Page 1 Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide Release IOS XE 3.3.0SG and IOS 15.1(1)SG Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: DOC-OL-25340-=1...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...
Page 3: Table Of Contents
Internet Group Management Protocol (IGMP) Snooping IPv6 Multicast Listen Discovery (MLD) and Multicast Listen Discovery snooping Jumbo Frames Link Aggregation Control Protocol Cisco IOS XE IP Application Services Features in Cisco IOS XE 3.1.0SG Link Layer Discovery Protocol Link State Tracking Location Service Multiple Spanning Tree Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 4 GLBP 1-13 Cisco IOS XE IP Application Services Features in Cisco IOS XE 3.1.0SG 1-13 HSRP 1-13 Cisco IOS XE IP Application Services: HSRP Features in Cisco IOS XE 3.1.0SG 1-13 SSO Aware HSRP 1-14 IP Routing Protocols 1-14 1-15...
Page 5 Contents Cisco Call Home 1-21 Cisco Energy Wise 1-21 Cisco IOS IP Service Level Agreements 1-22 Cisco Media Services Proxy 1-22 Cisco Medianet AutoQoS 1-23 Cisco Medianet Flow Metadata 1-23 Cisco IOS Mediatrace and Performance Monitor 1-24 Cisco Network Assistant...
Page 6 1-37 Debugging Features 1-37 Web-based Authentication 1-38 New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG 1-39 Command-Line Interfaces C H A P T E R Accessing the Switch CLI Accessing the CLI Using the EIA/TIA-232 Console Interface...
Page 7 Contents Using Configuration Mode to Configure Your Switch Verifying the Running Configuration Settings Saving the Running Configuration Settings to Your Start-Up File 3-10 Reviewing the Configuration in NVRAM 3-10 Configuring a Default Gateway 3-11 Configuring a Static Route 3-11 Controlling Access to Privileged EXEC Commands 3-13 Setting or Changing a Static enable Password 3-13...
Page 8 Contents System Clock Understanding Network Time Protocol Configuring NTP Default NTP Configuration Configuring NTP Authentication Configuring NTP Associations Configuring NTP Broadcast Service Configuring NTP Access Restrictions Configuring the Source IP Address for NTP Packets 4-10 Displaying the NTP Configuration 4-11 Configuring Time and Date Manually 4-11 Setting the System Clock...
Page 9 Switching to the Standby Supervisor Engine 5-21 Stopping the ISSU Rollback Timer (Optional) 5-23 Loading New Cisco IOS Software on the New Standby Supervisor Engine 5-24 Using changeversion to Automate an ISSU Upgrade 5-26 Aborting a Software Upgrade During ISSU...
Page 10 Switching to the Standby Supervisor Engine 6-21 Stopping the ISSU Rollback Timer (Optional) 6-23 Loading New Cisco IOS XE Software on the New Standby Supervisor Engine 6-24 Using changeversion to Automate an ISSU Upgrade 6-25 Aborting a Software Upgrade During ISSU...
Page 11 Contents Using the Ethernet Management Port Understanding the Ethernet Management Port Fa1 Interface and mgmtVrf SSO Model ISSU Model Supported Features on the Ethernet Management Port Configuring the Ethernet Management Port 7-10 Defining and Using Interface-Range Macros 7-10 Deploying SFP+ in X2 Ports 7-11 Deploying 10-Gigabit Ethernet and Gigabit Ethernet SFP Ports on Supervisor Engine V-10GE 7-12...
Page 12 Contents Online Insertion and Removal on a WS-4500X-32 7-32 Shutting down a Module 7-32 Booting a Module After if it has been Stopped 7-33 Common Scenarios 7-34 Monitoring and Maintaining the Interface 7-34 Monitoring Interface and Controller Status 7-34 Clearing and Resetting the Interface 7-35 Shutting Down and Restarting an Interface 7-35...
Page 13 Contents Enabling ICMP Mask Reply Messages 8-14 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and C H A P T E R Supervisor Engine 6L-E About Supervisor Engine Redundancy Overview RPR Operation SSO Operation About Supervisor Engine Redundancy Synchronization RPR Supervisor Engine Configuration Synchronization SSO Supervisor Engine Configuration Synchronization Supervisor Engine Redundancy Guidelines and Restrictions...
Page 14 11-13 Verifying IS-IS NSF 11-14 Configuring EIGRP NSF 11-16 Verifying EIGRP NSF 11-16 Cisco High Availability Features in Cisco IOS XE 3.1.0SG 11-17 Environmental Monitoring and Power Management 12-1 C H A P T E R About Environmental Monitoring 12-1...
Page 15 Configuring Errdisable Recovery 13-14 Enhanced Power PoE Support on the E-Series Chassis 13-15 Configuring Universal PoE 13-16 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant 14-1 C H A P T E R About Network Assistant 14-2 Community Overview...
Page 16 Contents (Additional) Configuration Required to Use Community 14-5 (Additional) Configuration Required to Use Clustering 14-5 Managing a Network Using Community 14-6 Candidate and Member Requirements 14-7 Automatic Discovery of Candidates and Members 14-7 Community Names 14-8 Hostnames 14-8 Passwords 14-8 Communication Protocols 14-8 Access Modes in Network Assistant...
Page 17 Contents Understanding VTP Pruning 15-11 VTP Configuration Guidelines and Restrictions 15-12 VTP Default Configuration 15-13 Configuring VTP 15-14 Configuring VTP Global Parameters 15-14 Configuring the VTP Mode 15-16 Starting a Takeover 15-19 Displaying VTP Statistics 15-19 Displaying VTP Devices in a Domain 15-20 VLAN Membership Policy Server 15-20...
Page 18 About SmartPort Macros and Static SmartPort 18-1 Configuring SmartPort Macros 18-2 Passing Parameters Through the Macro 18-3 Macro Parameter Help 18-3 Default SmartPort Macro Configuration 18-4 cisco-global 18-4 cisco-desktop 18-4 cisco-phone 18-5 cisco-router 18-5 cisco-switch 18-5 SmartPort Macro Configuration Guidelines...
Page 19 Contents Configuring Cisco IOS Auto Smartport Macros 19-1 C H A P T E R About Auto Smartport Macros 19-1 Device Classifier 19-2 Device Visibility Mode 19-3 Configuring Auto Smartport Macros 19-3 Enabling Auto Smartport Macros 19-3 Auto Smartport Default Configuration...
Page 20 Contents Configuring the Hello Time 20-17 Configuring the Maximum Aging Time for a VLAN 20-18 Configuring the Forward-Delay Time for a VLAN 20-19 Disabling Spanning Tree Protocol 20-20 Enabling Per-VLAN Rapid Spanning Tree 20-20 Specifying the Link Type 20-21 Restarting Protocol Migration 20-21 About MST 20-22...
Page 21 Contents Default Configuration 21-5 Configuration Guidelines 21-6 Configuring Flex Links 21-6 Configuring VLAN Load Balancing on Flex Links 21-8 Configuring MAC Address-Table Move Update 21-10 Default Configuration 21-10 Configuration Guidelines 21-10 Configuring the MAC Address-Table Move Update Feature 21-10 Configuring a Switch to Send MAC Address-Table Move Updates 21-10 Configuring a Switch to Receive MAC Address-Table Move Updates 21-12...
Page 22 Contents About BPDU Guard 23-8 Enabling BPDU Guard 23-8 About PortFast BPDU Filtering 23-9 Enabling PortFast BPDU Filtering 23-9 About UplinkFast 23-11 Enabling UplinkFast 23-12 About BackboneFast 23-13 Enabling BackboneFast 23-15 Configuring EtherChannel and Link State Tracking 24-1 C H A P T E R About EtherChannel 24-2 Port Channel Interfaces...
Page 23 Contents Link-State Tracking Configuration Guidelines 24-21 Configuring Link-State Tracking 24-21 Displaying Link-State Tracking Status 24-22 Configuring IGMP Snooping and Filtering 25-1 C H A P T E R About IGMP Snooping 25-1 Immediate-Leave Processing 25-3 IGMP Configurable-Leave Timer 25-4 IGMP Snooping Querier 25-4 Explicit Host Tracking 25-4...
Page 24 Contents Displaying IGMP Filtering Configuration 25-24 Configuring IPv6 MLD Snooping 26-1 C H A P T E R About MLD Snooping 26-1 MLD Messages 26-2 MLD Queries 26-3 Multicast Client Aging 26-3 Multicast Router Discovery 26-3 MLD Reports 26-4 MLD Done Messages and Immediate-Leave 26-4 Topology Change Notification Processing 26-4...
Page 25 29-11 Configuring Location TLV and Location Service 29-12 Monitoring and Maintaining LLDP, LLDP-MED, and Location Service 29-14 Cisco IOS Carries Ethernet Features in Cisco IOS XE 3.1.0SG 29-15 Configuring UDLD 30-1 C H A P T E R About UDLD...
Page 26 Contents Operation Modes 30-3 Default States for UDLD 30-3 Default UDLD Configuration 30-4 Configuring UDLD on the Switch 30-4 Fast UDLD Guidelines and Restrictions 30-4 Enabling UDLD Globally 30-5 Enabling UDLD on Individual Interfaces 30-6 Disabling UDLD on Individual Interfaces 30-7 Disabling UDLD on a Fiber-Optic Interface 30-7...
Page 27 Adjacency Tables 33-2 Adjacency Discovery 33-2 Adjacency Resolution 33-3 Adjacency Types That Require Special Handling 33-3 Unresolved Adjacency 33-3 Catalyst 4500 Series Switch Implementation of CEF 33-3 Hardware and Software Switching 33-4 Hardware Switching 33-5 Software Switching 33-5 Load Balancing 33-6...
Page 28 Internet Group Management Protocol 35-3 Protocol-Independent Multicast 35-3 Rendezvous Point (RP) 35-4 IGMP Snooping 35-4 IP Multicast Implementation on the Catalyst 4500 Series Switch 35-4 CEF, MFIB, and Layer 2 Forwarding 35-5 IP Multicast Tables 35-7 Hardware and Software Forwarding 35-8...
Page 29 Contents Displaying System and Network Statistics 35-23 Displaying the Multicast Routing Table 35-23 Displaying IP MFIB 35-25 Displaying Bidirectional PIM Information 35-26 Displaying PIM Statistics 35-27 Clearing Tables and Databases 35-27 Configuration Examples 35-28 PIM Dense Mode Example 35-28 PIM Sparse Mode Example 35-28 Bidirectional PIM Mode Example 35-28...
Page 30 Contents Hardware Support for BFD 37-7 How to Configure Bidirectional Forwarding Detection 37-7 Configuring BFD Session Parameters on the Interface 37-8 Configuring BFD Support for Dynamic Routing Protocols 37-8 Configuring BFD Support for BGP 37-8 Configuring BFD Support for EIGRP 37-9 Configuring BFD Support for OSPF 37-10...
Page 31 Contents Configuring VRF-lite 39-1 C H A P T E R About VRF-lite 39-2 Default VRF-lite Configuration 39-3 VRF-lite Configuration Guidelines 39-4 Configuring VRFs 39-5 Configuring VRF-Aware Services 39-5 Configuring the User Interface for ARP 39-6 Configuring the User Interface for PING 39-6 Configuring the User Interface for SNMP 39-7...
Page 32 Contents Strict Priority / Low Latency Queueing 40-9 Traffic Shaping 40-9 Packet Modification 40-9 Per Port Per VLAN QoS 40-10 Flow-based QoS 40-10 Using Metadata in QoS Policy 40-11 Configuring QoS 40-12 MQC-based QoS Configuration 40-13 Platform-supported Classification Criteria and QoS Features 40-13 Platform Hardware Capabilities 40-14...
Page 33 Cisco IP Phone Voice Traffic 41-2 Cisco IP Phone Data Traffic 41-2 Configuring a Port to Connect to a Cisco 7960 IP Phone 41-3 Configuring Voice Ports for Voice and Data Traffic 41-3 Overriding the CoS Priority of Incoming Frames...
Page 34 Configuring Cisco TrustSec MACsec 43-10 Configuring Cisco TrustSec Credentials on the Switch 43-10 Configuring Cisco TrustSec Switch-to-Switch Link Security in 802.1X Mode 43-11 Configuring Cisco TrustSec Switch-to-Switch Link Security in Manual Mode 43-12 Cisco TrustSec Switch-to-Switch Link Security Configuration Example 43-13 Configuring 802.1X Port-Based Authentication...
Page 35 Usage Guidelines for Using Authentication Failed VLAN Assignment 44-18 Using 802.1X with Port Security 44-19 Using 802.1X Authentication with ACL Assignments and Redirect URLs 44-20 Cisco Secure ACS and AV Pairs for URL-Redirect 44-20 ACLs 44-21 Using 802.1X with RADIUS-Provided Session Timeouts 44-21 Using 802.1X with Voice VLAN Ports...
Page 36 ACS Configuration 44-67 Configuring 802.1X with Authentication Failed 44-68 Configuring 802.1X with Voice VLAN 44-70 Configuring 802.1X with VLAN Assignment 44-71 Cisco ACS Configuration for VLAN Assignment 44-72 Enabling Fallback Authentication 44-73 Enabling Periodic Reauthentication 44-78 Enabling Multiple Hosts 44-80...
Page 37 Verifying the Auth Manager Session for an Interface 44-115 Displaying MAB Details 44-117 EPM Logging 44-117 Cisco IOS Security Features in Cisco IOS XE 3.1.0 SG Release 44-118 Configuring the PPPoE Intermediate Agent 45-1 C H A P T E R Related Documents...
Page 38 Contents Configuring the Generic Error Message for PPPoE IA on an Switch 45-3 Enabling PPPoE IA on an Interface 45-4 Configuring the PPPoE IA Trust Setting on an Interface 45-4 Configuring PPPoE IA Rate Limiting Setting on an Interface 45-4 Configuring PPPoE IA Vendor-tag Stripping on an Interface 45-5 Configuring PPPoE IA Circuit-ID and Remote-ID on an Interface...
Page 39 Contents Configuring the Web-Based Authentication Parameters 46-13 Removing Web-Based Authentication Cache Entries 46-14 Displaying Web-Based Authentication Status 46-14 Configuring Port Security 47-1 C H A P T E R Port Security Commands 47-2 About Port Security 47-3 Secure MAC Addresses 47-4 Maximum Number of Secure MAC Addresses 47-4...
Page 40 Contents Examples of Voice Port Security 47-25 Example 1: Configuring Maximum MAC Addresses for Voice and Data VLANs 47-25 Example 2: Configuring Sticky MAC Addresses for Voice and Data VLANs 47-26 Voice Port Security Configuration Guidelines and Restrictions 47-27 Displaying Port Security Settings 47-27 Examples of Security Settings 47-28...
Page 41 Contents Configuring Dynamic ARP Inspection 49-1 C H A P T E R About Dynamic ARP Inspection 49-1 ARP Cache Poisoning 49-2 Purpose of Dynamic ARP Inspection 49-2 Interface Trust State, Security Coverage and Network Configuration 49-3 Relative Priority of Static Bindings and DHCP Snooping Entries 49-4 Logging of Dropped Packets 49-4...
Page 42 Contents Displaying a Binding Table 50-19 Displaying the DHCP Snooping Configuration 50-19 About IP Source Guard 50-19 Configuring IP Source Guard 50-20 Configuring IP Source Guard on Private VLANs 50-22 Displaying IP Source Guard Information 50-22 Displaying IP Source Binding Information 50-23 Configuring IP Source Guard for Static Hosts 50-24...
Page 43 Contents Examples of ACLs and VLAN Maps 51-19 Applying a VLAN Map to a VLAN 51-21 Using VLAN Maps in Your Network 51-22 Denying Access to a Server on Another VLAN 51-23 Displaying VLAN Access Map Information 51-24 Using VLAN Maps with Router ACLs 51-25 Guidelines for Using Router ACLs and VLAN Maps on the Same VLAN 51-25...
Page 44 Contents Static Routes 52-5 First-Hop Redundancy Protocols 52-5 Unicast Routing 52-5 52-5 OSPF 52-6 EIGRP 52-6 IS-IS 52-6 Multiprotocol BGP 52-6 Tunneling 52-7 IPv6 Default States 52-7 Port Unicast and Multicast Flood Blocking 53-1 C H A P T E R About Flood Blocking 53-1 Configuring Port Blocking...
Page 45 Contents Configuring SPAN 55-7 SPAN Configuration Guidelines and Restrictions 55-7 Configuring SPAN Sources 55-8 Configuring SPAN Destinations 55-9 Monitoring Source VLANs on a Trunk Interface 55-9 Configuration Scenario 55-10 Verifying a SPAN Configuration 55-10 CPU Port Sniffing 55-10 Encapsulation Configuration 55-12 Ingress Packets 55-12...
Page 46 Configuring IP SLAs Object Tracking 57-8 Configuring Static Routing Support 57-10 Configuring a Primary Interface 57-10 Configuring a Cisco IP SLAs Monitoring Agent and Track Object 57-11 Configuring a Routing Policy and Default Route 57-11 Monitoring Enhanced Object Tracking 57-12 Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 47 Contents Configuring System Message Logging 58-1 C H A P T E R About System Message Logging 58-1 Configuring System Message Logging 58-2 System Log Message Format 58-2 Default System Message Logging Configuration 58-3 Disabling Message Logging 58-4 Setting the Message Display Destination Device 58-5 Synchronizing Log Messages 58-6...
Page 48 Contents SNMP Versions 60-2 SNMP Manager Functions 60-3 SNMP Agent Functions 60-4 SNMP Community Strings 60-4 Using SNMP to Access MIB Variables 60-4 SNMP Notifications 60-5 Configuring SNMP 60-5 Default SNMP Configuration 60-5 SNMP Configuration Guidelines 60-6 Disabling the SNMP Agent 60-7 Configuring Community Strings 60-7...
Page 49 Contents Configuring Flexible NetFlow 62-1 C H A P T E R Configuring Ethernet OAM and CFM 63-1 C H A P T E R About Ethernet CFM 63-2 Ethernet CFM and OAM Definitions 63-2 CFM Domain 63-2 Maintenance Associations and Maintenance Points 63-4 CFM Messages 63-5...
Page 50 Contents OAM Messages 63-34 Enabling and Configuring Ethernet OAM 63-35 Ethernet OAM Default Configuration 63-35 Ethernet OAM Configuration Guidelines 63-35 Enabling Ethernet OAM on an Interface 63-36 Enabling Ethernet OAM Remote Loopback 63-37 Configuring Ethernet OAM Link Monitoring 63-38 Configuring Ethernet OAM Remote Failure Indications 63-42 Configuring Ethernet OAM Templates 63-45...
Page 51 Configuring Cisco IOS IP SLA Operations 66-1 C H A P T E R Understanding Cisco IOS IP SLAs 66-2 Using Cisco IOS IP SLAs to Measure Network Performance 66-3 IP SLAs Responder and IP SLAs Control Protocol 66-4 Response Time Computation for IP SLAs...
Page 52 Contents Displaying RMON Status 67-6 Performing Diagnostics 68-1 C H A P T E R Configuring Online Diagnostics 68-1 Configuring On-Demand Online Diagnostics 68-2 Scheduling Online Diagnostics 68-2 Performing Diagnostics 68-3 Starting and Stopping Online Diagnostic Tests 68-3 Displaying Online Diagnostic Tests and Test Results 68-4 Displaying Data Path Online Diagnostics Test Results 68-7...
Page 53 69-11 Verifying WCCP Settings Example 69-12 Configuring MIB Support 70-1 C H A P T E R Determining MIB Support for Cisco IOS Releases 70-1 Using Cisco IOS MIB Tools 70-2 Downloading and Compiling MIBs 70-2 Guidelines for Working with MIBs...
Page 54 Contents Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG OL-25340-01...
Page 55 Preface This preface describes who should read this document, how it is organized, and its conventions. The preface also tells you how to obtain Cisco documents, as well as how to obtain technical assistance. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 4500 series switches.
Page 56 Supervisor Engine 7L-E Chapter 11 Configuring Cisco NSF with SSO Describes how to configure supervisor engine Supervisor Engine Redundancy redundancy using Cisco nonstop forwarding (NSF) with stateful switchover (SSO). Chapter 12 Environmental Monitoring and Describes how to configure power management and Power Management environmental monitoring features.
Page 57 Describes how to configure port security and trunk port security. Chapter 48 Configuring Control Plane Describes how to protect your Catalyst 4500 series Policing and Layer 2 Control switch using control plane policing (CoPP). Packet QoS Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 58 Describes various types of diagnostics on the Catalyst 4500 series switch. Chapter 69 Configuring WCCP Version 2 Describes how to configure the Catalyst 4500 series Services switches to redirect traffic to cache engines (web caches) using the Web Cache Communication Protocol (WCCP), and describes how to manage cache engine clusters (cache farms).
Page 59: Acronyms And Abbreviations
Preface Chapter Title Description Chapter 71 ROM Monitor Describes the ROM Monitor. Appendix A Acronyms and Abbreviations Defines acronyms and abbreviations used in this book. Conventions This document uses the following typographical conventions: Convention Description boldface font Commands, command options, and keywords are in boldface. italic font Command arguments for which you supply values are in italics.
Page 60: Related Documentation
Preface Related Documentation Refer to the following documents for additional Catalyst 4500 series information: Catalyst 4500 Series Switch Documentation Home • http://www.cisco.com/en/US/products/hw/switches/ps4324/tsd_products_support_series_home.ht Catalyst 4900 Series Switch Documentation Home • http://www.cisco.com/en/US/products/ps6021/index.html Cisco ME 4900 Series Ethernet Switches Documentation Home • http://www.cisco.com/en/US/products/ps7009/tsd_products_support_series_home.html...
Page 61 Catalyst 4500 Series Software System Message Guide • http://www.cisco.com/en/US/products/hw/switches/ps4324/products_system_message_guides_list .html Cisco IOS Documentation Platform- independent Cisco IOS documentation may also apply to the Catalyst 4500 and 4900 switches. These documents are available at the following URLs: • Cisco IOS configuration guides, Release 12.x http://www.cisco.com/en/US/products/ps6350/products_installation_and_configuration_guides_list.html •...
Page 62 Preface OpenSSL/Open SSL Project This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]). License Issues The OpenSSL toolkit stays under a dual license;...
Page 63 Preface Original SSLeay License: Copyright © 1995-1998 Eric Young ([email protected]). All rights reserved. This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are adhered to.
Page 64: Obtaining Documentation And Submitting A Service Request
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 65: Layer 2 Software Features
New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG, page 1-39 Note For more information about the chassis, modules, and software features supported by the Catalyst 4500 series switch, refer to the Release Notes for the Catalyst 4500 Series Switch at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_release_notes_list.html Layer 2 Software Features...
Page 66: Q Tunneling, Vlan Mapping, And Layer 2 Protocol Tunneling
Cisco IOS Auto SmartPort macros dynamically configure ports based on the device type detected on the port. When the switch detects a new device on a port it applies the appropriate Cisco IOS Auto Smartports macro. When a link-down event occurs on the port, the switch removes the macro. For example, when you connect a Cisco IP phone to a port, Cisco IOS Auto SmartPorts automatically applies the IP phone macro.
Page 67: Chapter 1 Product Overview
Using CDP, a device can advertise its existence to other devices and receive information about other devices on the same LAN. CDP enables Cisco switches and routers to exchange information, such as their MAC addresses, IP addresses, and outgoing interfaces. CDP runs over the data-link layer only, allowing two systems that support different network-layer protocols to learn about each other.
Page 68: Flex Links And Mac Address-Table Move Update
Chapter 1 Product Overview Layer 2 Software Features Flex Links and MAC Address-Table Move Update Flex Links are a pair of Layer 2 interfaces (switch ports or port channels) where one interface is configured to act as a backup to the other. The feature provides an alternative solution to the Spanning Tree Protocol (STP).
Page 69: Ipv6 Multicast Listen Discovery (Mld) And Multicast Listen Discovery Snooping
EtherChannel is added to the spanning tree as a single bridge port. Cisco IOS XE IP Application Services Features in Cisco IOS XE 3.1.0SG This section lists the IP Application Services software features that are supported in Cisco IOS XE 3.1.0SG. Links to the feature documentation are included.
Page 70: Link Layer Discovery Protocol
Feature guides document features that are supported on many different software releases and platforms. Your Cisco software release or platform may not support all the features documented in a feature guide. See the Feature Information table at the end of the feature guide for information about which features in that guide are supported in your software release.
Page 71: Multiple Spanning Tree
Catalyst 4500 series switch supports trusted boundary, which uses the Cisco Discovery Protocol (CDP) to detect the presence of a Cisco IP phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
Page 72: Two-Rate Three-Color Policing
Chapter 40, “Configuring Quality of Service.” Resilient Ethernet Protocol Resilient Ethernet Protocol (REP) is a Cisco proprietary protocol that provides an alternative to Spanning Tree Protocol (STP) to control network loops, handle link failures, and improve convergence time. REP controls a group of ports connected in a segment, ensures that the segment does not create any bridging loops, and responds to link failures within the segment.
Page 73: Stateful Switchover
DHCP data that was already snooped, and the security benefits continue uninterrupted. For information about SSO, see Chapter 11, “Configuring Cisco NSF with SSO Supervisor Engine Redundancy.” SVI Autostate When an SVI has multiple ports on a VLAN, normally the SVI will go down when all the ports in the VLAN go down.
Page 74: Vlans
MAC address of the host attached to that port. Virtual Switch System Client Catalyst 4500 series switches support enhanced PAgP. If a Catalyst 4500 series switch is connected to a Catalyst 6500 series Virtual Switch System (VSS) by using a PAgP EtherChannel, the Catalyst 4500 series switch will automatically serve as a VSS client, using enhanced PAgP on this EtherChannel for dual-active detection.
Page 75: Layer 3 Software Features
Compared to conventional software-based switches, Layer 3 switches process more packets faster by using application-specific integrated circuit (ASIC) hardware instead of microprocessor-based engines. The following sections describe the key Layer 3 switching software features on the Catalyst 4500 series switch: Bidirectional Forwarding Detection, page 1-11 •...
Page 76: Cisco Express Forwarding
The Enhanced Object Tracking (EOT) feature separates the tracking mechanism from HSRP and creates a separate standalone tracking process that can be used by other Cisco IOS processes as well as HSRP. This feature allows tracking of other objects in addition to the interface line-protocol state.
Page 77: Glbp
Feature guides document features that are supported on many different software releases and platforms. Your Cisco software release or platform may not support all the features documented in a feature guide. See the Feature Information table at the end of the feature guide for information about which features in that guide are supported in your software release.
Page 78: Sso Aware Hsrp
Product Overview Layer 3 Software Features that guide are supported in your software release. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Page 79: Eigrp
(called the autonomous system path), and a list of other path attributes. The Catalyst 4500 series switch supports BGP version 4, including classless interdomain routing (CIDR). CIDR lets you reduce the size of your routing tables by creating aggregate routes, resulting in supernets.
Page 80: Is-Is
A single Level 2 area is used as backbone for inter-area traffic. For details on IS-IS, refer to this URL: http://www.cisco.com/en/US/products/ps6632/products_ios_protocol_option_home.html OSPF The Open Shortest Path First (OSPF) protocol is a standards-based IP routing protocol designed to overcome the limitations of RIP.
Page 81: In Service Software Upgrade
SSO requires the same version of Cisco IOS on both the active and standby supervisor engines. Because of version mismatch during an upgrade or downgrade of the Cisco IOS software, a Catalyst 4500 series switch is forced into operating in RPR mode. In this mode, after the switchover you can observe link-flaps and a disruption in service.
Page 82: Nsf With Sso
With NSF/SSO, IP phone calls do not drop. NSF/SSO is supported for OSPF, BGP, EIGRP, IS-IS, and Cisco Express Forwarding (CEF). NSF/SSO is typically deployed in the most critical parts of an enterprise or service provider network, such as Layer 3 aggregation/core or a resilient Layer 3 wiring closet design.
Page 83: Ospf For Routed Access
Refer to the following link for more details: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/routed-ex.html With Cisco IOS Release 12.2(53)SG, the IP Base image supports OSPF for routed access. The Enterprise Services image is required if you need multiple OSPFv2 and OSPFv3 instances without route restrictions. Enterprise Services also is required to enable the VRF-lite feature.
Page 84: Vrf-Lite
For details on VRRP, refer to this URL: http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp_ps6441_TSD_Products_ Configuration_Guide_Chapter.html Management Features The Catalyst 4500 series switch offers network management and control using the CLI or through alternative access methods, such as SNMP. The switch software supports these network management features: Cisco Call Home, page 1-21 •...
Page 85: Cisco Call Home
XML-based automated parsing applications. Common uses of this feature may include direct paging of a network support engineer, e-mail notification to a Network Operations Center, XML delivery to a support website, and utilization of Cisco Smart Call Home services for direct case generation with the Cisco Systems Technical Assistance Center (TAC).
Page 86: Cisco Ios Ip Service Level Agreements
Chapter 66, “Configuring Cisco IOS IP SLA Operations.” For more detail on Cisco IOS IP SLAs, see the Cisco IOS IP SLAs Configuration Guide, Release 12.4T: http://www.cisco.com/en/US/docs/ios/ipsla/configuration/guide/12_4t/sla_12_4t_book.html Catalyst 4500 series switch also supports a Built-in Traffic Simulator using Cisco IOS IP SLAs video operations to generate synthetic traffic for a variety of video applications, such as Telepresence, IPTV and IP video surveillance camera.
Page 87: Cisco Medianet Autoqos
Flow Metadata is supported on releases prior to Cisco IOS Release 15.1(1)SG. Flow metadata is the data that describes a flow in the network. This Flow Metadata describes the five tuple flow along with the attributes.
Page 88: Cisco Ios Mediatrace And Performance Monitor
This information includes, among other things, flow statistics; utilization information for incoming and outgoing interfaces, CPUs, and memory; as well as any changes to IP routes or the Cisco IOS Mediatrace monitoring state. For details, see the following URLs: http://www.cisco.com/en/US/docs/ios-xml/ios/media_monitoring/configuration/15-1sg/mm-pasv-mon.
Page 89: Cisco Network Assistant
IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator.
Page 90: Embedded Ciscoview
Embedded Event Manager (EEM) is a distributed and customized approach to event detection and recovery offered directly in a Cisco IOS device. EEM offers the ability to monitor events and take informational, corrective, or any desired EEM action when the monitored events occur or when a threshold is reached.
Page 91: Fat File Management System On Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4948E, And Catalyst 4900M
ACL. Intelligent Power Management Working with powered devices (PDs) from Cisco, this feature uses power negotiation to refine the power consumption of an 802.3af-compliant PD beyond the granularity of power consumption provided by the 802.3af class. Power negotiation also enables the backward compatibility of newer PDs with older modules that do not support either 802.3af or high-power levels as required by IEEE standard.
Page 92: Netflow-Lite
SSH will be limited to providing a remote login session to the switch and will only function as a server. Simple Network Management Protocol Simple Network Management Protocol (SNMP) facilitates the exchange of management information between network devices. The Catalyst 4500 series switch supports these SNMP types and enhancements: • SNMP—A full Internet standard SNMP v2—Community-based administrative framework for version 2 of SNMP...
Page 93: Span And Rspan
Class D, or better, cabling as specified in ISO/IEC 11801:1995. Cisco® Universal Power over Ethernet (UPOE) is a Cisco proprietary technology that extends the IEEE 802.3 PoE standard to provide the capability to source up to 60W of power over standard Ethernet cabling infrastructure (Class D or better).
Page 94: Wireshark
Note Catalyst 4500X-32. Starting with Cisco IOS Release XE 3.3.0SG and the IP Base and Enterprise Services feature sets, the Catalyst 4500 series switch supports Wireshark. This is a packet analyzer program, formerly known as Ethereal that supports multiple protocols and presents information in a graphical and text-based user interface.
Page 95: X Identity-Based Network Security
In this situation, 802.1X user authentication typically fails with the port closed, and the user is denied access. Inaccessible Authentication Bypass provides a configurable alternative on the Catalyst 4500 series switch to grant a critical port network access in a locally specified VLAN.
Page 96: Cisco Trustsec Security Architecture
Multi-Domain Authentication—This feature allows both a data device and a voice device, such as • an IP phone (Cisco or non-Cisco), to authenticate on the same switch port, which is divided into a data domain and a voice domain. •...
Page 97: Cisco Trustsec Macsec Encryption
DHCP data that was already snooped, and the security benefits continue uninterrupted. For DHCP server configuration information, refer to the chapter, “Configuring DHCP,” in the Cisco IOS IP and IP Routing Configuration Guide at the following URL: http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_rdmp_ps6350_TSD_Produ...
Page 98: Flood Blocking
Chapter 1 Product Overview Security Features Flood Blocking Flood blocking enables users to disable the flooding of unicast and multicast packets on a per-port basis. Occasionally, unknown unicast or multicast traffic from an unprotected port is flooded to a protected port because a MAC address has timed out or has not been learned by the switch.
Page 99: Local Authentication, Radius, And Tacacs+ Authentication
NAC Layer 2 IP validation NAC Layer 2 IP is an integral part of Cisco Network Admission Control. It offers the first line of defense for infected hosts (PCs and other devices attached to a LAN port) attempting to connect to the corporate network.
Page 100: Port Security
Chapter 1 Product Overview Security Features The switch supports the following applications of ACLs to filter traffic: MAC address filtering, which enables you to block unicast traffic for a MAC address on a VLAN • interface. Port ACLs, which enable you to apply ACLs to Layer 2 interfaces on a switch for inbound traffic. •...
Page 101: Urpf Strict Mode
For information about TDR, see Chapter 8, “Checking Port Status and Connectivity.” Debugging Features The Catalyst 4500 series switch has several commands to help you debug your initial setup. These commands are included in the following command groups: platform •...
Page 102: Web-Based Authentication
Chapter 1 Product Overview Security Features Web-based Authentication The web-based authentication feature, known as Web Authentication Proxy, enables you to authenticate end users on host systems that do not run the IEEE 802.1X supplicant. When you initiate an HTTP session, this feature intercepts ingress HTTP packets from the host and sends an HTML login page to your.
Page 103: New And Modified Software Features Supported In Cisco Ios 15.1(1)Sg And Cisco Ios Xe 3.3Sg
New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG This document provides a list of new and modified software features supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG. AAA Double Authentication Secured by Absolute Timeout http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-1sg/sec-aaa-double-auth.
Page 104 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG BFD - Static Route Support http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-1sg/irb-bi-fwd-det.html BFD IPv6 Encaps Support http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-1sg/ip6-route-bfd-encaps. html BFD - OSPF Support for BFD over IPv4 http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-1sg/irb-bi-fwd-det.html SSO - BFD http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-1sg/irb-bi-fwd-det.html...
Page 105 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG BGP Event Based VPN Import http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-1sg/irg-event-vpn-import. html http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/xe-3sg/irg-event-vpn-import. html BGP Support for the L2VPN Address Family http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-1sg/irg-sup-l2vpn.html http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/xe-3sg/irg-sup-l2vpn.html Bidirectional Forwarding Detection (BFD) MIB version 2 http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bfd/configuration/15-1sg/irb-bfd-mib.html...
Page 106 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/xe-3sg/evn-overview.html http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-1sg/evn-confg.html http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/xe-3sg/evn-confg.html http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-1sg/evn-shared-svcs.html http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/xe-3sg/evn-shared-svcs.html EVN Cisco EVN MIB http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/15-1sg/evn-mgt-ts.html http://www.cisco.com/en/US/docs/ios-xml/ios/evn/configuration/xe-3sg/evn-mgt-ts.html Embedded Packet Capture (EPC) http://www.cisco.com/en/US/docs/ios-xml/ios/epc/configuration/xe-3sg/nm-packet-capture.html Enhanced Test Command http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_radcfg/configuration/15-1sg/sec-enhanced-tst-c md.html http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_radcfg/configuration/xe-3sg/sec-enhanced-tst-c...
Page 107 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG IGMP Static Group Range Support http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_igmp/configuration/15-1sg/imc_static_grp_ran ge_supp.html http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_igmp/configuration/xe-3sg/imc_static_grp_rang e_supp.html IGMPv3 Host Stack http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_igmp/configuration/15-1sg/imc_igmpv3_hostst ack.html http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_igmp/configuration/xe-3sg/imc_igmpv3_hostst ack.html Device Sensor http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/15-1sg/sec-dev-sensor.html http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-3sg/sec-dev-sensor.html IP Multicast Load Splitting - Equal Cost Multipath (ECMP) using S, G and Next-hop http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_optim/configuration/15-1sg/imc_load_splt_ecm...
Page 108 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG IPv6 Tunneling: ISATAP Tunnel Support http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/15-1sg/ip6-tunnel.html http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/xe-3sg/ip6-tunnel.html IPv6: Multicast Address Group Range Support http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/15-1sg/ip6-multicast.html http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/xe-3sg/ip6-multicast.html ISG:Policy Control: Policy Server: CoA (QoS, L4 redirect, User ACL, TimeOut) http://www.cisco.com/en/US/docs/ios-xml/ios/isg/configuration/15-1sg/isg-ext-pol-svrs.html...
Page 109 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG http://www.cisco.com/en/US/docs/ios-xml/ios/media_monitoring/configuration/xe-3sg/mm-mediatrace .html MLD Group Limits http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/15-1sg/ip6-multicast.html http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/xe-3sg/ip6-multicast.html Media Services Proxy http://www.cisco.com/en/US/docs/ios-xml/ios/msp/configuration/15-1sg/med-ser-prxy.html http://www.cisco.com/en/US/docs/ios-xml/ios/msp/configuration/xe-3sg/med-ser-prxy-xe.html MSDP MD5 password authentication http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-1sg/imc_msdp.html http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/xe-3sg/imc_msdp.html Multicast Address Group Range Support...
Page 110 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/xe-3sg/iro-traff-stats.html OSPF Graceful Shutdown http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-1sg/iro-ttl.html http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/xe-3sg/iro-ttl.html OSPF Mechanism to Exclude Connected IP Prefixes from LSA Advertisements http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-1sg/iro-ex-lsa.html http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/xe-3sg/iro-ex-lsa.html OSPF SNMP ifIndex Value for Interface ID http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-1sg/iro-snmp-ifindex.htm...
Page 111 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG PIM Triggered Joins http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_resil/configuration/15-1sg/imc_pim_triggered.h http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_resil/configuration/xe-3sg/imc_pim_triggered.h Product Security Baseline: Password Encryption and Complexity Restrictions http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/15-1sg/sec-cfg-sec-4cli.html http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/xe-3sg/sec-cfg-sec-4cli.html RADIUS Progress Codes http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_radcfg/configuration/15-1sg/RADIUS_Progres s_Codes.html http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_radcfg/configuration/xe-3sg/RADIUS_Progress _Codes.html...
Page 112 Chapter 1 Product Overview New and Modified Software Features Supported in Cisco IOS 15.1(1)SG and Cisco IOS XE 3.3SG Supressing EXEC Accounting Record The Suppressing EXEC Accounting Record feature enables the suppression of an EXEC-stop accounting record when autoselection during login for the dial-in clients is configured. To configure the Suppressing EXEC Accounting Record feature, use the aaa accounting nested suppress stop command in global configuration mode.
Page 113 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 114: Accessing The Switch Cli
Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA). Perform the initial switch configuration over a connection to the EIA/TIA-232 console interface. Refer to the Catalyst 4500 Series Switch Module Installation Guide for console interface cable connection procedures. To access the switch through the console interface, perform this task:...
Page 115: Chapter 2 Command-Line Interface
Chapter 2 Command-Line Interfaces Performing Command-Line Processing To make a Telnet connection to the switch, perform this task: Command Purpose Step 1 From the remote host, enter the telnet command and the telnet {hostname | ip_addr} name or IP address of the switch you want to access. Step 2 At the prompt, enter the password for the CLI.
Page 116: Performing History Substitution
The Cisco IOS user interface has many different modes: user EXEC, privileged EXEC (enable), global configuration, interface, subinterface, and protocol-specific. The commands available to you depend on which mode you are in. To get a list of the commands in a given mode, enter a question mark (?) at the system prompt.
Page 117: Getting A List Of Commands And Syntax
Telnet. The Cisco IOS command interpreter, called the EXEC, interprets and runs the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t.
Page 118: Virtual Console For Standby Supervisor Engine
EXEC mode. Virtual Console for Standby Supervisor Engine Catalyst 4500 series switches can be configured with 2 supervisor engines to provide redundancy. When the switch is powered, one of the supervisor engines becomes active and remains active until a switchover occurs.
Page 119: Rommon Command-Line Interface
Chapter 2 Command-Line Interfaces ROMMON Command-Line Interface To log in to the standby supervisor engine using a virtual console, enter the following command: Switch# session module 2 Connecting to standby virtual console Type "exit" or "quit" to end this session Switch-standby-console# exit If the standby console is not enabled, the following message appears: Switch-standby-console#...
Page 120: Archiving Crashfiles Information
When you enter ROMMON mode, the prompt changes to rommon 1>. Use the ? command to see the available ROMMON commands. For more information about the ROMMON commands, refer to the Cisco IOS Command Reference. Archiving Crashfiles Information This feature allows you to archive crashinfo files (otherwise overwritten if another system reset were to happen first to the bootflash).
Page 121 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E ========= Context ====================== pc=10999E70 lr=10999E34 msr=02029230 vector=00000600 cr=20004022 ctr=108EC3EC xer=00000000 r0=10999E34 r1=2421F930 r2=0000001E r3=234BBFD8 r4=0000000A r5=00000000 r6=2421F918 r7=00000000 r8=00000000 r9=00000000 r10=14850000 r11=234BBFD4 r12=EB93A100 r13=B4E9F3F3 r14=10CD0984 r15=00000000 r16=156CA504 r17=156CA504 r18=00000001 r19=00000000 r20=00000000 r21=00000000 r22=00000000 r23=00000000 r24=00000000 r25=00000000 r26=00000000 r27=00000000...
Page 122 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 2421FAF0: 00000000 00000000 00000000 00000000 2421FB00: 00000000 00000000 2421FB10 1099BCFC 2421FB10: 00000000 10992CEC FFFFFFFF ========= Popped stack ====================== 2421F730: E8000800 151B1AB0 2421F748 132BBFA8 2421F740: 000E8000 151B1AB0 2421F760 132BC0D0 2421F750: 000E8000 00009B0A E8000800 151B1AB0 2421F760: 2421F778 132BC2A0 E8000800 00009B0A 2421F770: 00000800 153B1B7C 2421F790 123FAF28...
Page 123 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 151A3B48: 1586D760 10C7FE38 10C7F17C 1586FF98 10C7FE38 10C7F17C 151A3B30: 1586D760 10C84B24 10C7F17C 1586D760 10C7FE38 10C7F17C 151A3B18: 1586FF98 10C84B24 10C7F17C 1586FF98 10C7FE38 10C7F17C 151A3B00: 1586D760 10C84B24 10C7F17C 1586D760 10C7FE38 10C7F17C 151A3AE8: 1586FF98 10C84B24 10C7F17C 1586FF98 10C7FE38 10C7F17C 151A3AD0: 1586D760 10C84B24 10C7F17C 1586FBF0 10C84B24 10C7F17C 151A3AB8: 1586FBF0 10C7FE38 10C7F17C 1586D760 10C7FE38 10C7F17C...
Page 124 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E Flags: analyze crashblock on_old_queue Status 0x00000000 Orig_ra 0x00000000 Routine 0x00000000 Signal 0 Caller_pc 0x00000000 Callee_pc 0x00000000 Dbg_events 0x00000000 State Totmalloc 153104 Totfree 9040 Totgetbuf Totretbuf Edisms Eparm 0x156CA328 Elapsed Ncalls...
Page 125 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E ---- Level 2 Interrupt stack (0x3F8 bytes used, out of 0x2328 available) ---- intstacks[2]: base 0x156D90B0 stack 0x156DB3D0 routine 0x0 count 0x2 size 0x2328 0x2328 desc 0x156C0C78 156DAFE0: 156DAFE8 FFFFFFFF 156DB020 119E1374 B6B8...
Page 126 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 156D8FE0: 20526576 69657700 156D9000: 1ADBEEF 1896AD90 156D9030 0 146CF310 156D9020: 146D0000 14620EA0 D 1893E4BC 156D9038 134D23A4 156D9058 12023A6C 156D9040: 0 1B1DDC40 156D9050 D 1B1DDC40 156D9080 11ED3534 156D9060: 40 132D6244 0 14620EA0 146D0000 14620EA0...
Page 127 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E ---- Level 7 Interrupt stack (0x0 bytes used, out of 0x2328 available) ---- intstacks[7]: base 0x156CE0E8 stack 0x156D0408 routine 0x0 count 0x0 size 0x2328 0x2328 desc 0x156BEE74 ---- Level 8 Interrupt stack (base 0x0, size 0x0) is invalid ---- ---- Level 9 Interrupt stack (base 0x0, size 0x0) is invalid ----...
Page 128 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 2421F8D0: 0 2421F8E8 10C1FD9C 2421F8F8 2421F8F0: 15868B74 15868B74 2421F910 117CF5C0 2421F968 1586A45C 2421F920 15868B74 2421F910: 2421F918 0 14850000 0 2421F930 10999978 2421F930 2421F930: 2421F940 10999E34 2421F940 15868B74 2421F948 11B430B8 2421F9B0 10C84444 2421F950: 2421F978 0 2421F9C0 0 240CC3C8...
Page 129 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 234BBAF0: 0 23056294 23054D90 13597D4C 0 FD0110DF 234BBB10: AB1234CD FFFE0000 0 13D9A594 10027870 234BBB54 234BBAE0 8000000E 234BBB30: 234BBB50: FD0110DF AB1234CD FFFE0000 0 156CD7F4 119EB018 234BC350 234BBB24 234BBB70: 800003EA 1 119F6768 0 234466EC 234FFE84...
Page 130 6 06:21:21.779: %SYS-5-CONFIG_I: Configured from memory by console *Sep 6 06:21:21.875: %SYS-5-RESTART: System restarted -- Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICES-M), Experimental Version 12.2(20100723:074204) [/../../../../ios/sys 179] Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Mon 06-Sep-10 22:11 by cisco *Sep 6 06:21:23.363: Slot 0 : delete...
Page 131 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E L2CAPTECC: 0x0 L2ERRDET: 0x0 L2ERRDIS: 0x0 L2ERRATTR: 0x0 L2ERRADDRH: 0x0L2ERRADDRL: 0x0 L2_ERRCTL: 0x0 DDR_CAPTURE_DATA_HI: 0x0 DDR_CAPTURE_DATA_LO: 0x0 DDR_CAPTURE_ECC: 0x0 DDR_ERR_DETECT: 0x0 DDR_ERR_DISABLE: 0x0 DDR_ERR_INT_EN: 0x9 DDR_CAPTURE_ATTRIBUTES: 0x0 DDR_CAPTURE_ADDRESS: 0x0 DDR_CAPTURE_EXT_ADDRESS: 0x0 DDR_ERR_SBE: 0xff0000...
Page 132 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 2-20 OL-25340-01...
Page 133: Default Switch Configuration
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 134: Configuring Dhcp-Based Autoconfiguration
Example Configuration, page 3-7 • If your DHCP server is a Cisco device, or if you are configuring the switch as a DHCP server, refer to the “IP Addressing and Services” section in the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.1 for additional information about configuring DHCP.
Page 135: Chapter 3 Configuring The Switch For The First Time
Chapter 3 Configuring the Switch for the First Time Configuring DHCP-Based Autoconfiguration With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch because your switch (the DHCP client) is automatically configured at startup with IP address information and a configuration file. However, you need to configure the DHCP server or the DHCP server feature on your switch for various lease options associated with IP addresses.
Page 136: Configuring The Dhcp Server
Configuring DHCP-Based Autoconfiguration Configuring the DHCP Server A switch can act as both the DHCP client and the DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch. You should configure the DHCP server, or the DHCP server feature running on your switch, with reserved leases that are bound to each switch by the switch hardware address.
Page 137: Configuring The Dns Server
LAN must respond. Examples of such broadcast packets are DHCP, DNS, and in some cases, TFTP packets. If the relay device is a Cisco router, enable IP routing (ip routing global configuration command) and configure helper addresses (ip helper-address interface configuration command). For example, in...
Page 138: Obtaining Configuration Files
Chapter 3 Configuring the Switch for the First Time Configuring DHCP-Based Autoconfiguration Figure 3-2 Relay Device Used in Autoconfiguration Switch Cisco router (DHCP client) (Relay) 10.0.0.2 10.0.0.1 20.0.0.1 20.0.0.2 20.0.0.3 20.0.0.4 DHCP server TFTP server DNS server Obtaining Configuration Files...
Page 139: Example Configuration
Figure 3-3 DHCP-Based Autoconfiguration Network Example Switch 1 Switch 2 Switch 3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (maritsu) Table 3-2 shows the configuration of the reserved leases on either the DHCP server or the DHCP server feature running on your switch.
Page 140: Configuring The Switch
Chapter 3 Configuring the Switch for the First Time Configuring the Switch DNS Server Configuration The DNS server maps the TFTP server name maritsu to IP address 10.0.0.3. TFTP Server Configuration (on UNIX) The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file used in the two-file read method.
Page 141: Using Configuration Mode To Configure Your Switch
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Using Configuration Mode to Configure Your Switch To configure your switch from configuration mode, follow these steps: Connect a console terminal to the console interface of your supervisor engine. Step 1 Step 2 After a few seconds, you see the user EXEC prompt (Switch>).
Page 142: Saving The Running Configuration Settings To Your Start-Up File
Chapter 3 Configuring the Switch for the First Time Configuring the Switch <...output truncated...> line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi Switch# Saving the Running Configuration Settings to Your Start-Up File Caution...
Page 143: Configuring A Default Gateway
Chapter 3 Configuring the Switch for the First Time Configuring the Switch line con 0 exec-timeout 0 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi Switch# Configuring a Default Gateway The switch uses the default gateway only when it is not configured with a routing protocol.
Page 144 Chapter 3 Configuring the Switch for the First Time Configuring the Switch To configure a static route, perform this task: Command Purpose Step 1 Configures a static route to the remote network. Switch(config)# ip route dest_IP_address mask {forwarding_IP | vlan vlan_ID} Step 2 Verifies that the static route is displayed correctly.
Page 145: Controlling Access To Privileged Exec Commands
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands ip default-gateway 172.20.52.35 ip classless ip route 171.20.5.3 255.255.255.255 Vlan1 no ip http server x25 host z line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login...
Page 146: Using The Enable Password And Enable Secret Commands
If you specify an encryption type, you must provide an encrypted password—an encrypted password you copy from another Catalyst 4500 series switch configuration. Note You cannot recover a lost encrypted password. You must clear NVRAM and set a new password. See the “Recovering a Lost Enable Password”...
Page 147: Controlling Switch Access With Tacacs+
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 148 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Figure 3-4 Typical TACACS+ Network Configuration UNIX workstation (TACACS+ Catalyst 6500 server 1) series switch 171.20.10.7 UNIX workstation (TACACS+ server 2) 171.20.10.8 Configure the switches with the TACACS+ server addresses.
Page 149: Tacacs+ Operation
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands TACACS+ Operation When a user attempts a simple ASCII login by authenticating to a switch using TACACS+, this process occurs: When the connection is established, the switch contacts the TACACS+ daemon to obtain a username prompt, which is then displayed to the user.
Page 150 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services, • page 3-21 • Starting TACACS+ Accounting, page 3-21 Default TACACS+ Configuration TACACS+ and AAA are disabled by default. To prevent a lapse in security, you cannot configure TACACS+ through a network management application.
Page 151 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Command Purpose Step 7 Verifies your entries. show tacacs Step 8 (Optional) Saves your entries in the configuration file. copy running-config startup-config To remove the specified TACACS+ server name or address, use the no tacacs-server host hostname global configuration command.
Page 152 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Command Purpose Step 3 Creates a login authentication method list. aaa authentication login default list-name method1 method2... • To create a default list that is used when a named list is not specified in the login authentication command, use the default keyword followed by the methods that you plan to use in default situations.
Page 153 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services AAA authorization limits the services available to a user. When AAA authorization is enabled, the switch uses information retrieved from the user’s profile, which is located either in the local user database or on the security server, to configure the user’s session.
Page 154: Displaying The Tacacs+ Configuration
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands To enable TACACS+ accounting for each Cisco IOS privilege level and for network services, perform this task, beginning in privileged EXEC mode: Command Purpose Step 1 configure terminal Enters global configuration mode.
Page 155: Configuring Multiple Privilege Levels
3-24. Configuring Multiple Privilege Levels By default, Cisco IOS software has two modes of password security: user EXEC mode and privileged EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Page 156: Logging In To A Privilege Level
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Logging In to a Privilege Level To log in at a specified privilege level, enter this command: Command Purpose Logs in to a specified privilege level. Switch# enable level Exiting a Privilege Level To exit to a specified privilege level, enter this command:...
Page 157: Recovering A Lost Enable Password
Chapter 3 Configuring the Switch for the First Time Recovering a Lost Enable Password Recovering a Lost Enable Password For more information on the configuration register which is preconfigured in NVRAM, see “Configuring Note the Software Configuration Register” section on page 3-26.
Page 158: Understanding The Rom Monitor
NVRAM To avoid possibly halting the Catalyst 4500 series switch switch, remember that valid configuration Caution register settings might be combinations of settings and not just the individual settings listed in Table 3-3.
Page 159: Modifying The Boot Field And Using The Boot Command
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Table 3-3 Software Configuration Register Bits Bit Number Hexadecimal Meaning 00 to 03 0x0000 to 0x000F Boot field (see Table 3-4) 0x0010 Unused 0x0020 Bit two of console line speed 0x0040 Causes system software to ignore NVRAM contents 0x0080...
Page 160: Modifying The Boot Field
Reboots the switch to make your changes take effect. Switch# reload To modify the configuration register while the switch is running Cisco IOS software, follow these steps: Enter the enable command and your password to enter privileged level, as follows: Step 1 Switch>...
Page 161: Verifying The Configuration Register Setting
Supervisor Engine 6-E and Supervisor Engine 6L-E Switch# show version Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICES-M), Version 15.1(1)SG5.214, CISCO INTERNAL USE ONLY DEVTEST VERSION , synced to END_OF_FLO_ISP Copyright (c) 1986-2012 by Cisco Systems, Inc. Compiled Tue 17-Jan-12 23:07 by gsbuprod ROM: 12.2(44r)SG(0.146)
Page 162: Specifying The Startup System Image
Switch# show version Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.03.00.SG5. CISCO INTERNAL USE ONLY UNIVERSAL DEVELOPMENT K10 IOSD VERSION , synced to V150_5_20_SID Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Wed 14-Dec-11 07:59 by gsbuprod ROM: 15.0(1r)SG(0.326)
Page 163: Flash Memory Features
Step 1 Copy a system image to flash memory using TFTP or other protocols. Refer to the “Cisco IOS File Management” and “Loading and Maintaining System Images” chapters in the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, at the following URL: http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_2sr/cf_12_2sr_book.html...
Page 164: Resetting A Switch To Factory Default Settings
Switch# 00:01:48: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram Switch# If the Catalyst 4500 series switch is accessible to a TFTP server, you can copy an image to the bootflash memory with the TFTP command: Switch# copy tftp://192.20.3.123/tftpboot/abc/cat4500-entservices-mz.bin bootflash: Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 165 Configuring the Switch for the First Time Resetting a Switch to Factory Default Settings When the copying is completed, you can reboot the just-copied Catalyst 4500 series switch image to the image stored in the bootflash memory with the reload command: Switch# reload System configuration has been modified.
Page 166 Chapter 3 Configuring the Switch for the First Time Resetting a Switch to Factory Default Settings Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 3-34 OL-25340-01...
Page 167: Managing The System Time And Date
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 168: Chapter 4 Administering The Switch
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP, page 4-3 • Configuring Time and Date Manually, page 4-11 • System Clock The core of the time service is the system clock, which monitors the date and time. This clock starts when the system starts.
Page 169: Configuring Ntp
Managing the System Time and Date Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 170: Default Ntp Configuration
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP Associations, page 4-6 • Configuring NTP Broadcast Service, page 4-7 • Configuring NTP Access Restrictions, page 4-8 • Configuring the Source IP Address for NTP Packets, page 4-10 •...
Page 171 Chapter 4 Administering the Switch Managing the System Time and Date Command Purpose Step 4 Specifies one or more key numbers (defined in Step 3) that a peer ntp trusted-key key-number NTP device must provide in its NTP packets for this switch to synchronize to it.
Page 172: Configuring Ntp Associations
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP Associations An NTP association can be a peer association (this switch can either synchronize to the other device or allow the other device to synchronize to it), or it can be a server association (meaning that only this switch synchronizes to the other device, and not the other way around).
Page 173: Configuring Ntp Broadcast Service
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP Broadcast Service The communications between devices running NTP (known as associations) are usually statically configured; each device is given the IP addresses of all devices with which it should form associations. Accurate timekeeping is possible by exchanging NTP messages between each pair of devices with an association.
Page 174: Configuring Ntp Access Restrictions
Chapter 4 Administering the Switch Managing the System Time and Date To configure the switch to receive NTP broadcast packets from connected peers, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Specifies the interface to receive NTP broadcast packets, and enter interface interface-id interface configuration mode.
Page 175 Chapter 4 Administering the Switch Managing the System Time and Date Creating an Access Group and Assigning a Basic IP Access List To control access to NTP services by using access lists, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Creates an access group, and apply a basic IP access list.
Page 176: Configuring The Source Ip Address For Ntp Packets
Chapter 4 Administering the Switch Managing the System Time and Date To remove access control to the switch NTP services, use the no ntp access-group {query-only | serve-only | serve | peer} global configuration command. This example shows how to configure the switch to allow itself to synchronize to a peer from access list 99.
Page 177: Displaying The Ntp Configuration
For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.3. Configuring Time and Date Manually If no other source of time is available, you can manually configure the time and date after the system is restarted.
Page 178: Displaying The Time And Date Configuration
Chapter 4 Administering the Switch Managing the System Time and Date Displaying the Time and Date Configuration To display the time and date configuration, use the show clock [detail] privileged EXEC command. The system clock keeps an authoritative flag that shows whether the time is authoritative (believed to be accurate).
Page 179: Configuring Summer Time (Daylight Saving Time)
Chapter 4 Administering the Switch Managing the System Time and Date Configuring Summer Time (Daylight Saving Time) To configure summer time (daylight saving time) in areas where it starts and ends on a particular day of the week each year, perform this task: Command Purpose Step 1...
Page 180: Configuring A System Name And Prompt
Chapter 4 Administering the Switch Configuring a System Name and Prompt If summer time in your area does not follow a recurring pattern (configure the exact date and time of the next summer time events), perform this task: Command Purpose Step 1 configure terminal Enters global configuration mode.
Page 181: Configuring A System Name
Administering the Switch Configuring a System Name and Prompt For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.3 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.3.
Page 182: Default Dns Configuration
Chapter 4 Administering the Switch Configuring a System Name and Prompt These sections contain this configuration information: Default DNS Configuration, page 4-16 • Setting Up DNS, page 4-16 • Displaying the DNS Configuration, page 4-17 • Default DNS Configuration Table 4-2 shows the default DNS configuration.
Page 183: Displaying The Dns Configuration
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 184: Default Banner Configuration
Chapter 4 Administering the Switch Creating a Banner Default Banner Configuration The MOTD and login banners are not configured. Configuring a Message-of-the-Day Login Banner You can create a single or multiline message banner that appears on the screen when someone logs in to the switch.
Page 185 Chapter 4 Administering the Switch Creating a Banner Command Purpose Step 4 Verifies your entries. show running-config Step 5 (Optional) Saves your entries in the configuration file. copy running-config startup-config This example shows how to configure a MOTD banner for the switch by using the pound sign (#) symbol as the beginning and ending delimiter: Switch(config)# banner motd # it is a secure site.
Page 186: Configuring A Login Banner
Chapter 4 Administering the Switch Creating a Banner Configuring a Login Banner You can configure a login banner to be displayed on all connected terminals. This banner appears after the MOTD banner and before the login prompt. To configure a login banner, perform this task: Command Purpose Step 1...
Page 187: Managing The Mac Address Table
Chapter 4 Administering the Switch Managing the MAC Address Table This example shows how to configure a login banner for the switch by using the dollar sign ($) symbol as the beginning and ending delimiter: Switch# configuration terminal Switch(config)# banner login $ Access for authorized users only.
Page 188: Mac Addresses And Vlans
Chapter 4 Administering the Switch Managing the MAC Address Table address and its associated port number to the address table. As stations are added or removed from the network, the switch updates the address table, adding new dynamic addresses and aging out those that are not in use.
Page 189: Default Mac Address Table Configuration
Chapter 4 Administering the Switch Managing the MAC Address Table When PVLANs are configured, address learning depends on the type of MAC address: Dynamic MAC addresses learned in one VLAN of a PVLAN are replicated in the associated • VLANs. For example, a MAC address learned in a private-VLAN secondary VLAN is replicated in the primary VLAN.
Page 190: Removing Dynamic Address Entries
Chapter 4 Administering the Switch Managing the MAC Address Table Command Purpose Step 4 Verifies your entries. show mac address-table aging-time Step 5 (Optional) Saves your entries in the configuration file. copy running-config startup-config Removing Dynamic Address Entries To remove all dynamic entries, use the clear mac address-table dynamic command in EXEC mode. You can also remove a specific MAC address (clear mac address-table dynamic address mac-address), remove all addresses on the specified physical port or port channel (clear mac address-table dynamic interface interface-id), or remove all addresses on a specified...
Page 191 Chapter 4 Administering the Switch Managing the MAC Address Table Command Purpose Step 3 Enables the switch to send MAC change traps to the snmp-server enable traps mac-notification change NMS. To disable the switch from sending MAC change notification traps, use the no snmp-server enable traps mac-notification change global configuration command.
Page 192: Configuring Mac Move Notification Traps
Chapter 4 Administering the Switch Managing the MAC Address Table This example shows how to specify 172.69.59.93 as the network management system, enable the switch to send MAC change notification traps to the network management system, enable the MAC change notification feature, set the interval time to 60 seconds, set the history-size to 100 entries, and enable traps whenever a MAC address is added on the specified port: Switch# configure terminal...
Page 193 Chapter 4 Administering the Switch Managing the MAC Address Table To configure MAC move notification, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Specifies the recipient of the trap message. snmp-server host host-addr traps | informs version }} [...
Page 194: Configuring Mac Threshold Notification Traps
Chapter 4 Administering the Switch Managing the MAC Address Table Configuring MAC Threshold Notification Traps When you configure MAC threshold notification, an SNMP notification is generated and sent to the network management system when a MAC address table (MAT) threshold limit is reached or exceeded. To configure MAC address threshold notification, perform this task: Command Purpose...
Page 195: Adding And Removing Static Address Entries
Chapter 4 Administering the Switch Managing the MAC Address Table Command Purpose Step 6 Returns to privileged EXEC mode. Step 7 Displays the MAC utilization threshold notification show mac address-table notification threshold show running-config status. Step 8 (Optional) Saves your entries in the configuration copy running-config startup-config file.
Page 196: Configuring Unicast Mac Address Filtering
Chapter 4 Administering the Switch Managing the MAC Address Table To add a static address, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Adds a static address to the MAC address table. mac address-table static mac-addr vlan vlan-id interface interface-id For mac-addr, specify the destination MAC unicast address to add to •...
Page 197 Chapter 4 Administering the Switch Managing the MAC Address Table If you add a unicast MAC address as a static address and configure unicast MAC address filtering, • the switch either adds the MAC address as a static address or drops packets with that MAC address, depending on which command was entered last.
Page 198: Disabling Mac Address Learning On A Vlan
Chapter 4 Administering the Switch Managing the MAC Address Table Disabling MAC Address Learning on a VLAN By default, MAC address learning is enabled on all VLANs on the switch. By controlling which VLANs can learn MAC addresses, you can manage the available MAC address table space. By disabling learning on a VLAN, you can conserve the MAC address table space because all the MAC addresses seen on this VLAN are not learned.
Page 199: Usage Guidelines
Managing the MAC Address Table Usage Guidelines Note These guidelines are advisory only. Contact the Cisco solution provider team for specific solution implementations. When disabling MAC address learning on a VLAN, consider these guidelines: If learning is disabled on a VLAN with an SVI interface, it floods every IP packet in the Layer 2 •...
Page 200 Chapter 4 Administering the Switch Managing the MAC Address Table Figure 4-2 Disabling MAC Address Learning: Point-to-Point Links Core Switch Core Switch FW Sync Distribution Distribution External External Switch Switch FW interface FW interface L2/L3 Internal Internal FW interface FW interface Firewall VLAN a VLAN a...
Page 201: Feature Compatibility
Chapter 4 Administering the Switch Managing the MAC Address Table Layer 2 Firewall or Cache In this topology, a rewritten Layer 3 packet is routed back to a Layer 2 firewall (or cache) before exiting. When the packet reenters the switch from the firewall, it possesses the switch’s MAC address because the packet was previously routed.
Page 202: Feature Incompatibility
Chapter 4 Administering the Switch Managing the MAC Address Table Feature Incompatibility The following features are incompatible with disabling MAC address learning and do not work properly when the feature is enabled: 802.1X—The 802.1X class of features does not work when learning is disabled because some of •...
Page 203: Displaying Address Table Entries
Configuration capabilities allow comprehensive changes to devices, if the required security privileges have been granted. The configuration and monitoring capabilities for the Catalyst 4500 series of switches mirror those available in CiscoView in all server-based CiscoWorks solutions, including CiscoWorks LAN Management Solution (LMS) and CiscoWorks Routed WAN Management Solution (RWAN).
Page 204: Understanding Embedded Ciscoview
Chapter 4 Administering the Switch Configuring Embedded CiscoView Support These sections describe the Embedded CiscoView support available with Cisco IOS Release 12.1(20)EW and later releases: • Understanding Embedded CiscoView, page 4-38 Installing and Configuring Embedded CiscoView, page 4-38 • Displaying Embedded CiscoView Information, page 4-41 •...
Page 205 Delete bootflash:cv/Cat4000IOS-4.0_error.html? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_install.html? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_jks.jar? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_nos.jar? [confirm]y Delete bootflash:cv/applet.html? [confirm]y Delete bootflash:cv/cisco.x509? [confirm]y Delete bootflash:cv/identitydb.obj? [confirm]y Switch# Switch# squeeze bootflash: All deleted files will be removed. Continue? [confirm]y Squeeze operation may take a while. Continue? [confirm]y...
Page 206 ADP version Output modifiers < For more information about web access to the switch, refer to the “Using the Cisco Web Browser” chapter in the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_4t/cf_12_4t_book.html Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 207: Displaying Embedded Ciscoview Information
7263 Cat4000IOS-5.1_error.html Cat4000IOS-5.1_install.html 2743 Cat4000IOS-5.1_jks.jar 20450 Cat4000IOS-5.1_nos.jar 20782 applet.html 12388 cisco.x509 identitydb.obj 2523 Switch# show ciscoview version Engine Version: 5.3.4 ADP Device: Cat4000IOS ADP Version: 5.1 ADK: 49 Switch# Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 4-41 OL-25340-01...
Page 208 Chapter 4 Administering the Switch Configuring Embedded CiscoView Support Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 4-42 OL-25340-01...
Page 209 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 210: C H A P T E R 5 Configuring The Cisco Ios In-Service Software Upgrade Process
NFL daughter card and so on). • The new and old Cisco IOS software images must be loaded into the file systems (bootflash or compact flash) of both the active and the standby supervisor engines before you begin the ISSU process.
Page 211: About Issu
SSO is typically deployed in service provider networks. In this example, Cisco NSF with SSO is enabled at the access layer (edge) of the service provider network. A fault at this point could result in loss of service for enterprise customers requiring access to the service provider network.
Page 212 SSO capable-routers access layer Customers Additional levels of availability may be gained by deploying Cisco NSF with SSO at other points in the network where a single point of failure exists. Figure 5-2 illustrates an optional deployment strategy that applies Cisco NSF with SSO at the enterprise network access layer.
Page 213: Nsf Overview
NSF Overview Cisco NSF works with the SSO feature in Cisco IOS software. SSO is a prerequisite of Cisco NSF. NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover.
Page 214: Issu Process Overview
About ISSU ISSU Process Overview The ISSU process allows you to perform a Cisco IOS software upgrade or downgrade while the system continues to forward packets. (For an illustration of the commands used during the ISSU process, refer Figure 5-8 on page 5-11.) Cisco IOS ISSU takes advantage of the Cisco IOS high availability...
Page 215 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU An ISSU-capable switch consists of two supervisor engines (active and standby) and one or more line cards. Before initiating the ISSU process, copy the Cisco IOS software into the file systems of both supervisor engines (see Figure 5-4).
Page 216 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU After you have copied the Cisco IOS software to both file systems, load the new version of Cisco IOS software onto the standby supervisor engine (see Figure 5-5).
Page 217 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU After a switchover (NSF or SSO, not RPR), the standby supervisor engine takes over as the new active supervisor engine (see Figure 5-6). Figure 5-6 Switch Over to Standby Supervisor Engine...
Page 218 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU The former active supervisor engine is loaded with an old Cisco IOS image so that if the new active supervisor engine experiences problems, you can abort and conduct a switchover to the former active, which is already running the old image.
Page 219: Performing An Issu Upgrade: 2 Methods
Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU Figure 5-8 Steps During the ISSU Process Standby Active Loadversion Loadversion Active Standby Abortversion Standby Active Abortversion Switchover Commitversion Commitversion Runversion Runversion Active Active Standby Standby *Acceptversion Commitversion Commitversion * This command is optional.
Page 220: Changeversion Process
Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU Changeversion Process The issu changeversion command launches a single-step complete ISSU upgrade cycle. It performs the logic for all four of the standard commands (issu loadversion, issu runversion, issu acceptversion, and issu commitversion) without user intervention, streamlining the upgrade through a single CLI step.
Page 221: Changeversion Deployment Scenario
• In a downgrade scenario, if any feature is not available in the downgrade revision of the Cisco IOS software handle, that feature should be disabled prior to initiating the ISSU process. Versioning Capability in Cisco IOS Software to Support ISSU Before the introduction of ISSU, the SSO mode of operation required each supervisor engine to be running the same versions of Cisco IOS software.
Page 222: Compatibility Matrix
Incompatible versions cannot progress to SSO operational mode. Compatibility Matrix You can perform the ISSU process when the Cisco IOS software on both the active and the standby supervisor engine is capable of ISSU and the old and new images are compatible. The compatibility matrix information stores the compatibility among releases as follows: Compatible—The base-level system infrastructure and all optional HA-aware subsystems are...
Page 223: Snmp Support For Issu
SNMP for SSO provides a mechanism for synchronizing the SNMP configurations and the MIBs that support SSO from the active supervisor engine to the standby supervisor engine, assuming that both supervisor engines are running the same version of Cisco IOS software. This assumption is not valid for ISSU.
Page 224: Verifying The Issu Software Installation
Init state—The initial state is two supervisor engines, one active and one standby, before the ISSU process is started. It is also the final state after the ISSU process completes. • Load version (LV) state—The standby supervisor engine is loaded with the new version of Cisco IOS software. •...
Page 225: Verifying The Issu State Before Beginning The Issu Process
Active Location = slot 1 Current Software state = ACTIVE Uptime in current state = 0 minutes Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICES-M), Version 12.2(31)SGA, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc.
Page 226: Loading New Cisco Ios Software On The Standby Supervisor Engine
61341696 bytes total (1116224 bytes free) Loading New Cisco IOS Software on the Standby Supervisor Engine This task describes how to use ISSU to load a new version of Cisco IOS software to the standby supervisor engine. Prerequisites Ensure that the new version of Cisco IOS software image is already present in the file system of both •...
Page 227 It may take several seconds after the issu loadversion command is entered for Cisco IOS software to load onto the standby supervisor engine and for the standby supervisor engine to transition to SSO mode. This causes the standby supervisor engine to reload with the new image.
Page 228 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Slot = 2 RP State = Standby ISSU State = Load Version Boot Variable = bootflash:new_image,12;bootflash:old_image,12 Operating Mode = Stateful Switchover Primary Version = bootflash:old_image Secondary Version = bootflash:new_image...
Page 229: Switching To The Standby Supervisor Engine
= 18 RF debug mask = 0x0 Switching to the Standby Supervisor Engine This task describes how to switchover to the standby supervisor engine, which is running the new Cisco IOS software image. Perform this task at the active supervisor engine:...
Page 230 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process A switchover occurs at this point. At the new active supervisor engine, after old active supervisor engine comes up as the standby engine, do the following:...
Page 231: Stopping The Issu Rollback Timer (Optional)
This optional task describes how to stop the rollback timer. If you do not run the following procedure before the rollback timer “timeout,” the system automatically aborts the ISSU process and reverts to the original Cisco IOS software version. By default the rollback timer is 45 minutes.
Page 232: Loading New Cisco Ios Software On The New Standby Supervisor Engine
Configured Rollback Time = 45:00 Loading New Cisco IOS Software on the New Standby Supervisor Engine This task explains how to load new version of Cisco IOS software to the new standby supervisor engine. Perform this task at the active supervisor engine:...
Page 233 Performing the ISSU Process This example shows how to reset and reload the current standby supervisor engine (slot 1) with the new Cisco IOS software version. After entering the commitversion command, the standby supervisor engine boots in the Standby Hot state.
Page 234: Using Changeversion To Automate An Issu Upgrade
This task describes how to use the issu changeversion command to perform a one step ISSU upgrade. Prerequisites Ensure that the new version of Cisco IOS software image is already present in the file system of both • the active and standby supervisor engines. Also ensure that appropriate boot parameters (BOOT string and config-register) are set for the active and standby supervisor engines •...
Page 235 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Perform the following steps at the active supervisor engine: Command or Action Purpose Step 1 Enables privileged EXEC mode. Switch> enable Enter your password if prompted.
Page 236 Active Location = slot 5 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 237 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process *Feb 25 20:41:03.639: %INSTALLER-7-ISSU_OP_SUCC: issu changeversion successfully executed 'issu runversion' Note Switchover occurs..... Look at the console of new active supervisor engine. *Feb 25 20:47:39.859: %RF-5-RF_TERMINAL_STATE: Terminal state reached for (SSO) *Feb 25 20:47:39.971: %INSTALLER-7-ISSU_OP_SUCC:...
Page 238 Performing the ISSU Process Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 239: Aborting A Software Upgrade During Issu
Performing the ISSU Process Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 240: Configuring The Rollback Timer To Safeguard Against Upgrade Issues
A user may want to configure the rollback timer to more than 45 minutes in order to have enough time to verify the operation of the new Cisco IOS software before committing the new image.
Page 241 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Entering the issu commitversion command at this stage is equal to entering both the issu acceptversion and the issu commitversion commands. Use the issu commitversion command if you do not intend to run in the current state now and are satisfied with the new software version.
Page 242: Displaying Issu Compatibility Matrix Information
Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# issu set rollback-timer 20 % ISSU state should be [ init ] to set the rollback timer...
Page 243 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process 2010 262171 COMPATIBLE 2012 262180 COMPATIBLE 2021 262170 COMPATIBLE 2022 262152 COMPATIBLE 2023 UNAVAILABLE 2024 UNAVAILABLE 2025 UNAVAILABLE 2026 UNAVAILABLE 2027 UNAVAILABLE 2028 UNAVAILABLE 2054 262169...
Page 244 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process 2059 262179 2067 262153 2068 196638 2070 262145 2071 262178 2072 262162 2073 262177 2077 262165 2078 196637 2079 262176 2081 262150 2082 262161 2083 262184...
Page 245: Displaying Issu Compatibility Matrix Information
12.2(53)SG Comp(3) Dynamic(0) was introduced in Cisco IOS Release 12.2(50)SG with the Dynamic Image Version Compatibility (DIVC) feature. With DIVC, Dynamic(0) is stored instead of Incomp(1), Base(2), or Comp(3). Compatibility is determined during runtime when two different DIVC-capable images are running in the active and standby supervisor engines during ISSU.
Page 246 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Command or Action Purpose Step 1 Switch> enable Enables privileged EXEC mode. Enter your password if prompted. Step 2 Switch# show issu comp-matrix Displays information regarding the ISSU compatibility {negotiated | stored | xml} matrix.
Page 247: Related Documents
COMPATIBLE .... Related Documents Related Topic Document Title Performing ISSU Cisco IOS Software: Guide to Performing In Service Software Upgrades Information about Cisco Nonstop Forwarding Cisco Nonstop Forwarding http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsnsf20s .html Information about Stateful Switchover Stateful Switchover http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/sso120s.
Page 248 Chapter 5 Configuring the Cisco IOS In-Service Software Upgrade Process Related Documents Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 5-40 OL-25340-01...
Page 249 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 250: C H A P T E R 6 Configuring The Cisco Ios Xe In Service Software Upgrade Process
• The new and old Cisco IOS XE software images must be loaded into the file systems (bootflash, SD card, or USB) of both the active and the standby supervisor engines before you begin the ISSU process.
Page 251: About Performing Issu
SSO is typically deployed in service provider networks. In this example, Cisco NSF with SSO is enabled at the access layer (edge) of the service provider network. A fault at this point could result in loss of service for enterprise customers requiring access to the service provider network.
Page 252 Depending on your objectives, you may decide to deploy Cisco NSF and SSO features at the core layer of your network. Doing this can help reduce the time required to restore network capacity and service for certain failures, which leads to additional availability.
Page 253 For further information on SSO, see the Stateful Switchover document. Cisco NSF works with the SSO feature in Cisco IOS XE software. SSO is a prerequisite of Cisco NSF. NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover.
Page 254: Issu Process
About Performing ISSU ISSU Process The ISSU process allows you to perform a Cisco IOS XE software upgrade or downgrade while the system continues to forward packets. (For an illustration of the commands used during the ISSU process, refer to Figure 6-8.) Cisco IOS XE ISSU takes advantage of the Cisco IOS XE high availability...
Page 255 Figure 6-4). Note In the following figure, Cisco IOS XE 3.x.y SG represents the current version of Cisco IOS XE 3.z.y SG represents the image you are migrating to. Figure 6-4 Copy New Version of Cisco IOS XE Software on Both Supervisor Engines...
Page 256 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU After you have copied the Cisco IOS XE software to both file systems, load the new version of Cisco IOS XE software onto the standby supervisor engine (see Figure 6-5).
Page 257 Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU After a switchover (NSF/SSO, not RPR), the standby supervisor engine takes over as the new active supervisor engine (see Figure 6-6). Figure 6-6 Switch Over to Standby Supervisor Engine...
Page 258 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU The former active supervisor engine is loaded with an old Cisco IOS XE image so that if the new active supervisor engine experiences problems, you can abort and conduct a switchover to the former active, which is already running the old software image.
Page 259: Performing An Issu Upgrade: 2 Methods
Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU Figure 6-8 shows the steps during the ISSU process. Figure 6-8 Steps During the ISSU Process Standby Active Loadversion Loadversion Active Standby Abortversion Standby Active...
Page 260: Changeversion Process
Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU Changeversion Process The issu changeversion command launches a single-step complete ISSU upgrade cycle. It performs the logic for all four of the standard commands (issu loadversion, issu runversion, issu acceptversion, and issu commitversion) without user intervention, streamlining the upgrade through a single CLI step.
Page 261: Changeversion Deployment Scenario
• In a downgrade scenario, if any feature is not available in the downgrade revision of the Cisco IOS XE software handle, that feature should be disabled prior to initiating the ISSU process. Compatibility Matrix ISSU requires additional information to determine compatibility between software versions. Therefore, a compatibility matrix is defined that contains information about other IOS XE software image with respect to the one in question.
Page 262: Snmp Support For Issu
It is always the newest release that contains the latest information about compatibility with existing releases in the field. The compatibility matrix is available within the Cisco IOS XE software image and on Cisco.com so that users can determine in advance whether an upgrade can be done using the ISSU process.
Page 263: How To Perform The Issu Process
ISSU process is a series of steps performed while the switch is in operation. The steps result in an upgrade to new or modified Cisco IOS XE software, and have a minimal impact to traffic. For an illustration of the process flow for ISSU, refer to Figure 6-8 on page 6-11.
Page 264: Verifying Redundancy Mode Before Beginning The Issu Process
Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process You can verify the ISSU software upgrade by entering show commands to provide information on the state of the during the ISSU process:...
Page 265: Verifying The Issu State Before Beginning The Issu Process
Post-ISSU (Targeted) Image = N/A The new version of the Cisco IOS XE software must be present on both of the supervisor engines. The directory information displayed for each of the supervisor engines shows that the new version is present.
Page 266: Loading New Cisco Ios Xe Software On The Standby Supervisor Engine
61341696 bytes total (1116224 bytes free) Loading New Cisco IOS XE Software on the Standby Supervisor Engine This task describes how to use ISSU to load a new version of Cisco IOS XE software to the standby supervisor engine. Prerequisites •...
Page 267 Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Perform the following steps at the active supervisor engine: Command or Action Purpose Step 1 Enables privileged EXEC mode. Switch> enable Enter your password if prompted.
Page 268 Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Current Image = bootflash:new_image Pre-ISSU (Original) Image = bootflash:old_image Post-ISSU (Targeted) Image = bootflash:new_image Switch# show redundancy states my state = 13 -ACTIVE...
Page 269: Switching To The Standby Supervisor Engine
Switching to the Standby Supervisor Engine This task describes how to switchover to the standby supervisor engine, which is running the new Cisco IOS XE software image. Perform the following steps at the active supervisor engine. Command or Action Purpose Step 1 Enables privileged EXEC mode.
Page 270 Active Location = slot 6 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 271: Stopping The Issu Rollback Timer (Optional)
This optional task describes how to stop the rollback timer. If you do not run the following procedure before the rollback timer “timeout,” the system automatically aborts the ISSU process and reverts to the original Cisco IOS XE software version. By default the rollback timer is 45 minutes.
Page 272: Loading New Cisco Ios Xe Software On The New Standby Supervisor Engine
Configured Rollback Time = 00:45:00 Loading New Cisco IOS XE Software on the New Standby Supervisor Engine This task explains how to load new version of Cisco IOS XE software to the new standby supervisor engine. Perform the following steps at the active supervisor engine:...
Page 273: Using Changeversion To Automate An Issu Upgrade
Pre-ISSU (Original) Image = N/A Post-ISSU (Targeted) Image = N/A The ISSU process has completed. At this stage, any further Cisco IOS XE software version upgrade or downgrade will require that a new ISSU process be invoked. Using changeversion to Automate an ISSU Upgrade This task describes how to use the issu changeversion command to perform a one step ISSU upgrade.
Page 274 How to Perform the ISSU Process Prerequisites Ensure that the new version of Cisco IOS XE software image is already present in the file system of • both the active and standby supervisor engines. Also ensure that appropriate boot parameters...
Page 275 Active Location = slot 5 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 276 Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Sun 29-Aug-10 03:57 by gsbuprod Configuration register = 0x2920 Switch# issu changeversion bootflash:y.bin % 'issu changeversion' is now executing 'issu loadversion'...
Page 277 Active Location = slot 6 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 278 Active Location = slot 5 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 279: Aborting A Software Upgrade During Issu
Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Pre-ISSU (Original) Image = N/A Post-ISSU (Targeted) Image = N/A Aborting a Software Upgrade During ISSU You can abort the ISSU process at any stage manually (prior to entering the issu commitversion command) by entering the issu abortversion command.
Page 280: Configuring The Rollback Timer To Safeguard Against Upgrade Issues
A user may want to configure the rollback timer to more than 45 minutes in order to have enough time to verify the operation of the new Cisco IOS XE software before committing the new software image.
Page 281 Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Command or Action Purpose Step 1 Switch> enable Enables privileged EXEC mode. Enter your password if prompted. Step 2 Enters global configuration mode.
Page 282: Displaying Issu Compatibility Matrix Information
Chapter 6 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Displaying ISSU Compatibility Matrix Information The ISSU compatibility matrix contains information about other IOS XE software releases and the version in question. This compatibility matrix represents the compatibility of the two software versions, one running on the active and the other on the standby supervisor engine, and the matrix allows the system to determine the highest operating mode it can achieve.
Page 283: Cisco High Availability Features In Cisco Ios Xe 3.1.0Sg
..Cisco High Availability Features in Cisco IOS XE 3.1.0SG This section provides a list of High Availability software features that are supported in Cisco IOS XE 3.1.0SG. Links to the feature documentation are included. Feature guides may contain information about more than one feature. To find information about a specific feature within a feature guide, see the Feature Information table at the end of the guide.
Page 284 Configuring the Cisco IOS XE In Service Software Upgrade Process Cisco High Availability Features in Cisco IOS XE 3.1.0SG that guide are supported in your software release. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.
Page 285: Configuring Interfaces
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 286: About Interface Configuration
1. When you are facing the front of the switch, the interfaces are numbered from left to right. You can identify interfaces by physically checking the slot/interface location on the switch. You can also use the Cisco IOS show commands to display information about a specific interface or all the interfaces. Using the interface Command...
Page 287: Chapter 7 Configuring Interface
Chapter 7 Configuring Interfaces Using the interface Command Hardware is Ethernet SVI, address is 0004.dd46.7aff (bia 0004.dd46.7aff) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface"...
Page 288: Configuring A Range Of Interfaces
Chapter 7 Configuring Interfaces Configuring a Range of Interfaces 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out --More-- <...output truncated...> Step 4 To begin configuring Fast Ethernet interface 5/5, as shown in the following example, enter the interface keyword, interface type, slot number, and interface number in global configuration mode: Switch# configure terminal Enter configuration commands, one per line.
Page 289 Chapter 7 Configuring Interfaces Configuring a Range of Interfaces The interface range command works only with VLAN interfaces that have been configured with the Note interface vlan command (the show running-configuration command displays the configured VLAN interfaces). VLAN interfaces that are not displayed by the show running-configuration command cannot be used with the interface range command.
Page 290: Using The Ethernet Management Port
PC. Use the Ethernet management port instead of the switch console port for network management. When managing a switch, connect the PC to the Ethernet management port on a Catalyst 4500 series switch. (Figure 7-1).
Page 291: Fa1 Interface And Mgmtvrf
For details on configuring SSO and ISSU, refer to Chapter 9, “Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Engine 6L-E” Chapter 5, “Configuring the Cisco IOS In-Service Software Upgrade Process”. Fa1 Interface and mgmtVrf Caution The Ethernet management port is intended for out-of-band access only.
Page 292 Chapter 7 Configuring Interfaces Using the Ethernet Management Port Telnet, page 7-8 • TFTP, page 7-8 • FTP, page 7-9 • SSH, page 7-9 • Command usage specific to the mgmtVrf are mentioned below. The additional configuration that is Note necessary to make the feature work needs to be configured.
Page 293: Sso Model
In SSO mode, the running configurations on the active and standby supervisor engines must match. You cannot enable the management port on a redundant chassis if one of the two supervisor engines is running an Cisco IOS image prior to Cisco IOS Release 12.2(50)SG (wherein a management port is not supported).
Page 294: Configuring The Ethernet Management Port
Speed—10 Mb/s, 100 Mb/s, 1000Mb/s, and autonegotiation – Duplex mode—Full, half, and autonegotiation – – Loopback detection • Cisco Discovery Protocol (CDP) (only on WS-C4900M and WS-C4948) • IPv4 access control lists (ACLs) • Routing protocols (only on WS-C4900M and WS-C4948) • Caution Before enabling a feature on the Ethernet management port, ensure that the feature is supported.
Page 295: Deploying Sfp+ In X2 Ports
Chapter 7 Configuring Interfaces Deploying SFP+ in X2 Ports To define an interface-range macro, enter this command: This example shows how to define an interface-range macro named enet_list to select Fast Ethernet Command Purpose Defines the interface-range macro and Switch(config)# define interface-range macro_name {vlan vlan_ID - vlan_ID} | {{fastethernet | saves it in the running configuration file.
Page 296: Deploying 10-Gigabit Ethernet And Gigabit Ethernet Sfp Ports On Supervisor Engine V-10Ge
Deploying 10-Gigabit Ethernet and Gigabit Ethernet SFP Ports on Supervisor Engine V-10GE To use an SFP+ in an X2 port to obtain 10-Gigabit Ethernet bandwidth, the Catalyst 4500 series switch supports OneX Convertor modules. When you plug a OneX Convertor module into an X2 port, it converts the X2 port into an SFP+ port into which you can plug in an SFP+.
Page 297: Deploying 10-Gigabit Ethernet Or Gigabit Ethernet Ports
Deploying 10-Gigabit Ethernet or Gigabit Ethernet Ports Deploying 10-Gigabit Ethernet or Gigabit Ethernet Ports To increase the flexibility of X2 ports, the Catalyst 4500 series switch as well as Catalyst 4900M and Catalyst 4948E support TwinGig Convertor modules. When you plug a TwinGig Convertor module into an X2 hole, it converts a single X2 hole (capable of holding one pluggable X2 optic) into two SFP holes (capable of holding two pluggable SFP optics).
Page 298: Limitations On Using A Twingig Convertor
Chapter 7 Configuring Interfaces Deploying 10-Gigabit Ethernet or Gigabit Ethernet Ports Limitations on Using a TwinGig Convertor Supervisor Engine 6-E, Supervisor Engine 6L-E, and Catalyst 4900M connect ports to the switching engine through a stub ASIC. This stub ASIC imposes some limitations on the ports: Gigabit and 10-Gigabit ports cannot be mixed on a single stub ASIC;...
Page 299: Supervisor Engine 6-E And Supervisor Engine 6L-E
This feature enables you to use all four 10-Gigabit Ethernet ports on the supervisor engines as blocking ports when in redundant mode. Prior to Cisco IOS Release 12.2(40)SG, Catalyst 4500 Supervisor Engine V-10GE allowed you to enable either the dual wire-speed 10-Gigabit Ethernet ports or four TwinGig convertor based Gigabit Ethernet SFP uplink ports when operating in redundant mode.
Page 300: Limitation And Restrictions On Supervisor Engine 7-E And Supervisor Engine 7L-E
Limitation and Restrictions on Supervisor Engine 7-E and Supervisor Engine 7L-E Beginning with Cisco IOS Release 12.2(40)SG, you could deploy all four 10-Gigabit Ethernet ports, two blocking ports on an active supervisor engine and two blocking ports on the standby supervisor engine, or all eight Gigabit Ethernet SFP ports, four on the active supervisor and four on the standby supervisor engine.
Page 301: Selecting The Uplink Port On A Supervisor Engine 7L-E
TenGigabit mode, preventing you from selecting gigabitethernet mode. Selecting the Uplink Port on a Supervisor Engine 7L-E With Cisco IOS Release 15.0(2)SG, the SFP+/SFP uplink modes on Supervisor Engine 7L-E (WS-X45-SUP-7L-E) have changed. The number of uplink ports now depends on the supervisor engine mode (single or redundant) and the uplink mode configuration (1-Gigabit or 10-Gigabit).
Page 302: Redundant Supervisor Mode
The frequency at which the sensor information is refreshed depends on default values configured in the transceiver SEEPROM (Serial Electrically Erasable Programmable Read Only Memory). Note For details on transceiver module compatibility, refer to this URL: http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 7-18 OL-25340-01...
Page 303: Configuring Optional Interface Features
Chapter 7 Configuring Interfaces Configuring Optional Interface Features Configuring Optional Interface Features The following sections describe optional procedures: Configuring Ethernet Interface Speed and Duplex Mode, page 7-19 • Configuring Flow Control, page 7-22 • Configuring Jumbo Frame Support, page 7-24 •...
Page 304: Setting The Interface Speed
Chapter 7 Configuring Interfaces Configuring Optional Interface Features Setting the Interface Speed If you set the interface speed to auto on a 10/100-Mbps Ethernet interface, speed and duplex are autonegotiated. The forced 10/100 autonegotiation feature allows you to limit interface speed auto negotiation up to 100 Mbps on a 10/100/1000BASE-T port.
Page 305: Setting The Interface Duplex Mode
Chapter 7 Configuring Interfaces Configuring Optional Interface Features Setting the Interface Duplex Mode Note When the interface is set to 1000 Mbps, you cannot change the duplex mode from full duplex to half duplex. To set the duplex mode of a Fast Ethernet interface, perform this task: Command Purpose Step 1...
Page 306: Adding A Description For An Interface
Chapter 7 Configuring Interfaces Configuring Optional Interface Features Adding a Description for an Interface You can add a description about an interface to help you remember its function. The description appears in the output of the following commands: show configuration show running-config show interfaces.
Page 307 Chapter 7 Configuring Interfaces Configuring Optional Interface Features This example shows how to configure flow control on an oversubscribed Gigabit Ethernet port 7/5: Switch# configure terminal Switch(config)# interface g7/5 Switch(config-if)# flowcontrol send on Switch(config-if)# end Switch)# show interfaces gigabitEthernet 7/5 capabilities GigabitEthernet7/5 Model: WS-X4548-GB-RJ45-RJ-45...
Page 308: Configuring Jumbo Frame Support
Chapter 7 Configuring Interfaces Configuring Optional Interface Features Dot1x: Maximum MTU: 9198 bytes (Jumbo Frames) Multiple Media Types: Diagnostic Monitoring: N/A Switch# show flowcontrol interface gigabitEthernet 5/5 Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper --------- -------- -------- -------- -------- ------- ------- Gi5/5 desired...
Page 309: Jumbo Frame Support
• Maximum Transmission Units The Catalyst 4500 series switch allows you to configure a maximum of 32 different maximum transmission unit (MTU) sizes system wide. This means that the maximum number of different MTU sizes that you can configure with the system mtu, mtu, ip mtu, and ipv6 mtu command on all Layer 2 and Layer 3 interfaces combined is 32.
Page 310 Jumbo frame support does not fragment Layer 2 switched packets. Note The Catalyst 4500 series switch does not compare the packet size with the MTU at the egress port, but jumbo frames are dropped in ports that do not support them. The frames can be transmitted in ports that do support jumbo frames, even though the MTU is not configured to jumbo size.
Page 311: Configuring Mtu Sizes
Chapter 7 Configuring Interfaces Configuring Optional Interface Features The MTU of a packet is not checked on the ingress side for an SVI; it is checked on the egress side of an SVI. If the MTU of a packet is larger than the MTU of the egress SVI, the packet is sent to the CPU for fragmentation processing.
Page 312: Interacting With Baby Giants
Configuring Optional Interface Features Interacting with Baby Giants The baby giants feature, introduced in Cisco IOS Release 12.1(12c)EW, uses the global command system mtu size to set the global baby giant MTU. This feature also allows certain interfaces to support Ethernet payload size of up to 1552 bytes.
Page 313: Configuring Auto-Mdix On A Port
Chapter 7 Configuring Interfaces Configuring Optional Interface Features Switch(config)# interface tenGigabitEthernet 2/1 Switch(config-if)# link debounce Warning: Enabling debounce feature causes link down detection to be delayed Switch(config-if)# exit This example shows how to enable the port debounce timer of 5000 ms on 10-Gigabit Ethernet port 2/2 and to verify the setting: Switch# config terminal Enter configuration commands, one per line.
Page 314: Displaying The Interface Auto-Mdix Configuration
Chapter 7 Configuring Interfaces Configuring Optional Interface Features Table 7-3 Link Conditions and auto-MDIX Settings Local Side auto-MDIX Remote Side auto-MDIX With Correct Cabling With Incorrect Cabling Link up Link up Link up Link up Link up Link up Link up Link down To configure auto-MDIX on a port, perform this task: Command...
Page 315: Understanding Online Insertion And Removal
Switch# Understanding Online Insertion and Removal The online insertion and removal (OIR) feature supported on the Catalyst 4500 series switch allows you to remove and replace modules while the system is online. You can shut down the module before removal and restart it after insertion without causing other software or interfaces to shut down.
Page 316: Online Insertion And Removal On A Ws-4500X-32
For the number keyword, the only applicable value for WS-C4500 is 2. With Cisco Release IOS XE 3.3.0SG and IOS 15.1(1)SG, the start and stop commands are only enabled on the uplink module of WS-4500X-32.
Page 317: Booting A Module After If It Has Been Stopped
Chapter 7 Configuring Interfaces Online Insertion and Removal on a WS-4500X-32 Switch# *Feb 5 16:34:37.325: %C4K_IOSMODPORTMAN-6-MODULEOFFLINE: Module 2 is offline Switch# show module Chassis Type : WS-C4500X-32 Power consumed by backplane : 0 Watts Mod Ports Card Type Model Serial No. ---+-----+--------------------------------------+------------------+----------- 4500X-32 10GE (SFP+) WS-C4900X-32P-10G...
Page 318: Common Scenarios
Resetting the Interface to the Default Configuration, page 7-38 Monitoring Interface and Controller Status The Cisco IOS software for the Catalyst 4500 series switch contains commands that you can enter at the EXEC prompt to display information about the interface, including the version of the software and the hardware, the controller status, and statistics about the interfaces.
Page 319: Clearing And Resetting The Interface
Chapter 7 Configuring Interfaces Monitoring and Maintaining the Interface To display information about the interface, enter one of the following commands: Command Purpose Displays the status and configuration of all interfaces or of Switch# show interfaces [type slot/interface] a specific interface. Displays the configuration currently running in RAM.
Page 320: Configuring Interface Link Status And Trunk Status Events
“administratively down.” Configuring Interface Link Status and Trunk Status Events You can configure interface link status and trunk status events. On the Catalyst 4500 series switch, the following interface logging event notifications are supported both globally and per interface: •...
Page 321: Configuring Link Status Event Notification For An Interface
Chapter 7 Configuring Interfaces Monitoring and Maintaining the Interface Configuring Link Status Event Notification for an Interface To enable or disable a link status logging event, enter one of the following commands: Command Purpose Enables interface link status logging. Switch(config-if)# logging event link-status Disables interface link status logging.
Page 322: Resetting The Interface To The Default Configuration
Chapter 7 Configuring Interfaces Monitoring and Maintaining the Interface The following example displays the configuration and logging message output for link status and trunk status logging events: // The global link status and trunk status logging events are enabled. Switch# show running | include logging show running | include logging logging event link-status global logging event trunk-status global...
Page 323 Chapter 7 Configuring Interfaces Monitoring and Maintaining the Interface This command clears all the configurations and shut down the interface: Switch# show run interface fastethernet 3/5 Building configuration... Current configuration : 58 bytes interface FastEthernet3/5 no ip address shutdown Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 7-39 OL-25340-01...
Page 324 Chapter 7 Configuring Interfaces Monitoring and Maintaining the Interface Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 7-40 OL-25340-01...
Page 325 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 326: C H A P T E R 8 Checking Port Status And Connectivity
Checking Module Status Checking Module Status The Catalyst 4500 series switch is a multimodule system. You can see which modules are installed, as well as the MAC address ranges and version numbers for each module, by entering the show module command.
Page 327: Checking Interfaces Status
“Checking Module Status” section on page 8-2. This example shows how to display the status of all interfaces on a Catalyst 4500 series switch, including transceivers. Output of this command displays “Unapproved GBIC” for non-Cisco transceivers: Switch# show interfaces status...
Page 328: Displaying Mac Addresses
With TDR, you can check the status of copper cables on the 48-port 10/100/1000 BASE-T modules for the Catalyst 4500 series switch. TDR detects a cable fault by sending a signal through the cable and reading the signal that is reflected back. All or part of the signal can be reflected back either by cable defects or by the end of the cable.
Page 329: Running The Tdr Test
Chapter 8 Checking Port Status and Connectivity Checking Cable Status Using Time Domain Reflectometer Four pairs of standard category 5 cable exist. Each pair can assume one of the following states: open (not Note connected), broken, shorted, or terminated. The TDR test detects all four states and displays the first three as “Fault”...
Page 330: Tdr Guidelines
Chapter 8 Checking Port Status and Connectivity Using Telnet Switch# show cable-diagnostics tdr interface gi4/13 Interface Speed Local pair Cable length Remote channel Status Gi4/13 0Mbps 102 +-2m Unknown Fault 100 +-2m Unknown Fault 102 +-2m Unknown Fault 102 +-2m Unknown Fault After this command is deprecated, use the diagnostic start and the show diagnostic result commands to...
Page 331: Changing The Logout Timer
Chapter 8 Checking Port Status and Connectivity Changing the Logout Timer To establish a Telnet connection to a host by using the hostname, configure and enable DNS. Note To establish a Telnet connection to another device on the network from the switch, enter this command: Command Purpose Opens a Telnet session to a remote host.
Page 332: Using Ping
Chapter 8 Checking Port Status and Connectivity Using Ping Interface User Mode Idle Peer Address Switch# show users all Line User Host(s) Idle Location 0 con 0 idle 00:00:00 1 vty 0 00:00:00 2 vty 1 00:00:00 3 vty 2 00:00:00 4 vty 3 00:00:00...
Page 333: Running Ping
Chapter 8 Checking Port Status and Connectivity Using IP Traceroute Destination unreachable—If the default gateway cannot reach the specified network, a Destination • Unreachable message is returned. • Network or host unreachable—If there is no entry in the route table for the host or network, a Network or Host Unreachable message is returned.
Page 334: Running Ip Traceroute
Switch# trace ip ABA.NYC.mil Type escape sequence to abort. Tracing the route to ABA.NYC.mil (26.0.0.73) 1 DEBRIS.CISCO.COM (192.180.1.6) 1000 msec 8 msec 4 msec 2 BARRNET-GW.CISCO.COM (192.180.16.2) 8 msec 8 msec 8 msec 3 EXTERNAL-A-GATEWAY.STANFORD.EDU (192.42.110.225) 8 msec 4 msec 4 msec 4 BB2.SU.BARRNET.NET (192.200.254.6) 8 msec 8 msec 8 msec...
Page 335: Layer 2 Traceroute Usage Guidelines
Chapter 8 Checking Port Status and Connectivity Using Layer 2 Traceroute If you want the switch to trace the path from a host on a source device to a host on a destination device, the switch can identify only the path from the source device to the destination device. It cannot identify the path that a packet takes from source host to the source device or from the destination device to the destination host.
Page 336: Running Layer 2 Traceroute
Chapter 8 Checking Port Status and Connectivity Using Layer 2 Traceroute This feature is not supported in Token Ring VLANs. • Running Layer 2 Traceroute To display the physical path that a packet takes from a source device to a destination device, enter either one of these commands: Command Purpose...
Page 337: Configuring Icmp
Data routes are sometimes less than optimal. For example, it is possible for the router to be forced to resend a packet through the same interface on which it was received. If this occurs, the Cisco IOS software sends an ICMP Redirect message to the originator of the packet telling the originator that the router is on a subnet directly connected to the receiving device, and that it must forward the packet to another system on the same subnet.
Page 338: Enabling Icmp Mask Reply Messages
URL: http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_hsrp_ps6350_TSD_Products_Confi guration_Guide_Chapter.html To enable the sending of ICMP Redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received, enter the following command in interface configuration mode:...
Page 339: Supervisor Engine 6L-E
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 340: About Supervisor Engine Redundancy
A user reloads the active supervisor engine. RPR Operation RPR is supported in Cisco IOS Release 12.2(12c)EW and later releases. When a redundant supervisor engine runs in RPR mode, it starts up in a partially-initialized state and is synchronized with the persistent configuration of the active supervisor engine.
Page 341: Sso Operation
SSO Operation SSO is supported in Cisco IOS Release 12.2(20)EWA and later releases. When a redundant supervisor engine runs in SSO mode, the redundant supervisor engine starts up in a fully-initialized state and synchronizes with the persistent configuration and the running configuration of the active supervisor engine.
Page 342: About Supervisor Engine Redundancy Synchronization
The following features are learned on the redundant supervisor engine if the SSO feature is enabled: • All Layer 3 protocols on Catalyst 4500 series switches (Switch Virtual Interfaces) About Supervisor Engine Redundancy Synchronization During normal operation, the persistent configuration (RPR and SSO) and the running configuration (SSO only) are synchronized by default between the two supervisor engines.
Page 343: Rpr Supervisor Engine Configuration Synchronization
Chapter 9 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Supervisor Engine Redundancy Guidelines and Restrictions RPR Supervisor Engine Configuration Synchronization Because the redundant supervisor engine is only partially initialized in RPR mode, it interacts with the active supervisor engine only to receive configuration changes at startup and upon saving the configuration changes.
Page 344 RPR requires Cisco IOS Release 12.1(12c)EW, Release 12.1(19)E or later releases. SSO requires Cisco IOS Release 12.2(20)EWA or later releases. • The Catalyst 4507R switch and the 4510R switch are the only Catalyst 4500 series switches that support supervisor engine redundancy. •...
Page 345: Configuring Supervisor Engine Redundancy
Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Configuring Supervisor Engine Redundancy The Cisco Express Forwarding (CEF) table is cleared on a switchover. As a result, routed traffic is • interrupted until route tables reconverge. This reconvergence time is minimal because the SSO feature reduces the supervisor engine redundancy switchover time from 30+ seconds to subsecond, so Layer 3 also has a faster failover time if the switch is configured for SSO.
Page 346: Configuring Redundancy
When configuring redundancy, note the following: The sso keyword is supported in Cisco IOS Release 12.2(20)EWA and later releases. • The rpr keyword is supported in Cisco IOS Release 12.1(12c)EW and later releases.
Page 347 Current Software state = STANDBY HOT Uptime in current state = 2 days, 2 hours, 39 minutes Image Version = Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-I5S-M), Version 12.2(20)EWA(3 .92), CISCO INTERNAL USE ONLY ENHANCED PRODUCTION VERSION Copyright (c) 1986-2004 by cisco Systems, Inc.
Page 348: Virtual Console For Standby Supervisor Engine
Configuring Supervisor Engine Redundancy Virtual Console for Standby Supervisor Engine Catalyst 4500 series switches can be configured with two supervisor engines to provide redundancy. When the switch is powered, one of the supervisor engines becomes active and remains active until a switchover occurs.
Page 349: Synchronizing The Supervisor Engine Configurations
Chapter 9 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Configuring Supervisor Engine Redundancy The virtual console is noninteractive. Because the virtual console does not detect the interactive • nature of a command, any command that requires user interaction causes the virtual console to wait until the RPC timer aborts the command.
Page 350: Performing A Manual Switchover
Chapter 9 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Performing a Manual Switchover To manually synchronize individual elements of the standard auto-sync configuration, disable the default Note automatic synchronization feature. When you configure the auto-sync standard, the individual sync options such as no auto-sync Note startup-config are ignored.
Page 351: Performing A Software Upgrade
Cisco IOS Release 12.1(x)E, and a standby supervisor engine running Cisco IOS Release 12.2(x)S. The standby supervisor engine resets repeatedly. If you are trying to upgrade redundant supervisor engines from Cisco IOS Release 12.1(x)E to 12.2(x)S, this requires a full system reboot.
Page 352: Manipulating Bootflash On The Redundant Supervisor Engine
Switch# copy running-config start-config Step 9 Reloads the redundant supervisor engine and brings it Switch# redundancy reload peer back online (using the new release of the Cisco IOS software). Note Before proceeding to Step 10, ensure that the switch is operating in RPR mode.
Page 353 Chapter 9 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Manipulating Bootflash on the Redundant Supervisor Engine To manipulate the redundant supervisor engine bootflash, perform one or more of the following commands: Command Purpose Switch# dir slaveslot0:target_filename Lists the contents of the slot0: device on the redundant supervisor engine.
Page 354 Chapter 9 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Manipulating Bootflash on the Redundant Supervisor Engine Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 9-16 OL-25340-01...
Page 355: Supervisor Engine 7L-E
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 356: About Supervisor Engine Redundancy
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor About Supervisor Engine Redundancy and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html About Supervisor Engine Redundancy These sections describe supervisor engine redundancy: • Overview, page 10-2 •...
Page 357: Rpr Operation
About Supervisor Engine Redundancy RPR Operation RPR is supported in Cisco IOS-XE Release 3.1.0SG and later releases. When a standby supervisor engine runs in RPR mode, it starts up in a partially-initialized state and is synchronized with the persistent configuration of the active supervisor engine.
Page 358 NetFlow • The following features are learned on the standby supervisor engine if the SSO feature is enabled: All Layer 3 protocols on Catalyst 4500 series switches (Switch Virtual Interfaces) • Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 359: About Supervisor Engine Redundancy Synchronization
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor About Supervisor Engine Redundancy Synchronization About Supervisor Engine Redundancy Synchronization During normal operation, the persistent configuration (RPR and SSO) and the running configuration (SSO only) are synchronized by default between the two supervisor engines. In a switchover, the new active supervisor engine uses the current configuration.
Page 360 • • The Cisco Express Forwarding (CEF) table is cleared on a switchover. As a result, routed traffic is interrupted until route tables reconverge. This reconvergence time is minimal because the SSO feature reduces the supervisor engine redundancy switchover time from 30+ seconds to subsecond, so Layer 3 also has a faster failover time if the switch is configured for SSO.
Page 361: Configuring Supervisor Engine Redundancy
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Configuring Supervisor Engine Redundancy If configuration changes on a redundant switch are made through SNMP set operations, the changes • are not synchronized to the standby supervisor engine even in SSO mode. You might experience unexpected behavior.
Page 362 Active Location = slot 3 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 15.0(100)XO(1.42), INTERIM SOFTWARE Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 363: Virtual Console For Standby Supervisor Engine
1 13:11:16: %C4K_REDUNDANCY-3-SIMPLEX_MODE: The peer Supervisor has been lost Virtual Console for Standby Supervisor Engine Catalyst 4500 series switches can be configured with 2 supervisor engines to provide redundancy. When the switch is powered, one of the supervisor engines becomes active and remains active until a switchover occurs.
Page 364: Synchronizing The Supervisor Engine Configurations
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Configuring Supervisor Engine Redundancy To log in to the standby supervisor engine using a virtual console, do the following: Switch# session module 4 Connecting to standby virtual console Type "exit"...
Page 365 Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Configuring Supervisor Engine Redundancy Command Purpose Step 4 Returns to privileged EXEC mode. Switch(config-r-mc)# end Step 5 Synchronizes the running configuration in dynamic Switch# copy running-config startup-config random-access memory (DRAM) to the startup configuration file in NVRAM.
Page 366: Performing A Manual Switchover
ISSU to upgrade software for both RPR and SSO redundant mode. The software upgrade procedure supported by supervisor engine redundancy allows you to reload the Cisco IOS software image on the redundant supervisor engine, and once complete, reload the active supervisor engine once.
Page 367 Switch# copy running-config start-config Step 9 Reloads the standby supervisor engine and brings it back Switch# redundancy reload peer online (using the new release of the Cisco IOS-XE software). Step 10 Conducts a manual switchover to the standby supervisor Switch# redundancy force-switchover engine.
Page 368: Manipulating Bootflash On The Standby Supervisor Engine
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Manipulating Bootflash on the Standby Supervisor Engine This example illustrates how to verify that the running configuration on the active supervisor engine has successfully synchronized with the redundant supervisor engine: Switch# config terminal Switch(config)# redundancy Switch(config-red)# main-cpu...
Page 369 Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Manipulating Bootflash on the Standby Supervisor Engine Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 10-15 OL-25340-01...
Page 370 Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Manipulating Bootflash on the Standby Supervisor Engine Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 10-16 OL-25340-01...
Page 371: About Nsf With Sso Supervisor Engine Redundancy
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 372: C H A P T E R 11 Configuring Cisco Nsf With Sso Supervisor Engine Redundancy
NSF does not support IPv6. Note NSF- capable devices include Catalyst 4500 series switches, Catalyst 6500 series switches, Cisco 7500 series routers, Cisco 10000 series routers, and Cisco 12000 series routers. A typical topology for NSF and NSF-aware routers is given below.
Page 373: Nsf With Sso Supervisor Engine Redundancy Overview
NSF with SSO Supervisor Engine Redundancy Overview Catalyst 4500 series switches support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover.
Page 374: Sso Operation
In networking devices running SSO, both supervisor engines must be running the same Cisco IOS software version and ROMMON version so that the redundant supervisor engine is always ready to assume control following a fault on the active supervisor engine.
Page 375: Cisco Express Forwarding
About NSF with SSO Supervisor Engine Redundancy Cisco Express Forwarding A key element of NSF is packet forwarding. In a Cisco networking device, packet forwarding is provided by Cisco Express Forwarding (CEF). CEF maintains the FIB and uses the FIB information that was current at the time of the switchover to continue forwarding packets during a switchover.
Page 376: Ospf Operation
Chapter 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy About NSF with SSO Supervisor Engine Redundancy If the BGP session is lost during the supervisor engine switchover, the NSF-aware BGP peer marks all the routes associated with the NSF-capable router as stale; however, it continues to use these routes to make forwarding decisions for a set period of time.
Page 377: Is-Is Operation
If the neighbor routers on a network segment are not NSF-aware, you must use the Cisco configuration option. The Cisco IS-IS configuration transfers both protocol adjacency and link-state information from the active to the redundant supervisor engine. An advantage of Cisco configuration is that it does not rely on NSF-aware neighbors.
Page 378: Eigrp Operation
Configuring Cisco NSF with SSO Supervisor Engine Redundancy About NSF with SSO Supervisor Engine Redundancy Following a switchover, Cisco IS-IS NSF has complete neighbor adjacency and LSP information; Note however, it must wait for all interfaces to come on line that had adjacencies prior to the switchover. If an interface does not come on line within the allocated interface wait time, the routes learned from these neighbor devices are not considered in routing table recalculation.
Page 379: Nsf Guidelines And Restrictions
Chapter 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy When the restarting router has received all EOT indications from its neighbors or when the NSF converge timer expires, EIGRP notifies the RIB of convergence. EIGRP waits for the RIB convergence signal and then floods its topology table to all awaiting NSF-aware peers.
Page 380: Configuring Sso
Displays the operating redundancy mode. Switch# show redundancy states Note The sso keyword is supported in Cisco IOS Release 12.2(20)EWA and later releases. This example shows how to configure the system for SSO and display the redundancy state: Switch> enable Switch# configure terminal Enter configuration commands, one per line.
Page 381: Verifying Cef Nsf
Chapter 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy Verifying CEF NSF To verify that CEF is NSF-capable, enter the show cef state command: Switch# show cef state CEF Status [RP] CEF enabled/running...
Page 382: Configuring Ospf Nsf
Chapter 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy Verify that “bgp graceful-restart” appears in the BGP configuration of the SSO-enabled switch by Step 1 entering the show running-config command: Switch# show running-config...
Page 383: Verifying Ospf Nsf
Chapter 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy Command Purpose Step 2 Enables an OSPF routing process, which places the Switch(config)# router ospf processID switch in router configuration mode. Step 3 Enables NSF operations for OSPF.
Page 384: Verifying Is-Is Nsf
<...Output Truncated...> Step 2 If the NSF configuration is set to cisco, enter the show isis nsf command to verify that NSF is enabled on the device. Using the Cisco configuration, the display output differs on the active and redundant RPs.
Page 385 Checkpointing enabled, no errors Local state:ACTIVE, Peer state:STANDBY HOT, Mode:SSO The following display shows sample output for the Cisco configuration on the standby RP. In this example, note the presence of “NSF restart enabled”: Switch# show isis nsf NSF enabled, mode 'cisco'...
Page 386: Configuring Eigrp Nsf
Chapter 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy NSF L2 Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE L2 NSF CSNP requested:FALSE Configuring EIGRP NSF To configure EIGRP NSF, perform this task:...
Page 387: Cisco High Availability Features In Cisco Ios Xe 3.1.0Sg
Distance: internal 90 external 170 Cisco High Availability Features in Cisco IOS XE 3.1.0SG This section provides a list of High Availability software features that are supported in Cisco IOS XE 3.1.0SG. Links to the feature documentation are included. Feature guides may contain information about more than one feature. To find information about a specific feature within a feature guide, see the Feature Information table at the end of the guide.
Page 388 Chapter 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Cisco High Availability Features in Cisco IOS XE 3.1.0SG SSO - Multilink PPP (MLP) http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-stateful-switchover.ht SSO - PPP http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-stateful-switchover.ht Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 11-18 OL-25340-01...
Page 389: About Environmental Monitoring
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 390: Using Cli Commands To Monitor Your Environment
Chapter 12 Environmental Monitoring and Power Management About Environmental Monitoring System Alarms, page 12-5 • Environmental monitoring of chassis components provides early warning indications of possible component failure. This warning helps you to ensure the safe and reliable operation of your system and avoid network interruptions.
Page 391: C H A P T E R 12 Environmental Monitoring And Power Management
Chapter 12 Environmental Monitoring and Power Management About Environmental Monitoring Chassis Type : WS-C4510R-E Power consumed by backplane : 40 Watts Switch Bandwidth Utilization : 0% Supervisor Led Color : Green Module 2 Status Led Color : Green Module 5 Status Led Color : Green Module 6 Status Led Color...
Page 392: Emergency Actions
Chapter 12 Environmental Monitoring and Power Management About Environmental Monitoring The following example illustrates how to display the environment condition on WS-C4500X-32 with a Supervisor Engine 7-E. The thresholds appear within parentheses. Switch> show environment no temperature alarms Module Sensor Temperature Status ------+--------------------------+--------------------+------------...
Page 393: System Alarms
Chapter 12 Environmental Monitoring and Power Management About Environmental Monitoring supplies to protect itself from overheating. When this happens, you can recover the switch only by cycling the power on and off switches on the power supplies or by cycling the AC or DC inputs to the power supplies.
Page 394: Power Management
The timer values and the emergency actions depend on the type of supervisor engine. Refer to the Catalyst 4500 Series Switch Module Installation Guide for information on LEDs, including Note the startup behavior of the supervisor engine system LED.
Page 395: Power Management For The Catalyst 4500 Series Switches
You can select from several different power supplies to ensure that you have enough power for the modules installed in your switch. You should select a power supply based on the modules and the amount of PoE desired using the Cisco Note Power Calculator: http://tools.cisco.com/cpc/...
Page 396: Power Management Modes For The Catalyst 4500 Switch
– on the number of inputs powered and input voltage. All Catalyst 4500 series switch AC-input power supplies require single-phase source AC. The source AC Note can be out of phase between multiple power supplies or multiple AC-power plugs on the same power supply because all AC power supply inputs are isolated.
Page 397: Selecting A Power Management Mode
1000 W can support a fully loaded Catalyst 4503 switch with no powered device support. • 1300 W can support a fully loaded Catalyst 4503 switch with Cisco powered devices. • Each PoE port on a WS-X4148-RJ45V module requires 6.3 W. Five fully loaded WS-X4148-RJ45V modules in a switch comprise 240 ports.
Page 398 Chapter 12 Environmental Monitoring and Power Management Power Management If the power requirements for the installed modules exceeds the power provided by the power supplies, the switch displays this error message: Insufficient power available for the current chassis configuration. This error message also appears in the show power command output. If you attempt to insert additional modules into your switch and exceed the power supply, the switch immediately places the newly inserted module into reset mode, and the switch displays these error messages:...
Page 399 When all slots are required only one WS-X4448-GB-RJ45 line card can be used. Configuring Redundant Mode on a Catalyst 4500 Series Switch By default, the power supplies in a Catalyst 4500 series switch are set to operate in redundant mode. To effectively use redundant mode, follow these guidelines: Use two power supplies of the same type.
Page 400 The maximum available power for chassis and PoE for each power supply are listed in Table 12-5 on page 12-14. To configure redundant mode on your Catalyst 4500 series switch, perform this task: Command Purpose Step 1 Switch# configure terminal Enters configuration mode.
Page 401: Available Power For Catalyst 4500 Series Switches Power Supplies
Available Power for Catalyst 4500 Series Switches Power Supplies Table 12-5 lists the power available for use in the various Catalyst 4500 series switches power supplies. When your switch is configured to combined mode, the total available power in not the mathematical sum of the individual power supplies.
Page 402: Special Considerations For The 4200 W Ac And 6000 W Ac Power Supplies
Chapter 12 Environmental Monitoring and Power Management Power Management Table 12-5 Available Power for Switch Power Supplies Power Supply Redundant Mode (W) Combined Mode (W) Sharing Ratio 1000 W AC Chassis = 1050 Chassis = 1667 PoE = 0 PoE = 0 1300 W AC Chassis (max) = 1050 Chassis (min) = 767...
Page 403 Chapter 12 Environmental Monitoring and Power Management Power Management Power supplies needed by system Power supplies currently available : 2 Power Summary Maximum (in Watts) Used Available ---------------------- ---- --------- System Power (12V) 1360 Inline Power (-50V) 1850 Backplane Power (3.3V) ---------------------- ---- ---------...
Page 404: Combined Mode Power Resiliency
Chapter 12 Environmental Monitoring and Power Management Power Management Table 12-7 Combined Mode Output for the 4200 W AC Power Supply Power Supply 12 V 3.3 V -50 V Maximum 220 V+220 V, other side 220 V 2200 4700 5500 Both sides at 220 V+220 V 2200 6200...
Page 405 Chapter 12 Environmental Monitoring and Power Management Power Management Command Purpose Step 1 Switch# configure terminal Enters configuration mode. Step 2 Limits the power usage to two or three Switch(config)# power redundancy combined max inputs {2 | 3} inputs. Note The maximum inputs part of the command is ignored by all power supplies other than the 4200 W AC or...
Page 406: Special Considerations For The 1400 W Dc Power Supply
Chapter 12 Environmental Monitoring and Power Management Power Management PS1-2 110V good PWR-C45-4200ACV AC 4200W good good good PS2-1 110V good PS2-2 110V good Power supplies needed by system : 2 Maximum Inputs = 3 Power supplies currently available : 2 Power Summary Maximum (in Watts)
Page 407: Special Considerations For The 1400 W Dc Sp Triple Input Power Supply
Unlike the 1400 W DC power supply, the 1400 W DC SP power supply has submodules (multiple inputs) that can be powered on or off. With Cisco IOS Release 12.2(25)EW, the output of the show power command is modified to display the status of these submodules:...
Page 408: Power Management For The Catalyst 4948 Switches
300 W DC • These power supplies are incompatible with Catalyst 4500 series switches. Because Power over Ethernet (PoE) is not supported on the Catalyst 4948 switch, you only need a limited wattage is needed. (For information on PoE, see Chapter 13, “Configuring Power over...
Page 409: Determining Eee Capability
PHY's operating circuitry and save power. This functionality is provided per port and is not enabled by default. To avoid issues with EEE functionality on any port during run-time, Cisco provides the power efficient-ethernet auto command to enable or disable EEE.
Page 410: Determining Eee Status
Chapter 12 Environmental Monitoring and Power Management IEEE 802.3az Energy Efficient Ethernet Switch(config)# interface gigabitethernet 1/1 Switch(config-if)# power efficient-ethernet auto Switch(config-if)# exit Determining EEE Status To determine EEE status use the show platform software interface interface status command: The following example determines EEE status: Switch(config)# show platform software interface g2/1 status Switch Phyport Gi2/1 Software Status EEE: Disabled...
Page 411: About Power Over Ethernet
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 412: C H A P T E R 13 Configuring Power Over Ethernet
Ethernet port. Catalyst 4500 series switches can sense if a powered device is connected to a PoE module. They can supply PoE to the powered device if there is no power on the circuit. (If there is power on the circuit, the switch does not supply it.) The powered device can also be connected to an AC power source and supply...
Page 413 Chapter 13 Configuring Power over Ethernet Power Management Modes The Catalyst 4500 series switch has three PoE modes: auto—PoE interface. The supervisor engine directs the switching module to power up the interface • only if the switching module discovers the phone and the switch has enough power. You can specify the maximum wattage that is allowed on the interface.
Page 414: Intelligent Power Management
When a powered device (PD) is attached to a PoE-capable port, the port detects the PD and provision power accordingly. If a Cisco PD is used, the switch and PD negotiate power using CDP packets to determine the precise amount of power needed by the PD. If the PD is 802.3af compatible, the difference between what is mandated by the 802.3af class and what is actually needed by the PD is...
Page 415: Configuring Power Consumption For Powered Devices On An Interface
(7 W on a legacy PoE module and 15.4W on the IEEE PoE modules introduced in Cisco IOS Release 12.2(18)EW). When the switch receives a CDP packet from the powered device, the wattage automatically adjusts downward to the specific amount required by that device.
Page 416: Displaying The Operational Status For An Interface
Chapter 13 Configuring Power over Ethernet Displaying the Operational Status for an Interface Interface AdminPowerMax AdminConsumption (Watts) (Watts) ---------- --------------- -------------------- Gi7/1 15.4 15.4 Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# int gi 7/1 Switch(config-if)# power inline consumption 5000 Switch(config-if)# exit Switch(config)# exit...
Page 417: Displaying All Poe Detection And Removal Events
Switch# Displaying all PoE Detection and Removal Events Starting with Cisco IOS Release 15.0(2)SG2/XE 3.2.2SG, a Catalyst 4500 series switch can display all PoE detection and removal events. To enable PoE event logging, you use the power inline logging global command: Switch# conf terminal Enter configuration commands, one per line.
Page 418: Displaying The Poe Consumed By A Module
*Oct 17 12:02:54.915: %ILPOWER-7-DETECT: Interface Gi5/5: Power Device detected: IEEE PD Displaying the PoE Consumed by a Module A Catalyst 4500 series switch can measure the actual PoE consumption for an 802.3af-compliant PoE module. You can observe this consumption by using show power module and show power detail commands.
Page 419 Chapter 13 Configuring Power over Ethernet Displaying the PoE Consumed by a Module The operating PoE consumption for an 802.3af-compliant module can be non-zero, even when no Note powered devices are attached to the module, because of the PoE consumed by FPGAs and other hardware components on the module.
Page 420 Gi1/8 auto 10.3 10.3 CNU Platform Gi1/9 auto 10.3 10.3 CNU Platform Gi1/10 auto 15.4 15.4 Cisco/Ieee PD Gi1/11 auto 10.3 10.3 CNU Platform Gi1/12 auto 10.3 10.3 CNU Platform --------- ------ ---------- ---------- ---------- ------------------- ----- Totals: 128.2 128.2 switch# Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 421 Chapter 13 Configuring Power over Ethernet Displaying the PoE Consumed by a Module switch# show power inline module 2 Chassis Inline Power Supply: Available:800(w) Used:138(w) Remaining:662(w) Interface Admin Oper Power(Watts) Device Class From PS To Device --------- ------ ---------- ---------- ---------- ------------------- ----- Gi2/1 auto 11.5...
Page 422: Poe Policing And Monitoring
Chapter 13 Configuring Power over Ethernet PoE Policing and Monitoring Gi2/45 auto Gi2/46 auto Gi2/47 auto Gi2/48 auto --------- ------ ---------- ---------- ---------- ------------------- ----- Totals: 138.2 123.0 Switch# PoE Policing and Monitoring Note This functionality is supported on the WS-X4548-RJ45V+, WS-X4648-RJ45V-E, and WS-X4648-RJ45V+E line cards.
Page 423: Configuring Power Policing On An Interface
• Configured consumption values, in case any exist • CDP allocated values (for Cisco devices using CDP) • Allocated power from IEEE discovery (for devices using this mechanism) To activate default PoE policing, enter the following: Switch# conf t Enter configuration commands, one per line.
Page 424: Displaying Power Policing On An Interface
Chapter 13 Configuring Power over Ethernet PoE Policing and Monitoring Interface Admin Oper Admin Oper Cutoff Oper State State Police Police Power Power --------- ------ ---------- ---------- ---------- ------ ----- Gi2/1 auto errdisable errdisable overdrawn Displaying Power Policing on an Interface You can display power policing on an interface, on a module, or for all the PoE-capable line cards in a chassis.
Page 425: Enhanced Power Poe Support On The E-Series Chassis
IEEE 802.3af PoE as well as the Cisco proprietary Inline Power standard. With Cisco IOS Release 12.2(44)SG, the WS-X4648-RJ45V+E line card can also support the IEEE 802.3at standard with up to 30 W available per-port. The WS-X4648-RJ45V-E line card also supports up to 20 W.
Page 426: Configuring Universal Poe
The default power inline configurations usually are sifficient; no additional configuration is required even for high power-consumption Cisco powered devices (for example, a Cisco AP1250 Wireless Access Point). When a high-power consumption device is attached to a port on a WS-X4648-RJ45V-E or WS-X4648-RJ45V+E line card, the switch and device negotiate power using CDP packets to automatically determine the extended amount of power needed by the device.
Page 427 Chapter 13 Configuring Power over Ethernet Enhanced Power PoE Support on the E-Series Chassis The following example shows how to automatically enable power on both signal and spare pairs from switch port gigabit ethernet 2/1: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet 2/1 Switch(config-if)# power inline four-pair forced Switch(config-if)# shutdown...
Page 428 Chapter 13 Configuring Power over Ethernet Enhanced Power PoE Support on the E-Series Chassis Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 13-18 OL-25340-01...
Page 429 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 430: C H A P T E R 14 Configuring The Catalyst 4500 Series Switch With Cisco Network Assistant
The switches in the cluster use the switch clustering technology so that you can configure and troubleshoot a group of different Catalyst 4500 series switch platforms through a single IP address. Using switch clusters simplifies the management of multiple switches, regardless of their physical location and platform families.
Page 431: Network Assistant-Related Parameters And Their Defaults
3. You can only change this value for a cluster of devices. Port number on the Network Assistant and on the Catalyst 4500 series switch must match. Value can be changed to any non-default number above 1024. 4. Required for Network Assistant to access the device.
Page 432: Configuring Your Switch For Network Assistant
(Additional) Configuration Required to Use Clustering, page 14-5 (Minimum) Required Configuration If you use the default configuration, access the Catalyst 4500 series switch and enter the ip http server (for HTTP) or ip http secure-server (for HTTPS) global configuration command.
Page 433: Additional) Configuration Required To Use Community
Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Your Switch for Network Assistant Command Purpose Step 5 Configures the HTTPS port. Switch(config)# ip http timeout-policy idle idle_time life life_time requests requests The idle keyword specifies the maximum amount of time a connection can stay idle.
Page 434: Managing A Network Using Community
Switch# show running-config Managing a Network Using Community This section describes how to use communities to manage devices (including Catalyst 4500 series switches, routers, access points, and PIX firewalls) using the Network Assistant application. Access points have been eliminated from the device limits. There is no current limit for the number of Note access points that can be managed by CNA.
Page 435: Candidate And Member Requirements
To join a community, a candidate must meet these requirements: An IP address has been obtained. • • Cisco Discovery Protocol (CDP) version 2 is enabled (the default) (if you want the device to be auto-discovered). HTTP (or HTTPS) is enabled. •...
Page 436: Community Names
Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Managing a Network Using Community Do not disable CDP on candidates, members, or on any network devices that you might want Network Note Assistant to discover. PIX firewalls do not support the CDP, so they are not automatically shown as neighbors in the Topology Note view.
Page 437: Access Modes In Network Assistant
Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Managing a Network Using Community Access Modes in Network Assistant When Network Assistant is connected to a community or cluster, two access modes are available: read-write and read-only, depending on the password.
Page 438: Converting A Cluster Into A Community
Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Converting a Cluster into a Community If you are logged into a community and you delete that community from some other CNA instance, then Note unless you close that community session, you can perform all the configurations through that session.
Page 439: Managing A Network Using Cluster
14-2). Managing a Network Using Cluster This section describes how to use clustering to create and manage Catalyst 4500 series switches using the standalone Network Assistant application or the command-line interface (CLI). Use clustering to group the switches in your network. You must enter the cluster run command on each switch to be managed.
Page 440: Network Assistant And Vty
Managing a Network Using Cluster Has 16 VTY lines. • On a Catalyst 4500 series switch, the default is 4 lines. You configure the switch to set the value Note to 16. Is not a command or cluster member switch of another cluster.
Page 441: Using The Cli To Manage Switch Clusters
Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI. The command mode changes and the Cisco IOS commands operate as usual. Enter the exit privileged EXEC command on the cluster member switch to return to the command-switch CLI.
Page 442 Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Command Purpose Step 6 Enables the selected interface to be in the specified VLAN. Switch(config-if)# switchport access vlan vlan_id Step 7 Select the VLAN instance for configuration.
Page 443 Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Command Purpose Step 27 Returns to privileged EXEC mode. Switch(config-line)# end Step 28 Verifies the configuration. Switch# show running-config This example shows how to configure Network Assistant on a networked switch in community mode:...
Page 444 Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode subject-name cn=IOS-Self-Signed-Certificate-913087 revocation-check none rsakeypair TP-self-signed-913087 crypto pki certificate chain TP-self-signed-913087 certificate self-signed 01 3082028E 308201F7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030...
Page 445: Configuring Network Assistant In A Networked Switch In Cluster Mode
Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode interface GigabitEthernet1/13 interface GigabitEthernet1/14 interface GigabitEthernet1/15 interface GigabitEthernet1/16 interface GigabitEthernet1/17 interface GigabitEthernet1/18 interface GigabitEthernet1/19 interface GigabitEthernet1/20 interface Vlan1 no ip address interface Vlan2 ip address 123.123.123.1 255.255.255.0...
Page 446 Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Command Purpose Step 7 Selects the interface that connects to your CNA-enabled PC. Switch(config-vlan)# interface {vlan vlan_ID | {fastethernet | gigabitethernet}...
Page 447 Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Switch(config)# line con 0 Switch(config-line)# exec-timeout 0 0 Switch(config-line)# password keepout Switch(config-line)# login Switch(config-line)# line vty 5 15 Switch(config-line)# password keepout...
Page 448 Chapter 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode interface GigabitEthernet1/8 interface GigabitEthernet1/9 interface GigabitEthernet1/10 interface GigabitEthernet1/11 interface GigabitEthernet1/12 interface GigabitEthernet1/13 interface GigabitEthernet1/14 interface GigabitEthernet1/15 interface GigabitEthernet1/16 interface GigabitEthernet1/17...
Page 449: Vlans
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 450: Chapter 15 Configuring Vlan, Vtp, And Vmp
Layer 3 switches. See the “About Layer 3 Interfaces” section on page 32-1 information on inter-VLAN routing on Catalyst 4500 series switches. Figure 15-1 shows an example of three VLANs that create logically defined networks.
Page 451: Vlan Configuration Guidelines And Restrictions
Before creating a VLAN, put the Catalyst 4500 series switch in VTP server mode or VTP transparent mode. If the Catalyst 4500 series switch is a VTP server, you must define a VTP domain. For information on configuring VTP, see the “VLAN Trunking Protocol”...
Page 452: Configurable Normal-Range Vlan Parameters
Normal Used for Ethernet VLANs; you can create, use, and delete these VLANs. 1002–1005 Normal Cisco defaults for FDDI and Token Ring. You cannot delete VLANs 1002–1005. 1006–4094 Extended For Ethernet VLANs only. When configuring extended-range VLANs, note the following: Layer 3 ports and some software features require internal •...
Page 453: Configuring Vlans
Note Catalyst 4500 series switches do not support Token Ring or FDDI media. The switch does not forward FDDI, FDDI-NET, TrCRF, or TrBRF traffic, but it does propagate the VLAN configuration by using VTP. The software reserves parameters for these media types, but they are not supported.
Page 454: Configuring Vlans In Global Configuration Mode
Chapter 15 Configuring VLANs, VTP, and VMPS VLANs Configuring VLANs in Global Configuration Mode If the switch is in VTP server or transparent mode (see the “VLAN Trunking Protocol” section on page 15-7), you can configure VLANs in global and VLAN configuration modes. When you configure VLANs in global and config-vlan configuration modes, the VLAN configuration is saved in the vlan.dat files, not the running-config or startup-config files.
Page 455: Assigning A Layer 2 Lan Interface To A Vlan
“Configuring Ethernet Interfaces for Layer 2 Switching” section on page 17-5. VLAN Trunking Protocol This section describes the VLAN Trunking Protocol (VTP) on the Catalyst 4500 series switches, and includes the following major subsections: • About VTP, page 15-8 VTP Configuration Guidelines and Restrictions, page 15-12 •...
Page 456: About Vtp
Network Management Protocol (SNMP). By default, the Catalyst 4500 series switch is in VTP server mode and the domain is set to NULL until the switch receives an advertisement for a domain over a trunk link or you configure a management domain.
Page 457: Understanding Vtp Modes
Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Understanding VTP Modes You can configure a Catalyst 4500 series switch to operate in any one of these VTP modes: • Server—In VTP server mode, you can create, modify, and delete VLANs and specify other configuration parameters (such as VTP version and VTP pruning) for the entire VTP domain.
Page 458 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Catalyst 4500 series switches do not support Token Ring or FDDI media. The switch does not forward Note FDDI, FDDI-Net, Token Ring Concentrator Relay Function (TrCRF), or Token Ring Bridge Relay Function (TrBRF) traffic, but it does propagate the VLAN configuration by using VTP.
Page 459: Understanding Vtp Pruning
Switch 1. Switch 1 floods the broadcast and every network device in the network receives it, even though Switches 3, 5, and 6 have no interfaces in the Red VLAN. You can enable pruning globally on the Catalyst 4500 series switch (see the “Enabling VTP Pruning”...
Page 460: Vtp Configuration Guidelines And Restrictions
Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Figure 15-3 Flooding Traffic with VTP Pruning Switch 4 Interface 2 Interface 4 Flooded traffic is pruned. Switch 2 VLAN Switch 5 Interface 5 Interface 1 Switch 6 Switch 3 Switch 1 Enabling VTP pruning on a VTP server enables pruning for the entire management domain.
Page 461: Vtp Default Configuration
• Configuring VLANs as eligible for pruning on a Catalyst 4500 series switch affects pruning eligibility for those VLANs on that switch only, not on all network devices in the VTP domain. The VLAN database is saved in the NVRAM file in a format compliant with the VTP version •...
Page 462: Configuring Vtp
Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Configuring VTP These sections describe how to configure VTP: Configuring VTP Global Parameters, page 15-14 • Configuring the VTP Mode, page 15-16 • Starting a Takeover, page 15-19 • Displaying VTP Statistics, page 15-19 •...
Page 463 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol This example shows how to configure a VTP password in EXEC mode: Switch# vtp password WATER Setting device VLAN database password to WATER. Switch# Note The password is not stored in the running-config file. This example shows how to configure a hidden password: Switch# configure terminal Switch(config)# vtp password WATER hidden...
Page 464: Configuring The Vtp Mode
Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Caution VTP version 1 and VTP version 2 are not interoperable on network devices in the same VTP domain. Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain supports version 2.
Page 465 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol When VTP is disabled, you can enter VLAN configuration commands in configuration mode instead of Note the VLAN database mode and the VLAN configuration is stored in the startup configuration file. This example shows how to configure the switch as a VTP server: Switch# configure terminal Switch(config)# vtp mode server...
Page 466 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol This example shows an example of the VTP configuration parameters when the device is running VTP version 2: Switch# show vtp status VTP Version capable : 1 to 3 VTP version running VTP Domain Name : Lab_Network VTP Pruning Mode...
Page 467: Starting A Takeover
Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Starting a Takeover This process applies to VTP version 3 only. To start a takeover, perform this task: Command Purpose Changes the operational state of a switch from a Switch# vtp primary-server [vlan | mst]| [force] secondary to a primary server and advertises the configuration to the whole domain.
Page 468: Displaying Vtp Devices In A Domain
Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Request advertisements transmitted : 3 Number of config revision errors Number of config digest errors Number of V1 summary errors VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8...
Page 469: About Vmps
VLAN for that host. A Catalyst 4500 series switch running Cisco IOS software does not support the functionality of a VMPS. It can only function as a VLAN Query Protocol (VQP) client, which communicates with a VMPS through the VQP.
Page 470: Security Modes For Vmps Server
VMPS server. Note Although Catalyst 4500 series and Catalyst 6500 series switches running Catalyst operating system software support VMPS in all three operation modes, the User Registration Tool (URT) supports open mode only.
Page 471: Fallback Vlan
Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Fallback VLAN You can configure a fallback VLAN name on a VMPS server. If no VLAN has been assigned to this port, VMPS compares the requesting MAC address to this port: •...
Page 472: Default Vmps Client Configuration
Reconfirming VLAN Memberships, page 15-26 Configuring the IP Address of the VMPS Server To configure a Catalyst 4500 series switch as a VMPS client, you must enter the IP address or hostname of the switch acting as the VMPS. Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 473 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server To define the primary and secondary VMPS on a Catalyst 4500 series switch, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2...
Page 474 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server This example shows how to configure a dynamic access port and to verify the entry: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface fa1/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan dynamic Switch(config-if)# end...
Page 475 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Command Purpose Step 3 Returns to privileged EXEC mode. Switch(config)# end Step 4 Verifies the dynamic VLAN reconfirmation status. Switch# show vmps This example shows how to change the reconfirmation interval to 60 minutes and verify the change: Switch# configure terminal Enter configuration commands, one per line.
Page 476: Administering And Monitoring The Vmps
VMPS Client Statistics ---------------------- Queries: Responses: VMPS Changes: Shutdowns: Denied: Wrong Domain: Wrong Version: Insufficient Resource: 0 Refer to the Cisco IOS Command Reference for details on VMPS statistics. Note Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 15-28 OL-25340-01...
Page 477: Troubleshooting Dynamic Port Vlan Membership
• VMPS servers. • End stations are connected to these clients: Catalyst 4500 series XL Switch 2 (running Catalyst Cisco IOS) – Catalyst 4500 series XL Switch 9 (running Catalyst Cisco IOS) – The database configuration file is called Bldg-G.db and is stored on the TFTP server with the IP •...
Page 478 Catalyst 4500 series switch operating as a VMPS client. Figure 15-6 illustrates a topology with an end station attached to a Cisco IP Phone, which is attached to a Catalyst 4500 series switch. Figure 15-5 Topology with an End Station Attached Directly to a Catalyst 4500 Series Switch...
Page 479 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Figure 15-6 Topology with an End Station Attached to a Cisco IP Phone that is Attached to a Catalyst 4500 Series Switch Endstation (in VLAN 20) Internet Cisco IP phone...
Page 480: Vmps Database Configuration File Example
Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Assign the port dynamic VLAN membership: switch(config-if)# switchport access vlan dynamic Return to privileged EXEC mode: switch(config-if)# exit switch# Step 3 Connect End Station 2 on port Fa2/1. When End Station 2 sends a packet, Switch 2 sends a query to the primary VMPS server, Switch 1.
Page 481 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server !MAC Addresses vmps-mac-addrs ! address vlan-name address 0012.2233.4455 vlan-name hardware address 0000.6509.a080 vlan-name hardware address aabb.ccdd.eeff vlan-name Green address 1223.5678.9abc vlan-name ExecStaff address fedc.ba98.7654 vlan-name --NONE-- address fedc.ba23.1245 vlan-name Purple !Port Groups !vmps-port-group ...
Page 482 Chapter 15 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 15-34 OL-25340-01...
Page 483: About Ip Unnumbered Interface Support
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 484: Ip Unnumbered Interface Support With Dhcp Server And Relay Agent
IP address. The IP unnumbered interface can “borrow” the IP address from another interface that is already configured on the Catalyst 4500 series switch, which conserves network and address space. When used with the DHCP server/relay agent, this feature allows a host address assigned by the DHCP server to be learned dynamically at the DHCP relay agent.
Page 485: C H A P T E R 16 Configuring Ip Unnumbered Interface
Chapter 16 Configuring IP Unnumbered Interface IP Unnumbered Configuration Guidelines and Restrictions Figure 16-2 Format of the Agent Remote ID Suboption 12 bytes Type Length Reserved NAS IP address Interface Reserved VLAN ID (byte 1) (byte 2) (bytes 3-4) (bytes 5-8) (byte 9) (byte 10) (bytes 11-12)
Page 486: Configuring Ip Unnumbered Interface Support With Dhcp Server
Configuring IP Unnumbered Interface Configuring IP Unnumbered Interface Support with DHCP Server The option to add dhcp host routes as connected routes is available in Cisco IOS. When using • connected mode, however, the clear ip route * command deletes the dhcp host connected routes permanently.
Page 487: Configuring Ip Unnumbered Interface Support On A Range Of Ethernet Vlans
Chapter 16 Configuring IP Unnumbered Interface Configuring IP Unnumbered Interface Support with DHCP Server In the following example, Ethernet VLAN 10 is configured as an IP unnumbered interfaces: Switch> enable Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface vlan 10 Switch(config-if)# ip unnumbered Lookback 0 Configuring IP Unnumbered Interface Support on a Range of Ethernet VLANs...
Page 488: Configuring Ip Unnumbered Interface Support With Connected Host Polling
Chapter 16 Configuring IP Unnumbered Interface Configuring IP Unnumbered Interface Support with Connected Host Polling Configuring IP Unnumbered Interface Support with Connected Host Polling To configure IP unnumbered interface support with connected host polling, perform this task: Command Purpose Step 1 Enables privileged EXEC mode.
Page 489: Displaying Ip Unnumbered Interface Settings
Displays the status of unnumbered interface with connected Switch# show ip interface [type number] unnumbered [detail] host polling for the Catalyst 4500 series switch. The following example shows how to display the status of unnumbered interfaces with connected host polling:...
Page 490: Troubleshooting Ip Unnumbered Interface
Troubleshooting IP Unnumbered Interface Troubleshooting IP Unnumbered Interface To understand how to debug connect host polling, see the Cisco IOS documentation of the debug arp command on cisco.com. When an IP unnumbered interface shares the IP address of a loopback interface whose prefix is advertised in an OSPF network, you must modify the loopback interface as a point-to-point interface.
Page 491: About Layer 2 Ethernet Switching
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 492: C H A P T E R 17 Configuring Layer 2 Ethernet Interfaces
Catalyst 4500 series switch are full-duplex mode only, providing 2-Gbps effective bandwidth. Switching Frames Between Segments Each Ethernet interface on a Catalyst 4500 series switch can connect to a single workstation or server, or to a hub through which workstations or servers connect to the network.
Page 493: Vlan Trunks
Chapter 17 Configuring Layer 2 Ethernet Interfaces About Layer 2 Ethernet Switching VLAN Trunks A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.
Page 494: Default Layer 2 Ethernet Interface Configuration
VLANs allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the native VLAN of the trunk with the spanning tree instance of the non-Cisco 802.1Q switch.
Page 495: Configuring Ethernet Interfaces For Layer 2 Switching
Configuring Ethernet Interfaces for Layer 2 Switching Configuring Ethernet Interfaces for Layer 2 Switching The following sections describe how to configure Layer 2 switching on a Catalyst 4500 series switch: Configuring an Ethernet Interface as a Layer 2 Trunk, page 17-5 •...
Page 496 Chapter 17 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Command Purpose Step 7 (Optional) Configures the list of VLANs allowed to be pruned Switch(config-if)# switchport trunk pruning vlan {add | except | none | from the trunk (see the “VLAN Trunking Protocol”...
Page 497: Configuring An Interface As A Layer 2 Access Port
Chapter 17 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching This example shows how to verify the trunk configuration: Switch# show interfaces fastethernet 5/8 trunk Port Mode Encapsulation Status Native vlan Fa5/8 desirable n-802.1q trunking Port Vlans allowed on trunk Fa5/8 1-1005 Port...
Page 498: Clearing Layer 2 Configuration
Chapter 17 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Command Purpose Step 8 Displays the running configuration of the interface. Switch# show running-config interface {fastethernet | gigabitethernet} slot/port Step 9 Displays the switch port configuration of the interface. Switch# show interfaces [{fastethernet | gigabitethernet | tengigabitethernet} slot/port] switchport...
Page 499 Chapter 17 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Command Purpose Step 3 Displays the running configuration of the interface. Switch# show running-config interface {fastethernet | gigabitethernet | tengigabitethernet} slot/port Step 4 Displays the switch port configuration of the interface. Switch# show interfaces [{fastethernet | gigabitethernet | tengigabitethernet} slot/port] switchport...
Page 500 Chapter 17 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 17-10 OL-25340-01...
Page 501: About Smartport Macros And Static Smartport
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 502: C H A P T E R 18 Configuring Smartport Macros
Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 503: Passing Parameters Through The Macro
Chapter 18 Configuring SmartPort Macros Configuring SmartPort Macros Passing Parameters Through the Macro Some commands might not be sufficiently generic for all the interfaces; for example, VLAN ID for Layer 2 interfaces and the IP address for Layer 3 interface. Retaining such commands in macro definitions requires that you change the value of such parameters (such as VLAN ID or IP address) before applying the macro to different interfaces.
Page 504: Default Smartport Macro Configuration
• cisco-switch, page 18-5 • cisco-global This is the example for the cisco-global macro: # Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap errdisable recovery interval 60 # VTP requires Transparent mode for future 802.1x Guest VLAN...
Page 505: Cisco-Phone
# and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity # Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone # Configure port as an edge network port spanning-tree portfast...
Page 506: Smartport Macro Configuration Guidelines
If a command fails when you apply a macro, either due to a syntax error or to a configuration error, the macro continues to apply the remaining commands to the interface. • cisco-global needs to be applied at the global configuration mode. We recommend that you apply this macro before any other interface level macro. •...
Page 507 Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.
Page 508: Creating Smartport Macros
Chapter 18 Configuring SmartPort Macros Configuring SmartPort Macros Creating SmartPort Macros To create a SmartPort macro, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global configuration mode. Step 2 Creates a macro definition, and enter a macro name. A macro definition Switch(config)# macro name macro-name can contain up to 3000 characters.
Page 509: Applying Smartport Macros
If you apply a macro without entering the keyword values, the commands are invalid and are not applied. For example, here is how you apply this command: Switch(config-if)# macro apply cisco-phone ? WORD Keyword to replace with a value e.g. $AVID, $VVID ...
Page 510: Cisco-Global
• cisco-switch, page 18-12 • cisco-router, page 18-13 cisco-global This example shows how to use the system-defined macro cisco-global: Switch(config)# macro global apply cisco-global Changing VTP domain name from gsg-switch to [smartports] Setting device to VTP TRANSPARENT mode. Switch(config)# end...
Page 511: Cisco-Desktop
Configuring SmartPort Macros Configuring SmartPort Macros cisco-desktop This example shows how to use the system-defined macro cisco-desktop to assign a value of 35 to the access VLAN of the Fast Ethernet interface 2/9. Note This macro requires the $AVID keyword, which is the access VLAN of the port.
Page 512: Cisco-Switch
-------------------------------------------------------------- cisco-switch This example shows how to use the system-defined macro cisco-switch to assign a value of 38 to the native VLAN on the Fast Ethernet interface 2/9. This macro requires the $NVID keyword, which is the native VLANs of the port.
Page 513: Cisco-Router
-------------------------------------------------------------- cisco-router This example shows how to use the system-defined macro cisco-router to assign a value of 451 to the native VLAN on the Fast Ethernet interface 2/9. Note This macro requires the $NVID keyword, which is the native VLANs of the port.
Page 514: Displaying Smartport Macros
PC, to a switch port. cisco-phone Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 515: Static Smartport Configuration Guidelines
EXEC command. Applying Static SmartPort Macros To apply a static SmartPort macro, perform these steps, beginning in privileged EXEC mode: Command Purpose Step 1 Displays the Cisco-default static SmartPort macros embedded in the show parser macro switch software. Step 2 Displays the specific macro that you want to apply.
Page 516 You can delete a macro-applied configuration on a port by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, to apply the macro and to set the access VLAN ID to 25 on an interface:...
Page 517: About Auto Smartport Macros
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 518: C H A P T E R 19 Configuring Cisco Ios Auto Smartport Macros
Auto Smartport module, comprising a limited set of Cisco devices. They are built into Cisco IOS and cannot be changed. The default profiles are stored as a text file in nonvolatile storage and allow the DC to identify a much larger set of devices. The default profiles are updated as part of the Cisco IOS archive download.
Page 519: Device Visibility Mode
Chapter 19 Configuring Cisco IOS Auto Smartport Macros Configuring Auto Smartport Macros When a new device is detected, the corresponding shell trigger executes the Auto Smartport configuration macro. Auto Smartport has built-in mappings for a large set of devices. You can use the commands described in the “Configuring Mapping Between User-Defined Triggers and Built-in...
Page 520: Auto Smartport Default Configuration
Switch(config)# interface interface_id Switch(config-if)# no macro auto processing Auto Smartport Default Configuration By default, Cisco IOS shell is enabled and Auto Smartport is disabled globally. Table 19-1 shows the Auto Smartport built-in event triggers that are embedded in the switch software by default.
Page 521: Auto Smartport Configuration Guidelines
Use this macro to apply the switch macro for Cisco switches. It enables SMARTPORT trunking on the port. CISCO_ROUTER_AUTO_ Use this macro to apply the router macro for Cisco routers. It enables QoS, SMARTPORT trunking, and spanning-tree protection on the port. CISCO_AP_AUTO_...
Page 522: Configuring Auto Smartport Built-In Macro Parameters
Consult the specific device documentation to ensure the device's firmware is current. The LWAP’s WLC software version must be 6.0.188 ( => Cisco IOS 12.4(21a)JA2) or later to make •...
Page 523 [[parameter=value] {function contents}]} command deletes the mapping. This example shows how to use two built-in Auto Smartport macros for connecting Cisco switches and Cisco IP phones to the switch. This example modifies the default voice VLAN, access VLAN, and native VLAN for the trunk interface:...
Page 524: Configuring User-Defined Event Triggers
802.1X-Based Event Trigger When using MAB or 802.1X authentication to trigger Auto Smartport macros, you need to create an event trigger that corresponds to the Cisco AV pair (auto-smart-port=event trigger) sent by the RADIUS server. To configure an event trigger, perform this task:...
Page 525: Mac Address-Based Event Trigger
Chapter 19 Configuring Cisco IOS Auto Smartport Macros Configuring Auto Smartport Macros Command Purpose Step 4 Displays the event triggers on the switch. Switch# show shell triggers Step 5 (Optional) Saves your entries in the configuration file. Switch# copy running-config startup-config Use the no shell trigger identifier global configuration command to delete the event trigger.
Page 526: Configuring Auto Smartport User-Defined Macros
Configuring Auto Smartport User-Defined Macros The Cisco IOS shell provides basic scripting capabilities for configuring the user-defined Auto Smartport macros. These macros can contain multiple lines and can include any CLI command. You can also define variable substitution, conditionals, functions, and triggers within the macro.
Page 527 Switch# copy running-config (Optional) Saves your entries in the configuration file. startup-config This example shows how to map a user-defined event trigger called Cisco Digital Media Player (DMP) to a user-defined macro. Connect the DMP to an 802.1X- or MAB-enabled switch port.
Page 528 Chapter 19 Configuring Cisco IOS Auto Smartport Macros Configuring Auto Smartport Macros switchport mode access switchport port-security switchport port-security maximum 1 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity spanning-tree portfast spanning-tree bpduguard enable...
Page 529: Displaying Auto Smartport
Chapter 19 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Table 19-5 lists the shell keywords that are not supported in macros and antimacros. Table 19-5 Unsupported Cisco IOS Shell Reserved Keywords Command Description Pipeline. case Conditional construct. esac Conditional construct.
Page 530 Chapter 19 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Switch# show macro auto monitor type table Valid Type Profile Name min Conf =========== ========= ================== ======== ==== Valid Default Apple-Device Valid Default Aruba-Device Valid Default Avaya-Device Valid Default...
Page 531 Chapter 19 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Valid Default Linksys-Device Valid Default LinksysWAP54G-Device Valid Default HTC-Device Valid Default MotorolaMobile-Device Valid Default VMWare-Device Valid Default ISE-Appliance Valid Built-in Cisco-Device Valid Built-in Cisco-Router Valid Built-in Router Valid Built-in...
Page 532 Chapter 19 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Trigger mapping function: CISCO_LWAP_AUTO_SMARTPORT This example shows how to use the show shell functions privileged EXEC command to view the built-in macros in the switch software: Switch# show shell functions...
Page 533 Chapter 19 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 19-17 OL-25340-01...
Page 534 Chapter 19 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 19-18 OL-25340-01...
Page 535: About Stp
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 536: Chapter 20 Configuring Stp And Mst
Configuring STP and MST About STP A Catalyst 4500 series switch use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single spanning tree runs on each configured VLAN (provided you do not manually disable the spanning tree).
Page 537: Extended System Id
VLAN ID STP MAC Address Allocation A Catalyst 4500 series switch chassis has either 64 or 1024 MAC addresses available to support software features like STP. Enter the show module command to view the MAC address range on your chassis.
Page 538: Election Of The Root Bridge
Chapter 20 Configuring STP and MST About STP The identifier of the transmitting port • Values for the hello, forward delay, and max-age protocol timers • When a switch transmits a BPDU frame, all switches connected to the LAN on which the frame is transmitted receive the BPDU.
Page 539: Creating The Stp Topology
Chapter 20 Configuring STP and MST About STP Creating the STP Topology The goal of the spanning tree algorithm is to make the most direct link the root port. When the spanning tree topology is calculated based on default parameters, the path between source and destination end stations in a switched network might not be optimal according to link speed.
Page 540: Mac Address Allocation
When you connect a Cisco switch to a non-Cisco device (that supports 802.1Q) through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the 802.1Q native VLAN of the trunk with the spanning tree instance of the non-Cisco 802.1Q switch. However, all per-VLAN spanning tree information is maintained by Cisco switches separated by a network of non-Cisco 802.1Q switches.
Page 541: Default Stp Configuration
Chapter 20 Configuring STP and MST Default STP Configuration For enabling information, see “Enabling Per-VLAN Rapid Spanning Tree” on page 20. Default STP Configuration Table 20-4 shows the default spanning tree configuration. Table 20-4 Spanning Tree Default Configuration Values Feature Default Value Enable state Spanning tree enabled for all VLANs...
Page 542: Enabling Stp
Chapter 20 Configuring STP and MST Configuring STP Disabling Spanning Tree Protocol, page 20-20 • Enabling Per-VLAN Rapid Spanning Tree, page 20-20 • The spanning tree commands described in this chapter can be configured on any interface except those Note configured with the no switchport command.
Page 543: Enabling The Extended System Id
Chapter 20 Configuring STP and MST Configuring STP Designated bridge has priority 32768, address 00e0.4fac.b000 Designated port id is 128.2, designated path cost 19 Timers: message age 3, forward delay 0, hold 0 Number of transitions to forwarding state: 1 BPDU: sent 3, received 3417 Switch# Enabling the Extended System ID...
Page 544: Configuring The Root Bridge
Chapter 20 Configuring STP and MST Configuring STP Configuring the Root Bridge A Catalyst 4000 family switch maintains an instance of spanning tree for each active VLAN configured on the switch. A bridge ID, consisting of the bridge priority and the bridge MAC address, is associated with each instance.
Page 545 Chapter 20 Configuring STP and MST Configuring STP VLAN1 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 0030.94fc.0a00 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32768, address 0001.6445.4400 Root port is 323 (FastEthernet6/3), cost of root path is 19 Topology change flag not set, detected flag not set Number of topology changes 2 last change occurred 00:02:19 ago...
Page 546: Configuring A Secondary Root Switch
Chapter 20 Configuring STP and MST Configuring STP Port 324 (FastEthernet6/4) of VLAN1 is listening Port path cost 19, Port priority 128, Port Identifier 129.68. Designated root has priority 8192, address 0030.94fc.0a00 Designated bridge has priority 8192, address 0030.94fc.0a00 Designated port id is 129.68, designated path cost 0 Timers:message age 0, forward delay 5, hold 0 Number of transitions to forwarding state:0 BPDU:sent 6, received 102...
Page 547: Configuring Stp Port Priority
16 (the default is 128). Note The Cisco IOS software uses the port priority value when the interface is configured as an access port and uses VLAN port priority values when the interface is configured as a trunk port.
Page 548 Chapter 20 Configuring STP and MST Configuring STP Switch(config-if)# spanning-tree port-priority 100 Switch(config-if)# end Switch# This example shows how to verify the configuration of a Fast Ethernet interface when it is configured as an access port: Switch# show spanning-tree interface fastethernet 3/1 Vlan Role Sts Cost Prio.Nbr Status...
Page 549: Configuring Stp Port Cost
Chapter 20 Configuring STP and MST Configuring STP Designated root has priority 32768, address 0003.6b10.ebec Designated bridge has priority 32768, address 0003.6b10.ebec Designated port id is 128.129, designated path cost 0 Timers:message age 0, forward delay 0, hold 0 Number of transitions to forwarding state:1 Link type is point-to-point by default BPDU:sent 95, received 2 Switch#...
Page 550 Chapter 20 Configuring STP and MST Configuring STP Command Purpose Step 1 Switch(config)# interface {{fastethernet | Specifies an interface to configure. gigabitethernet | tengigabitethernet} slot/port} | {port-channel port_channel_number} Step 2 Switch(config-if)# [no] spanning-tree cost Configures the port cost for an interface. The port_cost port_cost value can be from 1 to 200,000,000.
Page 551: Configuring The Bridge Priority Of A Vlan
Chapter 20 Configuring STP and MST Configuring STP Number of transitions to forwarding state: 1 BPDU: sent 0, received 13513 <...output truncated...> Switch# Note The show spanning-tree command displays only information for ports with an active link (green light is on). If there is no port with an active link, you can issue a show running-config command to confirm the configuration.
Page 552: Configuring The Maximum Aging Time For A Vlan
Chapter 20 Configuring STP and MST Configuring STP To configure the spanning tree hello time of a VLAN, perform this task: Command Purpose Step 1 Configures the hello time of a VLAN. The hello_time Switch(config)# [no] spanning-tree vlan vlan_ID hello-time hello_time value can be from 1 to 10 seconds.
Page 553: Configuring The Forward-Delay Time For A Vlan
Chapter 20 Configuring STP and MST Configuring STP This example shows how to verify the configuration: Switch# show spanning-tree vlan 200 bridge brief Hello Max Vlan Bridge ID Time Age Delay Protocol ---------------- -------------------- ---- ---- ----- -------- VLAN200 49152 0050.3e8d.64c8 ieee Switch# Configuring the Forward-Delay Time for a VLAN...
Page 554: Disabling Spanning Tree Protocol
Chapter 20 Configuring STP and MST Configuring STP Disabling Spanning Tree Protocol To disable spanning tree on a per-VLAN basis, perform this task: Command Purpose Step 1 Switch(config)# no spanning-tree vlan vlan_ID Disables spanning tree on a per-VLAN basis. Step 2 Exits configuration mode.
Page 555: Specifying The Link Type
Chapter 20 Configuring STP and MST Configuring STP Switch# clear spanning-tree detected-protocols The following example shows how to verify the configuration: Switch# show spanning-tree summary totals Switch is in rapid-pvst mode Root bridge for:VLAN0001 Extended system ID is disabled Portfast Default is disabled PortFast BPDU Guard Default is disabled...
Page 556: About Mst
Spanning Tree Plus (PVST+) and is backward compatible with 802.1D STP, 802.1w (Rapid Spanning Tree Protocol [RSTP]), and the Cisco PVST+ architecture. MST allows you to build multiple spanning trees over trunks. You can group and associate VLANs to spanning tree instances.
Page 557: Ieee 802.1W Rstp
Chapter 20 Configuring STP and MST About MST MST establishes and maintains additional spanning trees within each MST region. These spanning • trees are termed MST instances (MSTIs). The IST is numbered 0, and the MSTIs are numbered 1, 2, 3, and so on. Any MSTI is local to the MST region and is independent of MSTIs in another region, even if the MST regions are interconnected.
Page 558: Rstp Port Roles
Chapter 20 Configuring STP and MST About MST RSTP Port Roles In RSTP, the port roles are defined as follows: • Root—A forwarding port elected for the spanning tree topology. • Designated—A forwarding port elected for every switched LAN segment. •...
Page 559: Common Spanning Tree
– Common Spanning Tree CST (802.1Q) is a single spanning tree for all the VLANs. In a Catalyst 4500 series switch running PVST+, the VLAN 1 spanning tree corresponds to CST. In a Catalyst 4500 series switch running MST, IST (instance 0) corresponds to CST.
Page 560: Mst Instances
Chapter 20 Configuring STP and MST About MST MST Instances We support 65 instances including instance 0. Each spanning tree instance is identified by an instance ID that ranges from 0 to 4094. Instance 0 is mandatory and is always present. Rest of the instances are optional.
Page 561: Boundary Ports
Chapter 20 Configuring STP and MST About MST To form an MST region, bridges can be either of the following: An MST bridge that is the only member of the MST region. • An MST bridge interconnected by a LAN. A LAN’s designated bridge has the same MST •...
Page 562: Link Type
Chapter 20 Configuring STP and MST About MST To prevent a misconfiguration, the PortFast operation is turned off if the port receives a BPDU. You can display the configured and operational status of PortFast by using the show spanning-tree mst interface command.
Page 563: Mst Configuration Restrictions And Guidelines
VLAN is mapped. The topology change stays local to the first MST region, and the Cisco Access Manager (CAM) entries in the other region are not flushed. To make the topology change visible throughout other MST regions, you can map that VLAN to IST or connect the PVST+ switch to the two regions through access links.
Page 564 Switch(config-mst)# show current Current MST configuration Name Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1-4094 ------------------------------------------------------------------------------- Switch(config-mst)# name cisco Switch(config-mst)# revision 2 Switch(config-mst)# instance 1 vlan 1 Switch(config-mst)# instance 2 vlan 1-1000 Switch(config-mst)# show pending Pending MST configuration Name [cisco] Revision Instance...
Page 565: Configuring Mst Instance Parameters
Chapter 20 Configuring STP and MST Configuring MST Switch(config-mst)# instance 1 vlan 2000-3000 Switch(config-mst)# no instance 1 vlan 1500 Switch(config-mst)# show pending Pending MST configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1-1999,2500,3001-4094 2000-2499,2501-3000 ------------------------------------------------------------------------------- Switch(config-mst)# end Switch(config)# no spanning-tree mst configuration...
Page 566: Configuring Mst Instance Port Parameters
Chapter 20 Configuring STP and MST Configuring MST Switch# show spanning-tree mst ###### MST00 vlans mapped: 11-4094 Bridge address 00d0.00b8.1400 priority 24576 (24576 sysid 0) Root this switch for CST and IST Configured hello time 2, forward delay 15, max age 20, max hops 20 Interface Role Sts Cost Prio.Nbr Status...
Page 567: Restarting Protocol Migration
Similarly, an MST port still assumes that it is a boundary port when the bridge(s) to which it is connected have joined the same region. To force a Catalyst 4500 series switch to renegotiate with the neighbors (that is, to restart protocol migration), you must enter the clear...
Page 568 Configuring STP and MST Configuring MST The following examples show how to display spanning tree VLAN configurations in MST mode: Switch(config)# spanning-tree mst configuration Switch(config-mst)# instance 1 vlan 1-10 Switch(config-mst)# name cisco Switch(config-mst)# revision 1 Switch(config-mst)# Ctrl-D Switch# show spanning-tree mst configuration Name...
Page 569 Chapter 20 Configuring STP and MST Configuring MST Switch# show spanning-tree mst interface fastethernet 4/4 FastEthernet4/4 of MST00 is backup blocking Edge port:no (default) port guard :none (default) Link type:point-to-point (auto) bpdu filter:disable (default) Boundary :internal bpdu guard :disable (default) Bpdus sent 2, received 368 Instance Role Sts Cost Prio.Nbr Vlans mapped...
Page 570 Chapter 20 Configuring STP and MST Configuring MST Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00d0.00b8.1400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- Fa4/4 Back BLK 1000 240.196...
Page 571: About Flex Links
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 572: C H A P T E R 21 Configuring Flex Links And Mac Address-Table Move Update
STP on some interfaces. Note The Catalyst 4500 series switch supports a maximum of 16 Flex Links. You configure Flex Links on one Layer 2 interface (the active link) by assigning another Layer 2 interface as the Flex Link or backup link. When one of the links is up and forwarding traffic, the other link is in standby mode, ready to begin forwarding traffic if the other link fails.
Page 573: Flex Links Failover Actions
Chapter 21 Configuring Flex Links and MAC Address-Table Move Update About Flex Links rest on the other port. If one of the ports fail, the other active port forwards all the traffic. When the failed port reactivates, it resumes forwarding traffic in the preferred VLANs. In addition to providing the redundancy, this Flex Links pair can be used for load balancing.
Page 574: Mac Address-Table Move Update
Chapter 21 Configuring Flex Links and MAC Address-Table Move Update MAC Address-Table Move Update MAC Address-Table Move Update Figure 21-3, ports 1 and 2 on switch A are connected to uplink switches B and D through a Flex Links pair. Port 1 is forwarding traffic, and port 2 is in the blocking state. Traffic from the PC to the server is forwarded from port 1 to port 3.
Page 575: Configuring Flex Links
Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links Figure 21-3 MAC Address-Table Move Update Example Server Switch C Port 3 Port 4 Switch B Switch D Port 1 Port 2 Switch A Configuring Flex Links These sections contain this configuration information: Default Configuration, page 21-5 •...
Page 576: Configuration Guidelines
Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links Configuration Guidelines Follow these guidelines to configure Flex Links and associated features: You can configure only one Flex Link backup link for any active link, and it must be a different •...
Page 577 Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links To disable a Flex Links backup interface, enter the no switchport backup interface interface-id interface configuration command. This example shows how to configure an interface with a backup interface and to verify the configuration: Switch# configure terminal Switch(conf)# interface fastethernet1/1...
Page 578: Configuring Vlan Load Balancing On Flex Links
Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links To remove a preemption scheme, enter the no switchport backup interface interface-id preemption mode interface configuration command. To reset the delay time to the default, enter the no switchport backup interface interface-id preemption delay interface configuration command.
Page 579 Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links When both interfaces are up, Fast Ethernet port 1/0/8 forwards traffic for VLANs 60 and 100 to 120 and Fast Ethernet port 1/0/6 forwards traffic for VLANs 1 to 50. Switch# show interfaces switchport backup Switch Backup Interface Pairs: Active Interface...
Page 580: Configuring Mac Address-Table Move Update
Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Configuring MAC Address-Table Move Update Configuring MAC Address-Table Move Update These sections contain this configuration information: Default Configuration, page 21-5 • Configuration Guidelines, page 21-6 • Configuring MAC Address-Table Move Update, page 21-10 •...
Page 581 Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Configuring MAC Address-Table Move Update Command Purpose Step 3 Configures a physical Layer 2 interface (or port channel), Switch(conf-if)# switchport backup interface interface-id as part of a Flex Links pair with the interface. The MAC address-table move update VLAN is the lowest VLAN ID on the interface.
Page 582: Configuring A Switch To Receive Mac Address-Table Move Updates
Chapter 21 Configuring Flex Links and MAC Address-Table Move Update Monitoring Flex Links and the MAC Address-Table Move Update Configuring a Switch to Receive MAC Address-Table Move Updates To configure a switch to receive and process MAC address-table move update messages, perform this task: Command Purpose...
Page 583: About Rep
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 584: C H A P T E R 22 Configuring Resilient Ethernet Protocol
Chapter 22 Configuring Resilient Ethernet Protocol About REP Figure 22-1 REP Open Segments Edge port Blocked port Link failure The segment shown in Figure 22-1 is an open segment; there is no connectivity between the two edge ports. The REP segment cannot cause a bridging loop and it is safe to connect the segment edges to any network.
Page 585 Figure 22-3. Starting with Cisco IOS Release 15.0(2)SG, you can configure the non-REP facing ports (E1 and E2) as edge no-neighbor ports. These ports inherit all properties of edge ports, and you can configure them the same as any edge port, including configuring them to send STP or REP topology change notices to the aggregation switch.
Page 586: Link Integrity
By default, REP packets are sent to a BPDU class MAC address. The packets can also be sent to the Cisco multicast address, which at present is used only to send blocked port advertisement (BPA) messages when there is a failure in the segment. The packets are dropped by devices not running REP.
Page 587 Chapter 22 Configuring Resilient Ethernet Protocol About REP The neighbor offset number range is –256 to +256; a value of 0 is invalid. The primary edge port has an offset number of 1; positive numbers above 1 identify downstream neighbors of the primary edge port.
Page 588: Spanning Tree Interaction
Chapter 22 Configuring Resilient Ethernet Protocol About REP When VLAN load balancing is triggered, the primary edge port then sends out a message to alert all interfaces in the segment about the preemption. When the message is received by the secondary edge port, it is reflected into the network to notify the alternate port to block the set of VLANs specified in the message and to notify the primary edge port to block the remaining VLANs.
Page 589: Configuring Rep
Chapter 22 Configuring Resilient Ethernet Protocol Configuring REP Configuring REP A segment is a collection of ports connected one to the other in a chain and configured with a segment ID. To configure REP segments, you should configure the REP administrative VLAN (or use the default VLAN 1) and then add the ports to the segment using interface configuration mode.
Page 590: Configuring The Rep Administrative Vlan
• REP sends all LSL PDUs in untagged frames on the native VLAN. The BPA message sent to the Cisco multicast address is sent on the administration VLAN, which is VLAN 1 by default. • REP ports can not be configured as one of these port types: –...
Page 591: Configuring Rep Interfaces
Chapter 22 Configuring Resilient Ethernet Protocol Configuring REP To configure the REP administrative VLAN, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Specifies the administrative VLAN. The range is 2 to Switch(config)# rep admin vlan vlan-id 4094.
Page 592 Chapter 22 Configuring Resilient Ethernet Protocol Configuring REP To enable and configure REP on an interface, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Specifies the interface, and enter interface configuration mode. The Switch(config)# interface interface-id interface can be a physical Layer 2 interface or a port channel (logical interface).
Page 593 Chapter 22 Configuring Resilient Ethernet Protocol Configuring REP Command Purpose Step 4 Enables REP on the interface, and identifies a segment number. The Switch(config-if)# rep segment segment-id edge no-neighbor primary segment ID range is from 1 to 1024. These optional keywords are preferred available.
Page 594 Chapter 22 Configuring Resilient Ethernet Protocol Configuring REP Command Purpose Step 6 (Optional) Configures VLAN load balancing on the primary edge Switch(config-if)# rep block port {id port-id neighbor_offset | preferred port, identify the REP alternate port in one of three ways, and vlan vlan-list configure the VLANs to be blocked on the alternate port.
Page 595: Setting Manual Preemption For Vlan Load Balancing
Chapter 22 Configuring Resilient Ethernet Protocol Configuring REP This example shows how to configure the same configuration when the interface has no external REP neighbor: Switch# configure terminal Switch (config)# interface gigabitethernet1/1 Switch (config-if)# rep segment 1 edge no-neighbor primary Switch (config-if)# rep stcn segment 2-5 Switch (config-if)# rep block port 0009001818D68700 vlan all Switch (config-if)# rep preempt delay 60...
Page 596: Configuring Snmp Traps For Rep
Chapter 22 Configuring Resilient Ethernet Protocol Monitoring REP Command Purpose Step 3 Manually triggers VLAN load balancing on the segment. Switch(config-if)# rep preempt segment segment-id You must confirm the command before it is executed. Step 4 Returns to privileged EXEC mode. Switch(config-if)# end Step 5 Displays REP topology information.
Page 597: Configuring Optional Stp Features
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 598: About Root Guard
Chapter 23 Configuring Optional STP Features About Root Guard location: http://www.cisco.com/en/US/products/ps6350/index.html About Root Guard Spanning Tree root guard forces an interface to become a designated port, to protect the current root status and prevent surrounding switches from becoming the root switch.
Page 599: C H A P T E R 23 Configuring Optional Stp Features
Chapter 23 Configuring Optional STP Features About Loop Guard This example shows how to determine whether any ports are in root inconsistent state: Switch# show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ---------------------- ------------------ VLAN0001 FastEthernet3/1 Root Inconsistent VLAN0001 FastEthernet3/2 Root Inconsistent VLAN1002 FastEthernet3/1 Root Inconsistent...
Page 600: Enabling Loop Guard
Chapter 23 Configuring Optional STP Features Enabling Loop Guard Figure 23-1 illustrates the following configuration: Switches A and B are distribution switches. • Switch C is an access switch. • Loop guard is enabled on ports 3/1 and 3/2 on Switches A, B, and C. •...
Page 601 Chapter 23 Configuring Optional STP Features Enabling Loop Guard Command Purpose Step 2 Exits configuration mode. Switch(config)# end Step 3 Verifies the configuration impact on a port. Switch# show spanning tree interface 4/4 detail This example shows how to enable loop guard globally: Switch(config)# spanning-tree loopguard default Switch(config)# Ctrl-Z This example shows how to verify the previous configuration of port 4/4:...
Page 602: About Etherchannel Guard
Chapter 23 Configuring Optional STP Features About EtherChannel Guard About EtherChannel Guard EtherChannel guard allows you to detect an EtherChannel misconfiguration between the switch and a connected device. A misconfiguration can occur if the interfaces of a switch are manually configured in an EtherChannel, and one or more interfaces on the other device are not.
Page 603: Enabling Portfast
Chapter 23 Configuring Optional STP Features Enabling PortFast unit (BPDU), spanning tree does not place the port into the blocking state. Spanning tree sets the port’s operating state to non-port fast even if the configured state remains port fast and starts participating in the topology change.
Page 604: About Bpdu Guard
Chapter 23 Configuring Optional STP Features About BPDU Guard About BPDU Guard Spanning Tree BPDU guard shuts down PortFast-configured interfaces that receive BPDUs, rather than putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. Reception of a BPDU by a PortFast-configured interface signals an invalid configuration, such as connection of an unauthorized device.
Page 605: About Portfast Bpdu Filtering
About PortFast BPDU Filtering About PortFast BPDU Filtering Cisco IOS Release 12.2(25)EW and later support PortFast BPDU filtering, which allows the administrator to prevent the system from sending or even receiving BPDUs on specified ports. When configured globally, PortFast BPDU filtering applies to all operational PortFast ports. Ports in an operational PortFast state are supposed to be connected to hosts that typically drop BPDUs.
Page 606 Chapter 23 Configuring Optional STP Features Enabling PortFast BPDU Filtering Switch(config)# Ctrl-Z This example shows how to verify the BPDU configuration in PVST+ mode: Switch# show spanning-tree summary totals Root bridge for:VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID is disabled Portfast is enabled by default...
Page 607: About Uplinkfast
Chapter 23 Configuring Optional STP Features About UplinkFast Switch# About UplinkFast UplinkFast is most useful in wiring-closet switches. This feature might not be useful for other types of Note applications. Spanning Tree UplinkFast provides fast convergence after a direct link failure and uses uplink groups to achieve load balancing between redundant Layer 2 links.
Page 608: Enabling Uplinkfast
Chapter 23 Configuring Optional STP Features Enabling UplinkFast Figure 23-3 UplinkFast After Direct Link Failure Switch A Switch B (Root) Link failure UplinkFast transitions port directly to forwarding state Switch C Enabling UplinkFast UplinkFast increases the bridge priority to 49,152 and adds 3000 to the spanning tree port cost of all interfaces on the switch, making it unlikely that the switch becomes the root switch.
Page 609: About Backbonefast
Chapter 23 Configuring Optional STP Features About BackboneFast Station update rate set to 150 packets/sec. UplinkFast statistics ----------------------- Number of transitions via uplinkFast (all VLANs) Number of proxy multicast addresses transmitted (all VLANs) :5308 Name Interface List -------------------- ------------------------------------ VLAN1 Fa6/9(fwd), Gi5/7 VLAN2 Gi5/7(fwd)
Page 610 Chapter 23 Configuring Optional STP Features About BackboneFast If the switch finds an alternate path to the root bridge, it uses this new alternate path. This new path, and any other alternate paths, are used to send a Root Link Query (RLQ) BPDU. When BackboneFast is enabled, the RLQ BPDUs are sent out as soon as an inferior BPDU is received.
Page 611: Enabling Backbonefast
Chapter 23 Configuring Optional STP Features Enabling BackboneFast Figure 23-5 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Figure 23-5 BackboneFast after Indirect Link Failure Switch A Switch B (Root) Blocked port Switch C If a new switch is introduced into a shared-medium topology as shown in Figure 23-6, BackboneFast is...
Page 612 Chapter 23 Configuring Optional STP Features Enabling BackboneFast Command Purpose Step 1 Switch(config)# [no] spanning-tree backbonefast Enables BackboneFast. Use You can use the no keyword to disable BackboneFast. Step 2 Exits configuration mode. Switch(config)# end Step 3 Verifies that BackboneFast is enabled. Switch# show spanning-tree backbonefast This example shows how to enable BackboneFast: Switch(config)# spanning-tree backbonefast...
Page 613 Chapter 23 Configuring Optional STP Features Enabling BackboneFast Number of RLQ response PDUs sent (all VLANs) Switch# This example shows how to display the total lines of the spanning tree state section: Switch# show spanning-tree summary totals Root bridge for:VLAN0001, VLAN1002-VLAN1005 Extended system ID is disabled Portfast...
Page 614 Chapter 23 Configuring Optional STP Features Enabling BackboneFast Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 23-18 OL-25340-01...
Page 615 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 616: C H A P T E R 24 Configuring Etherchannel And Link State Tracking
All interfaces in each EtherChannel must be the same speed and must be configured as either Layer 2 or Layer 3 interfaces. The network device to which a Catalyst 4500 series switch is connected may impose its own limits on Note the number of interfaces in an EtherChannel.
Page 617: Configuring Etherchannels
You can configure EtherChannels manually or use the Port Aggregation Control Protocol (PAgP) or the Link Aggregation Control Protocol (LACP) (Cisco IOS Release 12.2(25)EWA and later), to form EtherChannels. The EtherChannel protocols allow ports with similar characteristics to form an EtherChannel through dynamic negotiation with connected network devices.
Page 618: Ieee 802.3Ad Lacp Etherchannel Configuration
IEEE 802.3ad LACP EtherChannel Configuration Cisco IOS Release 12.2(25)EWA and later releases support IEEE 802.3ad LACP EtherChannels. LACP supports the automatic creation of EtherChannels by exchanging LACP packets between LAN ports. LACP packets are exchanged only between ports in passive and active modes.
Page 619: Load Balancing
Chapter 24 Configuring EtherChannel and Link State Tracking EtherChannel Configuration Guidelines and Restrictions LACP administrative key—LACP automatically configures an administrative key value equal to the • channel group identification number on each port configured to use LACP. The administrative key defines the ability of a port to aggregate with other ports.
Page 620: Configuring Etherchannel
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel For Layer 2 EtherChannels: • Assign all interfaces in the EtherChannel to the same VLAN, or configure them as trunks. – If you configure an EtherChannel from trunk interfaces, verify that the trunking mode and the –...
Page 621: Creating Port Channel Logical Interfaces
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel These sections describe Layer 3 EtherChannel configuration: Creating Port Channel Logical Interfaces, page 24-7 • Configuring Physical Interfaces as Layer 3 EtherChannels, page 24-7 • Creating Port Channel Logical Interfaces To move an IP address from a physical interface to an EtherChannel, you must delete the IP address from Note the physical interface before configuring it on the port channel interface.
Page 622 Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Command Purpose Step 3 Ensures that no IP address is assigned to the physical Switch(config-if)# no ip address interface. Step 4 Configures the interface in a port channel and Switch(config-if)# channel-group port_channel_number mode {active | on | auto | passive | desirable} specifies the PAgP or LACP mode.
Page 623 Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Timers: H - Hello timer is running. Q - Quit timer is running. S - Switching timer is running. I - Interface timer is running. Local information: Hello Partner PAgP Learning Group Port...
Page 624: Configuring Layer 2 Etherchannels
To configure Layer 2 EtherChannels, configure the Ethernet interfaces with the channel-group command. This operation creates the port channel logical interface. Cisco IOS software creates port channel interfaces for Layer 2 EtherChannels when you configure Note Layer 2 Ethernet interfaces with the channel-group command.
Page 625 Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel interface Port-channel2 switchport access vlan 10 switchport mode access Switch# The following two examples show how to verify the configuration of Fast Ethernet interface 5/6: Switch# show running-config interface fastethernet 5/6 Building configuration...
Page 626: Configuring Lacp Standalone Or Independent Mode
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Fa5/7 Time since last port bundled: 00h:23m:33s Fa5/6 Switch# Configuring LACP Standalone or Independent Mode This feature is particularly relevant when a port (A) in a Layer 2 LACP EtherChannel is connected to an unresponsive port (B) on the peer.
Page 627: Configuring The Lacp System Priority And System Id
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Switch# This example shows how to verify the state of port channel interface 1: Switch# show etherchannel 1 port-channel Port-channels in the group: --------------------------- Port-channel: Po13 (Primary Aggregator) ------------ Age of the Port-channel = 0d:00h:07m:57s Logical slot/port = 11/13...
Page 628: Configuring Etherchannel Load Balancing
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel This example shows how to verify the configuration: Switch# show lacp sys-id 23456,0050.3e8d.6400 Switch# The system priority is displayed first, followed by the MAC address of the switch. Configuring EtherChannel Load Balancing Load balancing can only be configured globally.
Page 629: Removing An Interface From An Etherchannel
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring EtherChannel IPv6: Source XOR Destination IP address Switch# Removing an Interface from an EtherChannel To remove an Ethernet interface from an EtherChannel, perform this task: Command Purpose Step 1 Selects a physical interface to configure. Switch(config)# interface {fastethernet | gigabitethernet | tengigabitethernet} slot/port Step 2...
Page 630: Displaying Etherchannel To A Virtual Switch System
Displaying EtherChannel to a Virtual Switch System Displaying EtherChannel to a Virtual Switch System Catalyst 4500 series switches support enhanced PAgP. If a Catalyst 4500 series switch is connected to a Catalyst 6500 series Virtual Switch System (VSS) by using a PAgP EtherChannel, the Catalyst 4500 series switch automatically serve as a VSS client, using enhanced PAgP on this EtherChannel for dual-active detection.
Page 631 (Catalyst 4500 series switch) Active_ID = B’s MAC As a remote switch, the Catalyst 4500 series switch supports stateful VSS client. In particular, the ID of the current active virtual switch is synchronized from the active supervisor engine to the redundant supervisor engine of the Catalyst 4500 series switch.
Page 632: Displaying Etherchannel Links To Vss
Chapter 24 Configuring EtherChannel and Link State Tracking Understanding Link-State Tracking Displaying EtherChannel Links to VSS To display the dual-active detection capability of a configured PAgP port channel, enter the show pagp port_channel_number dual-active command. The command provides the following information: •...
Page 633 Chapter 24 Configuring EtherChannel and Link State Tracking Understanding Link-State Tracking Figure 24-3 on page 24-20 shows a network configured with link-state tracking. To enable link-state tracking, create a link-state group, and specify the interfaces that are assigned to the link-state group. An interface can be an aggregation of ports (an EtherChannel), a single physical port in access or trunk mode, or a routed port.
Page 634 Chapter 24 Configuring EtherChannel and Link State Tracking Understanding Link-State Tracking As an example of a connectivity change from link-state group 1 to link-state group 2 on switch A, Figure 24-3 on page 24-20. If the upstream link for port 6 is lost, the link states of downstream ports 1 and 2 do not change.
Page 635: Configuring Link-State Tracking
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring Link-State Tracking Configuring Link-State Tracking These sections describe how to configure link-state tracking ports: Default Link-State Tracking Configuration, page 24-21 • Link-State Tracking Configuration Guidelines, page 24-21 • Configuring Link-State Tracking, page 24-21 •...
Page 636: Displaying Link-State Tracking Status
Chapter 24 Configuring EtherChannel and Link State Tracking Configuring Link-State Tracking Command Purpose Step 4 Specifies a link-state group, and configure the interface as either Switch(config-if)# link state group number ] {upstream | downstream} an upstream or downstream interface in the group.The group number can be 1 to 10;...
Page 637: About Igmp Snooping
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 638: C H A P T E R 25 Configuring Igmp Snooping And Filtering
Chapter 25 Configuring IGMP Snooping and Filtering About IGMP Snooping IGMP Snooping Querier, page 25-4 • Explicit Host Tracking, page 25-4 • Quality of service does not apply to IGMP packets. Note IGMP snooping allows a switch to snoop or capture information from IGMP packets transmitted between hosts and a router.
Page 639: Immediate-Leave Processing
Chapter 25 Configuring IGMP Snooping and Filtering About IGMP Snooping In contrast, IGMPv3 hosts send IGMPv3 membership reports (with the allow group record mode) to join a specific multicast group. When IGMPv3 hosts send membership reports (with the block group record) to reject traffic from all sources in the previous source list, the last host on the port is removed by immediate-leave if EHT is enabled.
Page 640: Igmp Configurable-Leave Timer
In Cisco IOS Release 12.2(31)SG and later, you can configure the length of time that the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group.
Page 641: Configuring Igmp Snooping
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Snooping Configuring IGMP Snooping When configuring IGMP, configure the VLAN in the VLAN database mode. See Chapter 15, Note “Configuring VLANs, VTP, and VMPS.” IGMP snooping allows switches to examine IGMP packets and make forwarding decisions based on their content.
Page 642: Enabling Igmp Snooping Globally
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Snooping Enabling IGMP Snooping Globally To enable IGMP snooping globally, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global configuration mode. Step 2 Enables IGMP snooping. Switch(config)# [no] ip igmp snooping Use the no keyword to disable IGMP snooping.
Page 643: Configuring Learning Methods
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Snooping This example shows how to enable IGMP snooping on VLAN 2 and verify the configuration: Switch# configure terminal Switch(config)# ip igmp snooping vlan 2 Switch(config)# end Switch# show ip igmp snooping vlan 2 Global IGMP Snooping configuration: ----------------------------------- IGMP snooping...
Page 644: Configuring A Static Connection To A Multicast Router
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Snooping This example shows how to configure IP IGMP snooping to learn from CGMP self-join packets: Switch# configure terminal Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp Switch(config)# end Switch# Configuring a Static Connection to a Multicast Router To configure a static connection to a multicast router, enter the ip igmp snooping vlan mrouter interface command on the switch.
Page 645: Configuring The Igmp Leave Timer
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Snooping This example shows how to enable IGMP immediate-leave processing on interface VLAN 200 and to verify the configuration: Switch# configure terminal Switch(config)# ip igmp snooping vlan 200 immediate-leave Configuring immediate leave on vlan 200 Switch(config)# end Switch# show ip igmp interface vlan 200 | include immediate leave Immediate leave...
Page 646: Configuring Igmp Snooping Querier
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Snooping Switch# show ip igmp snooping show ip igmp snooping Global IGMP Snooping configuration: ----------------------------------- IGMP snooping : Enabled IGMPv3 snooping : Enabled Report suppression : Enabled TCN solicit query : Disabled TCN flood query count Last Member Query Interval : 200 Vlan 1:...
Page 647: Configuring Explicit Host Tracking
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Snooping Command Purpose Step 8 Configures IGMP Snooping Querier tcn query count. Switch(config)# ip igmp snooping [vlan vlan_id] querier tcn query count value Step 9 Configures IGMP Snooping Querier tcn query interval. Switch(config)# ip igmp snooping [vlan vlan_id] querier tcn query interval value...
Page 648: Suppressing Multicast Flooding
When the topology changes, the Catalyst 4500 series switch takes special actions to ensure that multicast traffic is delivered to all multicast receivers in that VLAN.
Page 649: Igmp Snooping Switch Configuration
When the spanning tree protocol is running in a VLAN, a spanning tree topology change notification (TCN) is issued by the root switch in the VLAN. A Catalyst 4500 series switch that receives a TCN in a VLAN for which IGMP snooping has been enabled immediately enters into multicast flooding mode for a period of time until the topology restabilizes and the new locations of all multicast receivers are learned.
Page 650: Displaying Igmp Snooping Information
When a spanning tree root switch receives a topology change in an IGMP snooping-enabled VLAN, the switch issues a query solicitation that causes an Cisco IOS router to send out one or more general queries. The new command ip igmp snooping tcn query solicit causes the switch to send the query solicitation whenever it notices a topology change, even if that switch is not the spanning tree root.
Page 651: Displaying Querier Information
Chapter 25 Configuring IGMP Snooping and Filtering Displaying IGMP Snooping Information Displaying MAC Address Multicast Entries, page 25-18 • Displaying IGMP Snooping Information on a VLAN Interface, page 25-18 • Configuring IGMP Filtering, page 25-20 • Displaying Querier Information To display querier information, perform this task: Command Purpose Switch# show ip igmp snooping querier [vlan...
Page 652: Displaying Group Information
Chapter 25 Configuring IGMP Snooping and Filtering Displaying IGMP Snooping Information 40.40.40.2/224.10.10.10 Gi4/1 20.20.20.20 00:23:37 00:06:50 00:20:30 40.40.40.3/224.10.10.10 Gi4/2 20.20.2020 00:23:37 00:06:50 00:20:30 40.40.40.4/224.10.10.10Gi4/1 20.20.20.20 00:39:42 00:09:17 - 40.40.40.5/224.10.10.10Fa2/1 20.20.20.20 00:39:42 00:09:17 - 40.40.40.6/224.10.10.10 Fa2/1 20.20.20.20 00:09:47 00:09:17 - Switch# clear ip igmp snooping membership vlan 20 This example shows how to display host membership for interface gi4/1: Switch# show ip igmp snooping membership interface gi4/1 #channels: 5...
Page 653: Displaying Multicast Router Interfaces
Chapter 25 Configuring IGMP Snooping and Filtering Displaying IGMP Snooping Information This example shows how to display the host types and ports of a group in VLAN 1: Switch# show ip igmp snooping groups vlan 10 226.6.6.7 Vlan Group Version Ports --------------------------------------------------------- 226.6.6.7...
Page 654: Displaying Mac Address Multicast Entries
Chapter 25 Configuring IGMP Snooping and Filtering Displaying IGMP Snooping Information To display multicast router interfaces, perform this task: Command Purpose Displays multicast router interfaces. Switch# show ip igmp snooping mrouter vlan vlan_ID This example shows how to display the multicast router interfaces in VLAN 1: Switch# show ip igmp snooping mrouter vlan 1 vlan ports...
Page 655: Displaying Igmp Snooping Querier Information
Chapter 25 Configuring IGMP Snooping and Filtering Displaying IGMP Snooping Information This example shows how to display IGMP snooping information on VLAN 5: Switch# show ip igmp snooping vlan 5 Global IGMP Snooping configuration: ----------------------------------- IGMP snooping :Enabled IGMPv3 snooping support :Full Report suppression :Enabled...
Page 656: Configuring Igmp Filtering
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Filtering Vlan 2: IGMP switch querier status ------------------------------------------------ admin state : Enabled admin version source IP address : 1.2.3.4 query-interval (sec) : 55 max-response-time (sec) : 12 querier-timeout (sec) : 70 tcn query count : 10 tcn query interval (sec)
Page 657: Table
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Filtering Table 25-2 Default IGMP Filtering Settings Feature Default Setting IGMP filters No filtering IGMP maximum number of IGMP groups No limit IGMP profiles None defined Configuring IGMP Profiles To configure an IGMP profile and to enter IGMP profile configuration mode, use the ip igmp profile global configuration command.
Page 658: Applying Igmp Profiles
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Filtering To delete a profile, use the no ip igmp profile profile-number global configuration command. To delete an IP multicast address or range of IP multicast addresses, use the no range ip multicast address IGMP profile configuration command.
Page 659: Setting The Maximum Number Of Igmp Groups
Chapter 25 Configuring IGMP Snooping and Filtering Configuring IGMP Filtering Switch# show running-config interface fastethernet2/12 Building configuration... Current configuration : 123 bytes interface FastEthernet2/12 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 Setting the Maximum Number of IGMP Groups You can set the maximum number of IGMP groups that a Layer 2 interface can join by using the ip igmp max-groups interface configuration command.
Page 660: Displaying Igmp Filtering Configuration
Chapter 25 Configuring IGMP Snooping and Filtering Displaying IGMP Filtering Configuration interface FastEthernet2/12 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 Displaying IGMP Filtering Configuration You can display IGMP profile and maximum group configuration for all interfaces on the switch or for a specified interface.
Page 661: About Mld Snooping
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 662: Chapter 26 Configuring Ipv6 Mld Snooping
Chapter 26 Configuring IPv6 MLD Snooping About MLD Snooping MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners (nodes that want to receive IPv6 multicast packets) on its directly attached links and to discover which multicast packets are of interest to neighboring nodes.
Page 663: Mld Queries
Chapter 26 Configuring IPv6 MLD Snooping About MLD Snooping MLD Queries The switch sends out MLD queries, constructs an IPv6 multicast address database, and generates MLD group-specific and MLD group-and-source-specific queries in response to MLD Done messages. The switch also supports report suppression, report proxying, Immediate-Leave functionality, and static IPv6 multicast MAC-address configuration.
Page 664: Mld Reports
Chapter 26 Configuring IPv6 MLD Snooping About MLD Snooping MLD Reports The processing of MLDv1 join messages is essentially the same as with IGMPv2. When no IPv6 multicast routers are detected in a VLAN, reports are not processed or forwarded from the switch. When IPv6 multicast routers are detected and an MLDv1 report is received, an IPv6 multicast group address and an IPv6 multicast MAC address are entered in the VLAN MLD database.
Page 665: Table
Chapter 26 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping configuration command. The default is to send two queries. The switch also generates MLDv1 global Done messages with valid link-local IPv6 source addresses when the switch becomes the STP root in the VLAN or when it is configured by the user.
Page 666: Mld Snooping Configuration Guidelines
The total number of IPv4 and IPv6 multicast groups entries that can coexist on the Catalyst 4500 series switch is limited to 16384. The supervisor engine with 512 MB of memory supports about 11000 MLD Snooping multicast •...
Page 667: Configuring A Static Multicast Group
Chapter 26 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number. Configuring a Static Multicast Group Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure an IPv6 multicast address and member ports for a VLAN.
Page 668: Enabling Mld Immediate Leave
Chapter 26 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Command Purpose Step 1 Switch# configure terminal Enters global configuration mode. Step 2 Specifies the multicast router VLAN ID, and specify the Switch(config)# ipv6 mld snooping vlan vlan-id mrouter interface interface-id interface to the multicast router.
Page 669: Configuring Mld Snooping Queries
Chapter 26 Configuring IPv6 MLD Snooping Configuring IPv6 MLD Snooping Configuring MLD Snooping Queries When Immediate Leave is not enabled and a port receives an MLD Done message, the switch generates MASQs on the port and sends them to the IPv6 multicast address for which the Done message was sent. You can optionally configure the number of MASQs that are sent and the length of time the switch waits for a response before deleting the port from the multicast group.
Page 670: Disabling Mld Listener Message Suppression
Chapter 26 Configuring IPv6 MLD Snooping Displaying MLD Snooping Information Switch# configure terminal Switch(config)# ipv6 mld snooping robustness-variable 3 Switch(config)# exit This example shows how to set the MLD snooping last-listener query count for a VLAN to 3: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 200 last-listener-query-count 3 Switch(config)# exit This example shows how to set the MLD snooping last-listener query interval (maximum response time)
Page 671 Chapter 26 Configuring IPv6 MLD Snooping Displaying MLD Snooping Information Table 26-2 Commands for Displaying MLD Snooping Information Command Purpose Displays the MLD snooping configuration information for all VLANs show ipv6 mld snooping [vlan vlan-id] on the switch or for a specified VLAN. (Optional) Enter vlan vlan-id to display information for a single VLAN.
Page 672 Chapter 26 Configuring IPv6 MLD Snooping Displaying MLD Snooping Information Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 26-12 OL-25340-01...
Page 673 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 674: C H A P T E R 27 Configuring 802.1Q Tunneling, Vlan Mapping, And Layer 2 Protocol Tunneling
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling About 802.1Q Tunneling About 802.1Q Tunneling The VLAN ranges required by different customers in the same service provider network might overlap, and customer traffic through the infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer restricts customer configurations and could easily exceed the VLAN limit (4096) of the 802.1Q specification.
Page 675: Configuring 802.1Q Tunneling
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring 802.1Q Tunneling Figure 27-2 Original (Normal), 802.1Q, and Double-Tagged Ethernet Packet Formats (IA, MA) (IB, MB) (IC, MC) When the packet enters the trunk port of the service provider egress switch, the metro tag is again stripped as the switch processes the packet.
Page 676: Native Vlans
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring 802.1Q Tunneling Native VLANs When configuring 802.1Q tunneling on an edge switch, you must use 802.1Q trunk ports for sending packets into the service provider network. However, packets going through the core of the service provider network can be carried through 802.1Q trunks, ISL trunks, or nontrunking links.
Page 677: System Mtu
Q = 802.1Q trunk ports System MTU The default system MTU for traffic on the Catalyst 4500 series switch is 1500 bytes. You can configure the switch to support larger frames by using the system mtu global configuration command. Because the 802.1Q tunneling feature increases the frame size by 4 bytes when the metro tag is added, you must...
Page 678: Configuring An 802.1Q Tunneling Port
Loopback detection is supported on 802.1Q tunnel ports. • When a port is configured as an 802.1Q tunnel port, spanning-tree bridge protocol data unit (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) is automatically disabled on the interface. Configuring an 802.1Q Tunneling Port To configure a port as an 802.1Q tunnel port, perform this task:...
Page 679: About Vlan Mapping
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling About VLAN Mapping Switch(config-if)# exit Switch(config)# vlan dot1q tag native Switch(config)# end Switch# show dot1q-tunnel interface gigabitethernet2/7 Port ----- LAN Port(s) ----- Gi2/7 Switch# show vlan dot1q tag native dot1q native vlan tagging is enabled globally About VLAN Mapping In a typical deployment of VLAN mapping, you want the service provider to provide a transparent...
Page 680 SP Network Customer B edge switch All forwarding operations on the Catalyst 4500 series switch are performed using S-VLAN and not C-VLAN information because the VLAN ID is mapped to the S-VLAN on ingress. Note When you configure features on a port configured for VLAN mapping, you always use the S-VLAN rather than the customer VLAN-ID (C-VLAN).
Page 681: Mapping Customer Vlans To Service-Provider Vlans
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping Mapping Customer VLANs to Service-Provider VLANs Figure 27-5 shows a topology where a customer uses the same VLANs in multiple sites on different sides of a service-provider network. You map the customer VLAN IDs to service-provider VLAN IDs for packet travel across the service-provider backbone.
Page 682: Vlan Mapping Configuration Guidelines
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping VLAN Mapping Configuration Guidelines Guidelines include the following: Traditional QinQ uses 802.1Q tunnel ports; you configure one-to-one VLAN mapping and selective • QinQ on 802.1Q trunk ports. •...
Page 683: Configuring Vlan Mapping
“Monitoring and Maintaining Tunneling Status” section on page 27-18 for the syntax of these commands. For more information about all commands in this section, see the Catalyst 4500 Series Switch Software Command Reference for this release. The following VLAN mapping types are discussed: One-to-One Mapping, page 27-11 •...
Page 684: Traditional Q-In-Q On A Trunk Port
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping Switch(config-if)# switchport vlan mapping 4 104 Switch(config-if)# switchport vlan mapping 4 105 Switch(config-if)# exit In the previous example, at the ingress of the service-provider network, VLAN IDs 1 to 5 in the customer network are mapped to VLANs 101 to 105, in the service provider network.
Page 685: About Layer 2 Protocol Tunneling
• CDP discovers and shows information about the other Cisco devices connected through the service provider network. Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 686 Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling About Layer 2 Protocol Tunneling VTP provides consistent VLAN configuration throughout the customer network, propagating to all • switches through the service provider. Layer 2 protocol tunneling can enabled on trunk, access and tunnel ports. If protocol tunneling is not enabled, remote switches at the receiving end of the service provider network do not receive the PDUs and cannot properly run STP, CDP, and VTP.
Page 687: Configuring Layer 2 Protocol Tunneling
PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0). If 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the customer metro tag, and the inner tag is the customer’s VLAN tag.
Page 688: Default Layer 2 Protocol Tunneling Configuration
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Layer 2 Protocol Tunneling Configuration Guidelines, page 27-16 • Configuring Layer 2 Tunneling, page 27-17 • Default Layer 2 Protocol Tunneling Configuration Table 27-1 shows the default configuration for Layer 2 protocol tunneling.
Page 689: Configuring Layer 2 Tunneling
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Because tunneled PDUs (especially STP BPDUs) must be delivered to all remote sites so that the • customer virtual network operates properly, you can give PDUs higher priority within the service provider network than data packets received from the same tunnel port.
Page 690: Monitoring And Maintaining Tunneling Status
Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Monitoring and Maintaining Tunneling Status Command Purpose Step 8 (Optional) Configures the recovery method from a Layer 2 maximum-rate Switch(config)# errdisable recovery cause l2ptguard error so that the interface is reenabled and can try again. Errdisable recovery is disabled by default;...
Page 691 Switch# show vlan dot1q native Note With Cisco IOS Release 12.2(20)EW, the BPDU filtering configuration for both dot1q and Layer 2 protocol tunneling is no longer visible in the running configuration as spanning-tree bpdufilter enable. The configuration is visible in the output of the show spanning tree int detail command.
Page 692 Chapter 27 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Monitoring and Maintaining Tunneling Status Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 27-20 OL-25340-01...
Page 693: About Cdp
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 694: Chapter 28 Configuring Cdp
Chapter 28 Configuring CDP Configuring CDP CDP runs on all LAN and WAN media that support Subnetwork Access Protocol (SNAP). Each CDP-configured device sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain the time-to-live, or holdtime information, which indicates the length of time a receiving device should hold CDP information before discarding it.
Page 695: Enabling Cdp On An Interface
Chapter 28 Configuring CDP Configuring CDP Enabling CDP on an Interface To enable CDP on an interface, use this command: Command Purpose Enables CDP on an interface. Switch(config-if)# [no] cdp enable Use the no keyword to disable CDP on an interface. This example shows how to enable CDP on Fast Ethernet interface 5/1: Switch(config)# interface fastethernet 5/1 Switch(config-if)# cdp enable...
Page 696 Chapter 28 Configuring CDP Configuring CDP Command Purpose Displays information about a specific neighbor. The Switch# show cdp entry entry_name [protocol | version] display can be limited to protocol or version information. Switch# show cdp interface Displays information about interfaces on which CDP is [type/number] enabled.
Page 697: About Lldp, Lldp-Med, And Location Service
• LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Page 698: C H A P T E R 29 Configuring Lldp, Lldp-Med, And Location Service
Configuring LLDP, LLDP-MED, and Location Service About LLDP, LLDP-MED, and Location Service To support non-Cisco devices and to allow for interoperability between other devices, the switch supports the IEEE 802.1AB LLDP. LLDP is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network.
Page 699: Location Service
The location service feature enables the switch to provide location and attachment tracking information for its connected devices to a Cisco Mobility Services Engine (MSE). The tracked device can be a wireless endpoint, a wired endpoint, or a wired switch or controller. The switch informs device link up and link-down events through Network Mobility Services Protocol (NMSP) location and attachment notifications to the MSE.
Page 700: Configuring Lldp And Lldp-Med, And Location Service
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Slot, port, and port-type • Client’s MAC address • Client’s IP address • 802.1X username if applicable • Device category is specified as a wired station •...
Page 701: Default Lldp Configuration
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Default LLDP Configuration Table 29-1 shows the default LLDP configuration. To change the default settings, use the LLDP global configuration and LLDP interface configuration commands. Table 29-1 Default LLDP Configuration Feature...
Page 702: Disabling And Enabling Lldp Globally
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 6 Saves your entries in the configuration file. Switch(config)# copy running-config startup-config Step 7 (Optional) Specifies the LLDP-MED TLVs to send or receive. Switch(config)# lldp med-tlv-select Note Use the no form of each of the LLDP commands to return to the default setting.
Page 703: Disabling And Enabling Lldp On An Interface
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 2 Enables LLDP. Switch(config)# lldp run Step 3 Returns to privileged EXEC mode. Switch(config)# end This example shows how to globally disable LLDP: Switch# configure terminal Switch(config)# no lldp run Switch(config)# end...
Page 704 Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 5 Returns to privileged EXEC mode. Switch(config)# end Step 6 Saves your entries in the configuration file. Switch# copy running-config startup-config This example shows how to enable LLDP on an interface: Switch# configure terminal Switch(config)# interface GigabitEthernet 1/1 Switch(config-if)# lldp transmit...
Page 705: Configuring Lldp-Med Tlvs
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Configuring LLDP-MED TLVs By default, the switch only sends LLDP packets until it receives LLDP-MED packets from the end device. The switch continues to send LLDP-MED packets until it only receives LLDP packets. By using the lldp interface configuration command, you can configure the interface not to send the TLVs listed in Table...
Page 706: Configuring Network-Policy Profile
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Configuring Network-Policy Profile To create a network-policy profile, configure the policy attributes, and apply it to an interface, perform this task: Command Purpose Step 1 Enters global configuration mode.
Page 707: Configuring Lldp Power Negotiation
Switch(config-network-policy)# voice vlan dot1p dscp 34 Note As of Cisco IOS Release 12.2(54)SG, the Catalyst 4500 series switch supports only 2 applications: voice and voice signaling. The default cos/dscp values for a voice application is 5/46 and for voice signaling is 3/24.
Page 708: Configuring Location Tlv And Location Service
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 3 Enables LLDP power negotiation. Switch(config-if)# lldp tlv-select power-management Step 4 Returns to privileged EXEC mode. Switch(config-if)# end Step 5 Switch# copy running-config (Optional) Saves your entries in the configuration file.
Page 709 Note Your switch must be running the cryptographic (encrypted) software image in order to enable the location service feature. Your Cisco Mobility Service Engine (MSE) must be running Heitz 6.0 or later software image to support wired location service Command...
Page 710: Monitoring And Maintaining Lldp, Lldp-Med, And Location Service
Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Monitoring and Maintaining LLDP, LLDP-MED, and Location Service Command Purpose Step 4 Specifies the NMSP notification interval. Switch(config)# nmsp notification interval {attachment | location} attachment—Specify the attachment notification interval. interval-seconds location—Specify the location notification interval. interval-seconds—Duration in seconds before a switch sends the location or attachment updates to the MSE.
Page 711: Cisco Ios Carries Ethernet Features In Cisco Ios Xe 3.1.0Sg
[detail] Cisco IOS Carries Ethernet Features in Cisco IOS XE 3.1.0SG This section provides a list of High Availability software features that are supported in Cisco IOS XE 3.1.0SG. Links to the feature documentation are included. Feature guides may contain information about more than one feature. To find information about a specific feature within a feature guide, see the Feature Information table at the end of the guide.
Page 712 Chapter 29 Configuring LLDP, LLDP-MED, and Location Service Cisco IOS Carries Ethernet Features in Cisco IOS XE 3.1.0SG Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 29-16 OL-25340-01...
Page 713: About Udld
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 714: Chapter 30 Configuring Udld
Configuring UDLD About UDLD Starting with Cisco IOS Release 12.2(54)SG, the enhancement Fast UDLD was added, which supports timers in the few-hundred milliseconds range, which enables subsecond unidirectional link detection. With Fast UDLD, the time to detect a unidirectional link can vary from less than one second to a few seconds (the detection time also depends on how the timers are configured).
Page 715: Operation Modes
Chapter 30 Configuring UDLD About UDLD Figure 30-2 Fast UDLD Topology EtherChannel consisting of two interfaces Switch A Switch B Note For Fast UDLD, Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, Supervisor 6L-E, Supervisor 7-E, and Supervisor Engine 7L-E support up to 32 ports. Operation Modes UDLD and Fast UDLD support the following operation modes: Normal—A UDLD-capable port (A) periodically sends a UDLD probe to a second port (B).
Page 716: Default Udld Configuration
Chapter 30 Configuring UDLD Default UDLD Configuration Default UDLD Configuration Table 30-1 shows the UDLD default configuration. Table 30-1 UDLD Default Configuration Feature Default Status UDLD global enable state Globally disabled. UDLD per-interface enable state for fiber-optic media Enabled on all Ethernet fiber-optic interfaces. UDLD per-interface enable state for twisted-pair (copper) media Disabled on all Ethernet 10/100 and 1000BASE-TX interfaces.
Page 717: Enabling Udld Globally
The range is from 1 to 90 seconds. Prior to Cisco IOS Release 12.2(31)SGA, the Note timer range is 7 to 90 seconds. With Cisco IOS Release 12.2(31)SGA, the timer range is 1 to 90 seconds.
Page 718: Enabling Udld On Individual Interfaces
Chapter 30 Configuring UDLD Configuring UDLD on the Switch Enabling UDLD on Individual Interfaces To enable UDLD on individual interfaces, perform this task: Command Purpose Step 1 Switch(config-if)# udld port Enables UDLD in normal mode on a specific interface. On a fiber-optic interface, this command overrides the udld enable global configuration command setting.
Page 719: Disabling Udld On Individual Interfaces
Chapter 30 Configuring UDLD Configuring UDLD on the Switch Disabling UDLD on Individual Interfaces To disable UDLD on individual interfaces, perform this task: Command Purpose Step 1 Switch(config-if)# no udld port Disables UDLD on an interface. The following applies: • On fiber-optic interfaces, the no udld port command reverts the interface configuration to the setting established with the udld enable global...
Page 720: Configuring A Udld Probe Message Interval Globally
1 to 90 seconds. Prior to Cisco IOS Release 12.2(31)SGA, the Note time interval is 7 to 90 seconds. With Cisco IOS Release 12.2(31)SGA, the time interval is 1 to 90 second.
Page 721: Displaying Udld Link Status
Chapter 30 Configuring UDLD Displaying UDLD Link Status Displaying UDLD Link Status To verify link status reported by UDLD, enter the following command: Switch# show udld neighbors Port Device Name Device ID Port ID Neighbor State ---- ----------- --------- ------- -------------- Gi1/33 FOX10430380...
Page 722 Chapter 30 Configuring UDLD Displaying UDLD Link Status To verify status for a particular link as reported by Fast UDLD, enter the following command: Switch# show udld fast-hello g1/33 Interface Gi1/33 Port enable administrative configuration setting: Enabled / in aggressive mode Port enable operational state: Enabled / in aggressive mode Current bidirectional state: Bidirectional Current operational state: Advertisement - Single neighbor detected...
Page 723 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 724: C H A P T E R 31 Configuring Unidirectional Ethernet
Chapter 31 Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet You must configure Unidirectional Ethernet on the non-blocking Gigabit Ethernet Port, which Note automatically disables UDLD on the port. To enable Unidirectional Ethernet, perform this task: Command Purpose Step 1 Selects the interface to configure.
Page 725: Configuring Unidirectional Ethernet
Chapter 31 Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet This example shows how to verify the configuration: Switch> show interface gigabitethernet 1/1 unidirectional show interface gigabitethernet 1/1 unidirectional Unidirectional configuration mode: send only CDP neighbor unidirectional configuration mode: receive only This example shows how to disable Unidirectional Ethernet on Gigabit Ethernet interface 1/1: Switch# configure terminal Enter configuration commands, one per line.
Page 726 Chapter 31 Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 31-4 OL-25340-01...
Page 727: About Layer 3 Interfaces
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 728: Chapter 32 Configuring Layer 3 Interface
Chapter 32 Configuring Layer 3 Interfaces About Layer 3 Interfaces On a Catalyst 4500 Series Switch, a physical Layer 3 interface has MAC address learning enabled. Note This section contains the following subsections: Logical Layer 3 VLAN Interfaces, page 32-2 •...
Page 729: Understanding Svi Autostate Exclude
Chapter 32 Configuring Layer 3 Interfaces About Layer 3 Interfaces Figure 32-2 Physical Layer 3 Interfaces for the Catalyst 4500 Series Switch Router Interface Ethernet Interface Ethernet 1.1.1.1 2.1.1.1 Host 1 Host 2 Physical Inter-VLAN Routing on a Catalyst 4500 series switch...
Page 730 Chapter 32 Configuring Layer 3 Interfaces About Layer 3 Interfaces Input multicast • Output unicast • Output multicast • For each counter type, both the number of packets and the total number of bytes received or transmitted are counted. You can collect these statistics uniquely for IPv4 and IPv6 traffic. Because the total number of supported Layer 3 interfaces exceeds the number of counters supported by hardware, all Layer 3 interfaces might not have counters.
Page 731: Configuration Guidelines
A Catalyst 4500 series switch does not support subinterfaces or the encapsulation keyword on Layer 3 Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet interfaces. As with any Layer 3 interface running Cisco IOS software, the IP address and network assigned to an Note SVI cannot overlap those assigned to any other Layer 3 interface on the switch.
Page 732: Configuring Logical Layer 3 Vlan Interfaces
Chapter 32 Configuring Layer 3 Interfaces Configuring Logical Layer 3 VLAN Interfaces Configuring Logical Layer 3 VLAN Interfaces Before you can configure logical Layer 3 VLAN interfaces, you must create and configure the VLANs Note on the switch, assign VLAN membership to the Layer 2 interfaces, enable IP routing if IP routing is disabled, and specify an IP routing protocol.
Page 733: Configuring Vlans As Layer 3 Interfaces
Chapter 32 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 interface resets 0 output buffer failures, 0 output buffers swapped out...
Page 734 Chapter 32 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces To apply SVI Autostate Exclude, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Enters interface configuration mode. Switch(config)# interface interface-id Step 3 Excludes the access ports and trunks in defining the Switch(config-if)# switchport autostate exclude...
Page 735: Configuring Ip Mtu Sizes
Chapter 32 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces Configuring IP MTU Sizes You can set the protocol-specific maximum transmission unit (MTU) size of IPv4 or IPv6 packets that are sent on an interface. For information on MTU limitations, refer to “Maximum Transmission Units” on page 25. To set the nonprotocol-specific MTU value for an interface, use the mtu interface configuration Note command.
Page 736: Configuring Layer 3 Interface Counters
Chapter 32 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces The following example shows how to configure IPv6 MTU on an interface: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface vlan 1 Switch(config-if)# ipv6 mtu 1280 Switch(config)# end This example shows how to verify the configuration...
Page 737 Chapter 32 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces Command Purpose Step 3 Enables counters. Switch(config-if)# counter {ipv4 | ipv6 | ipv4 ipv6 separate> counter —Enables collection of IPv4 and IPv6 statistics and displays them as a sum counter ipv4 —...
Page 738: Configuring Physical Layer 3 Interfaces
Chapter 32 Configuring Layer 3 Interfaces Configuring Physical Layer 3 Interfaces Configuring Physical Layer 3 Interfaces Before you can configure physical Layer 3 interfaces, you must enable IP routing if IP routing is Note disabled, and specify an IP routing protocol. To configure physical Layer 3 interfaces, perform this task: Command Purpose...
Page 739: Configuring Eigrp Stub Routing
Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing line vty 0 4 Configuring EIGRP Stub Routing This section consists of the following subsections: About EIGRP Stub Routing, page 32-13 • Configuring EIGRP Stub Routing, page 32-14 • Monitoring and Maintaining EIGRP, page 32-19 •...
Page 740: Configuring Eigrp Stub Routing
Host C For more information about EIGRP stub routing, see the “Configuring EIGRP Stub Routing” part of the Cisco IOS IP Configuration Guide, Volume 2 of 3: Routing Protocols, Release 12.2. Configuring EIGRP Stub Routing The EIGRP stub routing feature improves network stability, reduces resource utilization, and simplifies stub switch configuration.
Page 741: Dual-Homed Remote Topology
By default, the ip classless command is enabled in all Cisco IOS images that support the EIGRP stub routing feature. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur.
Page 742 Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Figure 32-5 Simple Dual-Homed Remote Topology Distribution router 1 (hub) Corporate network Remote router (spoke) Distribution router 2 (hub) Figure 32-5 shows a simple dual-homed remote with one remote router and two distribution routers. Both distribution routers maintain routes to the corporate network and stub network 10.1.1.0/24.
Page 743 Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing network. The use of the lower bandwidth route that passes using the remote router might cause WAN EIGRP distribution routers to be dropped. Serial lines on distribution and remote routers could also be dropped, and EIGRP SIA errors on the distribution and core routers could occur.
Page 744: Eigrp Stub Routing Configuration Tasks
Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Multi-access interfaces, such as ATM, Ethernet, Frame Relay, ISDN PRI, and X.25, are supported by the Note EIGRP stub routing feature only when all routers on that interface, except the hub, are configured as stub routers.
Page 745: Monitoring And Maintaining Eigrp
Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing (sec) (ms) Cnt Num 10.1.1.2 Se3/1 11 00:00:59 4500 Version 12.1/1.2, Retrans: 2, Retries: 0 Stub Peer Advertising ( CONNECTED SUMMARY ) Routes Monitoring and Maintaining EIGRP To delete neighbors from the neighbor table, use the following command: Command Purpose Switch# clear ip eigrp neighbors [ip-address |...
Page 746: Route Authentication Example
Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing default route learned from the neighbors is displaced by the summary default route, or if the summary route is the only default route present, all traffic destined for the default route does not leave the router. Instead, this traffic is sent to the null 0 interface where it is dropped.
Page 747 Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing static • summary • This section provides configuration examples for all forms of the eigrp stub command. The eigrp stub command can be modified with several options, and these options can be used in any combination except for the receive-only keyword.
Page 748 Chapter 32 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 32-22 OL-25340-01...
Page 749: About Cef
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 750: C H A P T E R 33 Configuring Cisco Express Forwarding
IP routing table. On the Catalyst 4500 series switches, CEF loads the FIB in to the integrated switching engine hardware to increase the performance of forwarding. The integrated switching engine has a finite number of forwarding slots for storing routing information.
Page 751: Adjacency Resolution
When the Layer 2 information is known, the packet is forwarded to the route processor, and the adjacency is determined through ARP. Catalyst 4500 Series Switch Implementation of CEF Catalyst 4500 series switches support an ASIC-based integrated switching engine that provides these features: Ethernet bridging at Layer 2 •...
Page 752: Hardware And Software Switching
Chapter 33 Configuring Cisco Express Forwarding Catalyst 4500 Series Switch Implementation of CEF Figure 33-1 Logical L2/L3 Switch Components Integrated Switching Engine (ASIC) L3 physical interface Gig 1/1 Logical Router L3 logical interfaces VLAN1 VLAN2 L2 switchports The integrated switching engine performs inter-VLAN routing on logical Layer 3 interfaces with the ASIC hardware.
Page 753: Hardware Switching
Chapter 33 Configuring Cisco Express Forwarding Catalyst 4500 Series Switch Implementation of CEF Figure 33-2 Hardware and Software Switching Components Integrated Switching Engine CPU Subsystem L3 physical interface Gig 1/1 Router L3 interfaces VLAN1 VLAN2 tunnel tunnel L2 switchports The integrated switching engine performs inter-VLAN routing in hardware. The CPU subsystem software supports Layer 3 interfaces to VLANs that use Subnetwork Access Protocol (SNAP) encapsulation.
Page 754: Load Balancing
Software Interfaces Cisco IOS for the Catalyst 4500 series switch supports GRE and IP tunnel interfaces that are not part of the hardware forwarding engine. All packets that flow to or from these interfaces must be processed in software and have a significantly lower forwarding rate than that of hardware-switched interfaces.
Page 755: Configuring Load Balancing For Cef
Switch (config)# [no] ip cef load-sharing algorithm include-ports source and destination ports. destination] Use the no keyword to set the switch to use the default Cisco IOS load-sharing algorithm. Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 33-7 OL-25340-01...
Page 756: Viewing Cef Information
Chapter 33 Configuring Cisco Express Forwarding Monitoring and Maintaining CEF The include-ports option does not apply to software-switched traffic on the Catalyst 4500 series Note switches. Viewing CEF Information You can view the collected CEF information. To view CEF information, perform this task:...
Page 757 Chapter 33 Configuring Cisco Express Forwarding Monitoring and Maintaining CEF This example shows how to display IP unicast statistics for fastethernet 3/1: Switch# show interface fastethernet 3/1 counters detail Port InBytes InUcastPkts InMcastPkts InBcastPkts Fa3/1 7263539133 5998222 6412307 Port OutBytes...
Page 758 Chapter 33 Configuring Cisco Express Forwarding Monitoring and Maintaining CEF Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 33-10 OL-25340-01...
Page 759: About Unicast Reverse Path Forwarding
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 760: C H A P T E R 34 Configuring Unicast Reverse Path Forwarding
This ability to look backwards is available only when Cisco Express Forwarding (CEF) is enabled on the switch, because the lookup relies on the presence of the Forwarding Information Base (FIB). CEF generates the FIB as part of its operation.
Page 761 Chapter 34 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding The packet is forwarded. Step 5 This section provides information about Unicast RPF enhancements: Access control lists and logging • • Per-interface statistics Figure 34-1 illustrates how Unicast RPF and CEF work together to validate IP source addresses by verifying packet return paths.
Page 762: Implementing Unicast Rpf
Chapter 34 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding Figure 34-2 Unicast RPF Dropping Packets That Fail Verification Routing table: 192.168.0.0 via 172.19.66.7 172.19.0.0 directly connected, FDDI 2/0/0 CEF table: 192.168.0.0 172.19.66.7 FDDI 2/0/0 172.19.0.0 attached FDDI 2/0/0 Adjacency table: FDDI 2/0/0 172.19.66.7...
Page 763: Security Policy And Unicast Rpf
Chapter 34 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding This section provides information about the implementation of Unicast RPF: Security Policy and Unicast RPF, page 34-5 • Where to Use Unicast RPF, page 34-5 • Routing Table Requirements, page 34-7 •...
Page 764 Chapter 34 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding ACLs work well for many single-homed customers; however, there are trade-offs when ACLs are used as ingress filters, including two commonly referenced limitations: • Packet per second (PPS) performance at very high packet rates This restriction applies only to software packet forwarding.
Page 765: Routing Table Requirements
Chapter 34 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding Unicast RPF works with a single default route. No additional routes or routing protocols exist. Network 192.168.10.0/22 is a connected network. Packets arriving from the Internet with a source address in the range 192.168.10.0/22 are dropped by Unicast RPF.
Page 766: Unicast Rpf With Bootp And Dhcp
Related Features and Technologies For more information about Unicast RPF-related features and technologies, review the following: Unicast RPF requires Cisco express forwarding (CEF) to function properly on the switch. For more • information about CEF, refer to the Cisco IOS Switching Services Configuration Guide.
Page 767: Prerequisites To Configuring Unicast Rpf
Internet or to other networks, you can permit only packets with valid source IP addresses to leave your network. For more information on network filtering, refer to RFC 2267 and to the Cisco IOS IP Configuration Guide.
Page 768: Verifying Unicast Rpf
Chapter 34 Configuring Unicast Reverse Path Forwarding Unicast RPF Configuration Tasks To configure Unicast RPF, perform the following task: Command Purpose Step 1 Selects the input interface on which you want to Switch(config-if)# interface type apply Unicast RPF. it is the receiving interface, allowing Unicast RPF to verify the best return path before forwarding the packet on to the next destination.
Page 769: Monitoring And Maintaining Unicast Rpf
Chapter 34 Configuring Unicast Reverse Path Forwarding Monitoring and Maintaining Unicast RPF Monitoring and Maintaining Unicast RPF To monitor and maintain Unicast RFP, perform this task: Command Purpose Switch# show ip traffic Displays global switch statistics about Unicast RPF drops and suppressed drops.
Page 770: Unicast Rpf Configuration Example: Inbound And Outbound Filters
Chapter 34 Configuring Unicast Reverse Path Forwarding Unicast RPF Configuration Example: Inbound and Outbound Filters The show access-lists command displays the number of matches found for a specific entry in a specific access list. Switch> show access-lists Extended IP access list 197 deny ip 192.168.201.0 0.0.0.63 any log-input (1 match) permit ip 192.168.201.64 0.0.0.63 any log-input (1 match) deny ip 192.168.201.128 0.0.0.63 any log-input...
Page 771: About Ip Multicast
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 772: Chapter 35 Configuring Ip Multicast
IP multicast group. In the multicasting process on the Catalyst 4500 series switch, a packet is replicated in the Integrated Switching Engine, forwarded to the appropriate output interfaces, and sent to each member of the multicast group.
Page 773: Internet Group Management Protocol
Chapter 35 Configuring IP Multicast About IP Multicast Figure 35-1 IP Multicast Routing Protocols Host A Catalyst 4500 series switch Router Internet IGMP and Host B IGMP Snooping Internet Group Management Protocol IGMP messages are used by IP multicast hosts to send their local Layer 3 switch or router a request to join a specific multicast group and begin receiving multicast traffic.
Page 774: Rendezvous Point (Rp)
(RPs). Senders to a multicast group use RPs to announce their presence. Receivers of multicast packets use RPs to learn about new senders. You can configure Cisco IOS software so that packets for a single multicast group can use one or more RPs.
Page 775: Cef, Mfib, And Layer 2 Forwarding
S/M, 224/4, page 35-12 CEF, MFIB, and Layer 2 Forwarding The implementation of IP multicast on the Catalyst 4500 series switch is an extension of centralized Cisco Express Forwarding (CEF). CEF extracts information from the unicast routing table, which is created by unicast routing protocols, such as BGP, OSPF, and EIGR and loads it into the hardware Forwarding Information Base (FIB).
Page 776 FIB and Replica Expansion Table (RET). The Catalyst 4500 series switch performs Layer 3 routing and Layer 2 bridging at the same time. There can be multiple Layer 2 switch ports on any VLAN interface. To determine the set of output switch ports on which to forward a multicast packet, the Supervisor Engine III combines Layer 3 MFIB information with Layer 2 forwarding information and stores it in the hardware MET for packet replication.
Page 777: Ip Multicast Tables
(1/1,1/2, 2/1, 2/2, 3/1, and 3/2). IP Multicast Tables Figure 35-4 shows some key data structures that the Catalyst 4500 series switch uses to forward IP multicast packets in hardware. Figure 35-4 IP Multicast Tables and Protocols...
Page 778: Hardware And Software Forwarding
Chapter 35 Configuring IP Multicast About IP Multicast Output interface lists are stored in the multicast expansion table (MET). The MET has room for up to 32,000 output interface lists. (For RET, we can have up to 102 K entries (32 K used for floodsets, 70,000 used for multicast entries)).
Page 779 Chapter 35 Configuring IP Multicast About IP Multicast Replication is a particular type of forwarding where, instead of sending out one copy of the packet, the packet is replicated and multiple copies of the packet are sent out. At Layer 3, replication occurs only for multicast packets;...
Page 780: Non-Reverse Path Forwarding Traffic
Chapter 35 Configuring IP Multicast About IP Multicast Non-Reverse Path Forwarding Traffic Traffic that fails an Reverse Path Forwarding (RPF) check is called non-RPF traffic. Non-RPF traffic is forwarded by the integrated switching engine by filtering (persistently dropping) or rate limiting the non-RPF traffic.
Page 781: Multicast Forwarding Information Base
The Multicast Forwarding Information Base (MFIB) subsystem supports IP multicast routing in the integrated switching engine hardware on the Catalyst 4500 series switch. The MFIB logically resides between the IP multicast routing protocols in the CPU subsystem software (PIM, IGMP, MSDP, MBGP, and DVMRP) and the platform-specific code that manages IP multicast routing in hardware.
Page 782: S/M, 224/4
Forwarding interfaces that form what is often referred to as the multicast “olist” or output interface list. • Signaling (S)—Sets on an interface when some multicast routing protocol process in Cisco IOS needs to be notified of packets arriving on that interface. Note When PIM-SM routing is in use, the MFIB route might include an interface as in this example: PimTunnel [1.2.3.4].
Page 783: Default Configuration In Ip Multicast Routing
For more detailed information on IP multicast routing, such as Auto-RP, PIM Version 2, and IP multicast static routes, refer to the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.3. Default Configuration in IP Multicast Routing Table 35-1 shows the IP multicast default configuration.
Page 784: Enabling Pim On An Interface
Chapter 35 Configuring IP Multicast Configuring IP Multicast Routing Enabling PIM on an Interface Enabling PIM on an interface also enables IGMP operation on that interface. An interface can be configured to be in dense mode, sparse mode, or sparse-dense mode. The mode determines how the Layer 3 switch or router populates its multicast routing table and how the Layer 3 switch or router forwards multicast packets it receives from its directly connected LANs.
Page 785: Enabling Bidirectional Mode
Chapter 35 Configuring IP Multicast Configuring IP Multicast Routing If you configure sparse-dense mode, the idea of sparseness or denseness is applied to the group on the switch, and the network manager should apply the same concept throughout the network. Another benefit of sparse-dense mode is that Auto-RP information can be distributed in a dense-mode manner;...
Page 786: Enabling Pim-Ssm Mapping
35-28. Enabling PIM-SSM Mapping The Catalyst 4500 series switch supports SSM mapping, enabling an SSM transition in cases either where neither URD nor IGMP v3-lite is available, or when supporting SSM on the end system is impossible or unwanted due to administrative or technical reasons. With SSM mapping, you can leverage SSM for video delivery to legacy set-top boxes (STBs) that do not support IGMPv3 or for applications that do not take advantage of the IGMPv3 host stack.
Page 787: Configuring Auto-Rp
Chapter 35 Configuring IP Multicast Configuring IP Multicast Routing Configuring Auto-RP Auto-rendezvous point (Auto-RP) automates the distribution of group-to-rendezvous point (RP) mappings in a PIM network. To make Auto-RP work, a router must be designated as an RP mapping agent, which receives the RP announcement messages from the RPs and arbitrates conflicts. The RP mapping agent then sends the consistent group-to-RP mappings to all other routers by way of dense mode flooding.
Page 788 Chapter 35 Configuring IP Multicast Configuring IP Multicast Routing Command or Action Purpose Step 9 Sends RP announcements out all PIM-enabled interfaces. Switch(config)# ip pim send-rp-announce {interface-type interface-number | ip-address} • Perform this step on the RP router only. scope ttl-value [group-list access-list] [interval seconds] [bidir] •...
Page 789 Chapter 35 Configuring IP Multicast Configuring IP Multicast Routing Command or Action Purpose Step 11 Filters incoming Auto-RP announcement messages coming Switch(config)# ip pim rp-announce-filter rp-list access-list group-list access-list from the RP. • Perform this step on the RP router only. •...
Page 790: Configuring A Single Static Rp
Chapter 35 Configuring IP Multicast Configuring IP Multicast Routing Switch# show ip pim rp mapping Switch# show ip igmp groups Switch# show ip mroute cbone-audio Configuring a Single Static RP If you are configuring PIM sparse mode, you must configure a PIM RP for a multicast group. An RP can either be configured statically in each device, or learned through a dynamic mechanism.
Page 791: Load Splitting Of Ip Multicast Traffic
Chapter 35 Configuring IP Multicast Configuring IP Multicast Routing Command or Action Purpose Step 10 (Optional) Displays RPs known in the network and shows Switch# show ip pim rp [mapping] [rp-address] how the router learned about each RP. Step 11 (Optional) Displays the multicast groups having receivers Switch# show ip igmp groups [group-name | group-address | interface-type...
Page 792: Monitoring And Maintaining Ip Multicast Routing
Chapter 35 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing To enable IP multicast multipath, perform this task: Command Purpose Step 1 Enters configuration mode. Switch# config t Step 2 Enables IP multicast multipath. Switch(config)# ip multicast multipath Step 3 Exits configuration mode.
Page 793: Displaying System And Network Statistics
Chapter 35 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing Displaying System and Network Statistics You can display specific statistics, such as the contents of IP routing tables and databases. Information provided can be used to determine resource utilization and solve network problems. You can also display information about node reachability and discover the routing path your device’s packets are taking using the network.
Page 794 The following is sample output from the show ip mroute command with the active keyword: Switch# show ip mroute active Active IP Multicast Sources - sending >= 4 kbps Group: 224.2.127.254, (sdr.cisco.com) Source: 146.137.28.69 (mbone.ipd.anl.gov) Rate: 1 pps/4 kbps(1sec), 4 kbps(last 1 secs), 4 kbps(life avg) Group: 224.2.201.241, ACM 97...
Page 795: Displaying Ip Mfib
Chapter 35 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing Group: 224.2.127.253, Source count: 0, Group pkt count: 0 RP-tree: 0/0/0/0 Group: 224.1.127.255, Source count: 0, Group pkt count: 0 RP-tree: 0/0/0/0 Group: 224.2.127.254, Source count: 9, Group pkt count: 14 RP-tree: 0/0/0/0 Source: 128.2.6.9/32, 2/0/796/0 Source: 128.32.131.87/32, 1/0/616/0...
Page 796: Displaying Bidirectional Pim Information
Chapter 35 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing Command Purpose Displays the (S,G) and (*,G) routes that are used for packet Switch# show ip mfib forwarding. Displays counts for fast, slow, and partially switched packets for every multicast route. Displays all routes in the MFIB, including routes that may Switch# show ip mfib all not exist directly in the upper-layer routing protocol...
Page 797: Displaying Pim Statistics
Chapter 35 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing Command Purpose Displays information about the elected designated Switch(config)# show ip pim interface [type number] [df | count] forward (DF) for each RP of an interface, along with [rp-address] the unicast routing metric associated with the DF.
Page 798: Configuration Examples
Chapter 35 Configuring IP Multicast Configuration Examples Command Purpose Deletes entries from the IP routing table. Switch# clear ip mroute Switch# clear ip mfib counters Deletes all per-route and global MFIB counters. IP multicast routes can be regenerated in response to protocol events and as data packets arrive. Note Configuration Examples The following sections provide IP multicast routing configuration examples:...
Page 799: Sparse Mode With A Single Static Rp Example
Chapter 35 Configuring IP Multicast Configuration Examples interfaces are used to allow this configuration and the addresses of these interfaces must be routed throughout the PIM domain so that the other routers in the PIM domain can receive Auto-RP announcements and communicate with the RP: ip multicast-routing !Enable IP multicast routing ip pim bidir-enable !Enable bidir-PIM...
Page 800 Chapter 35 Configuring IP Multicast Configuration Examples Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 35-30 OL-25340-01...
Page 801 Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 802: Chapter 36 Configuring Ancp Client
Identifying a Port with the ANCP Protocol To make the Catalyst 4500 series switch operate as an ANCP client and to build and initialize its relevant data, enter the ancp mode client command. The no version of this command disables ANCP. This command disconnects the ANCP client from the ANCP server and terminates any existing multicast streams that have been enabled with ANCP.
Page 803: Enabling And Configuring Ancp Client
Chapter 36 Configuring ANCP Client Enabling and Configuring ANCP Client (Optional) Enable the ANCP multicast client to identify this VLAN interface using the port-identifier as Step 3 opposed to the Option 82 circuit-id: Switch(config)> ancp client port identifier [port-identifier] vlan [number] interface [interface] The no version of this command prompts a warning message if any multicast stream is activated by ANCP using the port-identifier on a port:...
Page 804: Example 1
Hosts”). If you identify the port with DHCP option 82, you need to configure the Catalyst 4500 series switch as a DHCP relay to insert the DHCP option 82. This action adds a tag in the DHCP packet from the DHCP client so that the DHCP server knows the port connected to this specific DHCP client.
Page 805 Chapter 36 Configuring ANCP Client ANCP Guidelines and Restrictions ANCP Guidelines and Restrictions When using (or configuring) ANCP, consider these guidelines and restrictions: Entering a shut command on a port removes ANCP activated multicast streams from the port. They • must be reactivated by the ANCP server.
Page 806: Ancp Guidelines And Restrictions
Chapter 36 Configuring ANCP Client ANCP Guidelines and Restrictions Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 36-6 OL-25340-01...
Page 807: Example 2
C H A P T E R Configuring Bidirection Forwarding Detection Note Support on the Catalyst 4500E is limited. Starting with Cisco IOS Release IOS 15.1(1)SG, Bidirectional Forwarding Detection (BFD) is supported only on Catalyst 4900M, and Catalyst 4948E Ethernet switches.
Page 808: C H A P T E R 37 Configuring Bidirection Forwarding Detection
Multihop configurations are not supported. Cisco IOS Release 15.1(1)SG and Cisco Catalyst 4500 Series Switches Cisco Catalyst 4500 series switches support up to 128 BFD sessions with a minimum hello interval • of 50 ms and a multiplier of 3. The multiplier specifies the minimum number of consecutive packets that can be missed before a session is declared down.
Page 809: Neighbor Relationships
Configuring Bidirection Forwarding Detection Information About Bidirectional Forwarding Detection BFD is a detection protocol that you enable at the interface and routing protocol levels. Cisco supports the BFD asynchronous mode, which depends on the sending of BFD control packets between two systems to activate and maintain BFD neighbor sessions between switches.
Page 810: Bfd Detection Of Failures
BFD Version Interoperability Cisco IOS Release 15.1(1)SG supports BFD Version 1 as well as BFD Version 0. All BFD sessions come up as Version 1 by default and will be interoperable with Version 0. The system automatically performs BFD version detection, and BFD sessions between neighbors will run in the highest common BFD version between neighbors.
Page 811: Bfd Session Limits
To ensure a successful switchover to the standby RP, the BFD protocol uses checkpoint messages to send session information from the active RP Cisco IOS instance to the standby RP Cisco IOS instance. The session information includes local and remote discriminators, adjacent router timer information, BFD setup information, and session-specific information such as the type of session and the session version.
Page 812: Bfd Support For Static Routing
When the BFD protocol on the standby RP is notified of a switchover it changes its state to active, registers itself with Cisco Express Forwarding so that it can receive packets, and then sends packets for any elements that have expired.
Page 813: Hardware Support For Bfd
BFD control packets are sent or received. BFD echo mode, which is supported in BFD Version 1 for Cisco IOS Release 15.1(1)SG, is enabled by default. BFD echo packets are sent and received, in addition to BFD control packets. The adjacency creation takes places once you have configured BFD support for the applicable routing protocols.
Page 814: Configuring Bfd Session Parameters On The Interface
Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Configuring BFD Support for Dynamic Routing Protocols, page 37-8 (required) • Configuring BFD Support for Static Routing, page 37-13 (optional) • Configuring BFD Echo Mode, page 37-14 (optional) •...
Page 815: Configuring Bfd Support For Eigrp
Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Prerequisites BGP must be running on all participating switches. The baseline parameters for BFD sessions on the interfaces over which you want to run BFD sessions to BFD neighbors must be configured. See the “Configuring BFD Session Parameters on the Interface”...
Page 816: Configuring Bfd Support For Ospf
Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Prerequisites EIGRP must be running on all participating switches. The baseline parameters for BFD sessions on the interfaces over which you want to run BFD sessions to BFD neighbors must be configured. See the “Configuring BFD Session Parameters on the Interface”...
Page 817 Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection You can enable BFD on all the interfaces for which OSPF is routing by using the bfd all-interfaces • command in router configuration mode. You can disable BFD support on individual interfaces using the ip ospf bfd [disable] command in interface configuration mode.
Page 818 Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection What to Do Next See the “Monitoring and Troubleshooting BFD” section on page 37-16 for more information on monitoring and troubleshooting BFD. If you want to configure BFD support for another routing protocol, see the following sections: Configuring BFD Support for BGP, page 37-8 •...
Page 819: Configuring Bfd Support For Static Routing
Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Command or Action Purpose Step 6 (Optional) Displays information that can help verify if the show bfd neighbors [details] BFD neighbor is active and displays the routing protocols Switch# show bfd neighbors details that BFD has registered.
Page 820: Configuring Bfd Echo Mode
Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Command or Action Purpose Step 6 Enables BFD on the interface. bfd interval milliseconds min_rx milliseconds multiplier interval-multiplier Switch(config-if)# bfd interval 500 min_rx 500 multiplier 5 Step 7 Exits interface configuration mode and returns to global exit configuration mode.
Page 821: Prerequisites
Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection the forwarding path on the remote (neighbor) system without involving the remote system, there is an opportunity to improve the interpacket delay variance, thereby achieving quicker failure detection times than when using BFD Version 0 with BFD control packets for the BFD session.
Page 822: Disabling Bfd Echo Mode Without Asymmetry
Chapter 37 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Disabling BFD Echo Mode Without Asymmetry The steps in this procedure show how to disable BFD echo mode without asymmetry —no echo packets will be sent by the switch, and the switch will not forward BFD echo packets that are received from any neighbor switches.
Page 823: Configuration Examples For Bidirectional Forwarding Detection
The following example shows how to configure BFD in an EIGRP network with echo mode enabled by default in Cisco IOS Release 15.1(1)SG. In the following example, the EIGRP network contains SwitchA, SwitchB, and SwitchC. Gigabit Ethernet interface 6/1 on SwitchA is connected to the same network as Gigabit Ethernet interface 6/1 on SwitchB.
Page 824 Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection run on the forwarding path for RouteA and SwitchB, and their echo packets will return along the same path for BFD sessions and failure detections, while their BFD neighbor SwitchC runs BFD Version 0 and uses BFD controls packets for BFD sessions and failure detections.
Page 825 Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection router eigrp 11 network 172.16.0.0 bfd all-interfaces auto-summary ip default-gateway 10.4.9.1 ip default-network 0.0.0.0 ip route 0.0.0.0 0.0.0.0 10.4.9.1 ip route 172.16.1.129 255.255.255.255 10.4.9.1 Configuration for SwitchC interface GigabitEthernet6/2 no switchport no shutdown ip address 10.4.9.34 255.255.255.0...
Page 826 Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Poll bit: 0 - Final bit: 0 Multiplier: 3 - Length: 24 My Discr.: 3 - Your Discr.: 5 Min tx interval: 50000 - Min rx interval: 50000 Min Echo interval: 0 OurAddr NeighAddr...
Page 827: Example: Configuring Bfd In An Ospf Network
Gi6/1 Example: Configuring BFD in an OSPF Network The following example shows how to configure BFD in an OSPF network in Cisco IOS Release 15.1(1)SG. In the following example, the simple OSPF network consists of SwitchA and SwitchB. Gigabit Ethernet interface 6/1 on SwitchA is connected to the same network as Gigabit Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 828 Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Ethernet interface 6/1 in SwitchB. The example, starting in global configuration mode, shows the configuration of BFD. For both SwitchA and SwitchB, BFD is configured globally for all interfaces associated with the OSPF process.
Page 829 Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Min tx interval: 50000 - Min rx interval: 1000 Min Echo interval: 0 The output from the show bfd neighbors details command on SwitchB verifies that a BFD session has been created: SwitchB SwitchB# attach 6...
Page 830 Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection External flood list length 0 BFD is enabled Area BACKBONE(0) Number of interfaces in this area is 2 (1 loopback) Area has no authentication SPF algorithm last executed 00:00:08.828 ago SPF algorithm executed 9 times Area ranges are Number of LSA 3.
Page 831: Example: Configuring Bfd Hardware-Offload Support In A Bgp Network Network
The following example shows how to configure BFD Hardware-Offload support in a BGP network in Cisco IOS Release 15.1(1)SG. In the following example, the simple BGP network consists of SwitchA and SwitchB. Gigabit Ethernet interface 6/1 on SwitchA is connected to the same network as Gigabit Ethernet interface 6/1 in SwitchB.
Page 832 Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Configuration for SwitchB interface GigabitEthernet 6/1 no switchport ip address 1.1.1.2 255.255.255.0 bfd interval 50 min_rx 50 multiplier 3 no bfd echo router bgp 10 neighbor 1.1.1.1 remote-as 10 neighbor 1.1.1.1 fall-over bfd The output from the show bfd neighbors details command from SwitchA verifies that a BFD session has been created and that BGP is registered for BFD support.
Page 833: Example: Configuring Bfd Support For Static Routing
Chapter 37 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Holddown (hits): 0(0), Hello (hits): 50(0) Rx Count: 10138 Tx Count: 10139 Elapsed time watermarks: 0 0 (last: 0) Registered protocols: BGP Uptime: 00:07:22 Last packet: Version: 1 - Diagnostic: 0 State bit: Up - Demand bit: 0...
Page 834: Additional References
Additional References Related Documents Related Topic Document Title Cisco IOS commands Cisco IOS Master Commands List, All Releases Configuring and monitoring BGP Cisco BGP Overview” module of the Cisco IOS IP Routing Protocols Configuration Guide Configuring and monitoring EIGRP “Configuring EIGRP”...
Page 835: Mibs
No new or modified MIBs are supported by this To locate and download MIBs for selected platforms, Cisco software feature, and support for existing MIBs has not been releases, and feature sets, use Cisco MIB Locator found at the modified by this feature. following URL: http://www.cisco.com/go/mibs...
Page 836 Chapter 37 Configuring Bidirection Forwarding Detection Additional References Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 37-30 OL-25340-01...
Page 837: About Policy-Based Routing
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 838: About Pbr
Chapter 38 Configuring Policy-Based Routing About Policy-Based Routing You can set up PBR as a way to route packets based on configured policies. For example, you can implement routing policies to allow or deny paths based on the identity of a particular end system, or an application protocol.
Page 839: C H A P T E R 38 Configuring Policy-Based Routing
Chapter 38 Configuring Policy-Based Routing About Policy-Based Routing route-map rm-test permit 23 match ip address 101 2102 set interface vlan23 route-map rm-test deny 24 match ip address 104 set ip next-hop 24.4.4.1 route-map rm-test deny 25 match ip address 105 set ip next-hop 25.5.5.1 route-map rm-test permit 26 match ip address 2104...
Page 840 Chapter 38 Configuring Policy-Based Routing About Policy-Based Routing PBR Route-Map Processing Logic Example Consider a route-map called rm-test defined as follows: access-list 101 permit tcp host 61.1.1.1 host 133.3.3.1 eq 101 access-list 102 deny tcp host 61.1.1.1 host 133.3.3.1 eq 102 access-list 2102 permit tcp host 61.1.1.1 host 133.3.3.1 eq 102 access-list 104 deny...
Page 841: Using Policy-Based Routing
The route-map deny takes effect, and the packet is routed using the default IP routing table. – The Catalyst 4500 series switch supports matching route-map actions with a packet by installing entries in the TCAM that match the set of packets described by the ACLs in the match criteria of the route map.
Page 842: Enabling Pbr
Chapter 38 Configuring Policy-Based Routing Policy-Based Routing Configuration Tasks Enabling PBR To enable PBR, you must create a route map that specifies the match criteria and the resulting action if all of the match clauses are met. Then you must apply that route-map on a particular interface. All packets arriving on the specified interface matching the match clauses are subject to PBR.
Page 843: Enabling Local Pbr
The following PBR commands in config-route-map mode are in the CLI but not supported in Cisco IOS for the Catalyst 4500 series switches. If you attempt to use these commands, an error message displays: Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 844: Policy-Based Routing Configuration Examples
Chapter 38 Configuring Policy-Based Routing Policy-Based Routing Configuration Examples match-length • set ip qos • set ip tos • set ip precedence • Policy-Based Routing Configuration Examples The following sections provide PBR configuration examples: • Equal Access, page 38-8 • Differing Next Hops, page 38-8 •...
Page 845: Deny Ace
Chapter 38 Configuring Policy-Based Routing Policy-Based Routing Configuration Examples interface fastethernet 3/1 ip policy route-map Texas route-map Texas permit 10 match ip address 1 set ip next-hop 3.3.3.3 route-map Texas permit 20 match ip address 2 set ip next-hop 3.3.3.5 Deny ACE The following example illustrates how to stop processing a given route map sequence, and to jump to the next sequence.
Page 846 Chapter 38 Configuring Policy-Based Routing Policy-Based Routing Configuration Examples Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 38-10 OL-25340-01...
Page 847 Edge Device). VRF-lite allows a service provider to support two or more VPNs with overlapping IP addresses using one interface. Note Starting with Cisco IOS Release 12.2(52)SG, the Catalyst 4500 switch supports VRF lite NSF support with routing protocols OSPF/EIGRP/BGP. The switch does not use Multiprotocol Label Switching (MPLS) to support VPNs. For information about...
Page 848: Chapter 39 Configuring Vrf-Lite
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 849: Default Vrf-Lite Configuration
Chapter 39 Configuring VRF-lite Default VRF-lite Configuration Figure 39-1 Catalyst 4500 Series Switches Acting as Multiple Virtual CEs VPN 1 VPN 1 Catalyst 4500 Catalyst 4500 MPLS switch switch network MPLS-VRF MPLS-VRF router router VPN 2 VPN 2 CE = Customer edge device...
Page 850: Vrf-Lite Configuration Guidelines
The Layer 3 TCAM resource is shared between all VRFs. To ensure that any one VRF has sufficient CAM space, use the maximum routes command. A Catalyst 4500 series switch using VRF can support one global network and up to 64 VRFs. The •...
Page 851: Configuring Vrfs
Note For complete syntax and usage information for the following commands, see the switch command reference for this release and see the Cisco IOS Switching Services Command Reference at: http://www.cisco.com/en/US/docs/ios/ipswitch/command/reference/isw_book.html Use the no ip vrf vrf-name global configuration command to delete a VRF and to remove all interfaces from it.
Page 852: Configuring The User Interface For Arp
Configuring VRF-Aware Services VRF-aware services are implemented in platform-independent modules. VRF provides multiple routing instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports. VRF-aware services have the following characteristics: The user can ping a host in a user-specified VRF.
Page 853: Configuring The User Interface For Snmp
Chapter 39 Configuring VRF-lite Configuring VRF-Aware Services Configuring the User Interface for SNMP To configure VRF-aware services for SNMP, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global configuration mode. Step 2 Enables SNMP traps for packets on a VRF. Switch(config)# snmp-server trap authentication vrf Step 3...
Page 854: Configuring The User Interface For Syslog
Chapter 39 Configuring VRF-lite Configuring VRF-Aware Services Configuring the User Interface for Syslog To configure VRF-aware services for syslog, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global configuration mode. Step 2 Enables or temporarily disables logging of storage router event Switch(config)# logging on message.
Page 855: Configuring The User Interface For Telnet And Ssh
Chapter 39 Configuring VRF-lite Configuring Per-VRF for TACACS+ Servers Command Purpose Step 2 Specifies the source IP address for FTP connections. Switch(config)# ip ftp source-interface interface-type interface-number Step 3 Returns to privileged EXEC mode. Switch(config)# end To specify the IP address of an interface as the source address for TFTP connections, use the ip tftp source-interface show mode command.
Page 856 Switch (config-sg-tacacs+)# ip tacacs source-interface Loopback0 Switch (config-sg-tacacs)# exit For more information about configuring per-VRF for TACACS+ server, see the Cisco IOS Per VRF for TACACS + Server, Release 12.3(7)T. Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 39-10...
Page 857: Configuring Multicast Vrfs
For more information about configuring a multicast within a Multi-VRF CE, see the Cisco IOS IP Multicast Configuration Guide, Release 12.4. Use the no ip vrf vrf-name global configuration command to delete a VRF and to remove all interfaces from it.
Page 858: Configuring A Vpn Routing Session
Chapter 39 Configuring VRF-lite Configuring a VPN Routing Session Configuring a VPN Routing Session Routing within the VPN can be configured with any supported routing protocol (RIP, OSPF, or BGP) or with static routing. The configuration shown here is for OSPF, but the process is the same for other protocols.
Page 859: Vrf-Lite Configuration Example
Chapter 39 Configuring VRF-lite VRF-lite Configuration Example Command Purpose Step 3 Specifies a network and mask to announce using BGP. Switch(config-router)# network network-number mask network-mask Step 4 Sets the switch to redistribute OSPF internal routes. Switch(config-router)# redistribute ospf process-id match internal Step 5 Defines a network address and mask on which OSPF runs Switch(config-router)# network...
Page 860: Configuring Switch S8
Chapter 39 Configuring VRF-lite VRF-lite Configuration Example Figure 39-2 VRF-lite Configuration Example Catalyst 4500 Catalyst 4500 Switch S8 Switch S9 Router VPN1 Switch S20 VPN1 208.0.0.0 Fast Switch S13 Ethernet Switch S10 108.0.0.0 Fast Ethernet VPN2 Switch S14 VPN2 Fast Switch S11 Ethernet 118.0.0.0...
Page 861 Chapter 39 Configuring VRF-lite VRF-lite Configuration Example Switch(config-if)# exit Switch(config)# interface FastEthernet3/5 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# no ip address Switch(config-if)# exit Switch(config)# interface FastEthernet3/8 Switch(config-if)# switchport access vlan 208 Switch(config-if)# no ip address Switch(config-if)# exit Switch(config)# interface FastEthernet3/11 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk...
Page 862: Configuring Switch S20
Chapter 39 Configuring VRF-lite VRF-lite Configuration Example Switch(config-router)# address-family ipv4 vrf vl1 Switch(config-router-af)# redistribute ospf 1 match internal Switch(config-router-af)# neighbor 38.0.0.3 remote-as 100 Switch(config-router-af)# neighbor 38.0.0.3 activate Switch(config-router-af)# network 8.8.1.0 mask 255.255.255.0 Switch(config-router-af)# end Configuring Switch S20 Configure S20 to connect to CE: Switch# configure terminal Enter configuration commands, one per line.
Page 863: Displaying Vrf-Lite Status
Chapter 39 Configuring VRF-lite Displaying VRF-lite Status Router(config-vrf)# route-target export 100:2 Router(config-vrf)# route-target import 100:2 Router(config-vrf)# exit Router(config)# ip cef Router(config)# interface Loopback1 Router(config-if)# ip vrf forwarding v1 Router(config-if)# ip address 3.3.1.3 255.255.255.0 Router(config-if)# exit Router(config)# interface Loopback2 Router(config-if)# ip vrf forwarding v2 Router(config-if)# ip address 3.3.2.3 255.255.255.0 Router(config-if)# exit Router(config)# interface Fast Ethernet3/0.10...
Page 864 Outgoing interface list: Vlan45, Forward/Sparse-Dense, 00:00:02/00:02:57, H Vlan134, Bidir-Upstream/Sparse-Dense, 13:35:54/00:00:00, H Note For more information about the information in the displays, refer to the Cisco IOS Switching Services Command Reference at: http://www.cisco.com/en/US/docs/ios/ipswitch/command/reference/isw_book.html Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG...
Page 865: Overview Of Qos
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 866: Prioritization
Chapter 40 Configuring Quality of Service Overview of QoS This section contains the following subsections: Prioritization, page 40-2 • QoS Terminology, page 40-3 • Basic QoS Model, page 40-5 • Classification, page 40-6 • Policing and Marking, page 40-8 • Queueing and Scheduling, page 40-8 •...
Page 867: Chapter 40 Configuring Quality Of Service
Chapter 40 Configuring Quality of Service Overview of QoS Figure 40-1 QoS Classification Layers in Frames and Packets Encapsulated Packet Layer 2 IP header Data header Layer 2 ISL Frame ISL header Encapsulated frame ... (26 bytes) (4 bytes) 3 bits used for CoS Layer 2 802.1Q/P Frame Start frame Preamble...
Page 868 Chapter 40 Configuring Quality of Service Overview of QoS Layer 2 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most significant bits, which are called the User Priority bits. Other frame types cannot carry Layer 2 CoS values. On interfaces configured as Layer 2 ISL trunks, all traffic is in ISL frames.
Page 869: Basic Qos Model
Chapter 40 Configuring Quality of Service Overview of QoS Table 40-1 IP Precedence and DSCP Values (continued) 3-bit IP 6 MSb of ToS 6-bit 3-bit IP 6 MSb of ToS 6-bit Precedence DSCP Precedence DSCP 8 7 6 5 4 3 8 7 6 5 4 3 1.
Page 870: Classification
Chapter 40 Configuring Quality of Service Overview of QoS The QoS model proceeds as follows: Step 1 The incoming packet is classified (based on different packet fields, receive port and/or VLAN) to belong to a traffic class. Depending on the traffic class, the packet is rate-limited/policed and its priority is optionally marked Step 2 (typically at the edge of the network) so that lower priority packets are dropped or marked with lower priority in the packet fields (DSCP and CoS).
Page 871: Classification Based On Class Maps And Policy Maps
Chapter 40 Configuring Quality of Service Overview of QoS In the 'match' statements, you can specify the fields in the packet to match on, or you can use IP standard or IP extended ACLs or MAC ACLs. For more information, see the “Classification Based on Class Maps and Policy Maps”...
Page 872: Policing And Marking
Queueing and Scheduling The Catalyst 4500 Series Switch supports 8 transmit queues per port. Once the decision has been made to forward a packet out a port, the output QoS classification determines the transmit queue into which the packet must be enqueued.
Page 873: Active Queue Management
Chapter 40 Configuring Quality of Service Overview of QoS Active Queue Management Active queue management (AQM) is the pro-active approach of informing you about congestion before a buffer overflow occurs. AQM is done using Dynamic buffer limiting (DBL). DBL tracks the queue length for each traffic flow in the switch.
Page 874: Per Port Per Vlan Qos
Chapter 40 Configuring Quality of Service Overview of QoS For non-IP packets, classification involves assigning an internal DSCP to the packet, but because • there is no DSCP in the non-IP packet, no overwrite occurs. Instead, the internal DSCP is used both for queueing and scheduling decisions and for writing the CoS priority value in the tag if the packet is being transmitted on either an ISL or 802.1Q trunk port.
Page 875: Using Metadata In Qos Policy
For command details on Cisco Media Services Proxy, refer to the following URL: http://www.cisco.com/en/US/docs/ios-xml/ios/msp/command/reference/guide/media-ser-prxy.html Restrictions The following restrictions apply to using a metadata-based QoS policy on a Catalyst 4500 series switch: • They can only be attached to target in input direction.
Page 876: Configuring Qos
2m class c3 police cir 5m Configuring QoS HQoS is not supported on the Catalyst 4500 Series Switch. Note Topics include: MQC-based QoS Configuration, page 40-13 • • Platform-supported Classification Criteria and QoS Features, page 40-13 •...
Page 877: Mqc-Based Qos Configuration
Configuring Quality of Service Configuring QoS MQC-based QoS Configuration Starting with Cisco IOS Release 12.2(40)SG, a Catalyst 4900M, a Catalyst 4948E, or a Catalyst 4500 Note Series Switch with Supervisor Engine 6-E or Supervisor Engine 6L-E use the MQC model of QoS.
Page 878: Platform Hardware Capabilities
Chapter 40 Configuring Quality of Service Configuring QoS Supported classification actions Descriptions set cos Sets the Layer 2 class of service (CoS) value of an outgoing packet. set dscp Marks a packet by setting the differentiated services code point (DSCP) value in the type of service (ToS) byte of IPv4 or traffic class byte of IPv6 packet.
Page 879: Classification
1 mbps on interface Gig 1/1 and packets on interface Gig 1/2 are policed to 1 mbps. Note With Cisco IOS Release 12.2(46)SG, you can issue the match protocol arp command. For details, see the Catalyst 4500 Series Switch Cisco IOS Command Reference.
Page 880: Attaching A Policy Map To An Interface
Chapter 40 Configuring Quality of Service Configuring QoS Attaching a Policy Map to an Interface To create a policy map, enter this command: Command Purpose Selects the interface to configure. Switch(config)# interface {vlan vlan_ID | {fastethernet | gigabitethernet} slot/interface | Port-channel number} Attaches a policy map to the input direction of the Switch(config-if)# [no] service-policy input policy_map_name...
Page 881: How To Implement Policing
Two policers are reserved for internal use. Note How to Implement Policing For details on how to implement the policing features on a Catalyst 4500 Series Switch, refer to the Cisco IOS documentation at the following link: http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html Platform Restrictions Platform restrictions include the following: Multi-policer actions can be specified (setting CoS and IP DSCP is supported).
Page 882: Information About Marking Network Traffic
Chapter 40 Configuring Quality of Service Configuring QoS “Multi-attribute Marking Support” section on page 40-21 • “Hardware Capabilities for Marking” section on page 40-22 • “Configuring the Policy Map Marking Action” section on page 40-22 • “Marking Statistics” section on page 40-24 •...
Page 883 You specify the traffic attribute you want to change with a set command configured in a policy map. The following table lists the available set commands and the corresponding attribute. For details on the set command, refer to the Catalyst 4500 Series Switch Command Reference. Table 40-2...
Page 884: Marking Action Drivers
Chapter 40 Configuring Quality of Service Configuring QoS map from 2 to 3 exit The following table lists the traffic attributes for which a to-from relationship can be established using the table map. Table 40-3 Traffic Attributes for Which a To-From Relationship Can Be Established The “To”...
Page 885: Restrictions For Marking Network Traffic
Chapter 40 Configuring Quality of Service Configuring QoS Figure 40-3 Traffic marking Procedure Flowchart Start Create a class map Using a Create a table map table map? Create a policy map Create additional policy maps? Attach policy map(s) to interface Finish Restrictions for Marking Network Traffic The following restrictions apply to packet marking actions:...
Page 886: Hardware Capabilities For Marking
Chapter 40 Configuring Quality of Service Configuring QoS When using unconditional explicit marking of multiple fields or policer-based multi-field, multi-region Note (conform/exceed/violate) marking the number of tablemaps that can be setup in TOS or COS marking tables will be less than the maximum supported. Hardware Capabilities for Marking Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, and Supervisor Engine 6L-E provide a 128 entry marking action (Supervisor Engine 7-E and Supervisor Engine 7L-E provide a 256 entry marking...
Page 887 Chapter 40 Configuring Quality of Service Configuring QoS Command Purpose Step 4 Exits table-map configuration mode. Switch(config-tablemap)# exit Step 5 Enters policy-map configuration mode. Switch(config)# policy-map name Step 6 Selects the class for QoS actions. Switch(config-p)# class name Step 7 Switch(config-p-c)# set cos | dscp | Selects the marking action based on an implicit or explicit prec...
Page 888: Marking Statistics
Shaping, Sharing (Bandwidth), Priority Queuing, Queue-limiting and DBL The Catalyst 4500 Series Switch supports the Classification-based (class-based) mode for transmit queue selection. In this mode, the transmit queue selection is based on the Output QoS classification lookup.
Page 889 Chapter 40 Configuring Quality of Service Configuring QoS When a queuing class is configured without any explicit shape configuration, the queue shape is set to the link rate. To configure class-level shaping in a service policy, perform this task: Command Purpose Step 1 Switch# configure terminal...
Page 890: Sharing(Bandwidth)
Chapter 40 Configuring Quality of Service Configuring QoS Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface gigabitethernet1/1 Switch(config-if)# service-policy output policy1 Switch(config-if)# end Switch# Switch# show policy-map policy1 Policy Map policy1 Class class1 shape average 256000 This example shows how to configure class-level, average shape percentage to 32% of link bandwidth for queuing-class traffic: Switch# configure terminal Switch(config)# policy-map queuing-policy...
Page 891 Chapter 40 Configuring Quality of Service Configuring QoS Command Purpose Step 4 Specifies the minimum bandwidth provided to a class belonging to Switch(config-pmap-class)# bandwidth {bandwidth-kbps | percent percent} the policy map when there is traffic congestion in the switch. If the switch is not congested, the class receives more bandwidth than you specify with the bandwidth command.
Page 892 Chapter 40 Configuring Quality of Service Configuring QoS Switch(config-if)# end Switch # Switch# show policy-map policy11 Policy Map policy11 Class prec1 bandwidth percent 30 Class prec2 bandwidth percent 20 Class prec3 bandwidth percent 10 This example shows how to create a class-level policy map called policy11 for three classes called prec1, prec2, and prec3.
Page 893: Priority Queuing
Chapter 40 Configuring Quality of Service Configuring QoS class-default = 70% Similarly, when another queuing class (say q3) is added without any explicit bandwidth (say, just a shape command), then the bandwidth allocation is q1 = 10% q2 = 20% q3 = min(35%, q3-shape-rate) class-default = max(35%, (100 - (q1 + q2 + q3 ))) Priority queuing...
Page 894: Queue-Limiting
Chapter 40 Configuring Quality of Service Configuring QoS Command Purpose Step 8 Specifies the policy-map name, and apply it a physical interface. Switch(config-interface)# service-policy output policy-map-name Step 9 Returns to privileged EXEC mode. Switch(config-interface)# end Step 10 Switch# show policy-map Verifies your entries.
Page 895 Chapter 40 Configuring Quality of Service Configuring QoS Queue Memory The number of queue entries that can be allocated has to be a multiple of 8 and can range from 16 to 8184. When a class-based queue is instantiated on a physical port, it is given a default number of entries. This default queue size is based on the number of slots in the chassis and the number of front-panel ports in each slot.
Page 896 Chapter 40 Configuring Quality of Service Configuring QoS Command Purpose Step 1 Switch# configure terminal Enters global configuration mode. Step 2 Creates a policy map by entering the policy-map name, and enter Switch(config)# policy-map policy-map-name policy-map configuration mode. By default, no policy maps are defined. Step 3 Specifies the name of the class whose traffic policy you want to Switch(config-pmap)# class class-name...
Page 897: Active Queue Management (Aqm) Via Dynamic Buffer Limiting (Dbl)
Chapter 40 Configuring Quality of Service Configuring QoS Switch(config-if)# end Switch# Switch# show policy-map policy1 Policy Map policy1 Class class1 shape average 256000 queue-limit 4048 Switch# Active Queue Management (AQM) via Dynamic Buffer Limiting (DBL) AQM provides buffering control of traffic flows prior to queuing a packet into a transmit queue of a port. This is of significant interest in a shared memory switch, ensuring that certain flows do not hog the switch packet memory.
Page 898: Transmit Queue Statistics
Chapter 40 Configuring Quality of Service Configuring QoS Command Purpose Step 11 Verifies your entries. Switch# show policy-map [policy-map-name [class class-map-name]] Switch# show policy-map interface interface-id Step 12 (Optional) Saves your entries in the configuration file. Switch# copy running-config startup-config To delete an existing policy map, use the no policy-map policy-map-name global configuration command.
Page 899: Enabling Per-Port Per-Vlan Qos
Enabling Per-Port Per-VLAN QoS The per-port per-VLAN QoS feature enables you to specify different QoS configurations on different VLANs on a given interface. Typically, you use this feature on trunk or voice VLANs (Cisco IP Phone) ports, as they belong to multiple VLANs.
Page 900 Chapter 40 Configuring Quality of Service Configuring QoS ip access-list 103 permit ip any any Class-map match-all RT match ip access-group 101 Class-map Match all PD match ip access-group 103 Policy-map P31_QoS Class RT Police 200m 16k conform transmit exceed drop Class PD Police 100m 16k conform transmit exceed drop Interface Gigabit 3/1...
Page 901 Chapter 40 Configuring Quality of Service Configuring QoS conformed 0 bytes; actions: transmit exceeded 0 bytes; actions: drop conformed 0000 bps, exceed 0000 bps Class-map: class-default (match-any) 0 packets Match: any Example 4 The following command shows how to display policy-map statistics on all VLANs configured on Gigabit Ethernet interface 6/1: Switch# show policy-map interface gigabitEthernet 6/1 GigabitEthernet6/1 vlan 20...
Page 902: Policy Associations
Chapter 40 Configuring Quality of Service Configuring QoS Class-map: c1 (match-all) 0 packets Match: cos Match: access-group 100 QoS Set dscp 50 police: cir 200000000 bps, bc 6250000 bytes conformed 0 bytes; actions: transmit exceeded 0 bytes; actions: drop conformed 0000 bps, exceed 0000 bps Policy Associations The supervisor engine supports per-port, per-VLAN policies.
Page 903: Software Qos
Chapter 40 Configuring Quality of Service Configuring QoS Qos Policy merging Applicable policies are applied to a given packet in given direction. For example, if you configure egress VLAN-based police and marking, followed by selective queuing on the port, then actions from both policies will be applied for this packet.
Page 904: Applying Flow-Based Qos Policy
Chapter 40 Configuring Quality of Service Configuring QoS The software generated packets are the ones locally sourced by the switch. The type of output software QoS processing applied to these packets is the same as the one applied to software switched packets. The only difference in the two is that the software switched packets take input marking of the packet into account for output classification purpose.
Page 905: Examples
Chapter 40 Configuring Quality of Service Configuring QoS Attach the policy to one or more QoS targets. Step 4 Examples The following examples illustrate how to configure Flow based QoS policy and apply microflow policers on individual flows. Example 1 This example assumes there are multiple users (identified by source IP address) on the subnet 192.168.10.*.
Page 906 Chapter 40 Configuring Quality of Service Configuring QoS Example 2. This example assumes there are multiple users (identified by source IP address) on subnets 192.168.10.* and 172.20.55.*. The first requirement is to police with a CIR of 500Kbps and a PIR of 650Kbps on any TCP traffic originating from 192 network to any destination at any given time.
Page 907: Configuration Guidelines
Chapter 40 Configuring Quality of Service Configuring QoS Switch(config)# interface gigabitEthernet3/1 Switch(config-if)# service-policy input p1 Switch(config-if)# exit Use the show commands described in the QoS section to display the policy-map configuration and interface specific policy-map statistics. Example 3 Assume that there are two active flows on FastEthernet interface 6/1: Table 40-2 SrcIp DStIp...
Page 908: Configuring Cos Mutation
Chapter 40 Configuring Quality of Service Configuring QoS A policy can contain multiple classes and each class-map may contain the same or different FNF • flow record. • Flow based QoS policy and FNF monitor both cannot be applied on the same target at the same time. When the interface mode changes from switchport to routed port and vice versa, any Flow QoS •...
Page 909: Configuring System Queue Limit
GigabitEthernet2/6 switchport mode trunk Configuring System Queue Limit This feature is available only from Cisco IOS Release 15.0(2)SG1 and later and Cisco IOS Release XE Note 3.2.1SG. With the hw-module system max-queue-limit command, the Catalyst 4500 series switch allows you to change the queue limit for all interfaces globally, instead of applying a policy with queue limit to all the interfaces.
Page 910: Configuring Auto-Qos
However, if the device does not support CDP (like legacy Digital Media Player), QoS trust must be applied manually. The Catalyst 4500 Series Switch employs the MQC model. This means that instead of using certain global configurations (like qos and qos dbl), auto-QoS applied to any interface on a switch configures several global class-maps and policy-maps.
Page 911 There are 7 policy maps that must be defined (5 Input, 2 output) • AutoQos-4.0-Input-Policy • AutoQos-VoIP-Input-Cos-Policy • AutoQos-VoIP-Input-Dscp-Policy • AutoQos-4.0-Cisco-Phone-Input-Policy • AutoQos-4.0-Output-Policy • AutoQos-4.0-Cisco-Softphone-Input-Policy • • AutoQos-VoIP-Output-Policy On all ports. The problem with COS is that packets on the native VLAN is marked as zero.
Page 912 Chapter 40 Configuring Quality of Service Configuring Auto-QoS class-map match-all AutoQos-4.0-Scavenger-Classify match access-group name AutoQos-4.0-ACL-Scavenger class-map match-all AutoQos-4.0-Default-Classify match access-group name AutoQos-4.0-ACL-Default ! for interfaces with video devices class-map match-any AutoQos-4.0-VoIP match dscp ef match cos 5 class-map match-all AutoQos-4.0-Broadcast-Vid match dscp cs5 class-map match-all AutoQos-4.0-Realtime-Interact match dscp cs4...
Page 913 26 Class AutoQos-4.0-Transaction-Data set qos-group 18 Class AutoQos-4.0-Bulk-Data set qos-group 10 Class AutoQos-4.0-Scavenger set qos-group 8 Policy Map AutoQos-4.0-Cisco-Phone-Input-Policy Class AutoQos-4.0-VoIP-Data-Cos set dscp ef set qos-group 32 police cir 128000 bc 8000 conform-action transmit exceed-action set-dscp-transmit cs1 exceed-action set-cos-transmit 1 Class AutoQos-4.0-VoIP-Signal-Cos...
Page 914 Chapter 40 Configuring Quality of Service Configuring Auto-QoS conform-action transmit exceed-action set-dscp-transmit cs1 exceed-action set-cos-transmit 1 Class AutoQos-4.0-Multimedia-Conf-Classify set dscp af41 set cos 4 set qos-group 34 police cir 5000000 bc 8000 conform-action transmit exceed-action drop Class AutoQos-4.0-Signaling-Classify set dscp cs3 set cos 3 set qos-group 16 police cir 32000 bc 8000...
Page 915 The previous section listing defines the AutoQoS macros for defining QoS guidelines prior to Solution Note Reference Network Design 4.0 (SRND4). Starting with Cisco Release XE 3.3.0(SG) and 15.1(1)SG, the Catalyst 4500 Series Switch supports the auto qos srnd4 command.
Page 916 Chapter 40 Configuring Quality of Service Configuring Auto-QoS match qos-group 34 class-map match-all AutoQos-4.0-Multimedia-Stream-Queue match qos-group 26 class-map match-all AutoQos-4.0-Trans-Data-Queue match qos-group 18 class-map match-all AutoQos-4.0-Bulk-Data-Queue match qos-group 10 class-map match-any AutoQos-4.0-Scavenger-Queue match qos-group 8 match dscp cs1 The output policy maps are as follows: ! Each class maps to a different qos-group with ! class-default taking any traffic not assigned to a qos-group ! Note: in this example, the outbound policy map drops voice packets when the priority...
Page 917 It establishes a trusted boundary that recognizes Cisco IP Phones and trusts the Cos setting of the packets from the phone. If a Cisco IP Phone is not detected, the Cos field is ignored and the packets are not classified as voice traffic. Upon detecting a Cisco phone, the ingress packets are marked based on the Cos value in the packets.
Page 918 Configuring Auto-QoS Auto qos void cisco-softphone—Generate QoS configuration for interfaces connected to PCs running the Cisco IP SoftPhone application and marks as police traffic stemming from such interfaces. Ports configured with this CLI are considered untrusted. Auto qos classify—Generates QoS configuration for untrusted interfaces. It applies a service-policy to classify the traffic stemming from untrusted desktops or devices and marks them accordingly.
Page 919: Configuring Voice Interfaces
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 920: C H A P T E R 41 Configuring Voice Interfaces
Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports on...
Page 921: Configuring A Port To Connect To A Cisco 7960 Ip Phone
Configuring a Port to Connect to a Cisco 7960 IP Phone Because a Cisco 7960 IP Phone also supports connection to a PC or another device, an interface connecting a Catalyst 4500 series switch to a Cisco 7960 IP Phone can carry a mix of voice and data traffic.
Page 922: Configuring Voice Ports For Voice And Data Traffic
In the following example, VLAN 1 carries data traffic, and VLAN 2 carries voice traffic. In this configuration, you must connect all Cisco IP phones and other voice-related devices to switch ports that belong to VLAN 2.
Page 923: Overriding The Cos Priority Of Incoming Frames
Catalyst 4500 series switch can supply Power over Ethernet (PoE) to the Cisco 7960 IP Phone if there is no power on the circuit. The Cisco 7960 IP Phone can also be connected to an AC power source and supply its own power to the voice circuit. If there is power on the circuit, the switch does not supply it.
Page 924: Configuring Power
Chapter 41 Configuring Voice Interfaces Configuring Power Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG 41-6 OL-25340-01...
Page 925: About Private Vlans
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 926: Chapter 42 Configuring Private Vlan
Layer 2 level. Note Beginning with Cisco IOS Release 15.0(2)SG, you can use a twoway-community VLAN to apply VACLs or QoS in both directions per-community and per-customer. A promiscuous port can serve only one primary VLAN, one isolated VLAN, and multiple community (or twoway-community) VLANs.
Page 927: Pvlan Terminology
Chapter 42 Configuring Private VLANs About Private VLANs In a switched environment, you can assign an individual PVLAN and associated IP subnet to each individual or common group of end stations. The end stations need to communicate only with a default gateway to communicate outside the PVLAN.
Page 928 Chapter 42 Configuring Private VLANs About Private VLANs Term Definition Isolated Port An isolated port is a host port that belongs to an isolated secondary VLAN. It has complete Layer 2 separation from other ports within the same PVLAN, except for the promiscuous ports.
Page 929: Pvlans Across Multiple Switches
Chapter 42 Configuring Private VLANs About Private VLANs PVLANs across Multiple Switches This section discusses the following topics: Standard Trunk Ports, page 42-5 • Isolated PVLAN Trunk Ports, page 42-6 • Promiscuous PVLAN Trunk Ports, page 42-7 • Standard Trunk Ports As with regular VLANs, PVLANs can span multiple switches.
Page 930: Isolated Pvlan Trunk Ports
Traffic being sent in the downstream direction towards host1 from the router is received by the Catalyst 4500 series switch on the promiscuous port and in the primary VLAN (VLAN 10). The packets are then switched out of the isolated PVLAN trunk. Rather that being tagged with the primary VLAN (VLAN 10), they are transmitted with the isolated VLAN’s tag (VLAN 11).
Page 931: Promiscuous Pvlan Trunk Ports
Note When an isolated trunk is used in this way, Catalyst 4500 series switch provides isolation between the isolated trunk and directly connected hosts (such as host3) but not between hosts connected to the non-PVLAN switch (such as host1 and host2). The non-PVLAN switch must provide isolation between these hosts, using a feature such as protected ports on a Catalyst 2950.
Page 932: Pvlan Modes Over Gigabit Etherchannel
Chapter 42 Configuring Private VLANs About Private VLANs PVLAN Modes Over Gigabit Etherchannel Beginning with Cisco IOS Release 15.0(2)SG you can configure PVLAN modes over Etherchannel. These new modes are: • Host mode - Isolated, Community and 2-way community •...
Page 933: Pvlans And Unicast, Broadcast, And Multicast Traffic
Chapter 42 Configuring Private VLANs About Private VLANs A packet received on a PVLAN trunk port belongs to the secondary VLAN if the packet is tagged • with a secondary VLAN or if the packet is untagged and the native VLAN on the port is a secondary VLAN.
Page 934: Pvlans And Svis
Chapter 42 Configuring Private VLANs PVLAN Commands PVLANs and SVIs In a Layer 3 switch, a switch virtual interface (SVI) represents the Layer 3 interface of a VLAN. Layer 3 devices communicate with a PVLAN only using the primary VLAN and not through secondary VLANs. Configure Layer 3 VLAN interfaces (SVIs) only for primary VLANs.
Page 935: Configuring Pvlans
Chapter 42 Configuring Private VLANs Configuring PVLANs Command Purpose Location show interface private-vlan mapping Verifies the configuration. Permitting Routing of Secondary VLAN Ingress Traffic, page 42-23 switchport mode private-vlan {host | Configures a Layer 2 interface as a Configuring PVLANs, page 42-11 promiscuous | trunk promiscuous | PVLAN port.
Page 936: Basic Pvlan Configuration Procedure
Chapter 42 Configuring Private VLANs Configuring PVLANs Configuring a Layer 2 Interface as an Isolated PVLAN Trunk Port, page 42-19 • Configuring a Layer 2 Interface as a Promiscuous PVLAN Trunk Port, page 42-21 • Permitting Routing of Secondary VLAN Ingress Traffic, page 42-23 •...
Page 937 VLAN is configured as an isolated or community VLAN. • Do not apply dynamic access control entries (ACEs) to primary VLANs. Cisco IOS dynamic ACL configuration applied to a primary VLAN is inactive while the VLAN is part of the PVLAN configuration. •...
Page 938 In a DHCP environment, if you shut down your PC, it is not possible to give your IP address to • someone else. To solve this problem, the Catalyst 4500 series switch supports the no ip sticky-arp command. This command promotes IP address overwriting and reuse in a DHCP environment.
Page 939: Configuring A Vlan As A Pvlan
Chapter 42 Configuring Private VLANs Configuring PVLANs Configuring a VLAN as a PVLAN To configure a VLAN as a PVLAN, perform this task: Command Purpose Step 1 Switch# configure terminal Enters configuration mode. Step 2 Enters VLAN configuration mode. Switch(config)# vlan vlan_ID Step 3 Configures a VLAN as a PVLAN.
Page 940: Associating A Secondary Vlan With A Primary Vlan
Chapter 42 Configuring Private VLANs Configuring PVLANs This example shows how to configure VLAN 550 as a twoway-community VLAN and verify the configuration: Switch# configure terminal Switch(config)# vlan 550 Switch(config-vlan)# private-vlan twoway-community Switch(config-vlan)# end Switch# show vlan private-vlan Primary Secondary Type Interfaces ------- --------- ----------------- ------------------------------------------ primary...
Page 941: Configuring A Layer 2 Interface As A Pvlan Promiscuous Port
Chapter 42 Configuring Private VLANs Configuring PVLANs Switch# configure terminal Switch(config)# vlan 202 Switch(config-vlan)# private-vlan association 303-307,309,440 Switch(config-vlan)# end Switch# show vlan private-vlan Primary Secondary Type Interfaces ------- --------- ----------------- ------------------------------------------ community community community community community community isolated twoway-community twoway-community twoway-community community Note...
Page 942: Configuring A Layer 2 Interface As A Pvlan Host Port
Chapter 42 Configuring Private VLANs Configuring PVLANs Use the remove keyword with a secondary_vlan_list to clear the mapping between secondary • VLANs and the PVLAN promiscuous port. This example shows how to configure interface FastEthernet 5/2 as a PVLAN promiscuous port, map it to a PVLAN, and verify the configuration: Switch# configure terminal Switch(config)# interface fastethernet 5/2...
Page 943: Configuring A Layer 2 Interface As An Isolated Pvlan Trunk Port
Chapter 42 Configuring Private VLANs Configuring PVLANs This example shows how to configure interface FastEthernet 5/1 as a PVLAN host port and verify the configuration: Switch# configure terminal Switch(config)# interface fastethernet 5/1 Switch(config-if)# switchport mode private-vlan host Switch(config-if)# switchport private-vlan host-association 202 440 Switch(config-if)# end Switch# show interfaces fastethernet 5/1 switchport Name: Fa5/1...
Page 944 Chapter 42 Configuring Private VLANs Configuring PVLANs Command Purpose Step 4 Configures association between primary VLANs and Switch(config-if)# [no] switchport private-vlan association trunk primary_vlan_ID secondary VLANs the PVLAN trunk port with a secondary_vlan_ID PVLAN. Note Multiple PVLAN pairs can be specified using this command so that a PVLAN trunk port can carry multiple secondary VLANs.
Page 945: Configuring A Layer 2 Interface As A Promiscuous Pvlan Trunk Port
Chapter 42 Configuring Private VLANs Configuring PVLANs Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none A Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: 10 Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations:...
Page 946 Chapter 42 Configuring Private VLANs Configuring PVLANs The [no] switchport private-vlan mapping command provides the following three levels of removal: Remove one or more secondary VLANs from the list. For example: • Switch(config-if)# switchport private-vlan mapping trunk 2 remove 222 Remove the entire mapping of PVLAN promiscuous trunk port to the specified primary VLAN (and •...
Page 947: Permitting Routing Of Secondary Vlan Ingress Traffic
Chapter 42 Configuring Private VLANs Configuring PVLANs Capture Mode Disabled Capture VLANs Allowed: ALL Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none Permitting Routing of Secondary VLAN Ingress Traffic Isolated, community VLANs, and twoway-community VLANs are called secondary VLANs. Note To permit routing of secondary VLAN ingress traffic, perform this task: Command...
Page 948: Configuring Pvlan Over Etherchannel
Configuring a Layer 2 Etherchannel as a Promiscuous PVLAN Trunk Port, page 42-28 Configuring a Layer 2 EtherChannel Do the following: Configure a VLAN as a PVLAN. Step 1 Refer to the URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/01xo/configuration/guide/pvlans.ht ml#wp1174853 Associate a secondary VLAN with a primary VLAN. Step 2 Refer to the URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/01xo/configuration/guide/pvlans.ht ml#wp1121802 Configuring a Layer 2 EtherChannel.
Page 949 Chapter 42 Configuring Private VLANs Configuring PVLANs Command Purpose Step 3 Configures a Layer 2 Etherchannel as a Switch(config-if)# switchport mode private-vlan {host | promiscuous | trunk promiscuous | trunk PVLAN promiscuous port. [secondary]} Step 4 (Maps the PVLAN promiscuous port to a Switch(config-if)# [no] switchport private-vlan mapping [trunk] primary_vlan_ID primary VLAN and to selected secondary...
Page 950: Configuring A Layer 2 Etherchannel As A Pvlan Host Port
Chapter 42 Configuring Private VLANs Configuring PVLANs Configuring a Layer 2 EtherChannel as a PVLAN Host Port To configure a Layer 2 EtherChannel as a PVLAN host port, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Specifies the LAN interface to configure.
Page 951: Configuring A Layer 2 Etherchannel As An Isolated Pvlan Trunk Port
Chapter 42 Configuring Private VLANs Configuring PVLANs Configuring a Layer 2 EtherChannel as an Isolated PVLAN Trunk Port To configure a Layer 2 EtherChannel as an isolated PVLAN trunk port, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Specifies the LAN interface to configure.
Page 952: Configuring A Layer 2 Etherchannel As A Promiscuous Pvlan Trunk Port
Chapter 42 Configuring Private VLANs Configuring PVLANs This example shows how to configure interface port channel 63 as a secondary trunk port, and to verify the configuration: Switch# configure terminal Switch(config)# interface port-channel 63 Switch(config-if)# switchport mode private-vlan trunk secondary Switch(config-if)# switchport private-vlan trunk native vlan 10 Switch(config-if)# switchport private-vlan trunk allowed vlan 10.
Page 953 Chapter 42 Configuring Private VLANs Configuring PVLANs Command Purpose Step 5 Exits configuration mode. Switch(config-if)# end Step 6 Verifies the configuration. Switch# show interfaces port-channel interface-number switchport Note The maximum number of unique PVLAN pairs supported by the switchport private-vlan mapping trunk command is 500.
Page 954 Chapter 42 Configuring Private VLANs Configuring PVLANs Switch(config-if)# switchport private-vlan trunk native vlan 10 Switch(config-if)# switchport private-vlan trunk allowed vlan 10, 3-4 Switch(config-if)# switchport private-vlan mapping trunk 3 301, 302 Switch(config-if)# end Switch# show interfaces port-channel 63 switchport Name: Po63 Switchport: Enabled Administrative Mode: private-vlan trunk promiscuous Operational Mode: private-vlan trunk promiscuous...
Page 955 MACsec encryption between switches (encryption is optional). MACsec is supported on the Catalyst 4500 series switch universal k9 image. It is not supported with the Note NPE license or with a LAN Base service image.
Page 956: C H A P T E R 43 Configuring Macsec Encryption
Chapter 43 Configuring MACsec Encryption Understanding Media Access Control Security and MACsec Key Agreement Understanding Cisco TrustSec MACsec, page 43-8 • Configuring Cisco TrustSec MACsec, page 43-10 • For more information on TrustSec, refer to the following URL: http://www.cisco.com/en/US/docs/switches/lan/trustsec/configuration/guide/trustsec.html Understanding Media Access Control Security and MACsec Key Agreement MACsec, defined in 802.1AE, provides MAC-layer encryption over wired networks by using...
Page 957: Mka Policies
MAC address of the physical interface concatenated with a 16-bit port ID. MACsec A Catalyst 4500 series switch running MACsec maintains the configuration files that show which ports on a member switch support MACsec. The stack master performs these functions: •...
Page 958: Macsec, Mka, And 802.1X Host Modes
Chapter 43 Configuring MACsec Encryption Understanding Media Access Control Security and MACsec Key Agreement MACsec, MKA, and 802.1X Host Modes You can use MACsec and the MKA Protocol with 802.1X single-host mode, multiple-host mode, or Multi Domain Authentication (MDA) mode. Multiple authentication mode is not supported. Single-Host Mode Figure 43-1 shows how a single EAP authenticated session is secured by MACsec using MKA.
Page 959: Mka Statistics
Chapter 43 Configuring MACsec Encryption Understanding Media Access Control Security and MACsec Key Agreement MKA Statistics Some MKA counters are aggregated globally, while others are updated both globally and per session. You can also obtain information about the status of MKA sessions. This is an example of the show mka statistics command output: SWitch# show mka statistics MKA Global Statistics...
Page 960: Configuring Macsec And Mka
Chapter 43 Configuring MACsec Encryption Configuring MACsec and MKA MKPDU Failures MKPDU Tx......0 MKPDU Rx Validation....0 MKPDU Rx Bad Peer MN..... 0 MKPDU Rx Non-recent Peerlist MN.. 0 For description of the output fields, see the command reference for this release. Configuring MACsec and MKA Default MACsec MKA Configuration, page 43-6 •...
Page 961: Configuring Macsec On An Interface
Chapter 43 Configuring MACsec Encryption Configuring MACsec and MKA Configuring MACsec on an Interface To configure MACsec on an interface with one MACsec session for voice and one for data, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 interface interface-id...
Page 962: Understanding Cisco Trustsec Macsec
Runnable methods list: Method State dot1x Authc Success Understanding Cisco TrustSec MACsec MACsec is supported on the Catalyst 4500 series switch universal k9 image. It is not supported with the Note NPE license or with a LAN Base service image. Table 43-2 summarizes the Cisco TrustSec features supported on the switch.
Page 963 NPE or the LAN Base image. Cisco TrustSec NDAC SAP is supported on trunk ports because it is intended only for network device to network device links, that is, switch-to-switch links. It is not supported on: Host facing access ports (these ports support MKA MACsec) •...
Page 964: Configuring Cisco Trustsec Macsec
Configuring MACsec Encryption Configuring Cisco TrustSec MACsec Configuring Cisco TrustSec MACsec MACsec is supported on the Catalyst 4500 series switch universal k9 image. It is not supported with the Note NPE license or with a LAN Base service image. Following topics are discussed: Configuring Cisco TrustSec Credentials on the Switch, page 43-10 •...
Page 965: Configuring Cisco Trustsec Switch-To-Switch Link Security In 802.1X Mode
Cisco. Note MACsec is supported on the Catalyst 4500 series switch universal k9 image. It is not supported with the NPE license or with a LAN Base service image. If you select GCM without the required license, the interface is forced to a link-down state.
Page 966: Configuring Cisco Trustsec Switch-To-Switch Link Security In Manual Mode
If you select GCM as the SAP operating mode, you must have a MACsec Encryption software • license from Cisco. If you select GCM without the required license, the interface is forced to a link-down state. These protection levels are supported when you configure SAP pairwise master key (sap pmk): •...
Page 967: Cisco Trustsec Switch-To-Switch Link Security Configuration Example
TrustSec-related interface characteristics. Step 9 (Optional) Saves your entries in the configuration file. copy running-config startup-config This example shows how to configure Cisco TrustSec authentication in manual mode on an interface: Switch# configure terminal Switch(config)# interface tengiigabitethernet 1/1/2 Switch(config-if)# cts manual...
Page 968 Chapter 43 Configuring MACsec Encryption Configuring Cisco TrustSec MACsec Switch(config)# radius server ACS-2 address ipv4 10.5.120.14 auth-port 1812 acct-port 1813 pac key cisco123 Switch(config)# radius server ACS-3 address ipv4 10.5.120.15 auth-port 1812 acct-port 1813 pac key cisco123 Switch(config)# aaa group server radius cts-radius...
Page 969: About 802.1X Port-Based Authentication
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 970: C H A P T E R 44 Configuring 802.1X Port-Based Authentication
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication 802.1X support requires an authentication server that is configured for Remote Authentication Dial-In Note User Service (RADIUS). 802.1X authentication does not work unless the network access switch can route packets to the configured RADIUS server. To verify that the switch can route packets, you must ping the server from the switch.
Page 971: X And Network Access Control
• Authenticator—Controls physical access to the network based on the authentication status of the client. The Catalyst 4500 series switch acts as an intermediary between the client and the authentication server, requesting identity information from the client, verifying that information with the authentication server, and relaying a response to the client.
Page 972: Authentication Initiation And Message Exchange
(dot1x port-control auto command in Cisco IOS Release 12.2(46)SG and earlier releases), the switch must initiate authentication when it determines that the port link state has changed. It then sends an EAP-request/identity frame to the client to request its identity (typically, the switch sends an initial identity/request frame followed by one or more requests for authentication information).
Page 973: Ports In Authorized And Unauthorized States
You can control the port authorization state by using the authentication port-control interface configuration command (dot1x port-control auto command in Cisco IOS Release 12.2(46)SG and earlier releases) and these keywords: •...
Page 974: X Host Mode
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Figure 44-3 Authentication Flowchart Start Client IEEE IEEE 802.1x authentication Is MAC authentication 802.1x capable? process times out bypass enabled? The switch gets an EAPOL message, and the EAPOL message exchange begins.
Page 975: Single-Host Mode
Beginning with Cisco IOS Release 12.2(37)SG, Catalyst 4500 series switches support Multidomain Authentication (MDA), which allows an IP phone (Cisco or third-party) and a single host behind the IP phone to authenticate independently, using 802.1X, MAC authentication bypass (MAB) or (for the host only) web-based authentication.
Page 976: Multiauthentication Mode
To prevent another device from using the established authentication of the disconnected client later, Cisco IP phones send a Cisco Discovery Protocol (CDP) host presence type length value (TLV) to notify the switch of changes in the attached client’s port link state.
Page 977: Using Mac Move
(as happens for single-host and MDA modes). it is not an issue for directly connected hosts or for hosts behind Cisco phones, where a port-down event or proxy EAPoL-Logoff/CDP TLV is received when the initial host disconnects. It is an issue where a host disconnects from behind a hub, third party phone, or legacy Cisco phone, causing the session to remain up.
Page 978: Using 802.1X With Vlan Assignment
• Starting with Cisco IOS Release 15.0(2)SG, if multi-authentication mode is enabled on an 802.1X port, VLAN Assignment occurs successfully for the first authenticated host. Subsequent authorized (based on user credentials) data hosts, are considered successfully authenticated, provided either they have no VLAN assignment or have a VLAN assignment matching the first successfully authenticated host on the port.
Page 979: Using 802.1X For Guest Vlans
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication To configure VLAN assignment you need to perform these tasks: Enable AAA authorization by using the network keyword to allow interface configuration from the • RADIUS server. For an illustration of how to apply the aaa authorization network group radius command, refer to the section “Enabling 802.1X Authentication”...
Page 980: Usage Guidelines For Using 802.1X Authentication With Guest Vlans On Windows-Xp Hosts
802.1X supplicant. If authentication fails, the port moves to the guest VLAN if configured, or it remains unauthorized. The Catalyst 4500 series switch also supports reauthentication of MACs on a per-port level. Be aware that the reauthentication functionality is provided by 802.1X and is not MAB specific. In the reauthentication mode, a port stays in the previous RADIUS-sent VLAN and tries to re-authenticate itself.
Page 981: Feature Interaction
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Feature Interaction This section lists feature interactions and restrictions when MAB is enabled. If a feature is not listed, assume that it interacts seamlessly with MAB (such as Unidirectional Controlled Port). MAB can only be enabled if 802.1X is configured on a port.
Page 982: Using 802.1X With Web-Based Authentication
If the port is changed to multiple- user host, port security must be used to enforce the number of MAC addresses allowed through this port. Catalyst 4500 series switch supports MAB with VVID, with the restriction that the MAC address •...
Page 983: Using 802.1X With Unidirectional Controlled Port
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Inaccessible Authentication Bypass allows a voice client to access configured voice VLAN when Note RADIUS becomes unavailable. For the voice device to operate properly, it must learn the voice VLAN ID through other protocols such as CDP, LLDP, or DHCP, wherever appropriate.
Page 984: Unidirectional State
(or the dot1x control-direction both interface configuration command for Cisco IOS Release 12.2(46) or earlier), the port is access-controlled in both directions. In this state, except for EAPOL packets, a switch port does not receive or send packets.
Page 985: Deployment Example
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Deployment Example In a large campus LAN design, you might want to design the VLAN infrastructure without large Layer 2 domain. For the same employee VLAN, customers might have different VLANs at different campus access switches.
Page 986: Usage Guidelines For Using Authentication Failed Vlan Assignment
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication You can set the maximum number of authentication attempts that the authenticator sends before moving a port into the authentication-failed VLAN. The authenticator keeps a count of the failed authentication attempts for each port.
Page 987: Using 802.1X With Port Security
Chapter 44 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Internal VLANs that are used for Layer 3 ports cannot be configured as authentication-failed • VLANs. • The authentication-failed VLAN is supported only in single-host mode (the default port mode). When a port is placed in an authentication-failed VLAN the user’s MAC address is added to the •...
Page 988: Using 802.1X Authentication With Acl Assignments And Redirect Urls
Using 802.1X Authentication with ACL Assignments and Redirect URLs Beginning with Cisco IOS Release 12.2(50)SG, you can download per-host policies such as ACLs and redirect URLs to the switch from the RADIUS server during 802.1X or MAB authentication of the host.
Page 989: Acls
ACL on a client-facing switch port. If the default ACL is configured on the switch and the Cisco Secure ACS sends a host access policy to the switch, it applies the policy to traffic from the host connected to a switch port. If the policy does not apply, the switch applies the default ACL.
Page 990: Using 802.1X With Voice Vlan Ports
UNAUTHORIZED. All traffic exiting the voice VLAN is obtained correctly and appears in the MAC address table. Cisco IP phones do not relay CDP messages from other devices. If several Cisco IP phones are connected in a series, the switch recognizes only the one directly connected to it. When 802.1X is enabled on a voice VLAN port, the switch drops packets from unrecognized Cisco IP phones more than one hop away.
Page 991 When a port host mode is changed from single- or multihost to multidomain mode, an authorized data device remains authorized on the port. However, a Cisco IP phone that was allowed on the port in the voice VLAN is automatically removed and must be reauthenticated on that port.
Page 992: X Supplicant And Authenticator Switches With Network Edge Access Topology
NEAT is intended for deployment scenarios where a switch acting as 802.1X authenticator to end-hosts (PC or Cisco IP-phones) is placed in an unsecured location (outside wiring closet). Because of this topology, the authenticator switch cannot always be trusted. For example, compact switches (8-port Catalyst 3560 and Catalyst 2960) are generally deployed outside the wiring closet.
Page 993: How 802.1X Fails On A Port
Auto enablement—Automatically enables trunk configuration on the authenticator switch, allowing user traffic from multiple VLANs arising from supplicant switches. At the ACS, you must configure the Cisco AV pair as device-traffic-class=switch. For details on how to do this, see the “Configuring an Authenticator and a Supplicant Switch with NEAT”...
Page 994: Configuring 802.1X Port-Based Authentication
Chapter 44 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication switch denies access to the network for all wireless access point-attached clients. In this topology, the wireless access point is responsible for authenticating clients attached to it, and the wireless access point acts as a client to the switch.
Page 995: Default 802.1X Configuration
Chapter 44 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Configuring 802.1X with Inaccessible Authentication Bypass, page 44-60 (optional) • Configuring 802.1X with Unidirectional Controlled Port, page 44-64 (optional) • Configuring 802.1X with VLAN User Distribution, page 44-66 • Configuring 802.1X with Authentication Failed, page 44-68 (optional) •...
Page 996: X Configuration Guidelines
If you are planning to use VLAN assignment, be aware that the features use general AAA commands. For information on how to configure AAA, refer to the “Enabling 802.1X Authentication” section on page 44-28. Alternatively, you can refer to the Cisco IOS security documentation at this location: http://www.cisco.com/en/US/products/ps6586/products_ios_technology_home.html Enabling 802.1X Authentication To enable 802.1X port-based authentication, you first must enable 802.1X globally on your switch, then...
Page 997 Switch(config-if)# dot1x pae authenticator Refer to the “Default 802.1X Configuration” section on page 44-27. Step 9 Cisco IOS Release 12.2(50)SG and later Enables 802.1X authentication on the interface. Switch(config-if)# authentication port-control auto Cisco IOS Release 12.2(46)SG or earlier releases Switch(config-if)# dot1x...
Page 998 Switch(config-if)# dot1x pae authenticator Refer to the “Default 802.1X Configuration” section on page 44-27. Step 9 Cisco IOS Release 12.2(50)SG and later Enables 802.1X authentication on the interface. Switch(config-if)# authentication port-control auto Cisco IOS Release 12.2(46)SG or earlier releases Switch(config-if)# dot1x...
Page 999 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication This example shows how to enable 802.1X and AAA on Fast Ethernet port 2/1, and how to verify the configuration: Cisco IOS Release 12.2(50)SG and later Switch# configure terminal Switch(config)# dot1x system-auth-control Switch(config)# aaa new-model...
Page 1000: Configuring Switch-To-Radius-Server Communication
Chapter 44 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Authentication Dot1x Authenticator Client List ------------------------------- Supplicant = 0007.e95d.83c4 Session ID = 0A050B160000009505106398 Auth SM State = AUTHENTICATING Auth BEND SM State = REQUEST Port Status = UNAUTHORIZED The following example illustrates when a port is authorized: Switch# show authentication sessions int G4/5 Interface: GigabitEthernet4/5...

Cisco Catalyst 4500 Series Configuration Manual

Table of Contents

Chapter 1 Product Overview

Chapter 2 Command-Line Interface

Chapter 3 Configuring the Switch for the First Time

Chapter 4 Administering the Switch

CHAPTER 5 Configuring the Cisco IOS In-Service Software Upgrade Process

CHAPTER 6 Configuring the Cisco IOS XE in Service Software Upgrade Process

Chapter 7 Configuring Interface

CHAPTER 8 Checking Port Status and Connectivity

CHAPTER 11 Configuring Cisco NSF with SSO Supervisor Engine Redundancy

CHAPTER 12 Environmental Monitoring and Power Management

CHAPTER 13 Configuring Power over Ethernet

CHAPTER 14 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant

Chapter 15 Configuring VLAN, VTP, and VMP

CHAPTER 16 Configuring IP Unnumbered Interface

CHAPTER 17 Configuring Layer 2 Ethernet Interfaces

CHAPTER 18 Configuring Smartport Macros

CHAPTER 19 Configuring Cisco IOS Auto Smartport Macros

Chapter 20 Configuring STP and MST

CHAPTER 21 Configuring Flex Links and MAC Address-Table Move Update

CHAPTER 22 Configuring Resilient Ethernet Protocol

Chapter 25 C H a P T E R 25 Configuring IGMP Snooping and Filtering

Quick Links

Chapters

Troubleshooting

Related Manuals for Cisco Catalyst 4500 Series

Summary of Contents for Cisco Catalyst 4500 Series