 Software Configuration Guide—Release 12.2(25)EWA OL-7659-03 Chapter 9 Conf iguring Switch es with Web-B ased Tools Configur ing Emb edded Cisc oView Su pport The fo llo wing example shows ho w to displa y the Embedde d CiscoV ie w file and version infor mation: Switch# show ciscoview package File source: CVFILE SIZE(in bytes) ---------------[...]

  • Page 186

    9-26 Software Conf igurati on Guide—Rele ase 12.2(25)EW A OL-7659-03 Chapter 9 Configuring Switches with Web-Based Tools Configur ing Embedde d CiscoView Sup port[...]

  • Page 187

    C HAPTER 10-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 10 Understanding and Configuring VLANs, VTP, and VMPS This c hapter d escribes V LANs on C atalyst 4 500 seri es switch es. It also describe s how to enabl e the VLAN Trunking Pr otocol (VT P) and to configure t he Cata lyst 4500 series sw itch as a VMPS client. This chapte [...]

  • Page 188

    10-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLANs Y o u can define one or many virt ual bridg es withi n a switch. Each virtual bridge yo u create i n the switch defines a new broadcast dom ain (VLAN) . T raffi c canno t pass direc tly to anothe r VLAN (bet ween[...]

  • Page 189

    10-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLANs VLAN Configuration Guid elines an d Restrictio ns Follow these gu ideli nes and restr ictions w hen cr eating and m odifying VLAN s in yo ur net work: • Before crea ting a VLAN, put the Catal yst 4500 series sw[...]

  • Page 190

    10-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLANs Configurable Norm al-Range VLAN Parameters Note Ethe rnet V LANs 1 and 1006 th rough 4094 use only default values. Y o u can configure th e following param eters for VL ANs 2 through 10 01: • VLAN name • VLAN[...]

  • Page 191

    10-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLANs Note VLANs support a number of parameters that ar e not discussed in detail in this secti on. For compl ete information , refer to the Catalyst 4500 Series Switc h Cisco IOS Command Refer enc e . Note The VLAN co[...]

  • Page 192

    10-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLANs T o create a VLAN, per form this ta sk: When y ou creat e or m odify an Ether net VLA N, no te the follo wing : • Because Layer 3 po rts and som e software fea tures requ ire in ternal VLA Ns alloc ated from 10[...]

  • Page 193

    10-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLANs Configuring V LANs in VLAN Database Mode When the switch is in VTP serv er or transparent mode, you can config ure VLANs in the VLAN database mode. Whe n you configure VLA Ns in VLAN da tabase mode , the VLAN co [...]

  • Page 194

    10-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Trun king Protoc ol Assigning a Layer 2 LAN Interface to a VLAN A VLAN cr eated i n a managemen t domain re mains unused u ntil you assig n one or more LAN inte rface s to the VLAN. Note M ake sure you assign LAN [...]

  • Page 195

    10-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Trun king Pr otocol Understanding the VTP Do main A VTP do main i s made up of one or m ore in terconnec ted net work devices tha t shar e the same VT P domain name. A network device can be configu red to be in on[...]

  • Page 196

    10-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Trun king Protoc ol The follo w ing global conf igura tion information is distrib u ted in VTP adv ertisements: • VLAN IDs (ISL and 802.1Q) • Emula ted LAN name s (for A TM L ANE) • 802.10 SA ID values (FD [...]

  • Page 197

    10-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Trun king Pr otocol Figure 10-2 shows a switched ne twork without VTP prun ing enab led. Interface 1 on Switc h 1 and Interface 2 on Sw itch 4 are assi gned to t he Re d VLAN. A bro adcast is sent from the host c[...]

  • Page 198

    10-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Trun king Protoc ol T o con f igure VTP pruning on a t runking LAN interface, use the switchport trunk pr uning vlan comm and. VTP pru ning oper ates when a LAN inter face is trunking . Y o u can set VLA N prunin[...]

  • Page 199

    10-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Trun king Pr otocol Configuring VTP The follo wing sec tions des cribe ho w to con f igur e VTP: • Configuring VTP Gl obal Parame ters, page 10-13 • Conf igurin g the Swi tch as a V TP Serv er , page 10 -14 ?[...]

  • Page 200

    10-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Trun king Protoc ol This exam ple shows how to ena ble VT P prunin g in the manag ement do main: Switch# vtp pruning Pruning switched ON This exampl e shows ho w to verify the configurat ion: Switch# show vtp sta[...]

  • Page 201

    10-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Trun king Pr otocol This e x ample sho ws h ow to conf igu re the s witch a s a VT P serv er: Switch# configuration terminal Switch(config)# vtp mode server Setting device to VTP SERVER mode. Switch(config)# vtp [...]

  • Page 202

    10-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Trun king Protoc ol VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x45 0x52 0xB6 0xFD 0x63 0xC8 0x49 0x80 Configuration last modified by 0.0.0.0 at 8-12-99 15:04:49 Switch# Disabling VTP (VT[...]

  • Page 203

    10-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Me mbersh ip Policy Server This example shows ho w to display VT P statistics: Switch# show vtp counters VTP statistics: Summary advertisements received : 7 Subset advertisements received : 5 Request advertisemen[...]

  • Page 204

    10-18 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Mem bership Policy Server VMPS uses a UD P port to listen t o VQP reque sts from client s, so, it is not ne cessary for VMPS clients to know if the VMPS reside s on a local or rem ote device on the network . Upon[...]

  • Page 205

    10-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Me mbersh ip Policy Server If a VLAN is alrea dy assig ned to this por t, VMPS ver ifie s the requ esting MA C address against th is port: • If the VLAN associ ated with this MA C address in the datab ase does [...]

  • Page 206

    10-20 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Mem bership Policy Server Illegal VMPS Client Requests T wo ex amples of il lega l VMPS clie nt requests a re as follo ws: • When a MAC-address mappin g is not prese nt in the VMPS data base and “n o fall bac[...]

  • Page 207

    10-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Me mbersh ip Policy Server Default VMPS C lient Configurati on T ab le 10-4 shows the de fault VMPS a nd dyna mic port c onfiguration on clie nt switches. Configuring a Switch as a VM PS Client This section con t[...]

  • Page 208

    10-22 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Mem bership Policy Server Switch# show vmps VQP Client Status: -------------------- VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.128.179 (primary, current) 172.2[...]

  • Page 209

    10-23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Me mbersh ip Policy Server Voice Port s If a VVID (voice VLAN ID) is configured on a dy namic acc ess port, the port can be long to both an access VLAN a nd a voice VLAN. C onsequen tly , a n access po rt configu[...]

  • Page 210

    10-24 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Mem bership Policy Server Configur ing the R etry Int erval Y ou can set the number of times that th e VMPS client atte mpts to contact the VMPS bef ore querying the next server . T o configur e the retry inte rv[...]

  • Page 211

    10-25 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Me mbersh ip Policy Server The fo llowing example shows how to display V MPS infor mation: Switch# show vmps VQP Client Status: -------------------- VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Cou[...]

  • Page 212

    10-26 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Mem bership Policy Server Dynamic Port VLAN Memb ership Con figuratio n Example Figure 10-4 on pa ge 10-26 shows a netw ork with a VMPS serv ers and VMPS client switches with dynamic po rts. In this exampl e, the[...]

  • Page 213

    10-27 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Me mbersh ip Policy Server T wo topo logies ar e possib le. Figure 10-5 illustrate s a topology with one end station attached d irectly to a Catal yst 4500 seri es switch ope rating as a VMPS client . Figure 1 0-[...]

  • Page 214

    10-28 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Mem bership Policy Server VQP Client Status: -------------------- VMPS VQP Version: 1 Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.26.152 172.20.26.150 (primary, current Step 2 Conf[...]

  • Page 215

    10-29 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 0 Understanding an d Configuring VL ANs, VTP, and V MPS VLAN Me mbersh ip Policy Server VMPS Datab ase Config uration File Example This e xample sho ws a sample VMPS database con fig uration f ile as it appe ars on a VMPS serv er . A VMPS database conf iguration f ile is a[...]

  • Page 216

    10-30 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 10 Understandi ng and C onfigur ing VLANs, VTP, and VMPS VLAN Mem bership Policy Server vmps-port-policies vlan-name Green device 198.92.30.32 port Fa0/9 vmps-port-policies vlan-name Purple device 198.4.254.22 port Fa0/10 port-group “Executive Row”[...]

  • Page 217

    C HAPTER 11-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 11 Configuring Layer 2 Ethernet Interface s This cha pter descri bes how to use the comm and- line inter face (CLI) to co nfigure Fast Ethernet and Gigabit Eth ernet interf aces for Layer 2 switching on Cataly st 4500 series switches. It also pro vides guideli nes, proc edur[...]

  • Page 218

    11-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 11 Configuring Layer 2 Ethernet Interfaces Overvi ew of Layer 2 Ethernet Switching Note With release 12.1(1 3)EW , the Ca talyst 4500 ser ies switches ca n handle packets of 1600 bytes, ra ther than tre at them as “o vers ized” and di scard th em. This si ze is larg e[...]

  • Page 219

    11-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 1 Configuring Layer 2 Ethernet Int erfaces Overview of Layer 2 Ethernet Switching Understand ing VLAN Trunk s A trun k is a p oint-to -point link betw een on e or more Ethe rnet s witch i nterface s and an other n etworking de vice such as a r outer or a switch. T runks car[...]

  • Page 220

    11-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 11 Configuring Layer 2 Ethernet Interfaces Default L ayer 2 Ethe rnet Interfa ce Configurati on Layer 2 Interfa ce Modes T ab le 11-2 lists the Laye r 2 interface mod es and descri bes how the y functi on on Ethernet interfaces. Note DTP is a point-to-point protocol . How[...]

  • Page 221

    11-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 1 Configuring Layer 2 Ethernet Int erfaces Layer 2 Interfa ce Configur ation Gui delines a nd Restri ctions Layer 2 Interf ace Configura tion Guidelines and Restrictions Ke ep the follo wing guidelines a nd restric tions in mind when you co nfig ure Laye r 2 inter face s: ?[...]

  • Page 222

    11-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 11 Configuring Layer 2 Ethernet Interfaces Configur ing Ethern et Interface s for Laye r 2 Switching Configur ing an Eth ernet In terfac e as a Lay er 2 Trun k Note The default for Layer 2 interf aces is switchport mode dynamic auto . If the neig hboring i nterface suppor[...]

  • Page 223

    11-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 1 Configuring Layer 2 Ethernet Int erfaces Configuring Ethernet Interfaces for Layer 2 Switching This e xampl e sho ws ho w to conf igure th e Fast E thern et interf ace 5/8 as an 802 .1Q trunk . This e xample assumes th at the nei ghbor inte rface is configured to support [...]

  • Page 224

    11-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 11 Configuring Layer 2 Ethernet Interfaces Configur ing Ethern et Interface s for Laye r 2 Switching Port Vlans allowed and active in management domain Fa5/8 1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-8 02,850,917,999,1002-1005 Port Vlans in span[...]

  • Page 225

    11-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 1 Configuring Layer 2 Ethernet Int erfaces Configuring Ethernet Interfaces for Layer 2 Switching Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 200 Switch(config-if)# no shutdown Switch(config-if)# end Switch# exit This exampl e shows ho[...]

  • Page 226

    11-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 11 Configuring Layer 2 Ethernet Interfaces Configur ing Ethern et Interface s for Laye r 2 Switching This exam ple sh o ws how to verif y that the L ayer 2 c onfiguration was cleare d: Switch# show running-config interface fastethernet 5/6 Building configuration... Curre[...]

  • Page 227

    C HAPTER 12-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 12 Configuring SmartPort Ma cros This c hapter d escribes how to c onfigure and apply Sma rtPort m acros on your sw itch. Note For comp lete syntax and usag e informa tion for th e switch commands u sed in this chapter , refer to the Catalyst 4 500 Seri es Switch C isco IOS [...]

  • Page 228

    12-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 12 Config uring S martPor t Macro s Configuring Smart-Port Ma cros Configuring Smart-Port Macros Y ou can crea te a ne w SmartPo rt macro o r use an e xisting macro a s a template to create a n ew macro that is specif ic to your applica tion. After you create the macro, you [...]

  • Page 229

    12-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 12 Configur ing SmartPort Macros Confi guring Smart -Port Mac ros # Recommended value for voice vlan (VVID) should not be 1 switchport voice vlan $VVID # Enable port security limiting port to a 3 MAC # addressess -- One for desktop and two for phone switchport port-security s[...]

  • Page 230

    12-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 12 Config uring S martPor t Macro s Configuring Smart-Port Ma cros spanning-tree portfast spanning-tree bpduguard enable SmartPort Macro C onfiguration Gu idelines Follow these guideli nes when configuring mac ros on your switch : • Do no t use ex it or end comm ands when [...]

  • Page 231

    12-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 12 Configur ing SmartPort Macros Confi guring Smart -Port Mac ros The no fo rm of th e macr o name global conf iguration co mmand only deletes the macr o definiti on. It does not affect th e configurati on of thos e interfaces on which the ma cro is al ready app lied. Y ou ca[...]

  • Page 232

    12-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 12 Config uring S martPor t Macro s Configuring Smart-Port Ma cros switchport port-security # Ensure port-security age is greater than one minute # and use inactivity timer # “Port-security maximum 1” is the default and will not # Show up in the config switchport port-se[...]

  • Page 233

    12-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 12 Configur ing SmartPort Macros Confi guring Smart -Port Mac ros Fa2/9 cisco-phone -------------------------------------------------------------- cisco-switch This e xample sho ws how to use the system- defin ed macro cisco-switch to assign a value o f 38 to the nati v e VLA[...]

  • Page 234

    12-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 12 Config uring S martPor t Macro s Displaying SmartPort Mac ros switchport trunk encapsulation dot1q # Define unique Native VLAN on trunk ports # Recommended value for native vlan (NVID) should not be 1 switchport trunk native vlan $NVID [native_vlan_id] # Update the allowe[...]

  • Page 235

    C HAPTER 13-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 13 Understanding and Configuring STP This chapt er describes how to configure the Span ning Tr ee Protoco l (STP) on a Catalyst 4500 serie s switch. It also provides guide lines, pro cedure s, and co nfiguration exampl es. This chapte r includes the foll owing major sections[...]

  • Page 236

    13-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Overvi ew of STP A spanning tree def ines a tree with a root switch and a loop-free path from t he root to all switches in the Layer 2 ne twork. A span ning tree forces redun dant data paths int o a standby (bloc ked) state. If a netwo[...]

  • Page 237

    13-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Over view of STP STP MAC Address Allocati on A Catalyst 45 00 series switc h chassis has eithe r 64 or 1024 MAC addresses av ailable t o support software featur es lik e STP . Enter the show module command t o vie w the MAC address rang[...]

  • Page 238

    13-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Overvi ew of STP Election of th e Root Bridge For each VLAN, the swi tch w ith the h ighest bri dge priority (the l owest numerical priority v alue) is elect ed as the root bridge. If all switches are conf igured with the defaul t prio[...]

  • Page 239

    13-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Over view of STP Figur e 13 -1 Spannin g T ree T opology For example, assume t hat one port on Switch B is a fiber-optic link, and ano ther p ort on Switch B ( an unshiel ded twiste d-pair [UTP] link) i s the root po rt. Network tr aff [...]

  • Page 240

    13-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Default STP Configuration STP and IE EE 802.1Q Trunks 802.1 Q VLAN tru nks impose som e limita tions on th e spanni ng tree st rategy for a net work. In a net work of Cisco swit ches connect ed through 802 .1Q trunks, the switches ma i[...]

  • Page 241

    13-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP Configuring ST P The follo wing sect ions de scr ibe ho w to conf igur e span ning t ree on VLA Ns: • Enab ling STP , pa ge 13-7 • Enab ling t he Extend ed S ystem ID, pa ge 1 3-8 • Conf igurin g the Ro ot Br idge [...]

  • Page 242

    13-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP T o e nable a spanning tree on a p er-VLAN basis, perform this t ask: This exam ple shows how to ena ble a spanning tree on VLAN 200 : Switch# configure terminal Switch(config)# spanning-tree vlan 200 Switch(config)#[...]

  • Page 243

    13-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP T o enable the ex tended system ID, perfor m this task: Note When you enable o r disabl e the ex tended sy stem ID, the br idge IDs of all acti v e STP instances are update d, which might chan ge the spanni ng tree topol[...]

  • Page 244

    13-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP Use the diameter ke yword t o speci fy the L ayer 2 networ k diam eter (the max imum n umber of b ridge hops bet ween a ny two end stat ions in the ne twork). Wh en you specify t he ne twork diame ter , a s witch au[...]

  • Page 245

    13-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP Port 324 (FastEthernet6/4) of VLAN1 is blocking Port path cost 19, Port priority 128, Port Identifier 129.68. Designated root has priority 32768, address 0001.6445.4400 Designated bridge has priority 32768, address 0001[...]

  • Page 246

    13-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP Configur ing a Se condar y Root S witch When you con figure a switch as the se condary ro ot, the spann ing tree bridg e priorit y is modified from the def ault v alue (32,768) to 16,384. T his means t hat the switc[...]

  • Page 247

    13-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP Configuring STP Port Priority In the e v ent of a loop, a spa nning tree c onsiders port priori ty when selectin g an interf ace to put into th e forwarding state. Y ou can assign hi gher pri ority values to inter faces[...]

  • Page 248

    13-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP This e xample shows how to display the det ails of the i nterf ace conf iguratio n when the interf ace is conf igure d as an access port: Switch# show spanning-tree interface fastethernet 3/1 detail Port 129 (FastEt[...]

  • Page 249

    13-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP This exa mple sh o ws how to c onfigure the spanning tree VLAN port priority of a Fast Eth ernet int erface: Switch# configure terminal Switch(config)# interface fastethernet 5/8 Switch(config-if)# spanning-tree vlan 20[...]

  • Page 250

    13-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP This exampl e shows ho w to change the spanning tre e port cost of a Fast Ethe rnet inter face: Switch# configure terminal Switch(config)# interface fastethernet 5/8 Switch(config-if)# spanning-tree cost 18 Switch(c[...]

  • Page 251

    13-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP T o configur e the spanning tree bridg e priority of a VLAN, perform this task: This exampl e shows ho w to configure the br idge priori ty of VLAN 2 00 to 33,792 : Switch# configure terminal Switch(config)# spanning-tr[...]

  • Page 252

    13-18 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP This exampl e shows ho w to verify the configurat ion: Switch# show spanning-tree vlan 200 bridge brief Hello Max Fwd Vlan Bridge ID Time Age Delay Protocol ---------------- -------------------- ---- ---- ----- ----[...]

  • Page 253

    13-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP T o configur e the spanning tree for ward delay time for a VLAN, perform this task: This example shows how to configure the fo rward delay time for VLAN 200 to 21 seconds: Switch# configure terminal Switch(config)# span[...]

  • Page 254

    13-20 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP This exam ple sh o ws how to di sable spanning t ree o n VLAN 200 : Switch# configure terminal Switch(config)# no spanning-tree vlan 200 Switch(config)# end Switch# This exampl e shows ho w to verify the configurat [...]

  • Page 255

    13-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 3 Understanding an d Configuri ng STP Configuring STP The fo llowing exampl e shows how to verify the configur ation: Switch# show spanning-tree summary totals Switch is in rapid-pvst mode Root bridge for:VLAN0001 Extended system ID is disabled Portfast Default is disabled[...]

  • Page 256

    13-22 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 13 Understanding and Configuring STP Conf igu rin g STP[...]

  • Page 257

    C HAPTER 14-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 14 Configuring STP Features This chapter desc ribes the Spa nning T ree Protoc ol ( STP) feat ures supp orted on the Catalyst 4500 s erie s swit ches. It al so pro vides gu ideline s, pro cedures, and conf iguration e xampl es. This chapte r includes the foll owing major sec[...]

  • Page 258

    14-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Overvi ew of Root Gu ard Overview of Root Guard Spanni ng T ree roo t guard for ces an inter face to beco me a design ated port, to protect the current roo t status and prevent surround ing sw itches fro m becom ing the root swi tch. When yo u [...]

  • Page 259

    14-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 4 Configuring STP Featu res Over view o f Lo op Gu ard VLAN1002 FastEthernet3/2 Port Type Inconsistent VLAN1003 FastEthernet3/1 Port Type Inconsistent VLAN1003 FastEthernet3/2 Port Type Inconsistent VLAN1004 FastEthernet3/1 Port Type Inconsistent VLAN1004 FastEthernet3/2 Po[...]

  • Page 260

    14-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Enablin g Loop Guar d Follow these guideli nes wh en usin g loop guard : • Do not enable loop g uard on PortFast-ena bled or dynam ic VLAN ports. • Do not enable lo op guard if root guard is ena bled. Loop guard interac ts with other fea tu[...]

  • Page 261

    14-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 4 Configuring STP Featu res Overview of PortFast This exampl e shows ho w to verify the previous configurat ion of port 4/4 : Switch# show spanning-tree interface fastethernet 4/4 detail Port 196 (FastEthernet4/4) of VLAN0010 is forwarding Port path cost 1000, Port priority[...]

  • Page 262

    14-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Enablin g PortFast Note Because the purpose of PortF ast is to minimize the time that acce ss ports must wait for spanning tree to conv erge, it is most effectiv e when used on access por ts. If you en able Port Fast on a port connecti ng to an[...]

  • Page 263

    14-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 4 Configuring STP Featu res Overview of BPDU Guard Overview of BPDU Guard Spannin g T ree BPDU g uard shuts do wn PortFas t-conf igu red interf aces that recei v e BPDUs, rath er than putting th em into the spanning tree blocking state. I n a v alid conf iguration, Po rtFas[...]

  • Page 264

    14-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Overv iew of Po rtFas t BPDU Filterin g Overview of PortFast BPDU Filtering Cisco IOS Release 12.2(25)EW and lat er support PortFast BPDU f iltering, which allows the administ rator t o prevent the syst em from sending or even receiving BP DUs [...]

  • Page 265

    14-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 4 Configuring STP Featu res Enabling PortFa st BPDU Filtering This e xampl e sho ws ho w to ve rify the BPDU conf iguration in PVST + mode: Switch# show spanning-tree summary totals Root bridge for:VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID i[...]

  • Page 266

    14-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Overvi ew of Up linkFast Overview of UplinkFast Note Up linkFast is most usef ul in wiri ng-close t switche s. This fea ture mig ht not b e useful fo r other types of application s. Spanning T ree Uplink Fast provides fast conver gence aft er [...]

  • Page 267

    14-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 4 Configuring STP Featu res Enabl ing U plinkF ast Enabling Uplink Fast UplinkFast inc reases the br idge priority t o 49,152 and ad ds 3000 to the span ning tree port cost of all interf aces on the switch, making it unli kely that the switch will be come the root switch. [...]

  • Page 268

    14-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Overvi ew of Ba ckboneFas t VLAN15 VLAN1002 Gi5/7(fwd) VLAN1003 Gi5/7(fwd) VLAN1004 Gi5/7(fwd) VLAN1005 Gi5/7(fwd) Switch# Overview of BackboneFast BackboneF ast is a complem entary techno logy to UplinkF ast. Wherea s UplinkFa st is designed [...]

  • Page 269

    14-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 4 Configuring STP Featu res Overview of Ba ckboneFast Figur e 14 -4 Bac kboneF ast Be for e Indirec t Link F ailur e Nex t, assume that L1 fails. Switc h A and Switch B, the switches dire ctly connected to this se gment, instantly kno w that the link is down. Th e blocking[...]

  • Page 270

    14-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Overvi ew of Ba ckboneFas t Figur e 14- 5 Bac kboneF ast a ft er Indir ect L ink F ailure If a ne w switc h is introduced into a share d-medium topo logy as sho wn in Figu re 14-6 , B ackbon eFast is not activated, because t he inferi or BPDUs[...]

  • Page 271

    14-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 4 Configuring STP Featu res Enabl ing Backbone Fast Enabling Back boneFast Note For Back boneFast to work, you must ena ble it on all switches in the ne twork. Backbone Fast is supported for use wi th third-par ty switches but it is not supporte d on T oken Ring V LANs. T [...]

  • Page 272

    14-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 14 Configuring STP Features Enablin g Backbone Fast 5 vlans 0 0 0 11 11 BackboneFast statistics ----------------------- Number of transition via backboneFast (all VLANs) :0 Number of inferior BPDUs received (all VLANs) :0 Number of RLQ request PDUs received (all VLANs) :[...]

  • Page 273

    C HAPTER 15-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 15 Understanding and Configuring Multiple Spanning Trees Thi s chapt er de scri bes ho w to co nf igur e the IEEE 80 2.1 s Mult iple S pann ing T ree (MS T) pro tocol on th e Catalyst 450 0 series switch. M ST is a new IEEE standard derived from Cisco 's proprieta ry Mu[...]

  • Page 274

    15-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees Overvi ew of MST IEEE 802.1 s MST MST e xtends the IEEE 802.1w r apid spann ing tree (RST) algo rithm to multiple span ning trees. This e xtens ion pro vide s bot h rapi d co n verg ence and lo ad bal anci ng[...]

  • Page 275

    15-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 5 Understandin g and Configuri ng Multiple Spanning Tre es Overview of MS T – MST switches ope rate as if MA C reduct ion is enabled. – For pri v ate VL ANs (PVLANs), you must map a sec ondary VL AN to the same insta nce as th e primar y . IEEE 802.1 w RSTP RSTP , speci[...]

  • Page 276

    15-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees Overvi ew of MST RSTP Port States The por t sta te cont rols the forward ing and learni ng proc esses an d provides the values o f disca rding, learnin g, and forwarding . Ta b l e 1 5 - 1 shows the STP port [...]

  • Page 277

    15-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 5 Understandin g and Configuri ng Multiple Spanning Tre es Overview of MS T T o STP run ning in the SST region, an MST region app ears as a single SST or pseud obridge, whi ch operates as follo ws: • Although the values for root iden tifiers and root path costs match for [...]

  • Page 278

    15-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees Overvi ew of MST MST BPDU s contain th e MST conf iguration ID and the checksu m. An MST bridg e accepts an MST BPDU only if th e MST BPDU conf iguration ID an d the checks um match its o wn MST re gion conf [...]

  • Page 279

    15-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 5 Understandin g and Configuri ng Multiple Spanning Tre es Overview of MS T IST Master The IST master of an MST regio n is the bridge with the lo west bridge iden tif ier and the least path cost to the CST roo t. If an MST bridge is the r oot bridge fo r CST , then it is th[...]

  • Page 280

    15-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees MST Config uration Rest rictions and Guidelines MST-to-PVST+ Interoperability Keep these guidel ines in mind when you configure MST switches (in the same region ) to interact with PVST+ switches: • Conf igu[...]

  • Page 281

    15-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 5 Understandin g and Configuri ng Multiple Spanning Tre es Config uring MS T Configuring MST The follo wing sec tions descr ibe ho w to con fi gure MST : • Ena bling MST , page 15-9 • Configuring MST In stance Para meters , page 15 -11 • Configuring M ST In stance Po [...]

  • Page 282

    15-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees Conf igu rin g MST Switch(config-mst)# show current Current MST configuration Name [] Revision 0 Instance Vlans mapped -------- --------------------------------------------------------------------- 0 1-4094 [...]

  • Page 283

    15-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 5 Understandin g and Configuri ng Multiple Spanning Tre es Config uring MS T Configuring MST In st ance Parame ters T o conf igure MST instance parameters, per form this task: This exam ple shows how to co nfigure MST instance paramet ers: Switch(config)# spanning-tree mst[...]

  • Page 284

    15-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees Conf igu rin g MST Configuring MST Inst an ce Port Parameters T o conf igure MST instance port parameters, pe rform this task: This e xampl e sho ws ho w to conf igure MST ins tance port pa rame ters: Switch[...]

  • Page 285

    15-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 5 Understandin g and Configuri ng Multiple Spanning Tre es Config uring MS T Displaying MST Configurations T o display MST config urations, perform this task: The fo llowing exampl es show how to di splay span ning t ree VLAN configurat ions in M ST m ode: Switch(config)# [...]

  • Page 286

    15-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees Conf igu rin g MST Switch# show spanning-tree mst 1 ###### MST01 vlans mapped: 1-10 Bridge address 00d0.00b8.1400 priority 32769 (32768 sysid 1) Root this switch for MST01 Interface Role Sts Cost Prio.Nbr St[...]

  • Page 287

    15-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 5 Understandin g and Configuri ng Multiple Spanning Tre es Config uring MS T FastEthernet4/48 of MST01 is boundary forwarding Port info port id 128.240 priority 128 cost 200000 Designated root address 00d0.00b8.1400 priority 32769 cost 0 Designated bridge address 00d0.00b8[...]

  • Page 288

    15-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 15 Understandi ng and C onfigur ing Multi ple Spa nning Tr ees Conf igu rin g MST[...]

  • Page 289

    C HAPTER 16-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 16 Understanding and Con figuring EtherChannel This cha pter descri bes how to use the comm and- line inter face (CLI) to co nfigure EtherC hannel on the Catalyst 4500 serie s switc h Laye r 2 or Layer 3 i nterface s. It also provide s guide lines, p rocedures, and configura[...]

  • Page 290

    16-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 16 Understa nding and C onfigur ing Ethe rChannel Overvi ew of EtherCh annel Note The network de vice to which a Catalyst 4500 seri es switch is connected may impose its o wn limits on the numb er of interf aces in an Eth erChann el. If a se gment within an E therCha nnel f [...]

  • Page 291

    16-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 6 Understanding an d Configuri ng EtherChan nel Overview of E therChan nel Understanding Manual Ether Channel Configuration Manual ly configur ed Et herChann el por ts do no t exchan ge Et herChann el pro tocol pa ckets. A manual ly configured EtherC hannel for ms only w he[...]

  • Page 292

    16-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 16 Understa nding and C onfigur ing Ethe rChannel Overvi ew of EtherCh annel The proto col learn s the capab ilities of LAN port gr oups dynamica lly and inf orms the oth er LAN po rts. Once LA CP identif ies correctly matched E thernet links, it fa cilitates g rouping the l[...]

  • Page 293

    16-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 6 Understanding an d Configuri ng EtherChan nel Ether Channel C onfigur ation Gui deli nes and Restr icti ons Understand ing Lo ad Balancin g Ether Channel c an balanc e the tra ff ic load across t he links in the ch annel. It does t his by reduci ng part of the binar y pat[...]

  • Page 294

    16-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 16 Understa nding and C onfigur ing Ethe rChannel Configur ing EtherChann el • After yo u configur e an Ethe rChan nel, any co nfiguration that y ou apply to the port -chan nel in terface affects the EtherCha nnel; any configu ration th at you apply to th e physica l inte [...]

  • Page 295

    16-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 6 Understanding an d Configuri ng EtherChan nel Config uring E therC hannel T o cr eate a po rt-channe l interface for a Layer 3 E therChanne l, perf orm this task : This e xample sho ws how to create port-chann el interfa ce 1: Switch# configure terminal Switch(config)# in[...]

  • Page 296

    16-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 16 Understa nding and C onfigur ing Ethe rChannel Configur ing EtherChann el This exam ple shows how to configure Fast Etherne t inte rfaces 5 /4 and 5/ 5 into po rt-cha nnel 1 with P Ag P mode desirable : Switch# configure terminal Switch(config)# interface range fastethern[...]

  • Page 297

    16-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 6 Understanding an d Configuri ng EtherChan nel Config uring E therC hannel Partner's information: Partner Partner Partner Partner Group Port Name Device ID Port Age Flags Cap. Fa5/4 JAB031301 0050.0f10.230c 2/45 1s SAC 2D Age of the port in the current state: 00h:54m:[...]

  • Page 298

    16-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 16 Understa nding and C onfigur ing Ethe rChannel Configur ing EtherChann el T o conf igur e Layer 2 Ethernet inter fa ces as Laye r 2 Ethe rChanne ls, per form this ta sk for each interf ace: This exam ple shows how to configure Fast Etherne t inte rfaces 5 /6 and 5/ 7 int[...]

  • Page 299

    16-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 6 Understanding an d Configuri ng EtherChan nel Config uring E therC hannel Switch# show interfaces fastethernet 5/6 etherchannel Port state = EC-Enbld Up In-Bndl Usr-Config Channel group = 1 Mode = Desirable Gcchange = 0 Port-channel = Po1 GC = 0x00010001 Port indx = 0 Lo[...]

  • Page 300

    16-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 16 Understa nding and C onfigur ing Ethe rChannel Configur ing EtherChann el T o configur e the LA CP system priority and system ID, perform this task: This example sho ws how to confi gure the LACP syste m priority: Switch# configure terminal Switch(config)# lacp system-pr[...]

  • Page 301

    16-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 6 Understanding an d Configuri ng EtherChan nel Config uring E therC hannel The lo ad-ba lanci ng k eyw ords are: • src-mac —Sourc e MA C addre sses • src-dst-mac —Destin ation MA C addresses • src-dst-mac —Source an d destination M A C addresses • src-ip —[...]

  • Page 302

    16-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 16 Understa nding and C onfigur ing Ethe rChannel Configur ing EtherChann el Remov ing an Ethe rChann el If you rem ove an EtherChanne l, the me mber ports ar e shut down and removed from the Chan nel group . Note Y ou must rem ov e an Ethe rChannel be fore chan ging a port[...]

  • Page 303

    C HAPTER 17-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 17 Configuring IGMP Sno oping and Filtering This cha pter descr ibes how to configure Intern et Grou p Manageme nt Protoco l (IGMP) snoo ping on the Catalyst 4500 serie s switc h. It provides gu idelines, proced ures, a nd configurati on example s. This chapte r consists of [...]

  • Page 304

    17-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Overview of IGMP Snoopi ng In co ntrast to IGMPv1 a nd IGM Pv2, I GMPv3 sn ooping p rovides imme diate- leave processin g by default. It pro vides E xplicit Host T racking (EH T) and allo ws network admin istrators to deploy SSM[...]

  • Page 305

    17-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Over view of IG MP Sno opi ng Immediate-Le ave Proces sing IGMP sn oopin g immedi ate-le av e proc essing a llows the switch to rem ove an interfa ce fro m the forwarding -tabl e ent ry with out first se nding ou t IGMP group-s pe[...]

  • Page 306

    17-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Configuring IGMP Snooping T o det ermine whether or not EHT is enabl ed on a VLAN , use the show ip igmp snoop vlan command. Configuring IGMP Snoo ping Note Whe n configuring IG MP , configure the VLA N in the VLAN d atabase mo [...]

  • Page 307

    17-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Configuring IGMP Snooping Enabling IGM P Snoopin g T o ena ble IGMP snoo ping globall y , perf orm this task: This example shows how to enable IG MP snooping globally and verify t he configuration : Switch(config)# ip igmp snoopin[...]

  • Page 308

    17-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Configuring IGMP Snooping This exam ple sh o ws how to ena ble I GMP snoo ping on VLAN 2 and verify the configurati on: Switch# configure terminal Switch(config)# ip igmp snooping vlan 2 Switch(config)# end Switch# show ip igmp [...]

  • Page 309

    17-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Configuring IGMP Snooping This exam ple shows how to co nfigure IP IG MP snoopi ng to learn from CGMP se lf-joi n packets: Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp Switch(config)# end Switch# Configuring a Multic[...]

  • Page 310

    17-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Configuring IGMP Snooping This example shows how to enable IGMP i mmediat e-leave processing on inte rface VLAN 200 a nd to ver ify the conf igur ation: Switch(config)# ip igmp snooping vlan 200 immediate-leave Configuring immed[...]

  • Page 311

    17-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Configuring IGMP Snooping Suppressing Mu lticast Flooding An IGMP snooping-en abled switch will flo od multicast traf f ic to all ports in a VLAN when a spanning-tree T opolo gy Change Notification (TCN) is receiv ed. Multicast fl[...]

  • Page 312

    17-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Configuring IGMP Snooping While in “ multicast flooding mode ,” IP mu lticast tra ff ic is deli vered to all ports in th e VLAN, an d not restr icted to tho se ports on which mult icast grou p members hav e been detected . [...]

  • Page 313

    17-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Displaying IGMP Snooping Information This e xample shows how to modi fy the swit ch to stop flooding mu lticast tra ff ic after four q ueries: Switch(config)# ip igmp snooping tcn flood query count 4 Switch(config)# end Switch# W[...]

  • Page 314

    17-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Displaying IGMP Snooping Information Displaying Querier Information T o display querier information, perform this task: This e xample sho ws how to display the IGMP snooping querie r information for all VLANs on the switch: Swi[...]

  • Page 315

    17-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Displaying IGMP Snooping Information 40.40.40.5/224.10.10.10Fa2/1 20.20.20.20 00:39:42 00:09:17 - 40.40.40.6/224.10.10.10 Fa2/1 20.20.20.20 00:09:47 00:09:17 - Switch# clear ip igmp snooping membership vlan 20 This exam ple shows[...]

  • Page 316

    17-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Displaying IGMP Snooping Information This example sho ws how to display the host type s and ports of a group in VL AN 1: Switch# show ip igmp snooping groups vlan 10 226.6.6.7 Vlan Group Version Ports --------------------------[...]

  • Page 317

    17-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Displaying IGMP Snooping Information T o display multicast router interf aces, per form this task: This e xample sho ws how to display the multicast router in terface s in VLAN 1 : Switch# show ip igmp snooping mrouter vlan 1 vla[...]

  • Page 318

    17-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Conf igu ring I GMP Filt eri ng This exam ple shows how to di splay IG MP snooping inform ation on VLAN 5: Switch# show ip igmp snooping vlan 5 Global IGMP Snooping configuration: ----------------------------------- IGMP snoopi[...]

  • Page 319

    17-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Con fig ur ing IGMP Filt er ing Default IGMP Filte ring Configuration T ab le 17-2 shows the def ault IGMP f iltering conf iguration. Configuring IGMP Profiles T o con figure an IGMP profile and to ente r IGMP profile configura t[...]

  • Page 320

    17-18 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Conf igu ring I GMP Filt eri ng T o delete a prof ile, use t he no ip ig mp pro f ile pr ofile number gl obal co nfiguration co mman d. T o delete an IP multicast addre ss or range of IP multicast add resses, use the no range i[...]

  • Page 321

    17-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Con fig ur ing IGMP Filt er ing T o remov e a prof ile from an inter face, use the no ip igmp fil ter command . This exam ple sh o ws how to apply IG MP profile 4 to an interfac e and to verify the configur ation: Switch# config [...]

  • Page 322

    17-20 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Displaying IGMP Filtering Conf iguration T o remov e the maximum group limitatio n and return to the defaul t of no maximum, use the no ip igmp max-groups comman d. This e xample sho ws ho w to limit the number of IGMP groups t[...]

  • Page 323

    17-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 7 Configuring IGMP Snoopi ng and Filterin g Displaying IGMP Filt ering Con figurat ion This is a n exampl e of the show running-confi g pr iv ile ged EXE C com mand whe n an i nterf ace i s specif ied with IGMP maximum gro ups conf igured an d IGMP prof ile 4 has been appl[...]

  • Page 324

    17-22 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 17 Co nfiguring IGMP Snooping and Filtering Displaying IGMP Filtering Conf iguration[...]

  • Page 325

    C HAPTER 18-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 18 Configuring 802.1Q and Laye r 2 Protocol Tunneling V irtual pri v ate ne tworks (VPNs) pro vide en terprise-scale connecti vity on a sh ared infrastruc ture, often Etherne t-based, with the same se curity , prioritiz ation, reliab ility , and manageab ility r equirements [...]

  • Page 326

    18-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 18 Configuri ng 802.1Q and Lay er 2 Protoc ol Tunneling Unders tanding 802 .1Q Tunnelin g A port configured to suppo rt 802. 1Q tunne ling is called a tunne l port. When you con f igure tunne ling, you assi gn a tu nnel port to a VLAN ID that i s dedica ted to tunneli ng.[...]

  • Page 327

    18-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 8 Configuring 80 2.1Q and La yer 2 Pro tocol Tunn eling Understan ding 802.1Q Tunnel ing Figur e 1 8-2 Or iginal (N or mal), 802 .1Q, and Dou ble-T agged Ethe r n et P ac k et For mats When the pack et enter s the trunk po rt of the Servi ce Provid er eg ress switc h, the m[...]

  • Page 328

    18-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 18 Configuri ng 802.1Q and Lay er 2 Protoc ol Tunneling Configur ing 802.1 Q Tunneli ng Configuring 802.1Q Tunneling These sections descri be 802.1 Q tunnel ing configu ration: • 802.1Q Tunneling Configurati on Guidel ines, page 18- 4 • 802.1 Q T unn eling and O ther [...]

  • Page 329

    18-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 8 Configuring 80 2.1Q and La yer 2 Pro tocol Tunn eling Configur ing 802.1Q Tun neling Figur e 1 8-3 P ot ential P roblem with 802 .1Q T unneling and Native VL ANs System MTU The defa ult syste m MTU for traff ic on the Cata lyst 4500 se ries sw itch is 1500 bytes. Y ou can[...]

  • Page 330

    18-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 18 Configuri ng 802.1Q and Lay er 2 Protoc ol Tunneling Configur ing 802.1 Q Tunneli ng • Ether Channel port groups are compatibl e with tunne l ports as long as the 802.1Q co nfiguration is consist ent wi thin an Ether Channel p ort gro up. • Port Aggregation Pro toc[...]

  • Page 331

    18-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 8 Configuring 80 2.1Q and La yer 2 Pro tocol Tunn eling Underst anding Laye r 2 Protoco l Tunnel ing This exampl e shows ho w to configure an interfac e as a tunnel port, enab le taggi ng of native VLAN pack ets, and v erif y the conf iguration. In th is conf iguratio n, th[...]

  • Page 332

    18-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 18 Configuri ng 802.1Q and Lay er 2 Protoc ol Tunneling Unders tanding La yer 2 Protoc ol Tunneling Customer A ’ s Site 1 will b u ild a spanning tr ee on the switches at that site without c onsidering con ve rge nce pa ramet ers based on Custo mer A ’ s sw itch i n S[...]

  • Page 333

    18-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 8 Configuring 80 2.1Q and La yer 2 Pro tocol Tunn eling Configu ring Laye r 2 Protoco l Tunnel ing Configuring Laye r 2 Protocol Tu nneling Y o u can enable Layer 2 proto col tunn eling (by protocol ) on t he acce ss ports or tun nel port s that a re connect ed to t he cust[...]

  • Page 334

    18-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 18 Configuri ng 802.1Q and Lay er 2 Protoc ol Tunneling Configur ing Layer 2 Prot ocol Tunne ling Layer 2 Protocol Tun neling Con figuration Gu idelines These are som e co nfiguration gu ideline s and opera ting cha racterist ics of L ayer 2 protoc ol tunne ling: • The[...]

  • Page 335

    18-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 8 Configuring 80 2.1Q and La yer 2 Pro tocol Tunn eling Configu ring Laye r 2 Protoco l Tunnel ing Use the no l2protocol-tunnel [ cdp | stp | vtp ] int erface c onfiguration c ommand to di sable pr otocol tunnel ing for one of th e Layer 2 pro tocols or for a ll three . Us[...]

  • Page 336

    18-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 18 Configuri ng 802.1Q and Lay er 2 Protoc ol Tunneling Monito ring and Maint aining Tunnel ing Status Switch(config-if)# l2protocol-tunnel shutdown-threshold 1500 Switch(config-if)# l2protocol-tunnel drop-threshold 1000 Switch(config-if)# exit Switch(config)# l2protocol[...]

  • Page 337

    C HAPTER 19-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 19 Understanding and Configuring CDP This c hapter d escribes how to c onfigure Cisco Discovery Prot ocol (CD P) on the Catal yst 4500 se ries switch. It also provides guide lines, pro cedure s, and co nfiguration exampl es. This chapte r includes the foll owing major sectio[...]

  • Page 338

    19-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapte r 19 Understa nding and C onfigur ing CDP Conf igu rin g CD P Configuring CDP The follo wing sectio ns describe ho w to config ure CDP: • Ena bling CDP Gl oball y , page 19 -2 • Display ing the CDP Glob al Configuration , page 19-2 • Ena bling CDP on an Inter face, p[...]

  • Page 339

    19-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 1 9 Understanding an d Configuring CD P Config uring C DP Enabling C DP on an Interface T o enable CDP on an interfac e, perform this task: This example shows how to enable CDP on Fast Ethernet int erface 5/1: Switch(config)# interface fastethernet 5/1 Switch(config-if)# cdp [...]

  • Page 340

    19-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapte r 19 Understa nding and C onfigur ing CDP Conf igu rin g CD P This exam ple shows how to cl ear the C DP coun ter configur ation on your sw itch: Switch# clear cdp counters This exam ple shows how to di splay infor mation a bout the neig hboring e quipmen t: Switch# show c[...]

  • Page 341

    C HAPTER 20-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 20 Configuring UDLD This chap ter describ es ho w to conf igure th e UniDirection al Link Dete ction (UDLD ) and Unidirec tional Ether net on the Cata lyst 4500 series sw itch. It al so provides guideli nes, proc edures, a nd configuration examples . This chapte r includes t[...]

  • Page 342

    20-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 20 Configuring UDLD Default U DLD Configurat ion The swi tch period ically transmits UDLD pac kets to nei ghbor devices on i nterface s with UDL D enab led. If the pa ckets are echoed back within a speci fic tim e frame and th ey are lacking a spe cif ic ackno wledgm ent [...]

  • Page 343

    20-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 0 Configuring UDL D Configuring UDLD on the Switch Enabling UDL D Globally T o enable UDLD globa lly on all f iber-opti c interf aces on th e switch, perform th is task: Enabling UDL D on Individ ual Interfaces T o enable UDLD on in di vidual in terface s, perfo rm this tas[...]

  • Page 344

    20-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 20 Configuring UDLD Conf igu rin g UDLD on t he Swit ch Disabling UDLD on Fi ber-Optic Interfaces T o disable UDLD on indi vidual f iber -optic interf aces, perform this task : Resetting Disabled Interfaces T o reset all interfaces that ha ve been shut down by UDLD, perfo[...]

  • Page 345

    C HAPTER 21-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 21 Configuring Unidirection al Ethernet This cha pter descr ibes how to configure Unidire ctiona l Ethernet on the Catalyst 4500 ser ies switch and contai ns these s ections : • Overview of Unidire ctiona l Etherne t, page 21-1 • Configuring Unidir ectiona l Ether net, p[...]

  • Page 346

    21-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 21 Configuring Unidirectional Ethernet Configur ing Unidirec tional Ethe rnet T o enable Unidirectio nal Ethernet, perform this task: This exam ple shows how to set Gigabit Etherne t interfac e 1/1 t o unidir ectiona lly send traff ic: Switch# configure terminal Enter con[...]

  • Page 347

    21-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 1 Configuring Un idirectiona l Ethernet Configuring Unidirec tional Ethernet This e xample sho ws how to disable U nidirectional E thernet on Gigabit Ethernet interfac e 1/1: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(conf[...]

  • Page 348

    21-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 21 Configuring Unidirectional Ethernet Configur ing Unidirec tional Ethe rnet[...]

  • Page 349

    C HAPTER 22-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 22 Configuring Layer 3 Interfaces This chapte r describes the Layer 3 interf aces on a Catalyst 4500 serie s switch. It also pro vides guideli nes, proc edures , and configurat ion examples . This chapte r includes the foll owing major sections: • Overview of Layer 3 Inte [...]

  • Page 350

    22-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 22 Configu ring Layer 3 Int erface s Overvi ew of Laye r 3 Interfac es Logical La yer 3 VL AN Interfa ces The logica l Layer 3 VLAN inter faces pr ovide lo gical routin g interf aces to VL ANs on Layer 2 switches. A tradi tional n etwork re quires a physical inter face from a[...]

  • Page 351

    22-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 2 Configuring Layer 3 Interfaces Confi guration Gu ideli nes Configuration Gui delines A Cataly st 4500 series switch supp orts AppleT alk routing and IP X routing. For Appl eT a lk routing and IPX routing informa tion, refe r to “Configurin g AppleT al k” and “Config[...]

  • Page 352

    22-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 22 Configu ring Layer 3 Int erface s Configur ing Physical Lay er 3 Interfac es This exampl e uses the show in terfac es comm and to display the inte rface I P address configurati on and status of Lay er 3 V LAN in terface vlan 2: Switch# show interfaces vlan 2 Vlan2 is up, l[...]

  • Page 353

    22-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 2 Configuring Layer 3 Interfaces Configuring Physical Layer 3 Interfaces T o configur e physical Layer 3 interfaces, perform this task: This exampl e shows ho w to configure an IP addr ess on Fast Ethern et interfac e 2/1: Switch# configure terminal Enter configuration comm[...]

  • Page 354

    22-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 22 Configu ring Layer 3 Int erface s Configur ing Physical Lay er 3 Interfac es[...]

  • Page 355

    C HAPTER 23-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 23 Configuring Cisco Expre ss Forwarding This chapter d escribes Cisco Expr ess Forwarding (CEF) on the Ca talyst 4500 series switch. It a lso provides g uide lines, p rocedur es, and example s to co nfigure t his fea ture. This chapte r includes the foll owing major section[...]

  • Page 356

    23-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 23 Configuring Cisc o Express For warding Overvi ew of CEF CEF provides the fol lowing benefits: • Improves perform ance over the cach ing scheme s of multila yer switche s, which of ten flush t he entir e cache when inf ormation ch anges in the ro uting ta bles. • Pr[...]

  • Page 357

    23-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 3 Configuring Cisco Expre ss Forwa rding Catalyst 4500 Series Switch Implementation of CEF Adjacency Types That Require Special Handling In ad dition to adjacen cies for ne xt-hop interf aces (ho st-rou te adjace ncies) , other types of adjacen cies ar e used to expedi te s[...]

  • Page 358

    23-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 23 Configuring Cisc o Express For warding Cataly st 4500 Series Switch Im plementat ion of CEF Figur e 23-1 L ogical L2/L3 Switc h Compon ents The In tegrated Switch ing Engine performs int er-VLAN routin g on logical La yer 3 interface s with the ASIC hard ware . The ASI[...]

  • Page 359

    23-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 3 Configuring Cisco Expre ss Forwa rding Catalyst 4500 Series Switch Implementation of CEF Figur e 23 -2 Har dwar e and Sof twar e Switc hing Com ponents The In tegrated Switchi ng Engine perf orms inter-VLA N routing in har dware. The CPU subsystem software supp orts Layer[...]

  • Page 360

    23-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 23 Configuring Cisc o Express For warding CEF Configura tion Restric tions Load Balancing The Cat alyst 4500 se ries switch supports load balanci ng for rout ing packets in the Integrated Switching Engine har dware. L oad balancing i s alway s enabled. It w orks when mult[...]

  • Page 361

    23-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 3 Configuring Cisco Expre ss Forwa rding Config uring C EF Configuring Load Balancing for CEF CEF load balanci ng is b ased on a combi nation o f sour ce and de stinatio n packet informa tion; it allows you to optimi ze resources b y distrib uting traf fic ov er multiple pa[...]

  • Page 362

    23-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 23 Configuring Cisc o Express For warding Monito ring and Maint aining CEF For more informa tion on load sharing, refer to the Configuri ng Cisco Express F orwar ding module of the Cisco IOS documentation at this URL: http://www .cisco.com /univ ercd/ cc/td/doc/pr oduct/s[...]

  • Page 363

    23-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 3 Configuring Cisco Expre ss Forwa rding Monitoring and Maintaining CEF This exam ple shows how to di splay IP un icast st atistics for Part 3/ 1: Switch# show interface fastethernet 3/1 counters detail Port InBytes InUcastPkts InMcastPkts InBcastPkts Fa3/1 7263539133 59982[...]

  • Page 364

    23-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 23 Configuring Cisc o Express For warding Monito ring and Maint aining CEF[...]

  • Page 365

    C HAPTER 24-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 24 Understanding and Configur ing IP Multicast This chapter descr ibes IP multicast routing on the Catalyst 4500 series switch . It also provides procedu res and e xampl es to configure IP mu lticast rou ting. Note For comp lete syntax and usag e informa tion for th e switch[...]

  • Page 366

    24-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Overvi ew of IP Mu lticast At the othe r end of the IP com municat ion spec trum is an I P broa dcast, where a sou rce hos t send s pack ets to all h osts on a network segment. The destinati on addre ss of an IP broad cast pa[...]

  • Page 367

    24-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Overview of IP Multicast Figur e 24- 1 IP Multicast Rou ting Pr ot ocols Internet Gro up Management Protocol IGMP messages are used b y IP multicast hosts to send their lo cal Layer 3 switch or route r a request to join a sp e[...]

  • Page 368

    24-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Overvi ew of IP Mu lticast IGMP Snooping and CGMP IGMP sn ooping i s used for mu lticast ing in a Layer 2 switch ing environment . W ith IGM P snoop ing, a Layer 3 sw itch or route r examines Layer 3 informa tion in the IGMP [...]

  • Page 369

    24-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Overview of IP Multicast Figur e 24- 2 Logical V iew of L ay er 2 and L ay er 3 F orwa rdin g in Har dw ar e This se ction c ontains the fo llo wing subsections : • CEF , MFIB, and La yer 2 Forwarding, pa ge 24-5 • IP Mult[...]

  • Page 370

    24-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Overvi ew of IP Mu lticast The Cat alyst 4500 ser ies switch pe rforms La yer 3 routing and Layer 2 bri dging at the sam e time. Th ere can be multiple L ayer 2 switchpor ts on any VLA N interfac e. T o determine the set of o[...]

  • Page 371

    24-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Overview of IP Multicast If VLAN 1 con tains 1/ 1 and 1 /2, V LAN 2 contains 2/1 and 2/2, and VL AN 3 co ntain s 3/1 a nd 3/2, the MET chain for this route would contain these switch ports: (1/1,1/2 ,2/1,2/2 ,3/1, and 3/2). If[...]

  • Page 372

    24-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Overvi ew of IP Mu lticast Output i nterf ace lists a re stored in the m ulticast e xpansion table (MET). The MET has room for up to 32,000 output inte rface li sts. The MET resou rces are sh ared b y both L ayer 3 mu lticast[...]

  • Page 373

    24-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Overview of IP Multicast Hardw are r outes o ccur whe n the In te grated Switching Engin e hardwa re fo rward s all re plicas o f a pack et. Softwa re rout es occu r when the C PU su bsyste m softwa re for wards all replic as [...]

  • Page 374

    24-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Overvi ew of IP Mu lticast Figur e 24- 6 Redundant Mu lticast Rout er Configur ation i n a St ub Netw or k In this kind of t opology , onl y Router A, the PIM designat ed router (P IM DR), forwa rds data to the common VL AN.[...]

  • Page 375

    24-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Overview of IP Multicast Multicast Forwarding Informa tion Base The Mult icast Fo rwar ding Informat ion Base (MFIB) subsystem sup ports IP multic ast routin g in the Integrated Sw itching Engine hardware on the C atalyst 45 [...]

  • Page 376

    24-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Con figur ing IP Mult icas t Rou ting Note When PIM-SM routing is in use, the MFIB rou te might include an interface lik e in this ex ample: PimT unnel [1.2.3.4 ]. This is a virtu al interf ace tha t the MFIB subsys tem crea[...]

  • Page 377

    24-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Configuring IP Multicast Routing Default Configur ation in IP MUlticast Routing T ab le 24-1 shows the IP multic ast default conf igurat ion. Note Source-specif ic multica st and IGMP v3 are su pported. For more in format ion[...]

  • Page 378

    24-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Con figur ing IP Mult icas t Rou ting When the swit ch populat es the multica st routing t able, dense-m ode inter faces are always added to the tabl e. Spars e-mode in terf aces a re added to the t able only w hen peri odic[...]

  • Page 379

    24-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Monitoring and Maintaining IP Multicast Routing When an interfac e is treated in dense mode , it is populated in a multicast routin g table’ s outgoing interf ace li st when either of th e foll ow ing is true: • When th e[...]

  • Page 380

    24-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Mon itor ing an d Mai ntain ing IP Mult ica st Rou ting Displaying the Multicast Routing Table The follo win g is sample output from th e show ip mr oute command fo r a router operat ing in den se mode. This command display [...]

  • Page 381

    24-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Monitoring and Maintaining IP Multicast Routing (*, 224.2.127.253), 00:58:18/00:02:00, RP 171.69.10.13, flags: SJC (*, 224.1.127.255), 00:58:21/00:02:03, RP 171.69.10.13, flags: SJC (*, 224.2.127.254), 2d16h/00:00:00, RP 171.[...]

  • Page 382

    24-18 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Mon itor ing an d Mai ntain ing IP Mult ica st Rou ting Group: 224.2.201.241, Source count: 36, Group pkt count: 54152 RP-tree: 7/0/108/0 Source: 13.242.36.83/32, 99/0/123/0 Source: 36.29.1.3/32, 71/0/110/0 Source: 128.9.160[...]

  • Page 383

    24-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Monitoring and Maintaining IP Multicast Routing The follo wing is sample output from the show ip mf ib comm and. IP Multicast Forwarding Information Base Entry Flags: C - Directly Connected, S - Signal, IC - Internal Copy Int[...]

  • Page 384

    24-20 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Mon itor ing an d Mai ntain ing IP Mult ica st Rou ting Displaying PIM Statistics The follo wing is sample output from the show ip pim interfa ce command : Switch# show ip pim interface Address Interface Mode Neighbor Query [...]

  • Page 385

    24-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 4 Understanding an d Configuri ng IP Multica st Config urati on Examp les Configuration E xamples The follo wing sectio ns provide IP multic ast routing conf iguration e xamples: • PIM Dense Mod e Exampl e, page 24-21 • PIM Spar se Mode Examp le, page 24-21 • BSR Con[...]

  • Page 386

    24-22 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 24 Understanding and Configuring IP Mu lticast Configur ation Examp les[...]

  • Page 387

    C HAPTER 25-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 25 Configuring Policy-Based Routing This c hapter d escribes the tasks f or configuri ng policy-base d routin g (PBR) on a r outer an d includ es these major sections: • Overview of Policy-Based Routing, page 25-1 • Policy-Based Ro uting Con figuration T ask L ist, page [...]

  • Page 388

    25-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 25 Configuring Policy-Based Routing Overview of Policy-B ased Routing PBR allo ws you to perform the follo wing task s: • Classify t raff ic b ased on e xtended access list c riteria. Ac cess lists, th en establish the match criteria. • Rout e pack ets to specif ic tr[...]

  • Page 389

    25-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 5 Configuring Policy-B ased Routing Policy- Based Routi ng Confi guratio n Task List Policy-Based Routing Configuration Task List T o config ure PBR, perform the tasks described in the follo wing sections. The task in the f irst section is requ ired; the tas ks in the remai[...]

  • Page 390

    25-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 25 Configuring Policy-Based Routing Policy- Based Routin g Configurati on Task List The set comman ds can be used i n conjun ctio n with eac h othe r . These command s are e valu ated i n the order sh own in Step 3 in the previous task ta ble. A usable next hop impl ies a[...]

  • Page 391

    25-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 5 Configuring Policy-B ased Routing Policy-Based Routing Configuration Examples Enabling L ocal PBR Pa ckets th at are generat ed by the router are not normally p olicy -rout ed. T o enable local PBR fo r such packets, i ndicat e which route m ap the router should u se by p[...]

  • Page 392

    25-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 25 Configuring Policy-Based Routing Policy-Ba sed Routing Conf iguration Ex amples ! route-map equal-access permit 10 match ip address 1 set ip default next-hop 6.6.6.6 route-map equal-access permit 20 match ip address 2 set ip default next-hop 7.7.7.7 route-map equal-acc[...]

  • Page 393

    C HAPTER 26-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 26 Configuring VRF-lite V irt ual Priv a te Networks (V PNs) provide a secu re way for custome rs to share bandw idth over an ISP backbon e network . A VPN is a collect ion of site s sharing a co mmon rout ing table. A cust omer site is connect ed to th e serv ice pro vider [...]

  • Page 394

    26-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 26 Configuring VR F-lite Unders tanding VRF-lite Understandin g VRF-lite VRF-lite is a feature that enabl es a service provid er to supp ort two or more VPNs, where IP addresses can be overlapped among the VP Ns. VRF- lite u ses inpu t int erfaces t o dist inguish r outes[...]

  • Page 395

    26-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 26 Configur ing VRF-lite Default VRF-lite Configuration This is the packet-fo rwarding proce ss in a VRF-lite CE-enabled netwo rk as sho wn in Figu re 26-1 : • When the CE re ceives a packet from a VPN, it looks up th e routin g table based on the input inter face. When a r[...]

  • Page 396

    26-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 26 Configuring VR F-lite VRF-lite Config uration Gui delines VRF-lite Configuration Guidelines Consider these points when configuring VRF in yo ur net work: • A switch with VRF-lite is shared b y multiple customers, and all customers hav e their o wn routing tables. •[...]

  • Page 397

    26-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 26 Configur ing VRF-lite Configuring VRFs Configuring VRFs T o configur e one or more VRFs, perform this task: Note For complete syntax and usage infor mation for the com mands, refer to the switc h command refer ence for thi s release an d the Cisco IOS Swi tching Servic es [...]

  • Page 398

    26-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 26 Configuring VR F-lite Configuring BGP PE t o CE Routing Session s T o configure OSPF in the VPN, perform this task: Use t he no router ospf pr ocess-id vrf vrf-name global con f igura tion com mand to disassocia te the V PN forwarding table from the OSPF routing p roce[...]

  • Page 399

    26-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 26 Configur ing VRF-lite VRF-li te Confi guratio n Exam ple Use the no router bgp autonomo us-syste m-number global configurat ion co mmand t o dele te the BGP routing pro cess. Use the command wi th ke ywords to dele te routi ng charac teristics. VRF-lite Configuration Examp[...]

  • Page 400

    26-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 26 Configuring VR F-lite VRF-lite Config uration Exam ple Configuring Switch S8 On swit ch S8, enable routing and c onfigure VRF . Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip routing Switch(config)# ip vrf v11[...]

  • Page 401

    26-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 26 Configur ing VRF-lite VRF-li te Confi guratio n Exam ple Switch(config)# interface Vlan118 Switch(config-if)# ip vrf forwarding v12 Switch(config-if)# ip address 118.0.0.8 255.255.255.0 Switch(config-if)# exit Switch(config)# interface Vlan208 Switch(config-if)# ip vrf for[...]

  • Page 402

    26-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 26 Configuring VR F-lite VRF-lite Config uration Exam ple Configuring Switch S11 Conf igure S11 to connect to CE: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip routing Switch(config)# interface Gigabit Ethernet[...]

  • Page 403

    26-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 26 Configur ing VRF-lite Displaying VRF-lite Status Router(config)# router bgp 100 Router(config-router)# address-family ipv4 vrf v2 Router(config-router-af)# neighbor 83.0.0.8 remote-as 800 Router(config-router-af)# neighbor 83.0.0.8 activate Router(config-router-af)# netwo[...]

  • Page 404

    26-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 26 Configuring VR F-lite Displaying VRF-lite Status[...]

  • Page 405

    C HAPTER 27-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 27 Configuring Quality of Service This chapte r describes ho w to conf igure quality of service (QoS) b y using automatic QoS (au to-QoS) comman ds or by using standa rd QoS comma nds on a Cata lyst 45 00 series swit ch. It also describe s ho w to specify dif feren t QoS con[...]

  • Page 406

    27-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S • Pa cket Modi fica tion, p age 27-16 • Per Port Per VLAN QoS, page 27-16 • QoS and Sof tware Processe d Packets, page 27-16 Prioritization QoS implementa tion is based on the Dif fServ arch itecture, an emer ging stan[...]

  • Page 407

    27-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Overview of QoS Figur e 27 -1 QoS Classificatio n Lay ers in F ram es and P ack ets All switche s and routers across the Inte rnet rely on the c lass information to p rovide th e same forward ing treatme nt to pack ets with the sam e class [...]

  • Page 408

    27-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S Layer 2 802 .1Q fram e headers have a 2-byte T ag Control Informati on field that carri es the CoS v alue in the three most signif icant bits, which are called the User Priority bits. Othe r frame type s canno t carry Lay er[...]

  • Page 409

    27-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Overview of QoS • Classification is the selec tion of traf f ic to be marked . • Marking , accordin g to RFC 2475, is the process of settin g a Layer 3 DSCP v alue in a pack et; in this publicat ion, the defi nition of marking i s e xte[...]

  • Page 410

    27-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S • Schedul ing servi ces the four egre ss (transm it) queu es base d on th e sharing and sha ping conf iguration of the eg ress (transmit) port. Shari ng and shaping conf igurations ar e describe d in the “Queu eing and S[...]

  • Page 411

    27-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Overview of QoS • Perform t he classificati on based on a configure d IP standard or extend ed ACL, which examines various fields in the IP head er . If no A CL is configured , the packet is assigned t he default DSC P based on the trust [...]

  • Page 412

    27-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S Figur e 27 -3 Cla ssification Flow chart Ye s Ye s Ye s No No No No No No No No No Ye s Ye s Ye s Ye s Ye s Ye s Read interface configuration f or classification. Is there a QoS policy attached to this interface? T rust DSCP[...]

  • Page 413

    27-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Overview of QoS Classification Based on QoS ACLs A pack et can be cl assif ied fo r QoS using multi ple matc h criteria , and the cla ssif icatio n can specif y whethe r the packet s hould match all of the specif ied match cr iteria o r at [...]

  • Page 414

    27-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S Y o u create a c lass map by using the class-map glo bal configur ation c ommand. When you en ter the class-map c omman d, the switch ent ers the class- map configur ation mode . In this mod e, you define the match cr iteri[...]

  • Page 415

    27-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Overview of QoS When configuri ng policing and policers, keep these item s in mind: • For IP pac kets, only the le ngth of the I P paylo ad (the total le ngth field in the IP heade r) is u sed by the polic er for pol icing comp utation .[...]

  • Page 416

    27-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S Figur e 27 -4 P olicing and M ar king Fl ow ch art Star t Use QoS policy on the VLAN Use QoS policy on the por t Done QoS P olicy attached to the por t? Any more QoS ACLs in the policy? P acket match a "permit" AC[...]

  • Page 417

    27-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Overview of QoS Internal DSCP V alues The foll owin g sections describe the internal DSCP v alues: • Int erna l DSCP S ource s, pa ge 27 -13 • Egress T oS a nd CoS Sour ces, pa ge 27-13 Inte rnal DSCP So urces During processin g, QoS r[...]

  • Page 418

    27-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S Mapping T ables During Qo S processing, the switch re presents t he priority of all traff ic (inclu ding non- IP traff ic) with an internal DSCP v alue: • During classif icatio n, QoS uses confi gurable ma pping tables to[...]

  • Page 419

    27-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Overview of QoS Sharing Link Bandwidth Among Transmit Queues The fo ur transmi t queues f or a tran smit port share th e av ailable link ba ndwidth of that tr ansmit por t. Y ou can set the link bandwidth to be shared dif feren tly among t[...]

  • Page 420

    27-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Overvi ew of Qo S Packet Modification A packet is cla ssif ied, policed, a nd queued to provid e QoS. Packet modificati ons can occu r during this process: • For IP packe ts, classi fic ation in volv es assi gning a DSCP to the pa cket. Ho[...]

  • Page 421

    27-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Configuring Auto-QoS The inte rnal IP DSCP is used t o determi ne the tr ansmit queu e to wh ich the p acket is enqueue d on the transmi ssion interf ace. See “Conf igur ing T ransmit Queu es” on pa ge 48 f or deta ils on ho w to conf [...]

  • Page 422

    27-18 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g Aut o-Q oS interf ace is set t o trust the cos label recei ved in the p acket, if the inter face is conf igured as Layer 2. (The classif ication is set to trust DSCP if the interface is conf igured as Layer 3.) When a Cisco IP[...]

  • Page 423

    27-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Configuring Auto-QoS • T o take adv antage of the au to-QoS d efaul ts, do no t conf igur e any standard -QoS comm ands b efore enter ing the au to-QoS comm ands. If necessar y , you can f ine-tun e the QoS co nfiguration, but we recomm [...]

  • Page 424

    27-20 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g Aut o-Q oS This e xample sho ws ho w to e nable auto -QoS and to trust the co s/dscp labels in in coming p ackets wh en the swi tch or r outer connecte d to G igabit E thernet interfac e 1/1 i s a tr usted device: Switch(confi[...]

  • Page 425

    27-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Configuring Auto-QoS Auto-QoS Confi guration Ex ample This se ction de scribes how you coul d impleme nt auto -QoS in a networ k, as sh o wn in Figure 27 -5 . Figur e 27 -5 A uto-Qo S Configur ation Exa mple Netw or k The intell igent wiri[...]

  • Page 426

    27-22 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g Aut o-Q oS T o config ure the switch at the edge of the Qo S domain to prioriti ze the V oIP traf fic ov er all other tr af fic , perform this task: Command Purpose Step 1 Switch# debu g auto qos E nables de bugging for auto-Q[...]

  • Page 427

    27-23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Configuring QoS Before configur ing QoS, you must have a thorough unde rstandi ng of these item s: • The type s of applicat ions used and the traff ic patte rns on your network . • T raff ic c haracte rist ics and nee[...]

  • Page 428

    27-24 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS CoS t o DSCP map (DSCP set from C oS va lues) CoS 0 = DSCP 0 CoS 1 = DSCP 8 CoS 2 = D SCP 16 CoS 3 = D SCP 24 CoS 4 = D SCP 32 CoS 5 = D SCP 40 CoS 6 = D SCP 48 CoS 7 = D SCP 56 DSCP to CoS map (CoS set from D SCP v alues)[...]

  • Page 429

    27-25 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Configuratio n Guidelines Before beginni ng the QoS configura tion, you shoul d be aware of this infor mation: • If you have EtherChann el por ts configured on your switch , you mu st configure Q oS cla ssification and [...]

  • Page 430

    27-26 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Configuring a Trusted Bou ndary to Ens ure Port Secu rity In a t ypical network, you conn ect a C isco IP phone t o a swi tch po rt as di scussed i n Cha pter 28, “Configuri ng V o ice Interfac es.” Traf fic sent fr om[...]

  • Page 431

    27-27 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Enabling Dynamic Buffer Limiting T o enable DBL globall y on the switch, perform thi s task: This exam ple sh o ws how to enable DBL g lobally : Switch(config)# qos dbl Global DBL enabled Switch(config)# end Switch# This [...]

  • Page 432

    27-28 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS In effect, if you apply a single a ggregate pol icer t o port s and V LANs in different dir ections, then yo u ha ve creat ed the equi v alent of fou r aggreg ate policers; one for all ports sharing the policer in input di[...]

  • Page 433

    27-29 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS This e xample sho ws how to create a named aggre gate policer with a 10 Mbps rate limit and a 1-MB b urst size that transmits conf orming traf f ic and marks do wn out-of-pro file traf fic. Switch# config terminal Switch([...]

  • Page 434

    27-30 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS • policy-map —Enter the policy-map command to de fin e the follo wing for each clas s of traf f ic: – Intern al DSC P source – Aggregate or individual pol icing and marking • servi ce-policy —En ter the servi c[...]

  • Page 435

    27-31 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Note Any Inpu t or O utput po licy that uses a cla ss map with t he match ip pr ecedence or match ip dscp class- map com mands, re quires that th e port on wh ich the pac ke t is recei ved, be conf igured to trust dscp . [...]

  • Page 436

    27-32 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Creating a Policy Map T o create a policy map, perfor m this task: Configur ing Poli cy-Map Class Act ions These sections descri be policy-m ap class action configura tion: • Conf iguring the Policy- Map Class T ru st St[...]

  • Page 437

    27-33 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS When configur ing the policy-m ap class D BL state, no te the following: • Any class tha t uses a name d aggr egate policer must have the same DBL configurat ion to wor k. Configuring Policy-Map Class Policing These sec[...]

  • Page 438

    27-34 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS • The v alid range of v alues for the burst paramete r is as fol lo ws: – Mini mum—1 kil oby te – Maximu m—512 megabytes • Bursts can be entered in b ytes, or you can use the foll ow ing abbre viation: – k to[...]

  • Page 439

    27-35 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS This exampl e shows ho w to verify the configurat ion: Switch# show policy-map ipp5-policy show policy ipp5-policy Policy Map ipp5-policy class ipp5 set ip precedence 6 dbl police 2000000000 2000000 conform-action transmi[...]

  • Page 440

    27-36 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Configuring User Ba sed Rate Limiting User Based Rate Limiting (UBRL) adopts microflow policing capability to dynamically learn traf fic flo ws and rate limit each uniqu e flow to an individ ual rate. UBRL is av ailab le o[...]

  • Page 441

    27-37 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Switch# show class-map c1 Class Map match-all c1 (id 2) Match flow ip source-address Example 2 Th is example shows how to create a fl ow-based class ma p associ ated with a des tinati on addres s: Switch(config)# class-ma[...]

  • Page 442

    27-38 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Example 4 Assume the re are tw o acti ve flo ws on th e Fa st Ethernet in terface 6/1 with destination addresses of 192.1 68.20.20 and 192.16 8.20.21. The fol low ing exam ple shows how to maintai n each flow to 1 Mb ps wi[...]

  • Page 443

    27-39 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Switch(config)# policy-map p1 Switch(config-pmap)# class c1 Switch(config-pmap-c)# police 1000000 9000 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface fastEthernet 6/1 Switch(config-if)# se[...]

  • Page 444

    27-40 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Y ou can conf igure hierar chical police rs with th e service -policy policy-map config comma nd. A policy map is ter med flow ba sed if the class map it uses matches an y of the flo w-based match cri teria (suc h as match[...]

  • Page 445

    27-41 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS The fo llowing exampl e shows how to verify the configur ation: Switch# show policy-map flow-policy Policy Map flow-policy Class flow-class police 2000000 bps 10000 byte conform-action transmit exceed-action drop Switch# [...]

  • Page 446

    27-42 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Example 1 Figure 27-6 di splays a sample topology for configuring PV QoS. The t runk port gi3/1 i s comprised of multiple VLANs (101 and 102 ). W ithin a por t, you can c reate your own service policy pe r VLAN. Thi s poli[...]

  • Page 447

    27-43 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Police 100m 16k conform transmit exceed drop Interface Gigabit 3/1 Switchport Switchport trunk encapsulation dot1q Switchport trunk allowed vlan 101-102 Vlan range 101 Service-policy input P31_QoS Service-policy output P3[...]

  • Page 448

    27-44 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Class-map: class-default (match-any) 0 packets Match: any 0 packets police: Per-interface Conform: 0 bytes Exceed: 0 bytes GigabitEthernet6/1 vlan 300 Service-policy output: p2 Class-map: class-default (match-any) 0 packet[...]

  • Page 449

    27-45 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS This exam ple sh o ws how to disable QoS on i nterface VLAN 5: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface vlan 5 Switch(config-if)# no qos Switch(conf[...]

  • Page 450

    27-46 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS This exampl e shows ho w to verify the configurat ion: Switch# show qos | begin QoS is vlan-based QoS is vlan-based on the following interfaces: Fa5/42 Switch# Note When a la yer 2 interf ace is conf igu red wi th VLAN- ba[...]

  • Page 451

    27-47 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Configuring the CoS Va lue for an Interface QoS assigns the CoS va lue specif ied with this command to untagged frames fr om ingress interfac es configured as trusted and to al l frames fro m ingress int erfaces configur [...]

  • Page 452

    27-48 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS This example shows how to configure the DSCP 5 as the defau lt on Fast Ethern et interfa ce 5/24: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface fastethern[...]

  • Page 453

    27-49 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS This exam ple shows how to map D SCP val ues to transit que ue 2. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# qos map dscp 50 to tx-queue 2 Switch(config)# end S[...]

  • Page 454

    27-50 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS This example shows how to configure the bandw idth of 1 Mbps on tra nsmit queue 2 . Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet 1/1 Swit[...]

  • Page 455

    27-51 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS This exampl e shows ho w to configure tran smit queue 3 to high prio rity . Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet 1/1 Switch(conf[...]

  • Page 456

    27-52 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS This exa mple shows ho w to modify and display the CoS-to-DSCP map: Switch# configure terminal Switch(config)# qos map cos 0 to dscp 20 Switch(config)# end Switch# show qos maps cos dscp CoS-DSCP Mapping Table: CoS: 0 1 2 [...]

  • Page 457

    27-53 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 7 Configuring Qu ality of Service Conf iguring Q oS Note In the abov e polic ed-DSCP map, the marked -do wn DSCP v alues ar e sho wn in the bo dy of the matrix . The d1 co lumn specif ies the most-signif icant digit of the or iginal DSCP; th e d2 ro w specifies the least-s[...]

  • Page 458

    27-54 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 27 Configuring Quality of Service Conf igu rin g QoS Dscp-cos map: d1 : d2 0 1 2 3 4 5 6 7 8 9 --------------------------------------- 0 : 00 00 00 00 00 00 00 00 00 01 1 : 01 01 01 01 01 01 00 02 02 02 2 : 02 02 02 02 00 03 03 03 03 03 3 : 03 03 00 04 04 04 04 04 04 04 4 : [...]

  • Page 459

    C HAPTER 28-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 28 Configuring Voic e Interfaces This chapte r describes ho w to config ure voice interface s for the Catalyst 4500 series switches. This chapte r includes the foll owing major sections: • Overview of V oice In terfaces, page 28-1 • Configuring a Port to Connect to a Cis[...]

  • Page 460

    28-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 28 Config uring V oice Int erface s Configuring a Port to Connect to a Cisco 7960 IP Phone Figur e 28 -1 Cisco 79 60 IP Phone Connect ed t o a Catal yst 4500 Ser ies Switc h Configuring a Port to Connect to a Cisco 7960 IP Phone Because a Cisco 7960 IP phone also support s c[...]

  • Page 461

    28-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 8 Configuring Voice Inte rfaces Configuring Voice Ports for Voice and Data Traffic T o co nfigure a port to rec eiv e voice and data tra f fic from a Cisco IP Phon e on different VLANs, perform this task: In the follo wing e xam ple, VLAN 1 carri es data traff ic, and VLAN [...]

  • Page 462

    28-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapt er 28 Config uring V oice Int erface s Overridin g the CoS Priority of Incoming Fr ames Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Switch# Overriding the Co S Priority of Incomi ng Frames A PC or another da ta device can conne ct[...]

  • Page 463

    C HAPTER 29-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 29 Understanding and Configuring 802.1X Port-Based Authentication This cha pter describ es ho w to con f igure IEEE 802.1 X port-based au thentic ation to prevent unauthori zed client devices from gaini ng acces s to the net work. This chapte r includes the foll owing major [...]

  • Page 464

    29-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication Unders tanding 802.1X Port-Based A uthenticatio n • Authentic ation Initiat ion and Message Ex change, page 29-3 • Ports in Aut horized an d Unauthor ized Stat es, page 29- 4 • Using 802 .1X with V[...]

  • Page 465

    29-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication Understandi ng 802.1X Port- Based Authent ication support EAP within the nati ve frame format. When the switch recei ve s frames from the auth entica tion s erver , the fra me head er is re moved from the [...]

  • Page 466

    29-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication Unders tanding 802.1X Port-Based A uthenticatio n Figu re 29-2 Messa ge Exchange Ports in Au thorized and Un authorized State s The switc h port state de termine s whether or not the client is gr anted a[...]

  • Page 467

    29-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication Understandi ng 802.1X Port- Based Authent ication • auto —Enabl es 802.1X a uthenti cation an d cause s the port to beg in in the un author ized stat e, allowing only EAPOL frame s to be sent and recei[...]

  • Page 468

    29-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication Unders tanding 802.1X Port-Based A uthenticatio n • If a gue st VLAN is configured to hand le non-re sponsiv e host s, the typ e of VLAN configured a s the guest VL AN mu st match t he por t type (that[...]

  • Page 469

    29-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication Understandi ng 802.1X Port- Based Authent ication Usage Guidelines for Using 802.1X Authentica tion with Guest VLANs on Windows-XP Hosts The usage guidelines fo r using 802.1X authe ntication wit h guest V[...]

  • Page 470

    29-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication Unders tanding 802.1X Port-Based A uthenticatio n • EAP fail ure messages are not sent to the user . If the user failures au thenticatio n the port is mov ed to an authen tication-fa iled VLAN and a EA[...]

  • Page 471

    29-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication Understandi ng 802.1X Port- Based Authent ication These examples de scribe t he inte raction b etween 802.1X and por t securi ty on the swit ch: • When a cl ient i s authentic ated, and the port security[...]

  • Page 472

    29-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication Unders tanding 802.1X Port-Based A uthenticatio n Note The supplicant on the po rt detects t hat its sessi on has been terminat ed and attem pts to in itiate a ne w session. Un less the a uthenticat ion[...]

  • Page 473

    29-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication Understandi ng 802.1X Port- Based Authent ication article at th e URL: http://www .microsoft.c om/technet/tree view/def ault. asp?url=/tech net/columns/c ableguy/ cg0703.asp , and set th e Supplican tMode[...]

  • Page 474

    29-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication Unders tanding 802.1X Port-Based A uthenticatio n Because R ADIUS uses th e unreliabl e transport protocol UDP , accou nting messag es may be lost due to poor net work con ditions. If the switc h does n[...]

  • Page 475

    29-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X • When 802.1 X is configured on a por t, you cannot connect mu ltiple IP -phones to a Cata lyst 4500 series switch through a hub . • Because v oice VLANs cannot be configured a[...]

  • Page 476

    29-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication How to Co nfigu re 80 2.1X • Configuring RADIU S-Provided Sessio n T i meouts, pa ge 29-19 ( optional ) • Configuring 802.1X w ith Gu est VL ANs, pa ge 29 -20 (opti onal) • Configuring 80 2.1X w i[...]

  • Page 477

    29-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X 802.1X Co nfigur ation Guidelines This secti on describe s the guidel ines for configuri ng 802.1X au thentica tion: • The 802 .1X protocol is suppo rted on both L ayer 2 static-[...]

  • Page 478

    29-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication How to Co nfigu re 80 2.1X Enabling 802.1X Authentication T o e nable 802. 1X port-ba sed auth enticat ion, you first mu st enable 802 .1X gl obally o n your swit ch, then enable AAA and specify the au [...]

  • Page 479

    29-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X T o disa ble A AA, use t he no aaa new-model global configur ation comma nd. T o disa ble 80 2.1X AAA a uthe nticatio n, us e the no aaa authen tication dot1x { default | list-name[...]

  • Page 480

    29-18 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication How to Co nfigu re 80 2.1X T o configur e the RADIUS serv er parameters on the switch, perform this task: T o delete the specif ied RADIUS serv er , use the no radiu s-s erver hos t { hostn ame | ip-add[...]

  • Page 481

    29-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X Refer to the f ollowing Cisco I OS securi ty docum entati on for in format ion on how to configure AA A system acc ounting: • http://www .cisco.com/uni v ercd/cc/t d/doc/product/[...]

  • Page 482

    29-20 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication How to Co nfigu re 80 2.1X This exampl e shows ho w to configure 802. 1X acco unting . The first comma nd configures th e RADIUS server , specifying 181 3 as the UDP port for accou nting: Switch(config)[...]

  • Page 483

    29-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X Note When a port is p ut into a guest VLAN, i t is automatically place d into multihost mode, and an unlimit ed number of ho sts can conn ect throug h the port. Cha nging the mul t[...]

  • Page 484

    29-22 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication How to Co nfigu re 80 2.1X T o e nable t he opti onal g uest VLA N behavior a nd to configure a guest V LAN, p erform this ta sk: T o di sable the optional gu est VLAN feature o n a part icular por t, u[...]

  • Page 485

    29-23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X T o conf igure 802.1X with authe ntication- failed VLAN assig nment, follo w th ese step s: T o disabl e the aut henticat ion- fail ed VLAN feat ure on a pa rticu lar port , use th[...]

  • Page 486

    29-24 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication How to Co nfigu re 80 2.1X Configuring 802.1X with Voice VLAN T o enable 802.1X with v oice VLA N feature, perf orm this task: This exam ple sh o ws how to enable 8 02.1X w ith voice V LAN fe ature on F[...]

  • Page 487

    29-25 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X T o disable periodic re authentica tion, use the no dot1x re-authentic ation inter face configurat ion command. T o return to the def ault nu mber of se conds betwee n reauth entic[...]

  • Page 488

    29-26 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication How to Co nfigu re 80 2.1X T o return to the default quie t-period, use the no dot1x timeout quiet-period configuration command. This example shows how to set the quiet-period on the switch t o 30 se co[...]

  • Page 489

    29-27 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 2 9 Understanding an d Configuri ng 802.1X Port-B ased Authe ntication How to Configure 802.1X Setting the Sw itch-to-Client Frame-Re transmission Number In addi tion t o chang ing the switch- to-cli ent ret ransmiss ion tim es, y ou can change the n umber of tim es that the[...]

  • Page 490

    29-28 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 29 Understandi ng and C onfigur ing 802.1X P ort-Bas ed Authent ication Display ing 802.1 X Statistics and Status T o a llow multip le hosts ( clients) on an 802.1X -authori zed por t that ha s the dot1x p ort-c ontrol interface configurati on comma nd set to auto , perform[...]

  • Page 491

    C HAPTER 30-1 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 30 Configuring Port Security and Trunk Port Secu rity This chapte r describes ho w to config ure port security and trunk port secur ity on the Catalyst 4500 series swit ch. It pro vides guideli nes, pr ocedure s, and con fig urati on exam ples. Note For comp lete syntax and[...]

  • Page 492

    30-2 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapte r 30 Configuri ng Por t Secur ity an d Trunk Port S ecurit y Overview of Port Secur ity • Y o u can allow the port to dy namical ly configure secu re MA C addresse s with the MAC addresses of connect ed de vices. • Y o u can configure a num ber of addr esses and al low th[...]

  • Page 493

    30-3 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapter 3 0 Configuring Port Secur ity and Trunk Por t Security Default Port Secu rity Con figurat ion Y ou can also custo mize the time to recov er from the specif ied err or disab le cause (de fault is 30 0 seconds) by entering the er rdisable r ecov ery inter val interva l comm a[...]

  • Page 494

    30-4 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapte r 30 Configuri ng Por t Secur ity an d Trunk Port S ecurit y Configuring Port Security • A sec ure po rt and static MA C a ddress conf igur ation f or an interf ace a re mutual ly e x clusi ve. • Port securi ty cannot be ena bled on dynam ic access port s. • Port securi[...]

  • Page 495

    30-5 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapter 3 0 Configuring Port Secur ity and Trunk Por t Security Configur ing P ort Securit y • T o return the interf ace to the defa ult condition as nonsecure port , use the no switchport port -security com mand. • T o re turn the inte rface to the defau lt number of secur e MA[...]

  • Page 496

    30-6 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapte r 30 Configuri ng Por t Secur ity an d Trunk Port S ecurit y Configuring Port Security • T o re turn the viola tion mode to the default con dition (shut down mode), use the no switchport port-security violation { re st ri ct | shutdown } command. • T o di sable sticky lea[...]

  • Page 497

    30-7 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapter 3 0 Configuring Port Secur ity and Trunk Por t Security Configur ing P ort Securit y ------------------------------------------------------------------------ Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 0000.0000.0001 SecureSti[...]

  • Page 498

    30-8 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapte r 30 Configuri ng Por t Secur ity an d Trunk Port S ecurit y Configuring Port Security Y ou can co nfigure various port securit y related par ameter s on a per -port pe r -VLA N basis. T o con f igure port securi ty related para meters on a pe r-VLAN per-port basis, perf orm [...]

  • Page 499

    30-9 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapter 3 0 Configuring Port Secur ity and Trunk Por t Security Configur ing P ort Securit y Switch# show port-security interface g1/1 address vlan 2-4 Secure Mac Address Table ------------------------------------------------------------------------ Vlan Mac Address Type Ports Remai[...]

  • Page 500

    30-10 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapte r 30 Configuri ng Por t Secur ity an d Trunk Port S ecurit y Configuring Port Security T o configur e port security agin g, perform this task: T o di sable port secu rity agin g for all secure a ddresses on a port , use the no switchport port -security aging time inte rface [...]

  • Page 501

    30-11 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapter 3 0 Configuring Port Secur ity and Trunk Por t Security Displaying Port Security Settings Displaying Port Security Settings Use th e show port-sec urity command to display por t-security sett ings for an interfa ce or for the switch. T o display traf fic co ntrol informat i[...]

  • Page 502

    30-12 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapte r 30 Configuri ng Por t Secur ity an d Trunk Port S ecurit y Displaying Port Security Settings Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Addr[...]

  • Page 503

    30-13 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapter 3 0 Configuring Port Secur ity and Trunk Por t Security Displaying Port Security Settings This exam ple sh o ws how to display al l secu re MA C a ddresses configured on inte rface g 1/1 with aging inform ation fo r each add ress. Switch# show port-security interface g1/1 a[...]

  • Page 504

    30-14 Software Configuration Guide—Release 12.2(25)EWA OL-6850-03 Chapte r 30 Configuri ng Por t Secur ity an d Trunk Port S ecurit y Displaying Port Security Settings[...]

  • Page 505

    C HAPTER 31-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 31 Configuring DHCP Snooping and IP Sourc e Guard This c hapter desc ribes how to co nfigure Dyna mic Host Configuration Pr otocol ( DHCP) sn ooping and IP Source Gu ard on Catalyst 4 500 series switches. It provides guideli nes, proce dures, an d configuration examples . Th[...]

  • Page 506

    31-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Overview of DHCP Sno oping Note In order to enable DHCP snooping on a VLAN , you must enable DHCP snooping on the switch. Y o u can configure DHCP sno oping for sw itches and VLANs. When you enable DH CP snooping on a switch[...]

  • Page 507

    31-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 1 Configuring DHCP Sno oping and IP So urce Guard Confi guring DHCP Snoopi ng on the S witch is possible because th e lease tim e might ind icate an e x pired ti me.) An e ntry from th e f ile is also ig nored if the inter face referred to in the entry , no longer exi sts o[...]

  • Page 508

    31-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Configuring DHCP Snooping on the Switch If you want to cha nge the default configurat ion values, see th e “Enabling D HCP Snooping” section. Enabling DHC P Snoopin g Note Whe n DHC P snoopin g is en abled global ly , D [...]

  • Page 509

    31-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 1 Configuring DHCP Sno oping and IP So urce Guard Confi guring DHCP Snoopi ng on the S witch This example shows how to enable DHCP snoo ping on VLAN s 10 through 10 0: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip[...]

  • Page 510

    31-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Configuring DHCP Snooping on the Switch Enabling DHC P Snoopin g on Private V LAN DHCP sno oping c an be enabl ed on pr iv ate VLA Ns, wh ich provide isolati on betwee n Layer 2 ports within the same VLAN. If D HCP snoopin g[...]

  • Page 511

    31-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 1 Configuring DHCP Sno oping and IP So urce Guard Confi guring DHCP Snoopi ng on the S witch Configuration Examples fo r the Database Age nt The following example s show how to use the above co mmand s. Example 1: Enabling the Database Agent The fol lowing example shows ho [...]

  • Page 512

    31-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Configuring DHCP Snooping on the Switch DHCP sn oopin g binding s are ke yed on the MA C address and VLAN co mbina tion. Ther efor e, if an entr y in the remote file has an en try for a gi v en MA C address and VLAN set, for[...]

  • Page 513

    31-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 1 Configuring DHCP Sno oping and IP So urce Guard Confi guring DHCP Snoopi ng on the S witch Switch# renew ip dhcp snoop data tftp://10.1.1.1/directory/file Loading directory/file from 10.1.1.1 (via GigabitEthernet1/1): ! [OK - 457 bytes] Database downloaded successfully. S[...]

  • Page 514

    31-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Display ing DHCP Snoopi ng Informatio n This exam ple sh o ws how to ma nually a dd a b inding to the DHCP sno oping d atabase: Switch# show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface -----[...]

  • Page 515

    31-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 1 Configuring DHCP Sno oping and IP So urce Guard Over view o f IP S our ce Gu ard Displaying th e DHCP S nooping Config uration This exam ple shows how to displa y the DHCP snooping configuratio n for a switch. Switch# show ip dhcp snooping Switch DHCP snooping is enabled[...]

  • Page 516

    31-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Configur ing IP Source Gua rd on the Switch Note When IP sour ce guard is enabled in IP and MA C filtering mode, the DHCP snoo ping option 82 must be enab led to ensure that the DHC P protocol works properly . W ithout opti[...]

  • Page 517

    31-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 1 Configuring DHCP Sno oping and IP So urce Guard Displaying IP Source Guard Information Switch(config-if)# switchport trunk native vlan 10 Switch(config-if)# switchport trunk allowed vlan 11-20 Switch(config-if)# no ip dhcp snooping trust Switch(config-if)# ip verify sour[...]

  • Page 518

    31-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Display ing IP Source Bin ding Informat ion • This ex ample sho ws displayed PV A CLs for a port with multiple bindin gs configu red for an IP/MA C fi ltering: Interface Filter-type Filter-mode IP-address Mac-address Vlan[...]

  • Page 519

    31-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 1 Configuring DHCP Sno oping and IP So urce Guard Displaying IP Source Binding Information T able 31 -3 show ip sour ce bindin g Command O utput Field Description MA C Addr ess Clien t hardwar e MA C ad dress IP Address Clien t IP address assigne d from the DHCP serv er Le[...]

  • Page 520

    31-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 31 Configur ing DHCP Snoopi ng and IP Source Gua rd Display ing IP Source Bin ding Informat ion[...]

  • Page 521

    C HAPTER 32-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 32 Understanding and Configuring Dynamic ARP Inspection This chap ter de scribe s ho w to conf igur e Dynamic ARP Inspect ion (D AI) on the Ca talyst 450 0 series switch. This chapte r includes the foll owing major sections: • Overview of Dynamic ARP In spection , page 32-[...]

  • Page 522

    32-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Overvi ew of Dynam ic ARP Insp ection ARP Cach e Poiso ning Y o u can att ack hosts, switches, and route rs connec ted to yo ur Layer 2 network by “ poisoning” their AR P cache s. For example, a malic ious user[...]

  • Page 523

    32-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Overview of Dyna mic ARP Insp ection Interface Trust State, Se curity Coverag e and Netw ork Configuration D AI associates a tru st state with each inte rf ace on th e syst em. P ack ets ar ri ving on tru sted int er[...]

  • Page 524

    32-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Overvi ew of Dynam ic ARP Insp ection Relative P riority of St atic Bindings and DHCP Snooping Entries As men tioned p reviously , DAI populates its dat abase of valid MA C addr ess to IP ad dress binding s through[...]

  • Page 525

    32-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection The rat e limit c onfiguration on a port c hannel is i ndepend ent of t he configurat ion on its physical po rts. The rate l imit is cumul ativ e ac ross all physical port s; tha[...]

  • Page 526

    32-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion For informa tion on how to con f igure d ynamic ARP inspe ction w hen on ly one switch sup ports t he fea ture, s ee the “Configuring AR P A C Ls for Non-DH CP En vironme nts[...]

  • Page 527

    32-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection This exam ple shows how to configure dynami c ARP insp ection on Switc h A in V LAN 100. Y ou would perform a simi lar proc edure o n Switc h B. On Switch A SwitchA# show cdp nei[...]

  • Page 528

    32-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion Gi3/39 Untrusted 15 1 Gi3/40 Untrusted 15 1 Gi3/41 Untrusted 15 1 Gi3/42 Untrusted 15 1 Gi3/43 Untrusted 15 1 Gi3/44 Untrusted 15 1 Gi3/45 Untrusted 15 1 Gi3/46 Untrusted 15 1 [...]

  • Page 529

    32-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection Interface Trust State Rate (pps) Burst Interval --------------- ----------- ---------- -------------- Gi1/1 Untrusted 15 1 Gi1/2 Untrusted 15 1 Gi3/1 Untrusted 15 1 Gi3/2 Untrust[...]

  • Page 530

    32-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion Vlan ACL Logging DHCP Logging ---- ----------- ------------ 100 Deny Deny# SwitchB# show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface ---------[...]

  • Page 531

    32-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection Step 3 Switch(config-arp)# permit ip host sender-ip mac host sender-mac [ log ] Permits ARP packets from the specif ied host (Host 2). • For sender-ip , enter th e IP address [...]

  • Page 532

    32-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion T o remov e th e ARP A CL, us e the no arp access-list global configurat ion comma nd. T o remove the ARP A CL attached to a VLAN, use th e no ip arp inspection f ilter a rp-a[...]

  • Page 533

    32-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection Gi3/4 Untrusted 15 1 Gi3/5 Untrusted 15 1 Gi3/6 Untrusted 15 1 Gi3/7 Untrusted 15 1 Gi3/8 Untrusted 15 1 Gi3/9 Untrusted 15 1 Gi3/10 Untrusted 15 1 Gi3/11 Untrusted 15 1 Gi3/12 [...]

  • Page 534

    32-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion Configuring the Log Buffer When th e switch dr ops a pac ket, i t pl aces an en try in the lo g bu f fer and th en gener ates sys tem messag es on a ra te-controlle d basis. A[...]

  • Page 535

    32-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection T o return to the default l og buf fer settings, use the no ip arp inspection log-b uffer global conf igurati on command. T o return to the def ault VLAN log set tings, use the [...]

  • Page 536

    32-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion Limiting the Rate of Incoming AR P Packets The switc h CPU performs dyn amic ARP insp ection validation checks; the refore, the num ber of incoming ARP packe ts is rate-lim it[...]

  • Page 537

    32-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection T o return to the default rate- limit confi guration, use the no ip arp in spection li mit inter face configurati on comm and. T o disable error recovery for dynami c ARP i nspe[...]

  • Page 538

    32-18 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion Gi3/41 Untrusted 15 1 Gi3/42 Untrusted 15 1 Gi3/43 Untrusted 15 1 Gi3/44 Untrusted 15 1 Gi3/45 Untrusted 15 1 Gi3/46 Trusted None N/A Gi3/47 Untrusted 15 1 Gi3/48 Untrusted 15[...]

  • Page 539

    32-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 2 Understanding an d Configuring D ynamic A RP Inspection Config uring Dyna mic ARP Insp ection T o perfor m specif ic checks on inco ming ARP pa ckets, perfor m this task. T o di sable ch ecking , use the no ip arp inspection validate [ src-mac ] [ dst-mac ] [ ip ] glob a[...]

  • Page 540

    32-20 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapte r 32 Understan ding and Co nfigur ing Dynami c ARP Inspec tion Configur ing Dynam ic ARP Inspect ion Vlan ACL Logging DHCP Logging ---- ----------- ------------ 100 Deny Deny SwitchB# 1w2d: %SW_DAI-4-INVALID_ARP: 9 Invalid ARPs (Req) on Gi3/31, vlan 100.([0002.0002.0002/170.1[...]

  • Page 541

    C HAPTER 33-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 33 Configuring Network Security with ACLs This chapte r describes ho w to use access control lists (A CLs) to configure netw ork security on the Catalyst 4500 series switches. Note For comp lete syntax and usag e informa tion for th e switch commands u sed in this chapter , [...]

  • Page 542

    33-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Unders tanding A CLs ACL Overview An A CL is a collec tion of sequen tial perm it and den y conditio ns that ap plies to pa ckets. When a pack et is recei ved on an interfac e, the switch compare s the fie lds in the packet ag ain[...]

  • Page 543

    33-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Unde rsta ndin g ACL s Y o u can apply onl y one IP access list an d one MA C access list to a Layer 2 int erface. • VLAN A CLs or VLAN maps control the ac cess of all pack ets (bri dged and ro uted) . Y ou can use VLAN m aps to [...]

  • Page 544

    33-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Unders tanding A CLs Figur e 33 -1 Using A CLs to Contr ol T ra ff ic t o a Netw or k Port ACLs Y o u can also appl y A C Ls to Layer 2 interface s on a switch. Por t A C Ls are sup ported on phys ical interfaces a nd EtherCha nne[...]

  • Page 545

    33-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Hardware and Software ACL Support VLAN Maps VLAN maps can con trol the ac cess of all tr af fic in a VLAN. Y ou can app ly VLAN map s on the switch to all pa ckets that are ro uted int o or out of a V LAN or are bridge d within a V[...]

  • Page 546

    33-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs TCAM Progra mming and ACL s Note Packets tha t requi re loggi ng are p rocessed in software . A copy of the packets is sent t o the CPU for loggin g while th e actual packets ar e forwarded in hard ware so that no n-logge d packet[...]

  • Page 547

    33-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Layer 4 Operat ors in ACLs Switch# show platform hardware acl statistics utilization brief Entries/Total(%) Masks/Total(%) ----------------- --------------- Input Acl(PortAndVlan) 2016 / 4096 ( 49) 460 / 512 ( 89) Input Acl(PortOrV[...]

  • Page 548

    33-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Layer 4 Opera tors in ACL s Restrictions for Laye r 4 Operatio ns Y ou can spec ify these op erator types, each of whic h uses one Lay er 4 oper ation in th e hardw are: • gt (gre ater th an) • lt (less than) • neq (not equa[...]

  • Page 549

    33-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Layer 4 Operat ors in ACLs Access li sts 101 and 102 use the following L ayer 4 ope rations: • Access li st 101 Layer 4 o peratio ns: 5 – gt 10 permit a nd g t 10 de ny both use the sa me oper ation becau se they a re id entica[...]

  • Page 550

    33-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Layer 4 Opera tors in ACL s Access lists 104 and 105 are identic al; established is shorthand for rst and ack . Access list 101, belo w , will be processed completely in softwar e: access-list 101 permit tcp any any urg Because f[...]

  • Page 551

    33-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Configuring Unicast MAC Address Filtering Configuring Unicast MAC Address Filtering T o block all unicast traf fic to or from a MA C addres s in a specifie d VLAN, perform this task: This examp le shows ho w to bloc k all unica st[...]

  • Page 552

    33-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Configur ing VLAN Maps Y o u can use the no mac access-list extended name global configuration co mman d to delete the entire A CL. Y ou ca n also delete individual ACEs from nam ed MA C ext ended ACLs. This exam ple sh o ws how [...]

  • Page 553

    33-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Configuring VLAN Maps Note Y ou ca nnot appl y a VLAN m ap to a V LAN on a switch th at has ACLs applied to L ayer 2 interfaces (po rt AC L s ) . VLAN Map C onfiguration Gu idelines Ke ep the follo wing guidelines in mind when con[...]

  • Page 554

    33-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Configur ing VLAN Maps Y o u can use the no vlan access-map name global config urat ion comm and to delete a map . Y ou can use the no vlan access-m ap name number glob al configura tion comm and to del ete a single se quence ent[...]

  • Page 555

    33-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Configuring VLAN Maps Example 2 In t his e xam ple, t he VLA N map i s conf igured to dro p IP p ack ets an d to f orwa rd MA C packe ts b y de fault . By appl ying sta ndard ACL 101 and the exte nded name d access lists igmp-matc[...]

  • Page 556

    33-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Configur ing VLAN Maps Example 4 In this example, the VLAN map i s configured to drop all packets (IP and non -IP). By ap plying acce ss lists tcp-ma tch and good-ho sts, the VL AN map is configur ed to do the f ollowing: • For[...]

  • Page 557

    33-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Configuring VLAN Maps Figur e 33- 3 Wir ing Clo set Configur ation For example, if you do not want HTTP tra ff ic to be switche d from Host X t o Host Y , you co uld apply a VLAN map on Switch A to drop all HTTP traf fic mo ving f[...]

  • Page 558

    33-18 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Configur ing VLAN Maps Denying Access to a Server on Another VLAN Figure 33-4 shows ho w to restrict access to a serv er on an other VLAN. I n this exampl e, s erver 10.1.1. 100 in VLAN 10 has the fo llowing access restri ctions:[...]

  • Page 559

    33-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Displaying VLAN Access Map In formation Displaying VLAN Access Ma p Informa tion T o display in formation ab out VLAN a ccess maps o r VLAN filt ers, pe rform one of these ta sks. This is a sam ple outp ut o f th e show vlan acce [...]

  • Page 560

    33-20 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Using VL AN Ma ps with Router A CLs Guidelines for Using Rout er ACLs and VLAN M aps Use these guideli nes whe n yo u need to us e a ro uter ACL and a VLAN map o n th e same VLAN. Because t he swit ch har dware per forms one l oo[...]

  • Page 561

    33-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Using VLAN Maps with Router ACLs Figur e 33 -5 Applying A CLs o n Switc hed P ack ets ACLs and Routed Packe ts Figure 33-6 sho ws ho w AC Ls ar e appl ied on route d pack ets. F or routed pack ets, t he A CLs are applie d in this [...]

  • Page 562

    33-22 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Configuring PACLs Figur e 33 -6 Applyin g ACLs on Rout ed P ack ets Configuring PACLs This section describes ho w to con figure P A CLs, which ar e used to co ntrol f iltering on Lay er 2 interf aces. P ACLs can filter tra f fic [...]

  • Page 563

    33-23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Configuring PACLs PACL Config ura tion Guidelines Consider the f ollo wing guidelines w hen conf iguring P ACL s: • There can be at most one IP ac cess list and MA C access list ap plied to the same Layer 2 interf ace per direct[...]

  • Page 564

    33-24 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Configuring PACLs The foll ow ing ex ample sho ws ho w to conf igure the Extended Na med IP A CL simple-ip-a cl to permit al l TCP traf fic and implici tly deny all other IP tr af fic: Switch(config)# ip access-list extended simp[...]

  • Page 565

    33-25 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Configuring PACLs This exampl e shows ho w to merge and apply fe atures other than P ACL on the interfac e: Switch# configure t Switch(config)# interface interface Switch(config-if)# access-group mode prefer port This exam ple sho[...]

  • Page 566

    33-26 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Using PA CL with V LAN M aps and Router ACLs This exam ple sh o ws tha t the I P access group simple-ip- acl is configured on the inboun d direct ion of interf ace f a6/1: Switch# show ip interface fast 6/1 FastEthernet6/1 is up,[...]

  • Page 567

    33-27 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 3 Configuring Netw ork Security wit h ACLs Usin g PACL with VL AN M aps an d Ro uter AC Ls Scenar io 1: Host A is connect ed to an inte rface in VLAN 20, which has an SVI conf igured . The interf ace has input P A CL con f igured, and t he SVI ha s input R outer ACL config[...]

  • Page 568

    33-28 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 33 Configuring Network Security with ACLs Using PA CL with V LAN M aps and Router ACLs If the interfa ce acce ss group mode i s prefe r port, t hen on ly the input P A CL is applie d on th e ingr ess traf f ic from Host A. If the mod e is prefer vlan, then only the V ACL[...]

  • Page 569

    C HAPTER 34-1 Software Configuration Guide—Release 12.2(25)SG OL-76590-03 34 Configuring Private VLANs This chapter descr ibes p ri v ate VL ANs (PVLANs ) on C atalys t 4500 se ries s witches . It a lso p rovid es restric tions, proc edures , and configurat ion example s. This chapte r includes the foll owing major sections: • Overview of PVLAN[...]

  • Page 570

    34-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-76590-03 Chapter 34 Configuring Private VLANs Overvi ew of PVLANs Isol ated and c ommunity VLANs a re called s econd ary VLA Ns. Y ou can e x ten d PVLANs acr oss mu ltiple devices by trunking the pr imary , isol ated, and c ommunity VLA Ns to other de vices that sup port PVLANs. In a sw[...]

  • Page 571

    34-3 Software Configuration Guide—Release 12.2(25)SG OL-76590-03 Chapter 3 4 Configuring Private VLA Ns How to Configure PVLANs When a p acket is transmitte d out of a PVLAN h ost or tr unk port , the pack et logica lly bel ongs to the primary VLAN . This relationshi p applies e ve n though the pack et may be transmitted with the secondary VLAN t[...]

  • Page 572

    34-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-76590-03 Chapter 34 Configuring Private VLANs How to Configure PVLAN s • Use only PVLAN comma nds to as sign ports to pri mary , isolated, or commun ity VLANs. Layer 2 int erfaces on prim ary , isol ated, or com munit y VLANs are inactiv e in PVLAN s. Layer 2 trunk interf aces remain i[...]

  • Page 573

    34-5 Software Configuration Guide—Release 12.2(25)SG OL-76590-03 Chapter 3 4 Configuring Private VLA Ns How to Configure PVLANs • Y ou can apply di f feren t quality of service ( QoS) conf igurations to primary , isolat ed, and com munity VLANs. ( See Chapter 27 , “Configur ing Quality of Service.” ) Cisco IOS ACLs applied to the Layer 3 VL[...]

  • Page 574

    34-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-76590-03 Chapter 34 Configuring Private VLANs How to Configure PVLAN s Primary Secondary Type Interfaces ------- --------- ----------------- ------------------------------------------ 202 primary This exampl e shows ho w to configure VLA N 303 as a comm unity VLA N and verify the configu[...]

  • Page 575

    34-7 Software Configuration Guide—Release 12.2(25)SG OL-76590-03 Chapter 3 4 Configuring Private VLA Ns How to Configure PVLANs • Use the re mov e k eyword with a secondary_vlan_list to clear the asso ciat ion betw een secondar y VLANs and a primar y VLAN. • The comman d doe s not t ake effect u ntil you exit VLA N co nfiguration submod e. Th[...]

  • Page 576

    34-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-76590-03 Chapter 34 Configuring Private VLANs How to Configure PVLAN s • Use the re mov e k eyword with a secondary_vlan_list to cl ear th e mappi ng b etween se condary VLANs and the PVLA N promiscuous port. This example shows ho w to configure i nterface FastEthernet 5/ 2 as a PVLAN [...]

  • Page 577

    34-9 Software Configuration Guide—Release 12.2(25)SG OL-76590-03 Chapter 3 4 Configuring Private VLA Ns How to Configure PVLANs This exampl e shows ho w to configure inter face FastEthernet 5/1 as a PVLAN host port and verify t he configurat ion: Switch# configure terminal Switch(config)# interface fastethernet 5/1 Switch(config-if)# switchport m[...]

  • Page 578

    34-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-76590-03 Chapter 34 Configuring Private VLANs How to Configure PVLAN s This example shows how to configure inter face FastEthernet 5/ 1 as a PVLAN trunk port, maps VLAN020 2 to VLA N0440, a nd configure s the PVL AN trun k: Switch# configure terminal Switch(config)# interface fastethern[...]

  • Page 579

    34-11 Software Configuration Guide—Release 12.2(25)SG OL-76590-03 Chapter 3 4 Configuring Private VLA Ns How to Configure PVLANs Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Voice VLAN: none Appliance trust: none Administrative Private Vlan Host Association: 202 (VLAN0202) 440 (VLAN0440) Promiscuous Mapping: none Trunk enc[...]

  • Page 580

    34-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-76590-03 Chapter 34 Configuring Private VLANs How to Configure PVLAN s This example shows how to permit rou ting of secon dary VLAN in gress traffic from priv a te VLAN s 303 through 307, 309, and 440 and verify the configura tion: Switch# configure terminal Switch(config)# interface vl[...]

  • Page 581

    C HAPTER 35-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 35 Port Unicast and Multicast Flood Blocking This ch apter describe s how to configure mu lticas t and u nicast f lood bloc king on the Catal yst 4 500 se ries switch . This chap ter conta ins these to pics: • Overview of Flood Blockin g, page 35-1 • Conf iguri ng Po rt [...]

  • Page 582

    35-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 35 Port Unicast and Multicast Flood Blocking Configur ing Port Blocking Blocking Flooded Tra ffic on an Interface Note Th e int erface ca n be a physic al inte rface ( for examp le, G igabitE therne t 1/1) or an EtherCha nnel group (such as port-ch annel 5) . When you blo[...]

  • Page 583

    35-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 5 Port Unicast and Mu lticast Fl ood Block ing Configuring Port Blocking Resu ming Normal F orwar ding on a P ort T o r esume normal fo rwardin g on a port, p erform t his task: Command Purpose Step 1 Switch# configure terminal E nters glo bal configura tion mode . Step 2 S[...]

  • Page 584

    35-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 35 Port Unicast and Multicast Flood Blocking Configur ing Port Blocking[...]

  • Page 585

    C HAPTER 36-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 36 Configuring Storm Con trol This cha pter describ es ho w to configure port -based tra f fic contro l on the Catalyst 4500 se ries switch. Note For comp lete syntax and usag e informa tion for th e switch commands u sed in this chapter , refer to the Catalyst 4 500 Seri es[...]

  • Page 586

    36-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 36 Config uring S torm Con trol Overview of Storm Cont rol Hardware -based Storm Co ntrol Implementation Broadca st suppr ession uses filtering t hat mea sures broadc ast act ivity in a sub net over a one-s econd interv al and comp ares the m easureme nt with a p redef i[...]

  • Page 587

    36-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 36 Configur ing Storm Control Enablin g Stor m Control Enabling Sto rm Control T o enable storm control, perform th is task: The following example shows how to enab le s torm contro l on i nterfac e. Switch# conf t Enter configuration commands, one per line. End with CNTL/Z. [...]

  • Page 588

    36-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 36 Config uring S torm Con trol Disabling St orm Control Disabling Storm Control T o disable storm control, perform this task: The following example shows how t o dis able storm c ontr ol o n inte rface . Switch# conf t Enter configuration commands, one per line. End wit[...]

  • Page 589

    36-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 36 Configur ing Storm Control Displaying Stor m Control Speed: 1000 Duplex: full Trunk encap. type: 802.1Q Trunk mode: on,off,desirable,nonegotiate Channel: yes Broadcast suppression: percentage(0-100), sw Flowcontrol: rx-(off,on,desired),tx-(off,on,desired) VLAN Membership: [...]

  • Page 590

    36-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 36 Config uring S torm Con trol Mult icas t Sto rm Con trol Note Use the show storm-control comman d to di splay t he configure d threshol ds and status of storm on an interf ace. Switch# show storm-control Interface Filter State Upper Lower Current --------- -----------[...]

  • Page 591

    36-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 36 Configur ing Storm Control Multicast Storm Control The follo wing exa mple shows ho w to enable multic ast suppression on ports that ha ve broadcast suppr ession alre ady en abled: Switch# configuration terminal Enter configuration commands, one per line. End with CNTL/Z. [...]

  • Page 592

    36-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapt er 36 Config uring S torm Con trol Mult icas t Sto rm Con trol[...]

  • Page 593

    C HAPTER 37-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 37 Configuring SPAN and RSPAN Thi s chapte r descr ibes ho w to con fi gure th e Switc hed Por t Anal yzer (S P AN) an d Remot e SP AN (RSP AN) on the Catalyst 4500 series switc hes. SP AN selects netw ork traf f ic for analysis by a network analy zer , such as a SwitchPr ob[...]

  • Page 594

    37-2 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Overview of SPAN and RSPAN For SP AN configura tion, the source inter faces and the destination interf ace must be on the same switc h. SP AN doe s not affect the switchin g of net work traffic on source in terface s; copies o f the pa ckets [...]

  • Page 595

    37-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Overview of SPAN and RSPAN SPAN and RS PAN Conc epts and T erminology This secti on describe s concepts and termi nology associat ed with SP AN and RSP AN co nfi gura tion and includes the follo wing subsections: • SP AN Session, page 37- 3 •[...]

  • Page 596

    37-4 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Overview of SPAN and RSPAN Some fe atures that c an cause a pac ket to be droppe d durin g rece i ve proce ssing have no effect on SP AN; the dest ination port re ceiv es a c opy of the pac ket ev en if the a ctual incoming packet i s dropped[...]

  • Page 597

    37-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Overview of SPAN and RSPAN Destination Port Each local SP AN session o r RSP AN destination session must have a destina tion port (also called a monitori ng port ) tha t receives a copy of traffic from t he source ports a nd VL ANs. A destinati o[...]

  • Page 598

    37-6 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring SPAN • Y ou cannot use f ilter VLANs in the sa me session wi th VLAN sourc es. • Y o u can moni tor only Eth ernet VLAN s. SPAN Traffic Y ou can use local SP AN to monitor al l network traf fic, i ncluding multi cast and bridg[...]

  • Page 599

    37-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring SPAN • Configuration Sce nario, pag e 37-10 • V eri fying a SP AN C onfiguration, page 37 -10 Note En tering SP A N configuration commands does not clear previously configur ed SP AN para meters. Y ou must ente r the no monitor se[...]

  • Page 600

    37-8 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring SPAN Configuring S PAN Sources T o c onfigure th e source for a SP AN session, perform this t ask: This exam ple shows how to con fi gure SP AN se ssion 1 to monitor bidirect ional tra f fic from so urce interfac e Fast Ethernet 5[...]

  • Page 601

    37-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring SPAN Configuring SPAN Destinations T o conf igure the d estination for a SP AN session, perform this task: This e xample sho ws ho w to co nf igure inter face F as t Ethernet 5 /48 as the d estination for SP AN session 1: Switch(confi[...]

  • Page 602

    37-10 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN CPU Port Sniffing Configur ation Scen ario This exam ple sh o ws how to use the c ommands describe d in t his ch apter t o compl etely configure a nd unconfigure a span session. Assume th at you want to m onitor bi directio nal traffi c from[...]

  • Page 603

    37-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN CPU Port Sniffing T o conf igure CPU so urce snif f ing, perfor m this task: This e x ample sho ws h ow to conf igure a CPU source to snif f all pac kets recei v ed b y the CPU: Switch(config)# monitor session 1 source cpu rx This exam ple shows[...]

  • Page 604

    37-12 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Encapsu lation Con figuration Encapsulatio n Configu ration When conf iguring a SP AN destination port , you can explic itly specify the encap sulation t ype used b y the po rt. Packets s ent out th e port are tag ged in ac cord ance wit h t[...]

  • Page 605

    37-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Access List Filter ing This exam ple shows how to configure a desti nation p ort with 802.1q encapsul ation a nd ingress packets using nati v e VLAN 7: Switch(config)# monitor session 1 destination interface fastethernet 5/48 encapsulation dot1q[...]

  • Page 606

    37-14 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Packet Ty pe Filtering • No policing is allo wed on traf f ic ex iting SP AN ports. • Only IP ACLs are supported on SP AN sessions. Configuring Access List Filtering T o configur e access list f iltering, perform this task: Note IP a cce[...]

  • Page 607

    37-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Confi guratio n Example There are two categories of packet filtering: packet-base d (good, e rror) or address-ba sed (unicast/mu lticast/broadca st). Pac ket-based f ilters can only be applied in the ingress direction. P acke ts are classif ied [...]

  • Page 608

    37-16 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN Configuring RSPAN This se ction desc ribes ho w to c onfigure RSP AN on you r switch a nd it c ontains t his configurat ion inform ation: • RSP AN C onfiguration Guideli nes, pa ge 37-1 6 • Creatin g an RSP A N Session,[...]

  • Page 609

    37-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN Creating an R SPAN Sessio n First crea te an RSP AN VLAN that does not e xist for the RSP AN session in any of the switc hes that will participa te in RSP AN. W ith VTP enab led in the netwo rk, you can create the RSP AN VLAN i[...]

  • Page 610

    37-18 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN This example shows how to clear any existing RSP AN co nfiguration fo r session 1, co nfigure RSP AN session 1 to monitor mult iple source interfaces, and conf igure t he destinatio n RSP AN VLAN. Switch(config)# no monitor[...]

  • Page 611

    37-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN This exampl e shows ho w to configure VLA N 901 as the sourc e remote VLA N and port 5 as the destinatio n interface: Switch(config)# monitor session 1 source remote vlan 901 Switch(config)# monitor session 1 destination interf[...]

  • Page 612

    37-20 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN This examp le shows how to configure VLAN 901 as the source rem ote VLA N and how to configure t he destinati on port for ing ress traffic on VL AN 5 by us ing a sec urity d e vice that su pports 8 02.1Q encaps ulat ion: Sw[...]

  • Page 613

    37-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN Removin g Ports from an RS PAN Session T o remove a port as an RSP AN source for a session, perf orm this task: This exam ple shows how to re move port 1 as an RSP AN sour ce for RSP AN sessio n 1: Switch(config)# no monitor se[...]

  • Page 614

    37-22 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN Specifying VLANs to Monitor VLAN monitoring is similar to port monitoring. T o specify VLANs to monitor , perform this task: T o r emove one or more source VL ANs fr om the RSP AN session, us e the no monitor session sessio[...]

  • Page 615

    37-23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Configuring RSPAN This exam ple shows how to cle ar any existing configuration o n RSP A N session 2, configure RSP AN session 2 to moni tor received traff ic on all port s belongin g to VLANs 1 throug h 3, and sen d it to destinat ion r emote V[...]

  • Page 616

    37-24 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Display ing SPAN and RSP AN Status T o monitor all VLANs on the trunk port, use the no monito r session session_number filter vlan gl obal configurati on comm and. This exam ple shows how to cle ar any existing configuration o n RSP A N sess[...]

  • Page 617

    37-25 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Displaying SPAN and RS PAN Sta tus Source VLANs: RX Only: None TX Only: None Both: None Source RSPAN VLAN: None Destination Ports: None Encapsulation: DOT1Q Ingress:Enabled, default VLAN=5 Filter VLANs: None Dest RSPAN VLAN: None Ingress : Enabl[...]

  • Page 618

    37-26 Software Conf igurati on Guide—Rele ase 12.2(25)S G OL-7659-03 Chapter 37 Configuring SPAN and RSPAN Display ing SPAN and RSP AN Status[...]

  • Page 619

    C HAPTER 38-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 38 Configuring NetFlow This c hapter desc ribes how to configure N etFlow Statistics on the Catalyst 4500 series swi tches. It also pro vides gu ideline s, pro cedure s, and con fig uration exam ples. Note T o use the NetFlo w feat ure, you must hav e the Supe rvisor Engine [...]

  • Page 620

    38-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w Overvie w of NetF low Stat istics Collecti on NetFlo w ex ports flo w information in UDP data grams in one of two formats. The v ersion 1 forma t was the initial r eleased v ersion, and v ersio n 5 is a later enhancement to add Border Gat ew ay Protoc[...]

  • Page 621

    38-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 8 Configuring NetFlow Overview of N etFlow Statistics Col lection Information Derive d from Hard ware Informati on a va ilable in a typical N etFlo w record from ha rdware in cludes the follo wing: • the pack et and by te counts • start and en d timestamp s T able 38-2 [...]

  • Page 622

    38-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w Overvie w of NetF low Stat istics Collecti on • source an d destination IP ad dresses • IP protoco l • source an d destinati on port number s Information Derived from Software Informati on a va ilable in a typical N etFlo w record from softw are[...]

  • Page 623

    38-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 8 Configuring NetFlow Overview of N etFlow Statistics Col lection Assigning the Input Interf ace and Input Related Inferred Fields Similar ly , the input in terface and th e source AS nu mber for the sour ce IP addre ss are determi ned by looking up th e FIB entry in the de[...]

  • Page 624

    38-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w Config uring Ne tFlow St atisti cs Colle ction The follo w ing exa mple shows th e CLI output for a specif ic VLAN: cat4k-sup4-2# sh vlan counters or show vlan id 22 count * Multicast counters include broadcast packets Vlan Id :22 L2 Unicast Packets :[...]

  • Page 625

    38-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 8 Configuring NetFlow Configuring NetFlow S tatistics Col lection M MAC addresses Hw Fw Sw Status --+--------------------------------+---+------------+----------------+--------- 1 0001.6442.2c00 to 0001.6442.2c01 0.4 12.1(14r)EW( 12.1(20030513:00 Ok 2 0001.6442.2c02 to 0001[...]

  • Page 626

    38-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w Config uring Ne tFlow St atisti cs Colle ction Configuring Switched/ Bridged IP Flows Netflow is defined as a co llectio n of routed IP flows crea ted and tra cked for all rout ed IP traffic. In switchin g en vironmen ts, considerab le IP traf fic is [...]

  • Page 627

    38-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 8 Configuring NetFlow Configuring NetFlow S tatistics Col lection Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Fa1 150.1.1.1 Fa1 13.1.1.1 11 003F 003F[...]

  • Page 628

    38-10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w Config uring Ne tFlow St atisti cs Colle ction Configuring a n Aggregation Cache Aggre gation of NetFlo w Statistics is typic ally performed b y NetFlo w collection tools on management workstation s. By extending th is support to the Ca talyst 450 0 [...]

  • Page 629

    38-11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 8 Configuring NetFlow Configuring NetFlow S tatistics Col lection Configuring a NetFlow Mi nimum Prefix Mask for Ro uter-Based Aggr egation The minimum pref ix mask specifie s the shortest subnet mask that will be used for aggrega ting flow s within one of the I P-addr ess[...]

  • Page 630

    38-12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w Config uring Ne tFlow St atisti cs Colle ction Configuring the Minimum M ask of a Source-Prefix Aggr egation Scheme T o c onfigure th e mini mum ma sk of a source -prefix aggregat ion sc heme, pe rform t his t ask: Monitoring and Maintaini ng Minimum[...]

  • Page 631

    38-13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 8 Configuring NetFlow NetFlow Statistics Collectio n Configuration Example NetFlow Statistics Collecti on Configura tion Example The follo wing example sho ws how to modify the conf iguration to ena ble NetFlo w switching. It also shows ho w to export the flow statistics f[...]

  • Page 632

    38-14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w NetFlow Configurat ion Exa mples Gi6/2 30.20.1.10 Gi6/1 30.10.1.10 11 4001 4001 539K Gi6/2 30.20.1.11 Gi6/1 30.10.1.11 11 4001 4001 539K Gi6/2 30.20.1.14 Gi6/1 30.10.1.14 11 4001 4001 539K Gi6/2 30.20.1.15 Gi6/1 30.10.1.15 11 4001 4001 539K Gi6/2 30.[...]

  • Page 633

    38-15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 8 Configuring NetFlow NetFlow Configuration Examples Autonomous System Configuration This exam ple shows how to co nfigure an autonom ous syste m ag gregation ca che w ith an i nactive timeou t of 200 secon ds, a cach e active timeout of 45 minute s, an export des tinati o[...]

  • Page 634

    38-16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 38 Configuri ng NetFlo w NetFlow Configurat ion Exa mples Switch(config-flow-cache)# cache timeout active 45 Switch(config-flow-cache)# export destination 10.42.42.1 9992 Switch(config-flow-cache)# enabled Sample Ne tFlow Minimu m Prefix M ask Route r-Based Ag gregation Sc h[...]

  • Page 635

    C HAPTER 39-17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 39 Diagnostics on the Catalyst 4500 Sw itch Diagnostics te sts and v erif ies the f unctionality of the hardw are components of your system (chassis, supervi sor engi nes, modu les, and A SICs), wh ile your Catalyst 4500 ser ies switch is conne cted to a liv e networ k. Dia[...]

  • Page 636

    39-18 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 39 Diagnostics on the Catalyst 4500 Switch Troubleshooting with Online Diagnostics A faul ty linecard will occur if any of the follo wing conditions occur s. • All ports fail • All ports on a stub chip fa il • Only on e port f ails For all of the abo ve situatio ns, th[...]

  • Page 637

    39-19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 9 Diagnostics on the Ca talyst 45 00 Switch 1) linecard-online-diag --------------------> . The lineca rd passed online diagno stics either 1) wh en it was inser ted into the chassis th e last time or 2) when th e switch w as po wered u p (as repor ted by the " .&q[...]

  • Page 638

    39-20 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 39 Diagnostics on the Catalyst 4500 Switch Sample POST Results For all the super visor engine s, POST perform s CPU, traffic, system, system me mory , and feature te sts. For CPU tests, POST verifies appropr iate activity of the superv isor SEEPROM, temperature sensor , and [...]

  • Page 639

    39-21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 9 Diagnostics on the Ca talyst 45 00 Switch The fo llowing example shows the o utput fo r a WS-X 4516 supe rvisor engine: Switch# show diagnostic result module 2 detail module 2: Overall diagnostic result: PASS Test results: (. = Pass, F = Fail, U = Untested) _____________[...]

  • Page 640

    39-22 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 39 Diagnostics on the Catalyst 4500 Switch Module 2 Passed ___________________________________________________________________________ 2) packet-memory-bootup --------------------> U Error code --------------------------> 0 (DIAG_SUCCESS) Total run count --------------[...]

  • Page 641

    39-23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 9 Diagnostics on the Ca talyst 45 00 Switch Potential false positives: 0 0 Ignored because of rx errors: 0 0 Ignored because of cdm fifo overrun: 0 0 Ignored because of oir: 0 0 Ignored because isl frames received: 0 0 Ignored during boot: 0 0 Ignored after writing hw stat[...]

  • Page 642

    39-24 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 39 Diagnostics on the Catalyst 4500 Switch Last test execution time ------------> Jul 19 2005 13:28:16 First test failure time -------------> n/a Last test failure time --------------> n/a Last test pass time -----------------> Jul 19 2005 13:28:16 Total failure [...]

  • Page 643

    39-25 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 9 Diagnostics on the Ca talyst 45 00 Switch 2) packet-memory-bootup --------------------> U Error code --------------------------> 0 (DIAG_SUCCESS) Total run count ---------------------> 0 Last test execution time ------------> n/a First test failure time -----[...]

  • Page 644

    39-26 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 39 Diagnostics on the Catalyst 4500 Switch Ignored during boot: 0 0 Ignored after writing hw stats: 0 0 Ignored on high gigaport: 0 Ongoing diag action mode: Normal Last 1000 Memory Test Failures: Last 1000 Packet Memory errors: First 1000 Packet Memory errors: _____________[...]

  • Page 645

    39-27 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 9 Diagnostics on the Ca talyst 45 00 Switch Local 10GE Port 62: U Local 10GE Port 63: U Port Traffic: L2 Serdes Loopback ... 0: . 1: . 2: . 3: . 4: . 5: . 6: . 7: . 8: . 9: . 10: . 11: . 12: . 13: . 14: . 15: . 16: . 17: . 18: . 19: . 20: . 21: . 22: . 23: . 24: . 25: . 26[...]

  • Page 646

    39-28 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 39 Diagnostics on the Catalyst 4500 Switch Last test failure time --------------> n/a Last test pass time -----------------> n/a Total failure count -----------------> 0 Consecutive failure count -----------> 0 packet buffers on free list: 64557 bad: 0 used for o[...]

  • Page 647

    39-29 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 3 9 Diagnostics on the Ca talyst 45 00 Switch T o evaluate if the hardware fa ilure is persi stent, yo u can power cycle t he super visor e ngine to rerun the POST tests. Y ou can also rem ove and rei nsert the super visor engine in to the ch assis to ensure that the seating[...]

  • Page 648

    39-30 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 Chapter 39 Diagnostics on the Catalyst 4500 Switch[...]

  • Page 649

    A- 1 Software Configuration Guide — Release 12.2(25 )SG OL-7659-03 APPEND IX A Acronyms and Abbreviations Ta b l e A - 1 de f ines the a cronyms and abbreviations use d in this publica tion. Ta b l e A - 1 A c r o n y m s Acro nym Exp ansi on A CE access c ontrol entry A CL access c ontrol list AFI authority and format identif ier Agpor t agg reg[...]

  • Page 650

    A- 2 Software Configuration Guide — Release 12.2(25)SG OL-7659-03 Appendi x A Acronyms and Abbr eviation s CHAP C halleng e Hand shake Auth enticatio n Protoc ol CIR committe d information rate CIST Common and Internal Spanning Tree CLI command-line interf ace CLNS Connect ion-Less N etwork Serv ice CMNS Conn ection- Mode N etwork Ser vice COPS C[...]

  • Page 651

    A-3 Software Configuration Guide — Release 12.2(2 5)SG OL-7659-03 Append ix A Acronyms and Abbrev iations EAP Exte nsible Aut hentic ation Prot ocol EARL Enhanced A ddress Reco gnition Lo gic EEPR OM electrical ly erasa ble pr ogramm able r ead-only memo ry EHSA enhanced h igh system av ailability EHT Explic it Host T racking EIA Electr onic Indu[...]

  • Page 652

    A- 4 Software Configuration Guide — Release 12.2(25)SG OL-7659-03 Appendi x A Acronyms and Abbr eviation s LD A Local Direct or Acceler ation LCP L ink Control Prot ocol LEC LAN Emu lation Clie nt LECS L AN Emula tion Configurat ion Server LEM link error monitor LER link erro r rate LES LAN Emulation Serv er LLC Lo gical Li nk Cont rol L TL Local[...]

  • Page 653

    A-5 Software Configuration Guide — Release 12.2(2 5)SG OL-7659-03 Append ix A Acronyms and Abbrev iations O AM Operation, Admin istration, and Main tenance ODM o rder de penden t merge OSI Open Sy stem Int erc onnec tion OSPF open sho rtes t pat h fir st P A CL Po rt Access Control List P AE port acces s entity P AgP Port Aggregati on Protoco l P[...]

  • Page 654

    A- 6 Software Configuration Guide — Release 12.2(25)SG OL-7659-03 Appendi x A Acronyms and Abbr eviation s RPF reverse path fo rwarding RPR R oute Proc essor Red undancy RSP AN r emote SP AN RST res et RSVP ReSerV ation Protoc ol SAID Security Associatio n Identif ier SAP ser vice acce ss point SCM se rvic e co nnect ion mana ger SCP Switc h-Modu[...]

  • Page 655

    A-7 Software Configuration Guide — Release 12.2(2 5)SG OL-7659-03 Append ix A Acronyms and Abbrev iations TL V type-le ngth -v alue TTL T im e T o Li v e TVX v alid transmi ssion UDLD UniDir ection al Li nk Dete ction Prot ocol UDP User Datagr am Protocol UNI Us er-Network In terface UTC Coordinat ed Universal T ime V A CL VLAN access con trol li[...]

  • Page 656

    A- 8 Software Configuration Guide — Release 12.2(25)SG OL-7659-03 Appendi x A Acronyms and Abbr eviation s[...]

  • Page 657

    IN-1 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 INDEX Numerics 10/100 autone gotiatio n feat ure, f orced 4-8 10-G iga bit E thern et p ort deploy with Gigabit Ethernet SFP por ts 4-6 802.10 SA ID (de fault) 10-4 802.1 Q trunks 13-6 tunneling compatibilit y with other features 18-5 default s 18-4 describe d 18-2 tunnel p orts w it[...]

  • Page 658

    Index IN-2 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 limitation s 33-4 processing 33-9 types suppo rted 33-2 acronym s, list of A- 1 active queu e mana gement 27-14 adding membe rs to a c ommuni ty 9-10 addresses See MAC a ddresses adja cenc y tabl es descript ion 23-2 displaying sta tistics 23-9 advertisements, VTP See VTP adver[...]

  • Page 659

    Inde x IN-3 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 burst rate 27-50 burst size 27-28 C cand idates automatic d iscovery 9-9 candida te switch, cluster defined 9-14 requir ements 9-14 caution s for password s encr ypting 3-16 TACACS+ 3-15 CDP and truste d boundary 27-26 configuratio n 19-2 displaying config uration 19-3 enab li[...]

  • Page 660

    Index IN-4 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 CLI 9-14 passwords 9-10 comman d-line proce ssing 2-3 comm and mode s 2-5 comm ands listing 2-5 command switch, cluster requir ements 9-13 comm on and inter nal spanni ng tree See CIST comm on spanning tr ee See CST community of switch es access modes in Network Assistant 9-10 [...]

  • Page 661

    Inde x IN-5 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 and supp ort for 802.1X authentic ation 29-15 default setti ngs, erase commad 3-25 deploying 10-Gigabit Ethernet and a Gigabit Ethernet SFP ports 4-6 descri ption comm and 4-10 detectin g unidirecti onal links 20-1 DHCP-b ased autoc onfig urati on client re quest m essage ex c[...]

  • Page 662

    Index IN-6 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 dynamic ARP inspection ARP cache poisoning 32-2 config uring ACLs for non- DHCP environmen ts 32-10 in DHCP environments 32-5 log buffer 32-14 rate li mit for incomin g ARP packets 32-16 denial-o f-service at tacks, p reventing 32-16 interf ace tru st state, secu rity co verage[...]

  • Page 663

    Inde x IN-7 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 port-chan nel interfa ces 16-2 port-ch annel load -balan ce command 16-12 ports, 802.1X authen ticatio n not su pport ed in 29-15 removi ng 16-14 removi ng interfac es 16-13 explicit host tracking enab ling 17-8 extende d range VLANs See VLAN s Extensib le Authen tication Prot[...]

  • Page 664

    Index IN-8 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 See MST IEEE 8 02.1w See MST IEEE 8 02.3ad See LACP IGMP descript ion 24-3 enab ling 24-13 explicit host tracking 17-3, 17-8 immed iate-leav e process ing 17-3 overvi ew 17-1 IGMP f ilteri ng config uring 17-17 default configur ation 17-17 describe d 17-16 monitori ng 17-20 IGM[...]

  • Page 665

    Inde x IN-9 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 ip fl ow-aggreg ation cache destin ation-pr efix comm and 38-11 ip flow-ag gregatio n cache pref ix command 38-11 ip fl ow-aggr egation cache sour ce-pre fix co mmand 38-12 ip fl ow-export comma nd 38-9 ip icmp rate-lim it unreacha ble command 5-12 ip igmp profile co mmand 17-[...]

  • Page 666

    Index IN- 10 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 config uring MTU si zes for 4-12 ports a nd line cards tha t support 4-10 VLAN interfa ces 4-12 K keyboar d shortcuts 2-3 L l2protoc ol-tunne l comman d 18-11 labels definition 27-3 LACP system ID 16-4 Layer 2 acc ess ports 11-8 Layer 2 fra mes classifica tion with CoS 27-2 L[...]

  • Page 667

    Inde x IN- 11 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 building tables 11-2 convert dynami c to sticky secur e 30-2 displaying 5-3 displaying in DHCP snooping bin ding table 31-11 in ACLs 33-11 sticky 30-2 sticky se cure, a dding 30-2 MAC exte nded acces s lists 33-11 macro s See Smar tPort macro s main- cpu comman d 6-8 mappin [...]

  • Page 668

    Index IN- 12 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 multi cast pa cket s blocking 35 -2 multicas t routers displaying ro uting tab les 24-16 flood su ppressio n 17-9 Multica st Storm Contro l overvi ew 36-6 suppression on WS-X4014 36-7 suppression on WS-X4016 36-6 multiple for warding paths 1-3, 15-2 Multipl e Spannin g Tree S[...]

  • Page 669

    Inde x IN- 13 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 support 1-8 non-IP traffi c filteri ng 33-11 non-RPF t raffic descript ion 24-9 in redund ant conf igurations (f igure) 24-10 nonvolat ile random -access m emory See NVRAM normal -range VLA Ns See VLAN s NSF-awar eness sup port 6-2 NVRAM saving settings 3-10 O OIR overvi ew [...]

  • Page 670

    Index IN- 14 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 config uring p ower cons umptio n for sw itch 8-4 power co nsumption fo r powere d devices Intell igent Powe r Mana gement 8-5 overvi ew 8-3 supporte d cabling topology 8-5 powering down a modul e 7-19 power mana gement mod es 8-2 show in terfac e status 8-6 point-t o-point i[...]

  • Page 671

    Inde x IN- 15 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 enab ling 14-8 overvi ew 14-8 port priority configurin g MST instances 15-12 config uring ST P 13-13 ports blocking 35-1 checki ng sta tus 5-2 community 34-1 dynamic VLAN me mbershi p exam ple 10-26 reconfi rming 10-23 forwar ding, re suming 35-3 isolated 34-1 PVLAN types 34[...]

  • Page 672

    Index IN- 16 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 setting mode 34-12 protoc ol timers 13-4 provide r edge devic es 26--2 prun ing, VTP See VTP pruning pseudobrid ges descript ion 15-5 PVACL 31-11 PVID (port VLAN ID) and 802.1X with voice VLAN ports 29-12 PVLANs 802.1q su pport 34-5 config uration gui deline s 34-3 config uri[...]

  • Page 673

    Inde x IN- 17 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 QoS ma ppi ng ta bles CoS-to-DSCP 27-51 DSCP-to-CoS 27-53 policed-DSCP 27-52 types 27-14 QoS mark ing descript ion 27-5 QoS policers burst size 27-28 types of 27-10 QoS policing definition 27-5 describe d 27-5, 27-10 QoS policy attachi ng to in terfaces 27-11 overvi ew of co[...]

  • Page 674

    Index IN- 18 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 config uring 13-9 selecting in MST 15-2 root gu ard and MST 15-2 enab ling 14-2 overvi ew 14-2 route d packet s ACLs 33-21 route- map (IP) command 25-3 route ma ps defining 25-3 PBR 25-2 router ACL s descript ion 33-2 using with VLA N maps 33-20 route t argets VPN 26--3 Rout [...]

  • Page 675

    Inde x IN- 19 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 show clu ster me mber s comma nd 9-14 show confi gurat ion comm and 4-10 show debug ging comman d 19-4 show envi ronment co mmand 7-2 show history command 2-4 show inte rfaces comma nd 4-12, 4-14, 4-16 show in terfac es sta tus com mand 5-2 show ip cach e flow aggre gation d[...]

  • Page 676

    Index IN- 20 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 displaying sta tus 37-24 overvi ew 37-1 ses sio n lim its 37-6 SPAN destination ports 802.1X au thentic ation not s upported 29-15 SPAN en hanc emen ts access list filtering 37-13 config urati on exampl e 37-15 CPU po rt sn iffi ng 37-10 encapsu lation c onfigura tion 37-12 i[...]

  • Page 677

    Inde x IN- 21 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 accessin g the redunda nt 6-14 config uring 3-8 to 3-13 copying files to standb y 6-14 default configur ation 3-1 default gatew ays 3-11 environm ental monitoring 7-1 ROM monitor 3-19 startup co nfigu ration 3-18 static routes 3-11 synchroniz ing conf igurations 6-10 Supervi[...]

  • Page 678

    Index IN- 22 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 See TDR time exce eded mess ages 5-8 timer See login tim er Token R ing media no t suppor ted (not e) 10-4, 10-10 TOS descript ion 27-4 trace co mmand 5-9 tracer oute See IP tracero ute See Laye r 2 Traceroute tracer oute m ac comm and 5-10 tracer oute m ac ip c ommand 5-11 t[...]

  • Page 679

    Inde x IN- 23 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 MST and 15-3 overvi ew 14-10 User Based Rate Limiting config uring 27-36 overvi ew 27-36 user EXE C mode 2-5 user sessions disconn ecting 5-6 monitoring 5- 6 V VACLs Layer 4 por t operati ons 33-7 virtual LANs See VLAN s Virtual Private Network See VPN VLAN ACLs See VLAN map[...]

  • Page 680

    Index IN- 24 Software Configuration Guide—Release 12.2(25)SG OL-7659-03 ente ring IP VMPS ad dress 10-21 reconfirm ation inte rval 10-24 reconfi rm VLA M membe rship 10-23 default configur ation 10-21 dynam ic VLAN membe rship ov ervie w 10-20 troublesh ooting dynamic port VL AN member ship 10-25 VMPS server fall- back VLAN 10-19 illegal VM PS cl[...]