Page 1
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide Cisco IOS Release 12.2(58)SE April 2011 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.
Understanding Command Modes Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Using Configuration Logging Using Command History Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 4
3-18 Modifying the Startup Configuration 3-19 Default Boot Configuration 3-19 Automatically Downloading a Configuration File 3-19 Specifying the Filename to Read and Write the System Configuration 3-20 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 5
NTP Version 4 Configuring Time and Date Manually Setting the System Clock Displaying the Time and Date Configuration Configuring the Time Zone Configuring Summer Time (Daylight Saving Time) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 6
Setting a Telnet Password for a Terminal Line Configuring Username and Password Pairs Configuring Multiple Privilege Levels Setting the Privilege Level for a Command Changing the Default Privilege Level for Lines Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 7
Monitoring and Troubleshooting CoA Functionality 6-40 Configuring RADIUS Server Load Balancing 6-40 Displaying the RADIUS Configuration 6-40 Controlling Switch Access with Kerberos 6-40 Understanding Kerberos 6-41 Kerberos Operation 6-43 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 8
Effects of Adding a Provisioned Switch to a Switch Stack 7-10 Effects of Replacing a Provisioned Switch in a Switch Stack 7-11 Effects of Removing a Provisioned Switch from a Switch Stack 7-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide viii OL-13270-06...
Page 9
Hardware Loopback Example: LINK OK event 7-32 Hardware Loop Example: LINK NOT OK Event 7-33 Finding a Disconnected Stack Cable 7-33 Fixing a Bad Connection Between Stack Ports 7-34 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 10
9-21 802.1x Authentication with Guest VLAN 9-21 802.1x Authentication with Restricted VLAN 9-22 802.1x Authentication with Inaccessible Authentication Bypass 9-23 Overview 9-23 Support on Multiple-Authentication Ports 9-24 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 11
Setting the Switch-to-Client Frame-Retransmission Number 9-47 Setting the Re-Authentication Number 9-48 Enabling MAC Move 9-48 Enabling MAC Replace 9-49 Configuring 802.1x Accounting 9-50 Configuring a Guest VLAN 9-51 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 13
Default Ethernet Interface Configuration 11-19 Configuring Interface Speed and Duplex Mode 11-20 Speed and Duplex Configuration Guidelines 11-20 Setting the Interface Speed and Duplex Parameters 11-21 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xiii OL-13270-06...
Page 14
Configuring Extended-Range VLANs 13-11 Default VLAN Configuration 13-11 Extended-Range VLAN Configuration Guidelines 13-11 Creating an Extended-Range VLAN 13-12 Creating an Extended-Range VLAN with an Internal VLAN ID 13-13 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 15
The VTP Domain 14-2 VTP Modes 14-3 VTP Advertisements 14-4 VTP Version 2 14-4 VTP Version 3 14-5 VTP Pruning 14-6 VTP and Switch Stacks 14-8 Configuring VTP 14-8 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 16
Private VLANs and SVIs 16-5 Private VLANs and Switch Stacks 16-6 Configuring Private VLANs 16-6 Tasks for Configuring Private VLANs 16-6 Default Private-VLAN Configuration 16-7 Private-VLAN Configuration Guidelines 16-7 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 17
Bridge ID, Switch Priority, and Extended System ID 18-4 Spanning-Tree Interface States 18-5 Blocking State 18-6 Listening State 18-7 Learning State 18-7 Forwarding State 18-7 Disabled State 18-7 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xvii OL-13270-06...
Page 18
IEEE 802.1s Terminology 19-5 Hop Count 19-5 Boundary Ports 19-6 IEEE 802.1s Implementation 19-6 Port Role Naming Change 19-7 Interoperation Between Legacy and Standard Switches 19-7 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xviii OL-13270-06...
Page 19
Understanding BPDU Guard 20-3 Understanding BPDU Filtering 20-3 Understanding UplinkFast 20-4 Understanding Cross-Stack UplinkFast 20-5 How CSUF Works 20-6 Events that Cause Fast Convergence 20-7 Understanding BackboneFast 20-7 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 20
21-14 Configuring DHCP Features and IP Source Guard 22-1 C H A P T E R Understanding DHCP Features 22-1 DHCP Server 22-2 DHCP Relay Agent 22-2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 21
Displaying DHCP Server Port-Based Address Allocation 22-30 Configuring Dynamic ARP Inspection 23-1 C H A P T E R Understanding Dynamic ARP Inspection 23-1 Interface Trust States and Network Security 23-3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 22
Configuring the IGMP Snooping Querier 24-15 Disabling IGMP Report Suppression 24-16 Displaying IGMP Snooping Information 24-17 Understanding Multicast VLAN Registration 24-18 Using MVR in a Multicast Television Application 24-19 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxii OL-13270-06...
Page 23
25-12 Configuring Port-Based Traffic Control 26-1 C H A P T E R Configuring Storm Control 26-1 Understanding Storm Control 26-2 Default Storm Control Configuration 26-3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxiii OL-13270-06...
Page 24
27-5 Configuring LLDP, LLDP-MED, and Wired Location Service 28-1 C H A P T E R Understanding LLDP, LLDP-MED, and Wired Location Service 28-1 LLDP 28-1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxiv OL-13270-06...
Page 25
VLAN Filtering 30-7 Destination Port 30-8 RSPAN VLAN 30-9 SPAN and RSPAN Interaction with Other Features 30-9 SPAN and RSPAN and Switch Stacks 30-10 Understanding Flow-Based SPAN 30-10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 26
Setting the Message Display Destination Device 32-5 Synchronizing Log Messages 32-6 Enabling and Disabling Time Stamps on Log Messages 32-8 Enabling and Disabling Sequence Numbers in Log Messages 32-8 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxvi OL-13270-06...
Page 28
35-30 VLAN Map Configuration Guidelines 35-31 Creating a VLAN Map 35-32 Examples of ACLs and VLAN Maps 35-33 Applying a VLAN Map to a VLAN 35-35 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxviii OL-13270-06...
Page 29
Queueing and Scheduling Overview 37-14 Weighted Tail Drop 37-14 SRR Shaping and Sharing 37-15 Queueing and Scheduling on Ingress Queues 37-16 Queueing and Scheduling on Egress Queues 37-18 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxix OL-13270-06...
Page 30
Configuring the DSCP Trust State on a Port Bordering Another QoS Domain 37-46 Configuring a QoS Policy 37-48 Classifying Traffic by Using ACLs 37-49 Classifying Traffic by Using Class Maps 37-54 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 31
Link Aggregation Control Protocol 38-6 LACP Modes 38-7 LACP Interaction with Other Features 38-7 EtherChannel On Mode 38-7 Load-Balancing and Forwarding Methods 38-8 EtherChannel and Switch Stacks 38-9 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxi OL-13270-06...
Page 32
39-12 Routing Assistance When IP Routing is Disabled 39-12 Proxy ARP 39-12 Default Gateway 39-12 ICMP Router Discovery Protocol (IRDP) 39-13 Configuring Broadcast Packet Handling 39-14 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxii OL-13270-06...
Page 34
39-90 Displaying Multi-VRF CE Status 39-94 Configuring Unicast Reverse Path Forwarding 39-95 Configuring Protocol-Independent Features 39-95 Configuring Cisco Express Forwarding and Distributed Cisco Express Forwarding 39-95 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxiv OL-13270-06...
Page 35
SNMP and Syslog Over IPv6 40-8 HTTP(S) Over IPv6 40-8 Unsupported IPv6 and Unicast Routing Features 40-9 Limitations 40-9 IPv6 and Switch Stacks 40-10 Configuring IPv6 40-11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxv OL-13270-06...
Page 36
Configuring VRRP 41-13 VRRP Limitations 41-13 Configuring Cisco IOS IP SLAs Operations 42-1 C H A P T E R Understanding Cisco IOS IP SLAs 42-1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxvi OL-13270-06...
Page 37
44-4 WCCP and Switch Stacks 44-5 Unsupported WCCP Features 44-5 Configuring WCCP 44-5 Default WCCP Configuration 44-6 WCCP Configuration Guidelines 44-6 Enabling the Cache Service 44-7 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxvii OL-13270-06...
Page 39
Configuring an IP Multicast Boundary 45-51 Configuring Basic DVMRP Interoperability Features 45-53 Configuring DVMRP Interoperability 45-53 Configuring a DVMRP Tunnel 45-55 Advertising Network 0.0.0.0 to DVMRP Neighbors 45-57 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xxxix OL-13270-06...
Page 40
Configuring an Originating Address other than the RP Address 46-18 Monitoring and Maintaining MSDP 46-19 Configuring Fallback Bridging 47-1 C H A P T E R Understanding Fallback Bridging 47-1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 41
Using IP Traceroute 48-13 Understanding IP Traceroute 48-14 Executing IP Traceroute 48-14 Using TDR 48-15 Understanding TDR 48-15 Running TDR and Displaying the Results 48-16 Using Debug Commands 48-16 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 42
Starting Online Diagnostic Tests 49-5 Displaying Online Diagnostic Tests and Test Results 49-6 Working with the Cisco IOS File System, Configuration Files, and Software Images A P P E N D I X Working with the Flash File System Displaying Available File Systems...
Page 43
Downloading an Image File By Using RCP A-37 Uploading an Image File By Using RCP A-39 Copying an Image File from One Stack Member to Another A-40 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xliii OL-13270-06...
Page 44
Unsupported Interface Configuration Commands IP Multicast Routing Unsupported Privileged EXEC Commands Unsupported Global Configuration Commands Unsupported Interface Configuration Commands IP Unicast Routing Unsupported Privileged EXEC or User EXEC Commands Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xliv OL-13270-06...
Page 45
VLAN B-14 Unsupported Global Configuration Command B-14 Unsupported User EXEC Commands B-14 Unsupported VLAN Database commands B-14 B-15 Unsupported Privileged EXEC Command B-15 N D E X Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 46
Contents Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide xlvi OL-13270-06...
Page 47
This guide is for the networking professional using the Cisco IOS command-line interface (CLI) to manage the standalone Cisco Catalyst Blade Switch 3130 for Dell or blade switch stack, referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS commands and the switch software features.
Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Related Publications These documents provide complete information about the switch and are available from this Cisco.com site: http://www.cisco.com/en/US/products/ps8742/tsd_products_support_series_home.html Note Before installing, configuring, or upgrading the switch, see these documents: •...
The cryptographic and noncryptographic universal software images support the IP base and IP services feature sets. To enable a specific feature set, you must have a Cisco IOS software license for that feature set. For more information about the software license, see the Cisco Software Activation for Dell document on Cisco.com.
Using a single IP address and configuration file to manage the entire switch stack. – Automatic Cisco IOS version-check of new stack members with the option to automatically load – images from the stack master or from a TFTP server.
Call Home to provide e-mail-based and web-based notification of critical system events. Users with • a service contract directly with Cisco Systems can register Call Home devices for the Cisco Smart Call Home service that generates automatic service requests with the Cisco TAC.
Network Assistant—Network Assistant is a network management application that can be • downloaded from Cisco.com. You use it to manage a single switch, a cluster of switches, or a community of devices. For more information about Network Assistant, see Getting Started with Cisco Network Assistant, available on Cisco.com.
Configurable MAC address scaling that allows disabling MAC address learning on a VLAN to limit • the size of the MAC address table Cisco Discovery Protocol (CDP) Versions 1 and 2 for network topology discovery and mapping • between the switch and other Cisco devices on the network •...
Page 57
Network Time Protocol version 4 (NTPv4) to support both IPv4 and IPv6 and compatibility with • NTPv3 Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses • Configuration logging to log and to view changes to the switch configuration •...
Loop guard for preventing alternate or root ports from becoming designated ports because of a failure that leads to a unidirectional link • Equal-cost routing for link-level and switch-level redundancy Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
• Link-state tracking to mirror the state of the ports that carry upstream traffic from connected hosts and servers and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch Support for VTP version 3 that includes support for configuring extended range VLANs (VLANs •...
Flexible-authentication sequencing to configure the order of the authentication methods that a port • tries when authenticating a new host IEEE 802.1x with open access to allow a host to access the network before being authenticated • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-10 OL-13270-06...
Page 61
VLAN. Voice VLAN assignment is supported for one IP phone Port security for controlling access to IEEE 802.1x ports – Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized – or unauthorized state of the port IP phone detection enhancement to detect and recognize a Cisco IP phone –...
Page 62
When there is a change in policy for a user or user group in AAA, administrators can send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize authentication, and apply to the new policies.
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port bordering another QoS domain – Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value received, and ensuring port security Policing •...
Fallback bridging for forwarding non-IP traffic between two or more VLANs (requires the IP services feature set) • Static IP routing for manually building a routing table of network path information • Equal-cost routing for load-balancing and redundancy Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-14 OL-13270-06...
VRRP routers on a LAN, allowing multiple routers on a multiaccess link to utilize the same virtual IP address. Monitoring Features These are the monitoring features: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-15 OL-13270-06...
• Support for Embedded Event Manager (EEM) for event detection and recovery within a Cisco IOS device, and EEM 3.2, which introduces event detectors for Neighbor Discovery, Identity, and...
Page 67
The standard HTTP server and Secure Socket Layer (SSL) HTTPS server are both enabled. For more • information, see Chapter 6, “Configuring Switch-Based Authentication.” IEEE 802.1x is disabled. For more information, see Chapter 9, “Configuring IEEE 802.1x • Port-Based Authentication.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-17 OL-13270-06...
Page 68
The IGMP snooping querier feature is disabled. For more information, see Chapter 24, “Configuring • IGMP Snooping and MVR.” • MVR is disabled. For more information, see Chapter 24, “Configuring IGMP Snooping and MVR.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-18 OL-13270-06...
Page 69
MSDP is disabled. For more information, see Chapter 46, “Configuring MSDP.” • Fallback bridging is not configured. For more information, see Chapter 47, “Configuring Fallback • Bridging.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-19 OL-13270-06...
Use the EtherChannel feature between the switch and its connected servers and • e-mail with large attached files) routers. and from bandwidth-intensive applications (such as multimedia) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-20 OL-13270-06...
Page 71
LRE is the technology used in the Catalyst 2950 LRE switch. See the Note Internet or an intranet at higher documentation sets specific to this switch for LRE information. speeds Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-21 OL-13270-06...
Page 72
The various lengths of stack cable available, ranging from 0.5 meter to 3 meters, provide extended connections to the switch stacks across multiple server racks, for multiple stack aggregation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 1-22...
Cisco CallManager controls call processing and routing. Users with workstations running Cisco SoftPhone software can place, receive, and control calls from their PCs. Using Cisco CallManager software and Cisco SoftPhone software integrates telephony and IP networks, and the IP network supports both voice and data.
Chapter 3, “Assigning the Switch IP Address and Default Gateway” • To locate and download MIBs for a specific Cisco product and release, use the Cisco MIB Locator: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your standalone switch or a switch stack, referred to as the switch. It contains these sections: Understanding Command Modes, page 2-1 •...
To return to console command. privileged EXEC mode, press Ctrl-Z or enter end. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
You need to enter only enough characters for the switch to recognize the command as unique. This example shows how to enter the show configuration privileged EXEC command in an abbreviated form: Switch# show conf Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
The caret (^) marks the that are available in this command mode. point of the error. The possible keywords that you can enter with the command appear. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
You can choose to have the notifications sent to the syslog. For more information, see the “Configuration Change Notification and Logging” section of the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4.
These procedures are optional. To globally disable enhanced editing mode, enter this command in line configuration mode: Switch (config-line)# no editing Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Delete from the cursor to the end of the word. Capitalize or lowercase words or Press Esc C. Capitalize at the cursor. capitalize a set of letters. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
If you want to configure a specific stack member port, you must include the stack member number in the CLI command interface notation. For more information about interface notations, see the “Using Interface Configuration Mode” section on page 11-8. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
After you connect through the console port, through the Ethernet management port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 2-10...
Page 85
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. This chapter consists of these sections: Understanding the Boot Process, page 3-2 •...
If the data bits option is set to 8, set the parity option to none. Note Stop bits default is 1. • Parity settings default is none. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Default gateway No default gateway is defined. Enable secret password No password is defined. Hostname The factory-assigned default hostname is Switch. Telnet password No password is defined. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
(such as an IP address, subnet mask, gateway IP address, DNS IP address, a lease for the IP address, and so forth) to the client in a DHCPOFFER unicast message. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
DHCP server. The downloaded configuration file becomes the running configuration of the switch. It does not over write the bootup configuration saved in the flash, until you reload the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
EXEC command. Note that if the downloaded configuration is saved to the startup configuration, the feature is not triggered during sub- sequent system restarts. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational. If your DHCP server is a Cisco device, for additional information about configuring DHCP, see the “Configuring...
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
The switch sends a broadcast message to a TFTP server to retrieve the named configuration file from the base directory of the server, and upon receipt, it completes its boot up process. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Table 3-2 DHCP Server Configuration Switch A Switch B Switch C Switch D Binding key (hardware address) 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 IP address 10.0.0.21 10.0.0.22 10.0.0.23 10.0.0.24 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-10 OL-13270-06...
Page 95
It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg • from the TFTP server. Switches B through D retrieve their configuration files and IP addresses in the same way. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-11 OL-13270-06...
Specify the IP address and mask for the interface. Step 12 Return to privileged EXEC mode. Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-12 OL-13270-06...
Specify the text file that contains the name of the image file to download Step 14 interface interface-id Specify the address of the client that will receive the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-13 OL-13270-06...
(Optional) Create warning messages to be displayed when you try to save the configuration file to NVRAM. Step 5 Return to privileged EXEC mode. Step 6 show boot Verify the configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-14 OL-13270-06...
Get an IP address for the VLAN interface from the DHCP server. interface-name] [hostname host-name] Step 4 ip address ip-address subnet-mask Enter the IP address and subnet mask. Step 5 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-15 OL-13270-06...
Page 100
For information on setting the switch system name, protecting access to privileged EXEC commands, and setting time and calendar services, see Chapter 5, “Administering the Switch.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-16 OL-13270-06...
For more information about alternative locations from which to copy the configuration file, see Appendix A, “Working with the Cisco IOS File System, Configuration Files, and Software Images.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
Use number to specify a stack member. (Specify only one stack member.) • Use all to specify all stack members. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-21 OL-13270-06...
Cisco IOS configuration file can be stored as an environment variable. You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
Page 107
Changes the priority value of a stack member. Changes the priority value of a stack member This command is supported only on Note stacking-capable switches. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-23 OL-13270-06...
(if the specified time is later than the current time) or on the next day (if the specified time is earlier than the current time). Specifying 00:00 schedules the reload for midnight. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-24...
It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-25...
Page 110
Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduling a Reload of the Software Image Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 3-26 OL-13270-06...
For complete configuration information for the Cisco Configuration Engine, go to Note http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/tsd_products_support_series_home.html For complete syntax and usage information for the commands used in this chapter, go to the Cisco IOS Network Management Command Reference, Release 12.4 at http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_book.html This chapter consists of these sections: Understanding Cisco Configuration Engine Software, page 4-1 •...
(LDAP) URLs that reference the device-specific configuration information stored in a directory. The Cisco IOS agent can perform a syntax check on received configuration files and publish events to show the success or failure of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server.
ID, and event. Cisco IOS devices recognize only event subject-names that match those configured in Cisco IOS software; for example, cisco.cns.config.load. You can use the namespace mapping service to designate events by using any desired naming convention.
Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding switch definition in the Configuration Engine. The origin of the DeviceID is defined by the Cisco IOS hostname of the switch. However, the DeviceID variable and its usage reside within the event gateway adjacent to the switch.
Understanding Cisco IOS Agents The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and works with the Cisco IOS agent. The Cisco IOS agent feature supports the switch by providing these features: •...
NVRAM for use at the next reboot. Configuring Cisco IOS Agents The Cisco IOS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 4-7.
For more information about running the setup program and creating templates on the Configuration Note Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at http://www.cisco.com/en/US/docs/net_mgmt/configuration_engine/1.5/installation_linux/guide/setup_ 1.html Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Configuring Cisco IOS Configuration Engine Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the Cisco IOS agent with these commands: •...
Page 120
Enter the hostname for the switch. Step 12 ip route network-number (Optional) Establish a static route to the Configuration Engine whose IP address is network-number. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 4-10 OL-13270-06...
Page 121
ID, enter an arbitrary text string for string string as the unique ID, or enter udi to set the unique device identifier (UDI) as the unique ID. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 4-11 OL-13270-06...
Page 122
Verify your entries. To disable the CNS Cisco IOS agent, use the no cns config initial {ip-address | hostname} global configuration command. This example shows how to configure an initial configuration on a remote switch when the switch configuration is unknown (the CNS Zero Touch feature).
RemoteSwitch(config)# cns id ethernet 0 ipaddress RemoteSwitch(config)# cns config initial 172.28.129.22 no-persist Enabling a Partial Configuration Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS agent and to initiate a partial configuration on the switch: Command...
Displays statistics about the CNS event agent. show cns event subject Displays a list of event agent subjects that are subscribed to by applications. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 4-14 OL-13270-06...
You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2.
The time kept on a device is a critical resource; you should use the security features of NTP to avoid the accidental or malicious setting of an incorrect time. Two mechanisms are available: an access list-based restriction scheme and an encrypted authentication mechanism. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 127
Managing the System Time and Date Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Setting the System Clock, page 5-5 • Displaying the Time and Date Configuration, page 5-5 • Configuring the Time Zone, page 5-6 • Configuring Summer Time (Daylight Saving Time), page 5-7 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
The symbol that precedes the show clock display has this meaning: *—Time is not authoritative. • (blank)—Time is authoritative. • .—Time is authoritative, but NTP is not synchronized. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
9. When you use this command, the stack member number is appended to the system prompt. For example, is the prompt in privileged EXEC mode for stack member 2, and the system prompt Switch-2# for the switch stack is Switch Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Administering the Switch Configuring a System Name and Prompt For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
If your network devices require connectivity with devices in networks for which you do not control name assignment, you can dynamically assign device names that uniquely identify your devices by using the global Internet naming scheme (DNS). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-10 OL-13270-06...
Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-12 OL-13270-06...
(static or dynamic). For complete syntax and usage information for the commands used in this section, see the command Note reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-13 OL-13270-06...
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-14...
MAC address change notifications are generated for dynamic and secure MAC addresses. Notifications are not generated for self addresses, multicast addresses, or other static addresses. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-16 OL-13270-06...
Page 141
Step 9 show mac address-table notification change Verify your entries. interface show running-config Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-17 OL-13270-06...
Enable the switch to send MAC address move notification traps to the NMS. Step 4 mac address-table notification mac-move Enable the MAC address move notification feature. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-18 OL-13270-06...
For notification-type, use the mac-notification • keyword. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-19 OL-13270-06...
VLAN, the switch acquires the VLAN ID for the address from the ports that you specify. You can specify a different list of destination ports for each source port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-20...
When unicast MAC address filtering is enabled, the switch drops packets with specific source or destination MAC addresses. This feature is disabled by default and only supports unicast static addresses. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-21 OL-13270-06...
Page 146
When a packet is received in VLAN 4 with this MAC address as its source or destination, the packet is dropped: Switch(config)# mac ddress-table static c2f3.220a.12f4 vlan 4 drop Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-22 OL-13270-06...
Return to privileged EXEC mode. Step 4 show mac address-table learning [vlan Verify the configuration. vlan-id] Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 5-23 OL-13270-06...
(represented by the arpa keyword) is enabled on the IP interface. ARP entries added manually to the table do not age and must be manually removed. For CLI procedures, see the Cisco IOS Release 12.2 documentation on Cisco.com. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
This chapter describes how to configure switch-based authentication on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
No password is defined. The default is level 15 (privileged EXEC level). The password is encrypted before it is written to the configuration file. Line password No password is defined. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 152
To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the bootloader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user.
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Log in to a specified privilege level. For level, the range is 0 to 15. Step 2 disable level Exit to a specified privilege level. For level, the range is 0 to 15. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
“Implementing ADSL for IPv6” chapter in the Cisco IOS XE IPv6 Configuration Guide, Release For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 159
TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-11 OL-13270-06...
(Optional) Associate a particular TACACS+ server with the defined server group. Repeat this step for each TACACS+ server in the AAA server group. Each server in the group must be previously defined in Step 2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-13 OL-13270-06...
Beginning in privileged EXEC mode, follow these steps to configure login authentication: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-14 OL-13270-06...
Page 163
To either disable TACACS+ authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-15...
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting for each Cisco IOS privilege level and for network services:...
In one case, RADIUS has been used with Enigma’s security cards to validates users and to grant access to network resources. Networks already using RADIUS. You can add a Cisco switch containing a RADIUS client to the •...
X.25 PAD connections. Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model.
RADIUS Change of Authorization (CoA) extensions defined in RFC 5176 that are typically used in a pushed model and allow for the dynamic reconfiguring of sessions from external authentication, authorization, and accounting (AAA) or policy servers. Beginning with Cisco IOS Release 12.2(52)SE, the switch supports these per-session CoA requests: Session reauthentication •...
Value Explanation Residual Session Context Removed Invalid EAP Packet (Ignored) Unsupported Attribute Missing Attribute NAS Identification Mismatch Invalid Request Unsupported Service Unsupported Extension Invalid Attribute Value Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-21 OL-13270-06...
Page 170
If more than one session identification attribute is included in the message, all the attributes must match the session or the switch returns a Disconnect- negative acknowledgement (NAK) or CoA-NAK with the error code “Invalid Attribute Value.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-22 OL-13270-06...
Page 171
• CoA Disconnect-Request • CoA Request: Disable Host Port • CoA Request: Bounce-Port • Beginning with Cisco IOS Release 12.2(52)SE, the switch supports the commands shown in Table 6-4. Table 6-4 CoA Commands Supported on the Switch Command Cisco VSA Reauthenticate host Cisco:Avpair=“subscriber:command=reauthenticate”...
Page 172
When you want to restore network access on the port, re-enable it using a non-RADIUS mechanism. 1. Extensible Authentication Protocol over Lan Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-24 OL-13270-06...
Page 173
If the switch fails after returning a CoA-ACK message to the client but before the operation has completed, the operation is re-started on the new active switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-25...
(which is subsequently removed). If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent command as a new command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-26 OL-13270-06...
Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: Hostname or IP address • Authentication destination port • Accounting destination port • Key string • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-27 OL-13270-06...
Page 176
You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 6-32. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-28 OL-13270-06...
Page 177
(Optional) Save your entries in the configuration file. To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-29 OL-13270-06...
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-30 OL-13270-06...
Page 179
Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-31 OL-13270-06...
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
Page 181
Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-33 OL-13270-06...
Step 1 configure terminal Enter global configuration mode. Step 2 aaa authorization network radius Configure the switch for user RADIUS authorization for all network-related service requests. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-34 OL-13270-06...
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 185
Chapter 6 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS For example, this AV pair activates Cisco’s multiple named ip address pools feature during IP authorization (during PPP IPCP address assignment): cisco-avpair= ”ip:addr-pool=first“ This example shows how to provide a user logging in from a switch with immediate access to privileged EXEC commands: cisco-avpair= ”shell:priv-lvl=15“...
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the switch and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.
To disable AAA, use the no aaa new-model global configuration command. To disable the AAA server functionality on the switch, use the no aaa server radius dynamic authorization global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-39 OL-13270-06...
Chapter 6 Configuring Switch-Based Authentication Controlling Switch Access with Kerberos Monitoring and Troubleshooting CoA Functionality The following Cisco IOS commands can be used to monitor and troubleshoot CoA functionality on the switch: debug radius • debug aaa coa • debug aaa pod •...
If a network service decides to trust the Kerberos server that issued a ticket, it can be used in place of re-entering a username and password. Credentials have a default lifespan of eight hours. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-41 OL-13270-06...
Page 190
Kerberos realm represented by the KDC. 1. TGT = ticket granting ticket 2. KDC = key distribution center 3. KEYTAB = key table 4. SRVTAB = server table Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-42 OL-13270-06...
For instructions about how to authenticate to a KDC, see the “Obtaining a TGT from a KDC” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
TGT must now authenticate to the network services in a Kerberos realm. For instructions about how to authenticate to a network service, see the “Authenticating to Network Services” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfkerb.html#wp1001010...
Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2.
You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers.
Configure a hostname and IP domain name for the switch. Follow this procedure only if you are configuring the switch as an SSH server. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-47 OL-13270-06...
SSH version supported by the SSH client. For example, if the SSH client supports SSHv1 and SSHv2, the SSH server selects SSHv2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-48 OL-13270-06...
Shows the status of the SSH server. For more information about these commands, see the “Secure Shell Commands” chapter of the Cisco IOS Security Command Reference, Cisco IOS Release 12.2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
(pages) back to the HTTP secure server, which, in turn, responds to the original request. The primary role of the HTTP secure client (the web browser) is to respond to Cisco IOS application requests for HTTPS User Agent services, perform HTTPS User Agent services for the application, and pass the response back to the application.
For example, Netscape Communicator 4.76 supports U.S. security with RSA Public Key Cryptography, MD2, MD5, RC2-CBC, RC4, DES-CBC, and DES-EDE3-CBC. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-51 OL-13270-06...
Before you configure a CA trustpoint, you should ensure that the system clock is set. If the clock is not set, the certificate is rejected due to an incorrect date. In a switch stack, the SSL session terminates at the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-52 OL-13270-06...
(Optional) Save your entries in the configuration file. Use the no crypto ca trustpoint name global configuration command to delete all identity information and certificates associated with the CA. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-53 OL-13270-06...
(Optional) Set the maximum number of concurrent connections that are allowed to the HTTP server. The range is 1 to 16; the default value is 5. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-54 OL-13270-06...
CA trustpoint by using the previous procedure. The command is optional if client authentication is not needed or if a primary trustpoint has been configured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-55 OL-13270-06...
Shows the HTTP secure client configuration. secure status show ip http server Shows the HTTP secure server configuration. secure status show running-config Shows the generated self-signed certificate for secure HTTP connections. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-56 OL-13270-06...
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System (IFS) to and from a switch by using the copy command. An authorized administrator can also do this from a workstation.
Page 206
Chapter 6 Configuring Switch-Based Authentication Configuring the Switch for Secure Copy Protocol Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 6-58 OL-13270-06...
One of the switches controls the operation of the stack and is called the stack master. The stack master and the other switches in the stack are all stack members. The stack members use the Cisco StackWise Plus technology to work together as a unified system. Layer 2 and Layer 3 protocols present the entire switch stack as a single entity to the network.
Reconnect them to the original switch stack through their StackWise Plus ports. Power on the switches. For more information about cabling and powering switch stacks, see the “Switch Installation” chapter in the hardware installation guide. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 210
Blade switch Enclosure 1 Blade switch Stack member 1 Blade switch Blade switch Enclosure 2 Blade switch Blade switch Blade switch Stack member 2 and stack master Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 211
Stack member 1 Blade switch Blade switch Blade switch Stack member 1 Enclosure Stack member 1 Blade switch Blade switch Blade switch Stack member 2 and stack master Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Note stack master. This ensures that the switch is re-elected as stack master if a re-election occurs. The switch that is not using the default interface-level configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 213
As described in the hardware installation guide, you can use the Master LED on the switch to see if the switch is the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
If you merge switch stacks, the switches that join the switch stack of a new stack master select the • the lowest available numbers in the stack. For more information about merging switch stacks, see “Switch Stack Membership” section on page 7-3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
The switch type of the provisioned switch does not match the switch type in the provisioned configuration on the stack. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-10 OL-13270-06...
If you remove a provisioned switch from the switch stack, the configuration associated with the removed stack member remains in the running configuration as provisioned information. To completely remove the configuration, use the no switch stack-member-number provision global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-11 OL-13270-06...
“Hardware Compatibility and SDM Mismatch Mode in Switch Stacks” section on page 7-12. All stack members must run the same Cisco IOS software image and feature set to ensure compatibility between stack members. For example, all stack members should run the cryptographic universal software image and have the IP services feature set enabled for Cisco IOS Release 12.2(40)EX1 or later.
If you have both StackWise Plus cables connected during the reload, network downtime does not occur because the switch stack operates on two rings. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-13...
Page 221
1 00:01:15.547:%STACKMGR-6-SWITCH_ADDED_VM:Switch 1 has been ADDED to the stack (VERSION_MISMATCH) stack_2# *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW_INITIATED:Auto-copy-software process initiated for switch number(s) 1 *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW: *Mar 1 00:03:15.554:%IMAGEMGR-6-AUTO_COPY_SW:Searching for stack member to act Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-15 OL-13270-06...
We recommend that all stack members run Cisco IOS Release 12.2(40)EX1 or later. The Note interface-specific settings of the stack master are saved if the stack master is replaced without saving the running configuration to the startup configuration.
“Working with the Cisco IOS File System, Configuration Files, and Software Images.” Additional Considerations for System-Wide Configuration on Switch Stacks These sections provide additional considerations for configuring system-wide features on switch stacks: “Planning and Creating Clusters” chapter in the Getting Started with Cisco Network Assistant, • available on Cisco.com “MAC Addresses and Switch Stacks”...
For more information about connecting to the switch stack through Ethernet management ports, see the “Using the Internal Ethernet Management Port” section on page 11-13. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-18 OL-13270-06...
Make sure that one stack member has a default configuration and that the other stack member has a saved (nondefault) configuration file. Restart both stack members at the same time. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-19 OL-13270-06...
Page 226
The stack master is retained. The new switch is added to the switch stack. Through their StackWise Plus ports, connect the new switch to a powered-on switch stack. Power on the new switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-20 OL-13270-06...
During this time period, if the previous stack master rejoins the stack, the stack continues to use its MAC address as the stack MAC address, even if the switch is now a stack member and not a stack master. If Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-21...
Page 228
If you enter the no stack-mac persistent timer command after a new stack master takes over, before the time expires, the switch stack moves to the current stack master MAC address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-22 OL-13270-06...
Page 229
(Optional) Save your entries in the configuration file. Use the no stack-mac persistent timer global configuration command to disable the persistent MAC address feature. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-23 OL-13270-06...
Reset the stack member. Step 5 show switch Verify the stack member number. Step 6 copy running-config startup-config Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-24 OL-13270-06...
Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify the correct numbering of interfaces in the running configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-25 OL-13270-06...
. Enter exit to return to the CLI Switch-2# Switch# session on the master. Only the show and debug commands are available on a specific member. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-26 OL-13270-06...
If Switch 4 is powered on first, you might need to enter the switch 1 stack port 1 enable and the switch 4 stack port 2 enable privileged EXEC commands to bring up the link. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-28...
No—At least one stack port on the member has an attached stack • cable. • Yes—None of the stack ports on the member has an attached stack cable. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-29 OL-13270-06...
Length Active Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- Down None 50 cm 50 cm Down None 50 cm Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-30 OL-13270-06...
--------- -------- 50 cm 50 cm The port status shows that Switch 2 is a standalone switch. – The ports can send and receive traffic. – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-31 OL-13270-06...
If you disconnect the cable from Port 2 on Switch 1, these messages appear: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state DOWN %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 1 has changed to state DOWN Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-33 OL-13270-06...
The Cable Length value is 50 cm. The switch detects and correctly identifies the cable. • The connection between Port 2 on Switch 1 and Port 1 on Switch 2 is unreliable on at least one of the connector pins. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 7-34 OL-13270-06...
Default—The default template gives balance to all functions. Access—The access template maximizes system resources for access control lists (ACLs) to • accommodate a large number of ACLs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Layer 2 and ACLs for IPv6 on the switch. With the new indirect IPv4 and IPv6 routing template in Cisco IOS Release 12.2(58)SE, you can more IPv6 indirect routes for deployments that have little need for direct IPv6 host route connectivity.
This is an example of a syslog message notifying the stack master that a stack member is in SDM mismatch mode: 2d23h:%STACKMGR-6-SWITCH_ADDED_SDM:Switch 2 has been ADDED to the stack (SDM_MISMATCH) 2d23h:%SDM-6-MISMATCH_ADVISE: 2d23h:%SDM-6-MISMATCH_ADVISE: 2d23h:%SDM-6-MISMATCH_ADVISE:System (#2) is incompatible with the SDM Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Use the indirect-ipv4-and-ipv6-routing template to provide more space for IPv4 and IPv6 summary • or indirect routes by providing less space for IPv4 policy-based routing entries and IPv6 ACL, QoS, and policy-based routes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
0.5K number of security aces: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 247
0.5K number of IPv4/MAC security aces: 0.5K number of IPv6 policy based routing aces: 0.25K number of IPv6 qos aces: 0.5K number of IPv6 security aces: 0.5K Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 248
Chapter 8 Configuring SDM Templates Displaying the SDM Templates Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 249
IP address. The SXP control protocol allows tagging packets with SCTs without a hardware upgrade, and runs between access layer devices at the Cisco TrustSec domain edge and distribution layer devices within the Cisco TrustSec domain. The blade switches operate as access layer switches in the Cisco TrustSec network.
Until the client is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.
Authentication Protocol (EAP) extensions is the only supported authentication server. It is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
If Multi Domain Authentication (MDA) is enabled on a port, this flow can be used with some exceptions that are applicable to voice authorization. For more information on MDA, see the “Multidomain Authentication” section on page 9-30. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 253
After 802.1x authentication using a RADIUS server is configured, the switch uses timers based on the Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute (Attribute [29]). The Session-Timeout RADIUS attribute (Attribute[27]) specifies the time after which re-authentication occurs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
The specific exchange of EAP frames depends on the authentication method being used. Figure 9-3 shows a message exchange initiated by the client when the client uses the One-Time-Password (OTP) authentication method with a RADIUS server. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Page 255
MAC authentication bypass. Figure 9-4 Message Exchange During MAC Authentication Bypass Authentication server Client (RADIUS) Switch EAPOL Request/Identity EAPOL Request/Identity EAPOL Request/Identity Ethernet packet RADIUS Access/Request RADIUS Access/Accept Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide OL-13270-06...
Understanding IEEE 802.1x Port-Based Authentication Authentication Manager In Cisco IOS Release 12.2(46)SE and earlier, you could not use the same authorization methods, including CLI commands and messages, on this switch and also on other network devices, such as Catalyst 6000 switches.
ACL configured on another device running Cisco IOS software, such as a Catalyst 6000 switch. In Cisco IOS Release 12.2(50)SE or later, the ACLs configured on the switch are compatible with other devices running Cisco IOS release.
Beginning with Cisco IOS Release 12.2(55)SE, you can filter out verbose system messages generated by the authentication manager. The filtered content typically relates to authentication success. You can also filter verbose messages for 802.1x authentication and MAB authentication. There is a separate...
If the link state of a port changes from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-11 OL-13270-06...
In this topology, the wireless access point is responsible for authenticating the clients attached to it, and it also acts as a client to the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-12...
When a port is in multiple-authentication mode, the guest VLAN and authentication-failed VLAN features do not activate. Beginning with Cisco IOS Release 12.2(55)SE, you can assign a RADIUS-server-supplied VLAN in multi-auth mode, under these conditions: The host is the first host authorized on the port, and the RADIUS server supplies VLAN information.
“Enabling MAC Move” section on page 9-48. MAC Replace Beginning with Cisco IOS Release 12.2(55)SE, the MAC replace feature can be configured to address the violation that occurs when a host attempts to connect to a port where another host was previously authenticated.
DHCP snooping bindings table. You can view the AV pairs that are being sent by the switch by entering the debug radius accounting privileged EXEC command. For more information about this command, see the Cisco IOS Debug Command Reference, Release 12.2.
Page 265
Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS server must return these attributes to the switch: [64] Tunnel-Type = VLAN – [65] Tunnel-Medium-Type = 802 – – [81] Tunnel-Private-Group-ID = VLAN name or VLAN ID Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-17 OL-13270-06...
If the RADIUS server does not allow the .in or .out syntax, the access list is applied to the outbound ACL by default. Because of limited support of Cisco IOS access lists on the switch, the Filter-Id attribute is supported only for IP ACLs numbered 1 to 199 and 1300 to 2699 (IP standard and IP extended ACLs).
ACL only to the phone as part of the authorization policies. Beginning with Cisco IOS Release 12.2(55)SE, if there is no static ACL on a port, a dynamic auth-default ACL is created, and policies are enforced before dACLs are downloaded and applied.
The switch then forwards the client web browser to the specified redirect address. The url-redirect AV pair on the Cisco Secure ACS contains the URL to which the web browser is redirected. The url-redirect-acl AV pair contains the name or number of an ACL that specifies the HTTP or HTTPS traffic to redirect.
ACL, this ACL takes precedence over the default ACL that is configured on the switch port. However, if the switch receives an host access policy from the Cisco Secure ACS but the default ACL is not configured, the authorization failure is declared.
A restricted VLAN allows users without valid credentials in an authentication server (typically, visitors to an enterprise) to access a limited set of services. The administrator can control the services available to the restricted VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-22 OL-13270-06...
RADIUS servers are unavailable, the switch grants network access to the host and puts the port in the critical-authentication state, which is a special case of the authentication state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-23...
If all the RADIUS servers are not available and the client is connected to a critical port, the switch authenticates the client and puts the critical port in the critical-authentication state in the RADIUS-configured or user-specified access VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-24 OL-13270-06...
A voice VLAN port becomes active when there is a link, and the device MAC address appears after the first CDP message from the IP phone. Cisco IP phones do not relay CDP messages from other devices. As a result, if several IP phones are connected in series, the switch recognizes only the one directly connected to it.
If you enable 802.1x authentication on an access port on which a voice VLAN is configured and to which Note a Cisco IP Phone is connected, the Cisco IP phone loses connectivity to the switch for up to 30 seconds. For more information about voice VLANs, see Chapter 15, “Configuring Voice VLAN.”...
802.1x-capable supplicant and uses 802.1x authentication (not MAC authentication bypass) to authorize the interface. EAPOL history is cleared if the interface link status goes down. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-27 OL-13270-06...
For more configuration information, see the “Authentication Manager” section on page 9-8. Cisco IOS Release 12.2(55)SE and later supports filtering of verbose MAB system messages. See the “Authentication Manager CLI Commands” section on page 9-9. Network Admission Control Layer 2 802.1x Validation The switch supports the Network Admission Control (NAC) Layer 2 802.1x validation, which checks...
The switch supports multidomain authentication (MDA), which allows both a data device and voice device, such as an IP phone (Cisco or non-Cisco), to authenticate on the same switch port. The port is divided into a data domain and a voice domain.
Auto enablement: Automatically enables trunk configuration on the authenticator switch, allowing • user traffic from multiple VLANs coming from supplicant switches. Configure the cisco-av-pair as device-traffic-class=switch at the ACS. (You can configure this under the group or the user settings.)
The IP address of the Network Access Device (NAD) • A monotonically increasing unique 32 bit integer • The session start time stamp (a 32 bit integer) • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-32 OL-13270-06...
Retransmission time 30 seconds (number of seconds that the switch should wait for a response to an EAP request/identity frame from the client before resending the request). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-34 OL-13270-06...
The 802.1x protocol is supported on Layer 2 static-access ports, voice VLAN ports, and Layer 3 routed ports, but it is not supported on these port types: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-35...
EtherChannel configuration from the interfaces on which 802.1x authentication and EtherChannel are configured. If you are using a device running the Cisco Access Control Server (ACS) application for • IEEE 802.1x authentication with EAP-Transparent LAN Services (TLS) and EAP-MD5, make sure that the device is running ACS Version 3.2.1 or later.
In single-host mode, only one device is allowed on the access VLAN. If the port is also configured with • a voice VLAN, an unlimited number of Cisco IP phones can send and receive traffic through the voice VLAN. In multidomain authentication (MDA) mode, one device is allowed for the access VLAN, and one •...
To allow per-user ACLs or VLAN assignment, you must enable AAA authorization to configure the switch for all network-related service requests. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-38 OL-13270-06...
Page 287
IEEE 802.1x authentication, and enter interface configuration mode. Step 9 switchport mode access (Optional) Set the port to access mode only if you configured the RADIUS server in Step 6 and Step 7. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-39 OL-13270-06...
(Optional) Configure the timeout used to wait for EAPOL response. The range is from 1 to 65535 seconds. The default is 10 seconds. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-40 OL-13270-06...
If the shutdown vlan keywords are not included, the entire port Note enters the error-disabled state and shuts down. Step 3 errdisable recovery cause (Optional) Enable automatic per-VLAN error recovery. security-violation Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-41 OL-13270-06...
The RADIUS host entries are tried in the order that they were configured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-42...
Page 291
You also need to configure some settings on the RADIUS server. These settings include the IP address of the switch and the key string to be shared by both the server and the switch. For more information, see the RADIUS server documentation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-43 OL-13270-06...
Use the multi-domain keyword to configure and enable multidomain authentication (MDA), which allows both a host and a voice device, such as an IP phone (Cisco or non-Cisco), on the same switch port. This procedure is optional.
This example shows how to enable periodic re-authentication and set the number of seconds between re-authentication attempts to 4000: Switch(config-if)# authentication periodic Switch(config-if)# authentication timer reauthenticate 4000 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-45 OL-13270-06...
You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-46...
Return to privileged EXEC mode. Step 5 show authentication interface Verify your entries. interface-id Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-47 OL-13270-06...
Beginning in privileged EXEC mode, follow these steps to globally enable MAC move on the switch. This procedure is optional. Command Purpose configure terminal Enter global configuration mode. authentication mac-move permit Enable Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-48 OL-13270-06...
(Optional) Saves your entries in the configuration file. This example shows how to enable MAC replace on an interface: Switch(config)# interface gigabitethernet2/0/2 Switch(config-if)# authentication violation replace Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-49 OL-13270-06...
VLAN 2 as an IEEE 802.1x guest VLAN when an 802.1x port is connected to a DHCP client: Switch(config-if)# authentication timer inactivity 3 Switch(config-if)# authentication timer reauthenticate 15 Switch(config-if)# authentication event no-response action authorize vlan 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-51 OL-13270-06...
Specify the port to be configured, and enter interface configuration mode. For the supported port types, see the “802.1x Authentication Configuration Guidelines” section on page 9-35. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-52 OL-13270-06...
(Optional) Set the number of minutes that a RADIUS server is not sent requests. The range is from 0 to 1440 minutes (24 hours). The default is 0 minutes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-53 OL-13270-06...
Page 302
The range is from 1 to 10000 milliseconds. The default is 1000 milliseconds (a port can be re-initialized every second). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-54 OL-13270-06...
This example shows how to clear all the VLAN groups: switch(config)# no vlan group end-dept vlan-list all switch(config)# show vlan-group all For more information about these commands, see the Cisco IOS Security Command Reference. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-56...
MAC authentication bypass (MAB) to the order of • authentication methods. webauth—Add web authentication to the order of authentication • methods. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-57 OL-13270-06...
(Optional) Save your entries in the configuration file. This example shows how to configure NAC Layer 2 802.1x validation: Switch# configure terminal Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# authentication periodic Switch(config-if)# authentication timer reauthenticate Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-58 OL-13270-06...
9-31. Note The cisco-av-pairs must be configured as device-traffic-class=switch on the ACS, which sets the interface as a trunk after the supplicant is successfully authenticated. Beginning in privileged EXEC mode, follow these steps to configure a switch as an authenticator:...
You must configure a downloadable ACL on the ACS before downloading it to the switch. Note After authentication on the port, you can use the show ip access-list privileged EXEC command to display the downloaded ACLs on the port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-60 OL-13270-06...
The acl-id is an access list name or number. Note Step 8 show running-config interface interface-id Verify your configuration. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-61 OL-13270-06...
ARP probe. The range is from 30 to 300 seconds. The default is 30 seconds. • use-svi—Uses the switch virtual interface (SVI) IP address as source of ARP probes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-62 OL-13270-06...
There is no show command to confirm the status of VLAN ID-based MAC authentication. You can use the debug radius accounting privileged EXEC command to confirm the RADIUS attribute 32. For more information about this command, see the Cisco IOS Debug Command Reference, Release 12.2 at this URL: http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_q1.html#wp1123741...
(Optional) Enable or disable reauthentication on a port. Step 9 authentication port-control {auto | (Optional) Enable manual control of the port authorization state. force-authorized | force-un authorized} Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-64 OL-13270-06...
This example shows how to disable 802.1x authentication on the port: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# no dot1x pae authenticator Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 9-65 OL-13270-06...
EXEC command. Beginning with Cisco IOS Release 12.2(55)SE, you can use the no dot1x logging verbose global configuration command to filter verbose 802.1x authentication messages. See the “Authentication...
If the user exceeds the maximum number of attempts, web-based authentication forwards a Login-Expired HTML page to the host, and the user is placed on a watch list for a waiting period. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-1 OL-13270-06...
The switch maintains an IP device tracking table to store information about detected hosts. By default, the IP device tracking feature is disabled on a switch. You must enable the IP device tracking Note feature to use web-based authentication. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-2 OL-13270-06...
The terminate action is included in the response from the server. • If the terminate action is default, the session is dismantled, and the applied policy is removed. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-3 OL-13270-06...
You create a banner by using the ip admission auth-proxy-banner http global configuration command. The default banner Cisco Systems and Switch host-name Authentication appear on the Login Page. Cisco Systems appears on the authentication result pop-up page, as shown in Figure 10-2.
Page 319
Login Screen With No Banner For more information, see the Cisco IOS Security Command Reference and the “Configuring a Web Authentication Local Banner” section on page 10-16. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-5 OL-13270-06...
You must include an HTML redirect command in the success page to access a specific URL. • The URL string must be a valid URL (for example, http://www.cisco.com). An incomplete URL • might cause page not found or similar errors on a web browser.
You can then limit the number or group of clients that can access the network through the port. For more information about enabling port security, see the “Configuring Port Security” section on page 26-9 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-7 OL-13270-06...
ACLs If you configure a VLAN ACL or a Cisco IOS ACL on an interface, the ACL is applied to the host traffic only after the web-based authentication host policy is applied. For Layer 2 web-based authentication, you must configure a port ACL (PACL) as the default access policy for ingress traffic from hosts connected to the port.
You must configure the default ACL on the interface before configuring web-based authentication. • Configure a port ACL for a Layer 2 interface or a Cisco IOS ACL for a Layer 3 interface. You cannot authenticate hosts on Layer 2 interfaces with static ARP cache assignment. These hosts •...
This example shows how to enable web-based authentication on Fast Ethernet port 5/1: Switch(config)# ip admission name webauth1 proxy http Switch(config)# interface fastethernet 5/1 Switch(config-if)# ip admission webauth1 Switch(config-if)# exit Switch(config)# ip device tracking Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-10 OL-13270-06...
RADIUS security servers identification: Host name • Host IP address • Host name and specific UDP port numbers • IP address and specific UDP port numbers • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-11 OL-13270-06...
Page 326
For more information, see Cisco IOS Security Configuration Guide, Release 12.2 and the Cisco IOS Security Command Reference, Release 12.2 at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-12 OL-13270-06...
Specify the location of the custom HTML file to use in device:success-filename place of the default login success page. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-13 OL-13270-06...
Page 328
Authentication global init state time is 2 minutes Authentication Proxy Session ratelimit is 100 Authentication Proxy Watch-list is disabled Authentication Proxy Auditing is disabled Max Login attempts per user is 5 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-14 OL-13270-06...
(Optional) Save your entries in the configuration file. This example shows how to set the maximum number of failed login attempts to 10: Switch(config)# ip admission max-login-attempts 10 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-15 OL-13270-06...
This example shows how to remove the web-based authentication session for the client at the IP address 209.165.201.1: Switch# clear ip auth-proxy cache 209.165.201.1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-16 OL-13270-06...
This example shows how to view only the global web-based authentication status: Switch# show authentication sessions This example shows how to view the web-based authentication settings for gigabit interface 3/27: Switch# show authentication sessions interface gigabitethernet 3/27 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-17 OL-13270-06...
Page 332
Chapter 10 Configuring Web-Based Authentication Displaying Web-Based Authentication Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 10-18 OL-13270-06...
Monitoring and Maintaining the Interfaces, page 11-29 For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the online Cisco IOS Interface Command Reference, Release 12.2. Understanding Interface Types This section describes the different types of interfaces supported by the switch with references to chapters that contain more detailed information about configuring these interface types.
When you put an interface that is in Layer 3 mode into Layer 2 mode, the previous configuration information related to the affected interface might be lost, and the interface is returned to its default configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-2 OL-13270-06...
Catalyst 6500 series switch; the switch cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports, see Chapter 15, “Configuring Voice VLAN.”...
VLANs, or to provide IP host connectivity to the switch. By default, an SVI is created for the default VLAN (VLAN 1) to permit remote switch administration. Additional SVIs must be explicitly configured. You cannot delete interface VLAN 1. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-4 OL-13270-06...
VLAN go down. You can use the SVI autostate exclude feature to configure a port so that it is not included in the SVI line-state up-an- down calculation. For example, if the only active port on the VLAN Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-5...
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
Page 339
SVIs or routed ports to bridge groups with each SVI or routed port assigned to only one bridge group. All interfaces in the same group belong to the same bridge domain. For more information, Chapter 47, “Configuring Fallback Bridging.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-7 OL-13270-06...
21 to 24 (for example, gigabitethernet1/0/23). On a switch with Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, the external 10/100/1000 ports are numbered from 17 to 20 (for example, gigabitethernet1/0/18), and the SFP module ports are numbered from 21 to 24 (for example, gigabitethernet1/0/22).
When you enter the interface-range configuration mode, all command parameters that you enter are attributed to all interfaces within that range until you exit this mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-9...
Page 342
- {last port}, where the module is always 0 (for – nonstacking-capable switches) gigabitethernet stack member/module/{first port} - {last port}, where the module is always 0 (for stacking-capable switches) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-10 OL-13270-06...
Page 343
If you exit interface-range configuration mode while the commands are being executed, some commands might not be executed on all interfaces in the range. Wait until the command prompt reappears before exiting interface-range configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-11 OL-13270-06...
You must add a space between the first interface number and the hyphen when entering an • interface-range. For example, gigabitethernet1/0/1 - 4 is a valid range; gigabitethernet1/0/1-4 is not a valid range. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-12 OL-13270-06...
11-2). You assign the IP addresses to the management port through the CMC or by the DHCP server. You can manage the switch through these IP addresses. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-13 OL-13270-06...
Page 346
PC as shown in Figure 11-2. Figure 11-2 Connecting a Switch to a PC Uplink ports Blade switch Network Blade switch Blade switch Internal Ethernet management port Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-14 OL-13270-06...
Page 347
Module to the PC. In a stack that has members in multiple enclosures, the PC must be connected to the Chassis Management Module of the enclosure with the stack master. The PC should also be able to access the all of the enclosure OAs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-15 OL-13270-06...
Page 348
Blade switch By default, the Ethernet management port is enabled. The switch cannot route packets from the Ethernet management port to a network port and the reverse. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-16 OL-13270-06...
To avoid this problem, use VRF or configure static route to forward the packets to specific hosts and networks. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-17...
Loads and boots an executable image from the TFTP server and enters the command-line interface. For more details, see the command reference for this release. copy tftp:/source-file-url Copies a Cisco IOS image from the TFTP server to the specified filesystem:/destination-file- location. For more details, see the command reference for this release.
Disabled (Layer 2 interfaces only). See the “Configuring Protected Ports” section on page 26-6. Port security Disabled (Layer 2 interfaces only). See the “Default Port Security Configuration” section on page 26-11. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-19 OL-13270-06...
When STP is enabled and a port is reconfigured, the switch can take up to 30 seconds to check for loops. The port LED is amber while STP reconfigures. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-20...
Use the no speed and no duplex interface configuration commands to return the interface to the default speed and duplex settings (autonegotiate). To return all interface settings to the defaults, use the default interface interface-id interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-21 OL-13270-06...
Return to privileged EXEC mode. Step 5 show interfaces interface-id Verify the interface flow control settings. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-22 OL-13270-06...
Verify the operational state of the auto-MDIX feature on the interface. interface-id phy Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-23 OL-13270-06...
Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# description Connects to Marketing Switch(config-if)# end Switch# show interfaces gigabitethernet1/0/2 description Interface Status Protocol Description Gi1/0/2 admin down down Connects to Marketing Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-24 OL-13270-06...
Furthermore, when you put an interface that is in Layer 2 mode into Layer 3 mode, the previous configuration information related to the affected interface might be lost, and the interface is returned to its default configuration Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-25 OL-13270-06...
Exclude the access or trunk port when defining the status of an SVI line state (up or down) Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-26 OL-13270-06...
Cisco IOS configuration file, even if you enter the copy running-config startup-config privileged EXEC command. Therefore, if you use TFTP to configure a new switch by using a backup...
Page 360
This example shows the response when you try to set Gigabit Ethernet interfaces to an out-of-range number: Switch(config)# system mtu jumbo 25000 % Invalid input detected at '^' marker. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-28 OL-13270-06...
Display the hardware configuration, software version, the names and sources of configuration files, and the boot images. show controllers ethernet-controller interface-id Display the operational state of the auto-MDIX feature on the interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-29 OL-13270-06...
Use the no shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the display. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 11-30 OL-13270-06...
Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-1 OL-13270-06...
Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 365
Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.
MAC addresses and also includes two help string keywords by using # macro keywords: Switch(config)# macro name test switchport access vlan $VLANID switchport port-security maximum $MAX #macro keywords $VLANID $MAX Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-4 OL-13270-06...
You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-5 OL-13270-06...
(Optional) Enter interface configuration mode, and specify the interface on which to apply the macro. Step 6 default interface interface-id (Optional) Clear all configuration from the specified interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-6 OL-13270-06...
Page 369
You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, how to apply the macro, and to set the access VLAN ID to 25 on an interface:...
Displays the configured macro names. show parser macro description [interface Displays the macro description for all interfaces or for a specified interface-id] interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 12-8 OL-13270-06...
Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain Note global VLAN configuration for your network. For more information on VTP, see Chapter 14, “Configuring VTP.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-1 OL-13270-06...
VTP transparent mode when you create VLAN IDs from 1006 to 4094. Cisco IOS Release 12.2(52)SE and later support VTP version 3. VTP version 3 supports the entire Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
For configuration information, see the “Configuring Dynamic-Access Ports on VMPS Clients” section on page 13-29. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-3 OL-13270-06...
VLAN Membership Characteristics VTP Characteristics Voice VLAN A voice VLAN port is an access port attached to a Cisco VTP is not required; it has no effect on a IP Phone, configured to use one VLAN for voice traffic voice VLAN.
Page 375
Default Ethernet VLAN Configuration, page 13-8 • Creating or Modifying an Ethernet VLAN, page 13-8 • Deleting a VLAN, page 13-9 • Assigning Static-Access Ports to a VLAN, page 13-10 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-5 OL-13270-06...
IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLANs to a single spanning-tree instance. For more information about MSTP, see Chapter 19, “Configuring MSTP.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-6 OL-13270-06...
In VTP versions 1 and 2, if VTP mode is server, the domain name and VLAN configuration for only the first 1005 VLANs use the VLAN database information. VTP version 3 also supports VLANs 1006 to 4094. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-7 OL-13270-06...
VLANs” section on page 13-11. For the list of default parameters that are assigned when you add a VLAN, see the “Configuring Normal-Range VLANs” section on page 13-4. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-8 OL-13270-06...
When you delete a VLAN, any ports assigned to that VLAN become inactive. They remain associated Caution with the VLAN (and thus inactive) until you assign them to a new VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-9 OL-13270-06...
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 2 Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-10 OL-13270-06...
VLANs. If the number of VLANs on the switch exceeds the maximum number of spanning-tree instances, Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-11...
Extended-Range VLAN with an Internal VLAN ID” section on page 13-13 before creating the extended-range VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-12 OL-13270-06...
VLAN is rejected. To manually free an internal VLAN ID, you must temporarily shut down the routed port that is using the internal VLAN ID. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-13...
Display parameters for all VLANs or the specified VLAN on the switch. For more details about the show command options and explanations of output fields, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-14 OL-13270-06...
13-4). You can set an interface as trunking or nontrunking or to negotiate trunking with the neighboring interface. To autonegotiate trunking, the interfaces must be in the same VTP domain. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-15 OL-13270-06...
Page 386
Specifies that the interface negotiate with the neighboring interface become an IEEE negotiate 802.1Q trunk, depending on the configuration and capabilities of the neighboring interface. This is the default for the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-16 OL-13270-06...
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch.
IEEE 802.1x on a dynamic port, an error message appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to dynamic, the port mode is not changed. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-18...
Note VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a requirement that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is sent or received on VLAN 1.
(Optional) Save your entries in the configuration file. To return to the default pruning-eligible list of all VLANs, use the no switchport trunk pruning vlan interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-21 OL-13270-06...
STP path costs, each load-sharing link can be connected to the same switch or to two different switches. For more information about STP, see Chapter 18, “Configuring STP.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-22 OL-13270-06...
The domain name can be 1 to 32 characters. Step 3 vtp mode server Configure Switch A as the VTP server. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-23 OL-13270-06...
VLANs, blocking different ports for different VLANs. The VLANs keep the traffic separate and maintain redundancy in the event of a lost link. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-24...
Page 395
Step 12 spanning-tree vlan 2-4 cost 30 Set the spanning-tree path cost to 30 for VLANs 2 through 4. Step 13 Return to global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-25 OL-13270-06...
• access-denied response. • If the VLAN is not allowed on the port and the VMPS is in secure mode, the VMPS sends a port-shutdown response. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-26 OL-13270-06...
(Optional) Enter the IP address of the switch acting as a secondary VMPS server. You can enter up to three secondary server addresses. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-28 OL-13270-06...
Server Retry Count—the number of times VQP resends a query to the VMPS. If no response is • received after this many tries, the switch starts to query the secondary VMPS. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-30 OL-13270-06...
End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-31 OL-13270-06...
Page 402
172.20.26.156 Switch G 172.20.26.157 Switch H Client switch I Dynamic-access port Server 2 172.20.26.158 Trunk port 172.20.26.159 Catalyst 6500 series Secondary VMPS Switch J Server 3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 13-32 OL-13270-06...
When a switch joins the stack or when stacks merge, the new switches get VTP information from the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-1 OL-13270-06...
VLAN in a suspended state. VTP version 1 and version 2 support only normal-range VLANs (VLAN IDs 1 to 1005). Cisco IOS Release 12.2(52)SE and later support VTP version 3. VTP version 3 supports the entire VLAN range (VLANs 1 to 4094).
A switch in VTP off mode functions in the same manner as a VTP transparent switch, except that it does not forward VTP advertisements on trunks. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-3 OL-13270-06...
TLVs it is not able to parse. The unrecognized TLV is saved in NVRAM when the switch is operating in VTP server mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-4...
For example, you can configure the switch as a VTP server for the VLAN database but with VTP off for the MST database. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-5...
F have no ports in the Red VLAN. Figure 14-1 Flooding Traffic without VTP Pruning Switch D Port 2 Switch E Switch B VLAN Port 1 Switch F Switch C Switch A Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-6 OL-13270-06...
Page 409
You can set VLAN pruning-eligibility, whether or not VTP pruning is enabled for the VTP domain, whether or not any given VLAN exists, and whether or not the interface is currently trunking. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-7 OL-13270-06...
VTP mode (VTP version 1 and version 2) Server. VTP mode (VTP version 3) The mode is the same as the mode in VTP version 1 or 2 before conversion to version 3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-8 OL-13270-06...
VLAN configuration of that domain. Make sure that you configure at least one switch in the VTP domain for VTP server mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-9...
2. If there is a version 1-only switch, it does not exchange VTP information with switches that have version 2 enabled. Cisco recommends placing VTP version 1 and 2 switches at the edge of the network because they •...
However, a VTP transparent switch running VTP version 2 does forward received VTP advertisements on its trunk links. • VTP off mode is the same as VTP transparent mode except that VTP advertisements are not forwarded. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-11 OL-13270-06...
Page 414
(Optional) Configure the database: unknown} • vlan—the VLAN database is the default if none are configured. mst—the multiple spanning tree (MST) database. • unknown—an unknown database type. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-12 OL-13270-06...
VTP Database Conf Switch ID Primary Server Revision System Name ------------ ---- -------------- -------------- -------- -------------------- VLANDB 00d0.00b8.1400=00d0.00b8.1400 1 stp7 Do you want to continue (y/n) [n]? y Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-14 OL-13270-06...
Token Ring VLAN switching to function properly. For Token Ring and Token Ring-Net media, disable VTP version 2 must be disabled. VTP version 3 is supported on switches running Cisco IOS Release 12.2(52) SE or later. • In VTP version 3, both the primary and secondary servers can exist on an instance in the domain.
Verify the change to the port. interface-id Step 6 show vtp status Verify the configuration. To disable VTP on the interface, use the no vtp interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-16 OL-13270-06...
You can use the vtp mode transparent global configuration command to disable VTP on the switch and Note then to change its VLAN information without affecting the other switches in the VTP domain. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 14-17 OL-13270-06...
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p CoS.
Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports on...
For more information, see Chapter 37, “Configuring QoS.” You must enable CDP on the switch port connected to the Cisco IP Phone to send the configuration • to the phone. (CDP is globally enabled by default on all switch interfaces.) •...
Configuring Voice VLAN Configuring Voice VLAN If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the • same IP subnet. These conditions indicate that they are in the same VLAN: –...
Configuring Cisco IP Phone Voice Traffic You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a specified voice VLAN with a Layer 2 CoS value.
Configuring the Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in IEEE 802.1Q or IEEE 802.1p frames), you can configure the switch to send CDP packets to instruct the phone how to send data packets from the device attached to the access port on the Cisco IP Phone.
(Optional) Save your entries in the configuration file. startup-config This example shows how to configure a port connected to a Cisco IP Phone to not change the priority of frames received from the PC or the attached device: Switch# configure terminal Enter configuration commands, one per line.
VLAN. A private VLAN can have multiple VLAN pairs, one pair for each subdomain. All VLAN pairs in a private VLAN share the same primary VLAN. The secondary VLAN ID differentiates one subdomain from another. See Figure 16-1. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-1 OL-13270-06...
These interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports within their private VLAN. Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-2 OL-13270-06...
VLANs, but in the same primary VLAN. When new devices are added, the DHCP server assigns them the next available address from a large pool of subnet addresses. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-3...
(SDM) template to balance system resources between unicast routes and Layer 2 entries. If another SDM template is configured, use the sdm prefer default global configuration command to set the default template. See Chapter 8, “Configuring SDM Templates.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-4 OL-13270-06...
VLAN is propagated to the secondary VLAN SVIs. For example, if you assign an IP subnet to the primary VLAN SVI, this subnet is the IP subnet address of the entire private VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-5...
Configure interfaces as promiscuous ports, and map the promiscuous ports to the primary-secondary Step 4 VLAN pair. See the “Configuring a Layer 2 Interface as a Private-VLAN Promiscuous Port” section on page 16-13. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-6 OL-13270-06...
VLAN, the configuration does not take effect if the primary VLAN is already configured. • When you enable IP source guard on private-VLAN ports, you must enable DHCP snooping on the primary VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-7 OL-13270-06...
Page 436
You can use VLAN-based SPAN (VSPAN) on primary, isolated, and community VLANs or use SPAN on only one VLAN to separately monitor egress or ingress traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-8 OL-13270-06...
A private-VLAN host or promiscuous port cannot be a SPAN destination port. If you configure a SPAN destination port as a private-VLAN port, the port becomes inactive. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-9...
Enter VLAN configuration mode for the primary VLAN designated in Step 2. Step 13 private-vlan association [add | remove] Associate the secondary VLANs with the primary VLAN. secondary_vlan_list Step 14 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-10 OL-13270-06...
Page 439
Switch(config)# vlan 20 Switch(config-vlan)# private-vlan association 501-503 Switch(config-vlan)# end Switch(config)# show vlan private vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ isolated community community non-operational Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-11 OL-13270-06...
Switch(config-if)# end Use the show vlan private-vlan or the show interface status privileged EXEC command to display primary and secondary VLANs and private-VLAN ports on the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-13 OL-13270-06...
This is an example of the output from the show vlan private-vlan command: Switch(config)# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ isolated Gi2/0/1, Gi3/0/1, Gi3/0/2 community Gi2/0/11, Gi3/0/1, Gi3/0/4 non-operational Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 16-15 OL-13270-06...
VLAN ID that is dedicated to tunneling. Each customer requires a separate service-provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-1...
When the packet exits another trunk port on the same core switch, the same metro tag is again added to the packet. Figure 17-2 shows the tag structures of the double-tagged packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-2 OL-13270-06...
Page 447
Because 802.1Q tunneling is configured on a per-port basis, it does not matter whether the switch is a standalone switch or a stack member. All configuration is done on the stack master. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-3...
(Switch C) and is misdirected through the egress switch tunnel port to Customer Y. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-4...
The switch has a system jumbo MTU value of 1500 bytes, and the switchport mode dot1q tunnel interface configuration command is configured on a 10-Gigabit or Gigabit Ethernet switch port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-5...
When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit • (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) and the Layer Link Discovery Protocol (LLDP) are automatically disabled on the interface.
VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider network. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.
Page 452
Users on each of a customer’s sites can properly run STP, and every VLAN can build a correct • spanning tree based on parameters from all sites and not just from the local site. CDP discovers and shows information about the other Cisco devices connected through the • service-provider network.
Page 453
When you enable protocol tunneling (PAgP or LACP) on the SP switch, remote customer switches receive the PDUs and can negotiate the automatic creation of EtherChannels. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-9 OL-13270-06...
When the Layer 2 PDUs that entered the service-provider inbound edge switch through a Layer 2 protocol-enabled port exit through the trunk port into the service-provider network, the switch overwrites the customer PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0). If IEEE 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the customer metro tag, and the inner tag is the customer’s VLAN tag.
CoS marking of L2 protocol tunneling BPDUs is 5. This does not apply to data traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-11 OL-13270-06...
PDUs higher priority within the service-provider network than data packets received from the same tunnel port. By default, the PDUs use the same CoS value as data packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-12 OL-13270-06...
Display the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-13 OL-13270-06...
To avoid a network failure, make sure that the network is a Caution point-to-point topology before you enable tunneling for PAgP, LACP, or UDLD packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-14 OL-13270-06...
Page 459
[point-to-point [pagp | lacp | udld]] and the no l2protocol-tunnel drop-threshold [[point-to-point [pagp | lacp | udld]] commands to return the shutdown and drop thresholds to the default settings. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-15 OL-13270-06...
For EtherChannels, you need to configure both the SP edge switches and the customer switches for Layer 2 protocol tunneling. (See Figure 17-6 on page 17-10.) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-16 OL-13270-06...
Display the status of native VLAN tagging on the switch. For detailed information about these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 17-18 OL-13270-06...
The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard. A switch stack appears as a single spanning-tree node to the rest of the network, and all stack members use the same bridge ID.
(SFP) modules. You can change the default for an interface by entering the [no] keepalive interface configuration command with no keywords. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-2...
When selecting the root port on a switch stack, spanning tree follows this sequence: Selects the lowest root bridge ID – Selects the lowest path cost to the root switch – Selects the lowest designated bridge ID – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-3 OL-13270-06...
VLAN identifier. The result is that fewer MAC addresses are reserved for the switch, and a larger range of VLAN IDs can be supported, all while maintaining the Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-4...
From blocking to listening or to disabled • From listening to learning or to disabled • From learning to forwarding or to disabled • From forwarding to disabled • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-5 OL-13270-06...
An interface in the blocking state performs these functions: Discards frames received on the interface • Discards frames switched from another interface for forwarding • Does not learn addresses • • Receives BPDUs Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-6 OL-13270-06...
• Discards frames received on the interface Discards frames switched from another interface for forwarding • Does not learn addresses • Does not receive BPDUs • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-7 OL-13270-06...
If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-8...
VLAN to be subject to accelerated aging. Dynamic addresses on other VLANs can be unaffected and remain subject to the aging interval entered for the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-9 OL-13270-06...
Spanning-Tree Modes and Protocols The switch supports these spanning-tree modes and protocols: PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary • extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.
Understanding Spanning-Tree Features VLAN-Bridge Spanning Tree Cisco VLAN-bridge spanning tree is used with the fallback bridging feature (bridge groups), which forwards non-IP protocols such as DECnet between two or more VLAN bridge domains or routed ports. The VLAN-bridge spanning tree allows the bridge groups to form a spanning tree on top of the individual VLAN spanning trees to prevent loops from forming if there are multiple connections among VLANs.
20-12. Loop guard works only on point-to-point links. We recommend that each end of the link has a directly Caution connected device that is running STP. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-14 OL-13270-06...
To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-15...
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-16 OL-13270-06...
Page 479
(Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-17 OL-13270-06...
(higher numerical values) that you want selected last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-18 OL-13270-06...
Page 481
The show spanning-tree interface interface-id privileged EXEC command displays information only Note if the port is in a link-up operative state. Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-19 OL-13270-06...
Step 6 show spanning-tree interface interface-id Verify your entries. show spanning-tree vlan vlan-id Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-20 OL-13270-06...
(Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-21 OL-13270-06...
(Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-22 OL-13270-06...
(Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-23 OL-13270-06...
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 18-24 OL-13270-06...
Page 487
Both MSTP and RSTP improve the spanning-tree operation and maintain backward compatibility with equipment that is based on the (original) IEEE 802.1D spanning tree, with existing Cisco-proprietary Multiple Instance STP (MISTP), and with existing Cisco per-VLAN spanning-tree plus (PVST+) and rapid per-VLAN spanning-tree plus (rapid PVST+).
65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-2 OL-13270-06...
IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-3 OL-13270-06...
MST Regions, CIST Masters, and CST Root IST master and CST root Legacy IEEE 802.1D MST Region 1 IST master IST master MST Region 2 MST Region 3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-4 OL-13270-06...
IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. IEEE 802.1s Terminology Some MST naming conventions used in Cisco’s prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network.
The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode.
The boundary role is no longer in the final MST standard, but this boundary concept is maintained in Cisco’s implementation. However, an MST instance port at a boundary of the region might not follow the state of the corresponding CIST port. Two cases exist now: The boundary port is the root port of the CIST regional root—When the CIST instance port is...
Detecting Unidirectional Link Failure This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops.
LAN is called the designated port. Alternate port—Offers an alternate path toward the root switch to that provided by the current root • port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-9 OL-13270-06...
Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of a switch, a switch port, or a LAN.
Page 497
Proposal Designated Root switch Agreement Designated Switch C Root switch Proposal Designated Root switch Agreement DP = designated port RP = root port F = forwarding Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-11 OL-13270-06...
RSTP sets the port to the blocking state but does not send the agreement message. The designated port continues sending BPDUs with the proposal flag set until the forward-delay timer expires, at which time the port transitions to the forwarding state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-13 OL-13270-06...
However, if the RSTP switch is using IEEE 802.1D BPDUs on a port and receives an RSTP BPDU after the timer has expired, it restarts the timer and starts using RSTP BPDUs on that port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-14...
Maximum-aging time 20 seconds. Maximum hop count 20 hops. For information about the supported number of spanning-tree instances, see the “Supported Spanning-Tree Instances” section on page 18-10. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-15 OL-13270-06...
MST cloud than a path through the PVST+ or rapid-PVST+ cloud. You might have to manually configure the switches in the clouds. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-16...
You cannot run both MSTP and PVST+ or both MSTP and rapid PVST+ at the same time. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-17 OL-13270-06...
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-18 OL-13270-06...
This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-19...
For more information, see the “Configuring Path Cost” section on page 19-22. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-20 OL-13270-06...
Page 507
Otherwise, you can use the show running-config interface privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id port-priority interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-21 OL-13270-06...
Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. To return the interface to its default setting, use the no spanning-tree mst instance-id cost interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-22 OL-13270-06...
Configuring the Hello Time You can configure the interval between the generation of configuration messages by the root switch by changing the hello time. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-23 OL-13270-06...
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst forward-time global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-24 OL-13270-06...
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-hops global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-25 OL-13270-06...
Specify an interface to configure, and enter interface configuration mode. Valid interfaces include physical ports. Step 3 spanning-tree mst pre-standard Specify that the port can send only prestandard BPDUs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-26 OL-13270-06...
Displays MST information for the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-27 OL-13270-06...
Page 514
Chapter 19 Configuring MSTP Displaying the MST Configuration and Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 19-28 OL-13270-06...
You can enable this feature by using the spanning-tree portfast interface configuration or the spanning-tree portfast default global configuration command. Figure 20-1 Port Fast-Enabled Interfaces Blade Switch Port Fast-enabled ports Blade Servers Blade Servers Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-2 OL-13270-06...
Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in Caution spanning-tree loops. You can enable the BPDU filtering feature for the entire switch or for an interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-3 OL-13270-06...
Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-4...
CSUF might not provide a fast transition all the time; in these cases, the normal spanning-tree transition occurs, completing in 30 to 40 seconds. For more information, see the “Events that Cause Fast Convergence” section on page 20-7. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-5 OL-13270-06...
The switch sending the fast-transition request needs to do a fast transition to the forwarding state of a port that it has chosen as the root port, and it must obtain an acknowledgement from each stack switch before performing the fast transition. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-6 OL-13270-06...
BPDU is a signal that the other switch might have lost its path to the root, and BackboneFast tries to find an alternate path to the root. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-7...
Page 522
Switch B is in the blocking state. Figure 20-6 BackboneFast Example Before Indirect Link Failure Switch A (Root) Switch B Blocked port Switch C Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-8 OL-13270-06...
Page 523
Switch A, the root switch. Figure 20-8 Adding a Switch in a Shared-Medium Topology Switch A (Root) Switch B Switch C (Designated bridge) Blocked port Added switch Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-9 OL-13270-06...
You can enable this feature by using the spanning-tree guard root interface configuration command. Misuse of the root-guard feature can cause a loss of connectivity. Caution Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-10 OL-13270-06...
VLAN, the Port Fast feature is not automatically disabled. For more information, see Chapter 15, “Configuring Voice VLAN.” You can enable this feature if your switch is running PVST+, rapid PVST+, or MSTP. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-12 OL-13270-06...
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-13 OL-13270-06...
Configure Port Fast only on interfaces that connect to end stations; otherwise, an accidental topology Caution loop could cause a data packet loop and disrupt switch and network operation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-14 OL-13270-06...
You can configure the UplinkFast or the CSUF feature for rapid PVST+ or for the MSTP, but the feature remains disabled (inactive) until you change the spanning-tree mode to PVST+. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-15...
To disable UplinkFast on the switch and all its VLANs, use the no spanning-tree uplinkfast global configuration command. Enabling BackboneFast You can enable BackboneFast to detect indirect link failures and to start the spanning-tree reconfiguration sooner. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-16 OL-13270-06...
EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-17 OL-13270-06...
Command Purpose Step 1 show spanning-tree active Verify which interfaces are alternate or root ports. show spanning-tree mst Step 2 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-18 OL-13270-06...
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-19 OL-13270-06...
Page 534
Chapter 20 Configuring Optional Spanning-Tree Features Displaying the Spanning-Tree Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 20-20 OL-13270-06...
Flex Links are supported only on Layer 2 ports and port channels, not on VLANs or on Layer 3 ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-2...
When the changeover happens, the backup port is unblocked, allowing the traffic to flow. In this case, the upstream multicast data flows as soon as the backup port is unblocked. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-3...
GigabitEthernet1/0/11 GigabitEthernet1/0/12 Active Up/Backup Standby Preemption Mode : off Multicast Fast Convergence : Off Bandwidth : 100000 Kbit (Gi1/0/11), 100000 Kbit (Gi1/0/12) Mac Address Move Update Vlan : auto Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-4 OL-13270-06...
Page 539
This output shows a querier for VLAN 1 and 401 with their queries reaching the switch through Gigabit Ethernet 1/0/11: Switch# show ip igmp snooping querier Vlan IP Address IGMP Version Port ------------------------------------------------------------- 1.1.1.1 Gi1/0/11 41.41.41.1 Gi1/0/11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-5 OL-13270-06...
100 milliseconds (ms). The PC is directly connected to switch A, and the connection status does not change. Switch A does not need to update the PC entry in the MAC address table. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-6...
The Flex Links are not configured, and there are no backup interfaces defined. The preemption mode is off. The preemption delay is 35 seconds. The MAC address-table move update feature is not configured on the switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-8 OL-13270-06...
Configure a physical Layer 2 interface (or port channel) as part of a Flex Links pair with the interface. When one link is forwarding traffic, the other interface is in standby mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-9 OL-13270-06...
Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ GigabitEthernet2/0/6 GigabitEthernet2/0/8 Active Down/Backup Up Vlans Preferred on Active Interface: 1-50 Vlans Preferred on Backup Interface: 60, 100-120 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-11 OL-13270-06...
VLAN ID on the interface, which is used for sending the MAC address-table move update. When one link is forwarding traffic, the other interface is in standby mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-12 OL-13270-06...
Page 547
Xmt packet count : 0 Xmt packet count this min : 0 Xmt threshold exceed count : 0 Xmt pak buf unavail cnt : 0 Xmt last interface : None Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-13 OL-13270-06...
Flex Links and the state of each active and backup backup interface (up or standby mode). show mac address-table Displays the MAC address-table move update information on the move update switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 21-14 OL-13270-06...
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release, and see the “DHCP Commands” section in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
In a service-provider network, a trusted interface is connected to a port on a device in the same network. An untrusted interface is connected to an untrusted interface in the network or to an interface on a device that is not in the network. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-2 OL-13270-06...
The DHCP option-82 feature is supported only when DHCP snooping is globally enabled and on the Note VLANs to which subscriber devices using this feature are assigned. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-3 OL-13270-06...
Page 552
Figure 22-2 do not change: Circuit-ID suboption fields • Suboption type – Length of the suboption type – Circuit-ID type – Length of the circuit-ID type – Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-4 OL-13270-06...
Page 553
In the port field of the circuit ID suboption, the port numbers start at 1. For example, on a switch with Cisco dual SFP X2 converter modules in the 10-Gigabit Ethernet module slots, port 1 is the internal Gigabit Ethernet 1/0/1 port, port 2 is the internal Gigabit Ethernet1/0/2 port, and so on. For the external uplink ports (port 17 to port 20), port 17 is the Gigabit Ethernet 1/0/17 port, port 18 is the Gigabit Ethernet 1/0/18 port, and so on.
An address binding is a mapping between an IP address and a MAC address of a host in the Cisco IOS DHCP server database. You can manually assign the client IP address, or the DHCP server can allocate an IP address from a DHCP address pool.
Page 555
• expires). The interface in the entry no longer exists on the system. • The interface is a routed interface or a DHCP snooping-trusted interface. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-7 OL-13270-06...
If a switch port is connected to a DHCP client, configure a port as untrusted by entering the no ip • dhcp snooping trust interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-9 OL-13270-06...
Configuring the DHCP Server The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational. For procedures to configure the switch as a DHCP server, see the “Configuring DHCP” section of the “IP addressing and Services”...
To disable the DHCP server and relay agent, use the no service dhcp global configuration command. See the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 for these procedures: Checking (validating) the relay agent information •...
If the hostname is longer than 63 characters, it is truncated to 63 Note characters in the remote-ID configuration. The default remote ID is the switch MAC address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-12 OL-13270-06...
Page 561
To configure an aggregation switch to drop incoming DHCP snooping packets with option-82 information from an edge switch, use the no ip dhcp snooping information option allow-untrusted global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-13 OL-13270-06...
VLANs, on which DHCP snooping is enabled. Enabling the Cisco IOS DHCP Server Database For procedures to enable and configure the Cisco IOS DHCP server database, see the “DHCP Configuration Task List” section in the “Configuring DHCP” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
To delete binding entries from the DHCP snooping binding database, use the no ip dhcp snooping binding mac-address vlan vlan-id ip-address interface interface-id privileged EXEC command. Enter this command for each entry that you want to delete. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-15 OL-13270-06...
IP source bindings). An entry in this table has an IP address, its associated MAC address, and its associated VLAN number. The switch uses the IP source binding table only when IP source guard is enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-16 OL-13270-06...
IP packets to maintain the list of valid hosts for a given port. You can also specify the number of hosts allowed to send traffic to a given port. This is equivalent to port security at Layer 3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-17...
When IP source guard with source IP filtering is enabled on an interface, DHCP snooping must be • enabled on the access VLAN to which the interface belongs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-18 OL-13270-06...
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-19 OL-13270-06...
Page 568
Switch(config-if)# ip verify source port-security Switch(config-if)# exit Switch(config)# ip source binding 0100.0022.0010 vlan 10 10.0.0.2 interface gigabitethernet1/0/1 Switch(config)# ip source binding 0100.0230.0002 vlan 11 10.0.0.4 interface gigabitethernet1/0/1 Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-20 OL-13270-06...
(Optional) Activate port security for this port. Step 9 switchport port-security maximum value (Optional) Establish a maximum of MAC addresses for this port. Step 10 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-21 OL-13270-06...
Page 570
Switch(config-if)# switchport access vlan 1 Switch(config-if)# ip device tracking maximum 5 Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum 5 Switch(config-if)# ip verify source tracking port-security Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-22 OL-13270-06...
Page 571
MAC Address Vlan Interface STATE --------------------------------------------------------------------- 200.1.1.1 0001.0600.0000 GigabitEthernet0/1 ACTIVE 200.1.1.2 0001.0600.0000 GigabitEthernet0/1 ACTIVE 200.1.1.3 0001.0600.0000 GigabitEthernet0/1 ACTIVE 200.1.1.4 0001.0600.0000 GigabitEthernet0/1 ACTIVE 200.1.1.5 0001.0600.0000 GigabitEthernet0/1 ACTIVE Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-23 OL-13270-06...
When you configure this feature, the port name of the interface overrides the client identifier or hardware address and the actual point of connection, the switch port, becomes the client identifier. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-26 OL-13270-06...
In all cases, by connecting the Ethernet cable to the same port, the same IP address is allocated through DHCP to the attached device. The DHCP server port-based address allocation feature is only supported on a Cisco IOS DHCP server and not a third-party server.
Page 576
Return to privileged EXEC mode. Step 7 show ip dhcp pool Verify DHCP pool configuration. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-28 OL-13270-06...
Page 577
For more information about configuring the DHCP server port-based address allocation feature, go to Cisco.com, and enter Cisco IOS IP Addressing Services in the Search field to locate the Cisco IOS software documentation. You can also locate the documentation at this URL: http://www.cisco.com/en/US/docs/ios/ipaddr/command/reference/iad_book.html...
Display the status and configuration of a specific interface. show ip dhcp pool Display the DHCP address pools. show ip dhcp binding Display address bindings on the Cisco IOS DHCP server. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 22-30 OL-13270-06...
ARP caches of systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet. Figure 23-1 shows an example of ARP cache poisoning. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-1 OL-13270-06...
“Configuring ARP ACLs for Non-DHCP Environments” section on page 23-8. The switch logs dropped packets. For more information about the log buffer, see the “Logging of Dropped Packets” section on page 23-5. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-2 OL-13270-06...
Switch B (and Host 2, if the link between the switches is configured as trusted). This condition can occur even though Switch B is running dynamic ARP inspection. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-3...
The switch first compares ARP packets to user-configured ARP ACLs. If the ARP ACL denies the ARP packet, the switch also denies the packet even if a valid binding exists in the database populated by DHCP snooping. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-4 OL-13270-06...
The rate is unlimited on all trusted interfaces. The burst interval is 1 second. ARP ACLs for non-DHCP environments No ARP ACLs are defined. Validation checks No checks are performed. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-5 OL-13270-06...
EtherChannel ports is equal to the sum of the incoming rate of packets from all the channel members. Configure the rate limit for EtherChannel ports only after examining the rate of incoming ARP packets on the channel-port members. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-6 OL-13270-06...
VLANs separated by a comma. The range is 1 to 4094. Specify the same VLAN ID for both switches. Step 4 interface interface-id Specify the interface connected to the other switch, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-7 OL-13270-06...
VLAN 1. If the IP address of Host 2 is not static (it is impossible to apply the ACL configuration on Switch A) you must separate Switch A from Switch B at Layer 3 and use a router to route packets between them. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-8 OL-13270-06...
Page 587
Step 6 interface interface-id Specify the Switch A interface that is connected to Switch B, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-9 OL-13270-06...
If you enter the no ip arp inspection limit interface configuration command, the interface reverts to its default rate limit. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-10...
Page 589
To return to the default rate-limit configuration, use the no ip arp inspection limit interface configuration command. To disable error recovery for dynamic ARP inspection, use the no errdisable recovery cause arp-inspection global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-11 OL-13270-06...
To disable checking, use the no ip arp inspection validate [src-mac] [dst-mac] [ip] global configuration command. To display statistics for forwarded, dropped, and MAC and IP validation failure packets, use the show ip arp inspection statistics privileged EXEC command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-12 OL-13270-06...
Y, X divided by Y (X/Y) system messages are sent every second. Otherwise, one system message is sent every Y divided by X (Y/X) seconds. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-13 OL-13270-06...
ARP inspection for the specified VLAN. If no VLANs are specified or if a range is specified, displays information only for VLANs with dynamic ARP inspection enabled (active). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-14 OL-13270-06...
Page 593
Displays the configuration and contents of the dynamic ARP inspection log buffer. For more information about these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-15 OL-13270-06...
Page 594
Chapter 23 Configuring Dynamic ARP Inspection Displaying Dynamic ARP Inspection Information Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 23-16 OL-13270-06...
Page 595
For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the “IP Multicast Routing Commands” section in the Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2.
The CPU also adds the interface where the join message was received to the forwarding-table entry. The blade server associated with that interface receives multicast traffic for that multicast group. See Figure 24-1. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-3 OL-13270-06...
Page 598
CPU, the message is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-4...
If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-5...
If you disable IGMP report suppression, all IGMP reports are forwarded to the multicast routers. For configuration steps, see the “Disabling IGMP Report Suppression” section on page 24-16. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-6 OL-13270-06...
(Optional) Save your entries in the configuration file. To disable IGMP snooping on a VLAN interface, use the no ip igmp snooping vlan vlan-id global configuration command for the specified VLAN number. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-8 OL-13270-06...
This example shows how to configure IGMP snooping to use CGMP packets as the learning method: Switch# configure terminal Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-9 OL-13270-06...
This example shows how to enable a static connection to a multicast router: Switch# configure terminal Switch(config)# ip igmp snooping vlan 200 mrouter interface gigabitethernet0/2 Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-10 OL-13270-06...
To remove the configured IGMP leave-time setting from the specified VLAN, use the no ip igmp snooping vlan vlan-id last-member-query-interval global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-12 OL-13270-06...
TCN event. Leaves are always sent if the switch is the spanning-tree root regardless of this configuration command. By default, query solicitation is disabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-13 OL-13270-06...
(Optional) Save your entries in the configuration file. To re-enable multicast flooding on an interface, use the ip igmp snooping tcn flood interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-14 OL-13270-06...
VLAN interface. The VLAN ID range is 1 to 1001 and 1006 to 4094. Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-15 OL-13270-06...
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To re-enable IGMP report suppression, use the ip igmp snooping report-suppression global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-16 OL-13270-06...
IGMP snooping querier in the VLAN. For more information about the keywords and options in these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-17 OL-13270-06...
If a switch fails or is removed from the stack, only those receiver ports belonging to that switch will not receive the multicast data. All other receiver ports on other switches continue to receive the multicast data. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-18 OL-13270-06...
With Immediate Leave, an IGMP query is not sent from the receiver port on which the Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-19...
Query response time 0.5 second Multicast VLAN VLAN 1 Mode Compatible Interface (per port) default Neither a receiver nor a source port Immediate Leave Disabled on all ports Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-20 OL-13270-06...
The value is in units of tenths of a second. The range is 1 to 100, and the default is 5 tenths or one-half second. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-21 OL-13270-06...
Enter global configuration mode. Step 2 Enable MVR on the switch. Step 3 interface interface-id Specify the Layer 2 port to configure, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-22 OL-13270-06...
Page 617
Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- --------------- Gi1/0/2 RECEIVER ACTIVE/DOWN ENABLED Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-23 OL-13270-06...
IP multicast traffic. The filtering feature operates in the same manner whether CGMP or MVR is used to forward the multicast traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-24...
Specifies that matching addresses are denied; this is the default. • exit: Exits from igmp-profile configuration mode. no: Negates a command or returns to its defaults. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-25 OL-13270-06...
Page 620
Switch(config)# ip igmp profile 4 Switch(config-igmp-profile)# permit Switch(config-igmp-profile)# range 229.9.9.0 Switch(config-igmp-profile)# end Switch# show ip igmp profile 4 IGMP Profile 4 permit range 229.9.9.0 229.9.9.0 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-26 OL-13270-06...
Specify the interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or a EtherChannel interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-27 OL-13270-06...
IGMP report. To prevent the switch from removing the forwarding-table entries, you can configure the IGMP throttling action before an interface adds entries to the forwarding table. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-28 OL-13270-06...
(if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-29 OL-13270-06...
Page 624
Chapter 24 Configuring IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Configuration Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 24-30 OL-13270-06...
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter includes these sections: “Understanding MLD Snooping” section on page 25-1 •...
• Multicast-Address-Specific Queries (MASQs). Multicast Listener Reports are the equivalent of IGMPv2 reports • Multicast Listener Done messages are the equivalent of IGMPv2 leave messages. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-2 OL-13270-06...
If there are multiple routers on the same Layer 2 interface, MLD snooping tracks a single multicast • router on the port (the router that most recently sent a router control packet). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-3 OL-13270-06...
MASQ was sent is deleted from the IPv6 multicast address database. The maximum response time is the time configured by using the ipv6 mld snooping Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-4...
The maximum number of multicast entries allowed on the switch or switch stack is determined by • the configured SDM template. The maximum number of address entries allowed for the switch or switch stack is 1000. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-6 OL-13270-06...
VLAN. For normal-range VLANs (1 to 1005), it is not necessary to enable IPv6 MLD snooping on the VLAN on the Catalyst 6500 switch. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-7...
To remove a Layer 2 port from the multicast group, use the no ipv6 mld snooping vlan vlan-id static mac-address interface interface-id global configuration command. If all member ports are removed from a group, the group is deleted. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-8 OL-13270-06...
Immediate-Leave in a VLAN. Beginning in privileged EXEC mode, follow these steps to enable MLDv1 Immediate Leave: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-9...
The range is 1 to 7; the default is 0. When set to 0, the global count value is used. Queries are sent 1 second apart. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-10 OL-13270-06...
MLD snooping listener message suppression is enabled by default. When it is enabled, the switch forwards only one MLD report per multicast router query. When message suppression is disabled, multiple MLD reports could be forwarded to the multicast routers. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-11 OL-13270-06...
MLD query messages in the VLAN. (Optional) Enter vlan vlan-id to display information for a single VLAN.The VLAN ID range is 1 to 1001 and 1006 to 4094. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-12 OL-13270-06...
Page 637
VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-13 OL-13270-06...
Page 638
Chapter 25 Configuring IPv6 MLD Snooping Displaying MLD Snooping Information Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 25-14 OL-13270-06...
Traffic rate in packets per second and for small frames. This feature is enabled globally. The threshold for small frames is configured for each interface. (Cisco IOS Release 12.2(44)SE or later) With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding.
Storm control is supported on physical interfaces. You can also configure storm control on an EtherChannel. Note When storm control is configured on an EtherChannel, the storm control settings propagate to the EtherChannel physical interfaces. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-3 OL-13270-06...
Page 642
The range is 0.0 to 10000000000.0. For BPS and PPS settings, you can use metric suffixes such as k, m, and g for large number thresholds. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-4 OL-13270-06...
Incoming VLAN-tagged packets smaller than 67 bytes are considered small frames. They are forwarded by the switch, but they do not cause the switch storm-control counters to increment. In Cisco IOS Release 12.2(44)SE and later, you can configure a port to be error disabled if small frames arrive at a specified rate (threshold).
Because a switch stack represents a single logical switch, Layer 2 traffic is not forwarded between any protected ports in the switch stack, whether they are on the same or different switches in the stack. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-6...
To disable protected port, use the no switchport protected interface configuration command. This example shows how to configure a port as a protected port: Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# switchport protected Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-7 OL-13270-06...
Return to privileged EXEC mode. Step 6 show interfaces interface-id switchport Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-8 OL-13270-06...
If you try to set the maximum value to a number less than the number of secure addresses already Note configured on an interface, the command is rejected. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-9 OL-13270-06...
We do not recommend configuring the protect violation mode on a trunk port. The protect Note mode disables learning when any VLAN reaches its maximum limit, even if the port has not reached its maximum limit. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-10 OL-13270-06...
Shutdown. The port shuts down when the maximum number of secure MAC addresses is exceeded. Port security aging Disabled. Aging time is 0. Static aging is disabled. Type is absolute. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-11 OL-13270-06...
IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the phone.
Enable voice VLAN on a port. vlan-id—Specify the VLAN to be used for voice traffic. Step 5 switchport port-security Enable port security on the interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-13 OL-13270-06...
Page 652
VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-14 OL-13270-06...
Page 653
You can manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-15 OL-13270-06...
Page 654
Step 11 Return to privileged EXEC mode. Step 12 show port-security Verify your entries. Step 13 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-16 OL-13270-06...
Page 655
This example shows how to configure a static secure MAC address on VLAN 3 on a port: Switch(config)# interface gigabitethernet1/0/2 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-17 OL-13270-06...
Beginning in privileged EXEC mode, follow these steps to configure port security aging: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-18 OL-13270-06...
MAC addresses configured or learned by that switch are deleted from the secure MAC address table. For more information about switch stacks, see Chapter 7, “Managing Switch Stacks.” Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-19 OL-13270-06...
VLANs, and similarly, secure addresses learned on promiscuous ports automatically get replicated on all associated secondary VLANs. Static addresses (using mac-address-table static command) cannot be user configured on a secure port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-20 OL-13270-06...
Virtual port error disabling is not supported for EtherChannel and Flexlink interfaces. Default Protocol Storm Protection Configuration Protocol storm protection is disabled by default. When it is enabled, auto-recovery of the virtual port is disabled by default. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-21 OL-13270-06...
[arp | igmp | dhcp] privileged EXEC command. To clear the counter for a protocol, use the clear psp counter [arp | igmp | dhcp] command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-22...
Displays the number of secure MAC addresses configured per VLAN on the specified interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-23 OL-13270-06...
Page 662
Chapter 26 Configuring Port-Based Traffic Control Displaying Port-Based Traffic Control Settings Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 26-24 OL-13270-06...
• Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
Beginning in privileged EXEC mode, follow these steps to disable the CDP device discovery capability: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 no cdp run Disable CDP. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-3 OL-13270-06...
This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# cdp enable Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-4 OL-13270-06...
You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. show cdp traffic Display CDP counters, including the number of packets sent and received and checksum errors. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-5 OL-13270-06...
Page 668
Chapter 27 Configuring CDP Monitoring and Maintaining CDP Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 27-6 OL-13270-06...
Page 669
Understanding LLDP, LLDP-MED, and Wired Location Service LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Enables advanced power management between LLDP-MED endpoint and network connectivity devices. Allows switches and phones to convey power information, such as how the device is powered, power priority, and how much power the device needs. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-2 OL-13270-06...
The switch uses the wired location service feature to send location and attachment tracking information for its connected devices to a Cisco Mobility Services Engine (MSE). The tracked device can be a wireless endpoint, a wired endpoint, or a wired switch or controller. The switch notifies the MSE of device link up and link down events through the Network Mobility Services Protocol (NMSP) location and attachment notifications.
Switch(config)# end This example shows how to enable LLDP on an interface. Switch# configure terminal Switch(config)# interface interface_id Switch(config-if)# lldp transmit Switch(config-if)# lldp receive Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-5 OL-13270-06...
Use the no form of each of the LLDP commands to return to the default setting. This example shows how to configure LLDP characteristics. Switch# configure terminal Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-6 OL-13270-06...
Enter global configuration mode. Step 2 network-policy profile profile number Specify the network-policy profile number, and enter network-policy configuration mode. The range is 1 to 4294967295. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-7 OL-13270-06...
Page 676
This example shows how to configure the voice application type for the native VLAN with priority tagging: Switch(config-network-policy)# voice vlan dot1p cos 4 Switch(config-network-policy)# voice vlan dot1p dscp 34 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-8 OL-13270-06...
Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no form of each command to return to the default setting. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-9 OL-13270-06...
Page 678
(Optional) Save your entries in the configuration file. This example shows how to enable NMSP on a switch and to set the location notification time to 10 seconds: Switch(config)# nmsp enable Switch Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-10 OL-13270-06...
Page 679
Display the location information for an emergency location. show network-policy profile Display the configured network-policy profiles. show nmsp Display the NMSP information. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-11 OL-13270-06...
Chapter 28 Configuring LLDP, LLDP-MED, and Wired Location Service Monitoring and Maintaining LLDP, LLDP-MED, and Wired Location Service Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 28-12 OL-13270-06...
A unidirectional link occurs whenever traffic sent by a local device is received by its neighbor but traffic from the neighbor is not received by the local device. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-1...
Because this behavior is the same on all UDLD neighbors, the sender of the echoes expects to receive an echo in reply. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-2 OL-13270-06...
Page 683
If UDLD is in normal mode, the logical link is considered undetermined, and UDLD does not disable the interface. Switch B Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-3 OL-13270-06...
Caution Loop guard works only on point-to-point links. We recommend that each end of the link has a directly connected device that is running STP. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-4 OL-13270-06...
To disable UDLD globally, use the no udld enable global configuration command to disable normal mode UDLD on all fiber-optic ports. Use the no udld aggressive global configuration command to disable aggressive mode UDLD on all fiber-optic ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-5 OL-13270-06...
UDLD error-disabled state, and the errdisable recovery interval interval global configuration command specifies the time to recover from the UDLD error-disabled state. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-6 OL-13270-06...
To display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-7 OL-13270-06...
Page 688
Chapter 29 Configuring UDLD Displaying UDLD Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 29-8 OL-13270-06...
You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
Network analyzer Figure 30-2 is an example of a local SPAN in a switch stack, where the source and destination ports reside on different stack members. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-2 OL-13270-06...
RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-3...
RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-4 OL-13270-06...
SPAN session. Packets that are modified because of routing or quality of service (QoS)—for example, modified Differentiated Services Code Point (DSCP)—are copied before modification. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-5 OL-13270-06...
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
• allowed on other ports. VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the • switching of normal traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-7 OL-13270-06...
For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN • identification. Therefore, all packets appear on the destination port as untagged. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-8 OL-13270-06...
If a physical port is added to a monitored EtherChannel group, the new port is added to the SPAN source port list. If a port is removed from a monitored EtherChannel group, it is automatically removed from the source port list. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-9 OL-13270-06...
SPAN session.The packets that are permitted by this ACL are copied to the SPAN destination port. No other packets are copied to the SPAN destination port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-10...
You can configure a disabled port to be a source or destination port, but the SPAN function does not start until the destination port and at least one source port or source VLAN are enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-12...
This is the default. • rx—Monitor received traffic. • tx—Monitor sent traffic. You can use the monitor session session_number source Note command multiple times to configure multiple source ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-13 OL-13270-06...
Page 702
Switch(config)# no monitor session 1 source interface gigabitethernet1/0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-14 OL-13270-06...
• packets with untagged encapsulation type with the specified VLAN as the default VLAN. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-15 OL-13270-06...
(Optional) Use a comma (,) to specify a series of VLANs, or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-16 OL-13270-06...
Use VTP pruning to get an efficient flow of RSPAN traffic, or manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-18...
For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-19 OL-13270-06...
To remove a destination port from the SPAN session, use the no monitor session session_number destination interface interface-id global configuration command. To remove the RSPAN VLAN from the session, use the no monitor session session_number source remote vlan vlan-id. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-22 OL-13270-06...
RSPAN VLAN and the destination port, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating an RSPAN Destination...
ACL configured, any commands including Catalyst 3750 ports as source ports are rejected. The Catalyst 3750 ports can be added as destination ports in an FSPAN session. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-24...
For session_number, the range is 1 to 66. Specify all to remove all SPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-25 OL-13270-06...
Page 714
If not selected, the default is to send packets in native form (untagged). You can use monitor session session_number destination Note command multiple times to configure multiple destination ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-26 OL-13270-06...
For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-27 OL-13270-06...
Page 716
Return to privileged EXEC mode. Step 10 show monitor [session session_number] Verify the configuration. show running-config Step 11 copy running-config startup-config (Optional) Save the configuration in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-28 OL-13270-06...
To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-29 OL-13270-06...
Page 718
Chapter 30 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 30-30 OL-13270-06...
For complete syntax and usage information for the commands used in this chapter, see the “System Note Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This chapter consists of these sections: Understanding RMON, page 31-2 •...
Because switches supported by this software release use hardware counters for RMON data processing, the monitoring is more efficient, and little processing power is required. Note 64-bit counters are not supported for RMON alarms. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-2 OL-13270-06...
You must also configure SNMP on the switch to access RMON MIB objects. For more information, see Chapter 33, “Configuring SNMP.” 64-bit counters are not supported for RMON alarms. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-3 OL-13270-06...
Page 722
You cannot disable at once all the alarms that you configured. To disable an event, use the no rmon event number global configuration command. To learn more about alarms and events and how they interact with each other, see RFC 1757. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-4 OL-13270-06...
Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable history collection, use the no rmon collection history index interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 31-5 OL-13270-06...
For information about the fields in these displays, see the “System Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
This chapter describes how to configure system message logging on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under...
The part of the message preceding the percent sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-2 OL-13270-06...
00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/2, changed state to up (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down 2 (Switch-2) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-3 OL-13270-06...
To build a list of syslog servers that receive logging messages, enter this command more than once. For complete syslog server configuration steps, see the “Configuring UNIX Syslog Servers” section on page 32-12. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-5 OL-13270-06...
Therefore, unsolicited messages and debug command output are not interspersed with solicited device output and prompts. After the unsolicited messages appear, the console again displays the user prompt. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-6 OL-13270-06...
Page 731
(Optional) Save your entries in the configuration file. To disable synchronization of unsolicited messages and debug output, use the no logging synchronous [level severity-level | all] [limit number-of-buffers] line configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-7 OL-13270-06...
To disable logging to syslog servers, use the no logging trap global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-9...
By default, one message of the level warning and numerically lower levels (see Table 32-3 on page 32-10) are stored in the history table even if syslog traps are not enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-10 OL-13270-06...
[end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters. The default is that configuration logging is disabled. For information about the commands, see the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T at this URL: http://www.cisco.com/en/US/docs/ios/12_3/featlist/cfun_vcg.html...
| exit Configuring UNIX Syslog Servers The next sections describe how to configure the UNIX server syslog daemon and how to define the UNIX system logging facility. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-12 OL-13270-06...
Limit messages logged to the syslog servers. Be default, syslog servers receive informational messages and lower. See Table 32-3 on page 32-10 for level keywords. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 32-13 OL-13270-06...
To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12. 12.2 from the Cisco.com page under Documentation >...
Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS Network Management Command Reference, Release 12.4 from the Cisco.com page at this URL: http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_book.html...
A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-2 OL-13270-06...
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-3 OL-13270-06...
Loopback and Tunnel 24567 + 1. SVI = switch virtual interface 2. SFP = small form-factor pluggable The switch might not use sequential values within a range. Note Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-5 OL-13270-06...
SNMP group. An SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP engine. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-6...
The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The first snmp-server global configuration command that you enter enables all versions of SNMP.
Recall that the access list is always terminated by an implicit deny statement for everything. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-8 OL-13270-06...
If you select remote, specify the ip-address of the device that • contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-9 OL-13270-06...
Page 748
• (Optional) Enter access access-list with a string (not to exceed 64 characters) that is the name of the access list. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-10 OL-13270-06...
Page 749
Note priv mode configuration, you must enter the show snmp user privileged command. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-11 OL-13270-06...
A trap manager is a management station that receives and processes traps. Traps are system alerts that the switch generates when certain events occur. By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Note Many commands use the word traps in the command syntax.
Page 751
You can use the snmp-server host global configuration command to a specific host to receive the notification types listed in Table 33-5. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-13 OL-13270-06...
Page 753
To disable informs, use the no snmp-server host informs global configuration command. To disable a specific trap type, use the no snmp-server enable traps notification-types global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-15 OL-13270-06...
Dial System Operator at beeper 21555. Step 3 snmp-server location text Set the system location string. For example: snmp-server location Building 3/Room 222 Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-16 OL-13270-06...
Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-17 OL-13270-06...
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
EXEC command. You also can use the other privileged EXEC commands in Table 33-6 to display SNMP information. For information about the fields in the displays, see the Cisco IOS Configuration Fundamentals Command Reference. Table 33-6 Commands for Displaying SNMP Information Feature...
Page 758
Chapter 33 Configuring SNMP Displaying SNMP Status Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 33-20 OL-13270-06...
Writing Embedded Event Manager Policies Using Tcl • http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl.html Note Beginning with Cisco IOS Release 12.2(55)SE, the EEM feature is supported on the IP base feature set. This chapter consists of these sections: • Understanding Embedded Event Manager, page 34-1 Configuring Embedded Event Manager, page 34-6 •...
Counter event detector–Publishes an event when a named counter crosses a specified threshold. • Interface counter event detector– Publishes an event when a generic Cisco IOS interface counter for • a specified interface crosses a defined threshold. A threshold can be specified as an absolute value or an incremental value.For example, if the incremental value is set to 50 an event would be...
The user-defined TCL scripts must be available in the member switches so that if the master switch changes, the TCL scripts policies continue to work. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-4...
Cisco built-in variables (available in EEM applets) • Defined by Cisco and can be read-only or read-write. The read-only variables are set by the system before an applet starts to execute. The single read-write variable, _exit_status, allows you to set the exit status for policies triggered from synchronous events.
• Registering and Defining an Embedded Event Manager TCL Script, page 34-7 • For complete information about configuring embedded event manager, see the Cisco IOS Network Management Configuration Guide, Release 12.4T. Registering and Defining an Embedded Event Manager Applet Beginning in privileged EXEC mode, perform this task to register an applet with EEM and to define the EEM applet using the event applet and action applet configuration commands.
This example shows the sample output for the show event manager environment command: Switch# show event manager environment all Name Value _cron_entry 0-59/2 0-23/1 * * 0-6 _show_cmd show ver _syslog_pattern .*UPDOWN.*Ethernet1/0.* Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 34-7 OL-13270-06...
Switch(config)# event manager environment_cron_entry 0-59/2 0-23/1 * * 0-6 This example shows the sample EEM policy named tm_cli_cmd.tcl registered as a system policy. The system policies are part of the Cisco IOS image. User-defined TCL scripts must first be copied to flash memory.
Page 767
“Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
Router ACLs access-control routed traffic between VLANs and are applied to Layer 3 interfaces in • a specific direction (inbound or outbound). For more information, see the “Router ACLs” section on page 35-4. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-2 OL-13270-06...
Extended IP access lists using source and destination addresses and optional protocol type • information MAC extended access lists using source and destination MAC addresses and optional protocol type • information Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-3 OL-13270-06...
Layer 3 interfaces; and on Layer 3 EtherChannel interfaces. You apply router ACLs on interfaces for specific directions (inbound or outbound). You can apply one router ACL in each direction on an interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-4 OL-13270-06...
Using VLAN Maps to Control Traffic Host A Blade Host B (VLAN 10) switch (VLAN 10) = VLAN map denying specific type of traffic from Host A = Packet Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-5 OL-13270-06...
ACE because that ACE does not check any Layer 4 information and because Layer 3 information in all fragments shows that they are being sent to host 10.1.1.3, and the earlier permit ACEs were checking different hosts. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-6 OL-13270-06...
ACL information to all switches in the stack. Configuring IPv4 ACLs Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the “Configuring IP Services”...
Access List Numbers Access List Number Type Supported 1–99 IP standard access list 100–199 IP extended access list 200–299 Protocol type-code access list 300–399 DECnet access list Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-8 OL-13270-06...
IP address of the packet, and the number of packets from that source permitted or denied in the prior 5-minute interval. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-9...
Switch (config)# access-list 2 deny host 171.69.198.102 Switch (config)# access-list 2 permit any Switch(config)# end Switch# show access-lists Standard IP access list 2 10 deny 171.69.198.102 20 permit any Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-10 OL-13270-06...
For more details on the specific keywords for each protocol, see these command references: • Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 • Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 •...
Page 778
DSCP value specified by a number • from 0 to 63, or use the question mark (?) to see a list of available values. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-12 OL-13270-06...
Page 779
TCP port. To see TCP port names, use the ? or see the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2. Use only TCP port numbers or names when filtering TCP.
Page 780
When you are creating an ACL, remember that, by default, the end of the access list contains an implicit deny statement for all packets if it did not find a match before reaching the end. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-14...
The ACL must be an extended named ACL. – match input-interface interface-id-list – match ip dscp dscp-list – match ip precedence ip-precedence-list You cannot enter the match access-group acl-index command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-15 OL-13270-06...
Page 782
(Optional) Save your entries in the configuration file. To remove a named extended ACL, use the no ip access-list extended name global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-16 OL-13270-06...
Network Time Protocol (NTP) to synchronize the switch clock. For more information, see the “Managing the System Time and Date” section on page 5-1. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-17 OL-13270-06...
Page 784
Switch(config)# end Switch# show access-lists Extended IP access list 188 10 deny tcp any any time-range new_year_day_2006 (inactive) 20 permit tcp any any time-range workhours (inactive) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-18 OL-13270-06...
For procedures for applying ACLs to interfaces, see the “Applying an IPv4 ACL to an Interface” section on page 35-20. For applying ACLs to VLANs, see the “Configuring VLAN Maps” section on page 35-30. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-19 OL-13270-06...
CPU so that it can generate the ICMP-unreachable message. Port ACLs are an exception. They do not generate ICMP unreachable messages. ICMP unreachable messages can be disabled on router ACLs with the no ip unreachables interface command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-20 OL-13270-06...
Page 787
When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs for network security. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-21 OL-13270-06...
Logical operation units are needed for a TCP flag match or a test other than eq (ne, gt, lt, or range) on TCP, UDP, or SCTP port numbers. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-22...
This section provides examples of configuring and applying IPv4 ACLs. For detailed information about compiling ACLs, see the Cisco IOS Security Configuration Guide, Release 12.2 and to the Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 790
Switch(config)# access-list 106 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# end Switch# show access-lists Extended IP access list 106 10 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# interface gigabitethernet1/0/1 Switch(config-if)# ip access-group 106 in Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-24 OL-13270-06...
Switch(config-ext-nacl)# deny tcp any any eq www time-range no-http Switch(config-ext-nacl)# permit udp any any time-range udp-yes Switch(config-ext-nacl)# exit Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# ip access-group strict in Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-26 OL-13270-06...
Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mac access-list extended name Define an extended MAC access list using a name. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-28 OL-13270-06...
You can apply no more than one IP access list and one MAC access list to the same Layer 2 interface. • The IP access list filters only IP packets, and the MAC access list filters non-IP packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-29 OL-13270-06...
For complete syntax and usage information for the commands used in this section, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-30 OL-13270-06...
VLAN map to a VLAN that the port belongs to, the port ACL takes precedence over the VLAN map. If VLAN map configuration cannot be applied in hardware, all packets in that VLAN must be • bridged and routed by software. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-31 OL-13270-06...
Use the no action access-map configuration command to enforce the default action, which is to forward. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-32 OL-13270-06...
Only denied IP packets are logged. • • Packets that require logging on the outbound port ACLs are not logged if they are denied by a VACL. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-36 OL-13270-06...
Page 803
DomainMember(config-access-map)# action drop log DomainMember(config-access-map)# exit This example shows how to configure global VACL logging parameters: DomainMember(config)# vlan access-log maxflow 800 DomainMember(config)# vlan access-log threshold 4000 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-37 OL-13270-06...
Chapter 35 Configuring Network Security with ACLs Using VLAN Maps with Router ACLs For complete syntax and usage information of the commands used in this section, see the Cisco IOS LAN Note Switching Command Reference: http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_book.html Using VLAN Maps with Router ACLs To access control both bridged and routed traffic, you can use VLAN maps only or a combination of router ACLs and VLAN maps.
ACL is applied on packets that are switched within a VLAN. Packets switched within the VLAN without being routed or forwarded by fallback bridging are only subject to the VLAN map of the input VLAN. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-39 OL-13270-06...
However, if the input VLAN map (VLAN 10 map in Figure 35-8) drops the packet, no destination receives a copy of the packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-41 OL-13270-06...
[interface interface-id] Displays MAC access lists applied to all Layer 2 interfaces or the specified Layer 2 interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-42 OL-13270-06...
Page 809
[access-map name | vlan vlan-id] Show information about all VLAN filters or about a specified VLAN or VLAN access map. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-43 OL-13270-06...
Page 810
Chapter 35 Configuring Network Security with ACLs Displaying IPv4 ACL Configuration Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 35-44 OL-13270-06...
Note For complete syntax and usage information for the commands used in this chapter, see the command reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter contains these sections: Understanding IPv6 ACLs, page 36-1 •...
With IPv4, you can configure standard and extended numbered IP ACLs, named IP ACLs, and MAC ACLs. IPv6 supports only named ACLs. The switch supports most Cisco IOS-supported IPv6 ACLs with these exceptions: Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-2 OL-13270-06...
Apply the IPv6 ACL to an interface. For router ACLs, you must also configure an IPv6 address on the Step 3 Layer 3 interface to which the ACL is applied. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-3 OL-13270-06...
Step 1 configure terminal Enter global configuration mode. Step 2 ipv6 access-list access-list-name Define an IPv6 access list using a name, and enter IPv6 access-list configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-4 OL-13270-06...
Page 815
The range is from 1 to 4294967295. (Optional) Enter time-range name to specify the time range that applies to • the deny or permit statement. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-5 OL-13270-06...
Page 816
Return to privileged EXEC mode. Step 5 show ipv6 access-list Verify the access list configuration. Step 6 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 36-6 OL-13270-06...
This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all packets that have a destination TCP port number greater than 5000. The second deny entry denies packets that have a source UDP port number less than 5000.
Chapter 36 Configuring IPv6 ACLs Displaying IPv6 ACLs This example shows how to apply the access list Cisco to outbound traffic on a Layer 3 interface: Switch(config)# interface gigabitethernet 1/0/3 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64 Switch(config-if)# ipv6 traffic-filter CISCO out...
Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. Cisco IOS release 12.2(52)SE and later supports QoS for both IPv4and IPv6 traffic when a dual IPv4 and IPv6 SDM template is configured.
IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Beginning with Cisco IOS Release 12.2(52)SE, you can use the dual IPv4 and IPv6 SDM templates to Note enable IPv6 QoS globally on the switch or switch stack. You must reload the switch after configuring the dual IPv4 and IPv6 templates.
Scheduling services the four egress queues based on their configured SRR shared or shaped weights. • One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-4 OL-13270-06...
0 as the DSCP and CoS values, which means best-effort traffic. Otherwise, the policy-map action specifies a DSCP or CoS value to assign to the incoming frame. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-5...
Page 826
• IPv6 packets, the DSCP value is rewritten by using the CoS-to-DSCP map and by using the default CoS of the port. In Cisco IOS Release 12.2(52)SE and later, you can do this for both IPv4 and IPv6 traffic. Perform the classification based on a configured IP standard or an extended ACL, which examines •...
Page 827
Assign the DSCP or CoS as specified Assign the default Generate the DSCP by using by ACL action to generate the QoS label. DSCP (0). the CoS-to-DSCP map. Done Done Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-7 OL-13270-06...
You can use IP standard, IP extended, or Layer 2 MAC ACLs to define a group of packets with the same characteristics (class). Beginning with Cisco IOS Release 12.2(52)SE, you can classify IP traffic based on IPv6 ACLs. In the QoS context, the permit and deny actions in the access control entries (ACEs) have...
“Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps” section on page 37-64, and the “Classifying, Policing, and Marking Traffic by Using Aggregate Policers” section on page 37-72. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-9 OL-13270-06...
A nonhierarchical policy map on a physical port. • The interface level of a hierarchical policy map attached to an SVI. The physical ports are specified • in this secondary policy map. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-10 OL-13270-06...
SVI. The second level, the interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the SVI and are specified in the interface-level policy map. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-11 OL-13270-06...
Page 832
Drop Verify the out-of-profile action Drop packet. configured for this policer. Mark Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-12 OL-13270-06...
Scheduling on Ingress Queues” section on page 37-16. For information about the DSCP and CoS output queue threshold maps, see the “Queueing and Scheduling on Egress Queues” section on page 37-18. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-13 OL-13270-06...
5 and is subjected to the 60-percent threshold. If this frame is added to the queue, the threshold will be exceeded, so the switch drops it. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-14...
37-83, the “Configuring SRR Shaped Weights on Egress Queues” section on page 37-90, and the “Configuring SRR Shared Weights on Egress Queues” section on page 37-91. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-15 OL-13270-06...
The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network and stack operation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-16 OL-13270-06...
Page 837
For configuration information, see the “Configuring Ingress Queue Characteristics” section on page 37-81. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-17 OL-13270-06...
All traffic exiting the switch flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-18...
Page 839
The switch can allocate the needed buffers from the common pool if the common pool is not empty. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-19...
The switch uses the classification results to choose the appropriate egress queue. Beginning with Cisco IOS Release 12.2(52)SE, auto-QoS supports IPv4 and IPv6 traffic when you configure the dual IPv4 and IPv6 SDM template with the sdm prefer dual ipv4-and-ipv6 global configuration command.
DSCP value of 24, 26, or 46 or is out of profile, the switch changes the DSCP value to 0. When there is no Cisco IP Phone, the ingress classification is set to not trust the QoS label in the packet. The policing is applied to the traffic matching the policy-map classification before the switch enables the trust boundary feature.
Page 843
Ensure Port Security” section on page 39-42. When you enable auto-QoS by using the auto qos voip cisco-phone, the auto qos voip cisco-softphone, or the auto qos voip trust interface configuration command, the switch automatically generates a QoS configuration based on the traffic type and ingress packet label and applies the commands listed in Table 37-5 to the port.
When you configure the auto qos {video | classify | trust} enhanced commands on a switch port, this behavior occurs: Auto qos voip generated commands that you configured on the interface before Cisco IOS Release • 12.2(55)SE migrate to the enhanced commands.
Auto-QoS Generated Configuration For VoIP Devices If you entered the auto qos voip cisco-phone command, the switch automatically enables the trusted boundary feature, which uses the CDP to detect the presence or absence of a Cisco IP Phone. Switch(config-if)# mls qos trust device cisco-phone If you entered the auto qos voip cisco-softphone command, the switch automatically creates class maps and policy maps.
AutoQoS-Police-SoftPhone to an ingress interface on which auto-QoS with the Cisco SoftPhone feature is enabled. Switch(config-if)# service-policy input AutoQoS-Police-SoftPhone If you entered the auto qos voip cisco-phone command, the switch automatically creates class maps and policy maps. Switch(config-if)# mls qos trust device cisco-phone If you entered the auto qos voip cisco-softphone command, the switch automatically creates class maps and policy maps.
Page 850
Switch(config-pmap-c)# set dscp af21 Switch(config-pmap-c)# police 10000000 8000 exceed-action policed-dscp-transmit Switch(config-pmap)# class AUTOQOS_SCAVANGER_CLASS Switch(config-pmap-c)# set dscp cs1 Switch(config-pmap-c)# police 10000000 8000 exceed-action drop Switch(config-pmap)# class AUTOQOS_SIGNALING_CLASS Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-30 OL-13270-06...
Page 851
Switch(config-pmap-c)# set dscp default Switch(config-pmap-c)# police 10000000 8000 exceed-action policed-dscp-transmit Switch(config-if)# service-policy input AUTOQOS-SRND4-CLASSIFY-POLICE-POLICY This is the enhanced configuration for the auto qos voip cisco-phone command: Switch(config)# mls qos map policed-dscp 0 10 18 to 8 Switch(config)# mls qos map cos-dscp 0 8 16 24 32 46 48 56...
You can enable auto-QoS on static, dynamic-access, voice VLAN access, and trunk ports. By default, the CDP is enabled on all ports. For auto-QoS to function properly, do not disable CDP. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-32 OL-13270-06...
When a device running Cisco SoftPhone is connected to a nonrouted or routed port, the Note switch supports only one Cisco SoftPhone application per port. When enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address • to the IP phone.
(the CoS, DSCP, and IP precedence values in the packet are not changed). Traffic is switched in pass-through mode (packets are switched without any rewrites and classified as best effort without any policing). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-34 OL-13270-06...
(optional, unless you need to use the DSCP-to-DSCP-mutation map or the policed-DSCP map) • Configuring Ingress Queue Characteristics, page 37-81 (optional) • Configuring Egress Queue Characteristics, page 37-85 (optional) Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-35 OL-13270-06...
QoS hardware memory, and an error can occur when you apply the policy map to a port. Whenever possible, you should minimize the number of lines is a QoS ACL. IPv6 QoS ACL Guidelines Chapter 36, “Configuring IPv6 ACLs.”. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-38 OL-13270-06...
Beginning with Cisco IOS Release 12.2(52)SE, you can enable IPv6 QoS on a switch or a switch stack. If the stack includes only Cisco 3560E and Cisco 3750E switches, the QoS configuration applies to all traffic. These are the guidelines for IPv6 QoS in a stack that includes one or more Cisco Catalyst 3750 switches: Any switch can be the stack master.
QoS policies that include IPv6-specific classification (such as an IPv6 ACL or the match protocol • ipv6 command) are supported on Cisco 3750E interfaces and on any SVI when a Cisco 3750E switch is part of the stack. QoS policies that include common IPv4 and IPv6 classifications are supported on all Cisco 3750E •...
Configuring Standard QoS Enabling QoS Globally By default, QoS is disabled on the switch. Cisco IOS Release 12.2(52)SE and later supports IPv6 QoS. To enable IPv6 QoS on the switch, you must first configure the dual-IP SDM template and reload the switch.
QoS domain. Figure 37-11 shows a sample network topology. Figure 37-11 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here Trusted boundary Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-42 OL-13270-06...
Configuring the CoS Value for an Interface QoS assigns the CoS value specified with the mls qos cos interface configuration command to untagged frames received on trusted and untrusted ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-43 OL-13270-06...
To return to the default setting, use the no mls qos cos {default-cos | override} interface configuration command. Configuring a Trusted Boundary to Ensure Port Security In a typical network, you connect a Cisco IP Phone to a switch port, as shown in Figure 37-11 on page 37-42, and cascade devices that generate data packets from the back of the telephone.
Page 865
CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
QoS. If the two domains use different DSCP values, you can configure the DSCP-to-DSCP-mutation map to translate a set of DSCP values to match the definition in the other domain. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-46 OL-13270-06...
Page 867
Return to privileged EXEC mode. Step 7 show mls qos maps dscp-mutation Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-47 OL-13270-06...
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 37-64 Classifying, Policing, and Marking Traffic by Using Aggregate Policers, page 37-72 • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-48 OL-13270-06...
Classifying Traffic by Using ACLs You can classify IP traffic by using IP standard or IP extended ACLs; in Cisco IOS Release 12.2(52)SE and later, you can use IPv6 ACLs. You can classify non-IP traffic by using Layer 2 MAC ACLs.
Page 870
This example shows how to create an ACL that permits PIM traffic from any source to a destination group address of 224.0.0.2 with a DSCP set to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-50 OL-13270-06...
Page 871
Create an IPv6 ACL, and enter IPv6 access-list configuration mode. Access list names cannot contain a space or quotation mark or begin with a numeric. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-51 OL-13270-06...
Page 872
The acceptable range is from 1 to 4294967295. (Optional) Enter time-range name to specify the time range that • applies to the deny or permit statement. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-52 OL-13270-06...
Page 873
Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-53 OL-13270-06...
Using Policy Maps” section on page 37-59 and the “Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps” section on page 37-64. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-54 OL-13270-06...
Page 875
See “Creating Named Standard and Extended ACLs” section on page 35-15 for limitations when using the match-all and the match-any keywords. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-55 OL-13270-06...
Page 876
103. It permits traffic from any host to any destination that matches a DSCP value of 10. Switch(config)# access-list 103 permit ip any any dscp 10 Switch(config)# class-map class1 Switch(config-cmap)# match access-group 103 Switch(config-cmap)# end Switch# Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-56 OL-13270-06...
Classifying Traffic by Using Class Maps and Filtering IPv6 Traffic In Cisco IOS Release 12.2(52)SE and later, the switch supports both IPv4 and IPv6 QoS when the dual IPv4 and IPv6 SDM template is configured. When the dual IP SDM template is configured, the match ip dscp and match ip precedence classifications match both IPv4 and IPv6 traffic.
Page 878
Switch(config-cmap)# match access-group name ipv6-any Switch(config-cmap)# exit Switch(config)# Policy-map pm1 Switch(config-pmap)# class cm-1 Switch(config-pmap-c)# set dscp 4 Switch(config-pmap-c)# exit Switch(config-pmap)# class cm-2 Switch(config-pmap-c)# set dscp 6 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-58 OL-13270-06...
When you configure a default traffic class by using the class class-default policy-map configuration • command, unclassified traffic (traffic that does not meet the match criteria specified in the traffic classes) is treated as the default traffic class (class-default). Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-59 OL-13270-06...
Page 880
It is always placed at the end of a policy map. With an implied match any included in the class-default class, all packets that have not already matched the other traffic classes will match class-default. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-60 OL-13270-06...
Page 881
DSCP value (by using the policed-DSCP map) and to send the packet. For more information, see the “Configuring the Policed-DSCP Map” section on page 37-77. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-61 OL-13270-06...
Use the interface-level policy map to specify the physical ports that are affected by individual policers. Beginning with Cisco IOS Release 12.2(52)SE, you can configure hierarchical policy maps that filter IPv4 and IPv6 traffic. Follow these guidelines when configuring hierarchical policy maps: Before configuring a hierarchical policy map, you must enable VLAN-based QoS on the physical •...
Page 884
When VLAN-based QoS is enabled, the switch supports VLAN-based features, such as the VLAN map. You can configure a hierarchical policy map only on the primary VLAN of a private VLAN. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-64 OL-13270-06...
Page 885
See “Creating Named Standard and Extended ACLs” section on page 35-15 for limitations when using the match-all and the match-any keywords. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-65 OL-13270-06...
Page 886
For more information about the match protocol command, see the Cisco IOS Quality of Service Solutions Command Reference. Step 5 exit Returns to class-map configuration mode. Step 6 exit Returns to global configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-66 OL-13270-06...
Page 887
By default, no policy-map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-67 OL-13270-06...
Page 888
It is always placed at the end of a policy map. With an implied match any included in the class-default class, all packets that have not already matched the other traffic classes will match class-default. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-68 OL-13270-06...
Page 889
Returns to global configuration mode. Step 23 interface interface-id Specifies the SVI to which to attach the hierarchical policy map, and enter interface configuration mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-69 OL-13270-06...
Page 890
Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# access-list 101 permit ip any any Switch(config)# class-map cm-1 Switch(config-cmap)# match access 101 Switch(config-cmap)# exit Switch(config)# exit Switch# Switch# Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-70 OL-13270-06...
Page 891
Switch(config-pmap)# class cm-1 Switch(config-pmap-c)# set dscp 4 Switch(config-pmap-c)# exit Switch(config-pmap)# class cm-2 Switch(config-pmap-c)# set dscp 6 Switch(config-pmap-c)# exit Switch(config-pmap)# exit Switch(config)# interface G1/0/1 Switch(config-if)# service-policy input pm1 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-71 OL-13270-06...
However, you cannot use the aggregate policer across different policy maps or ports. You can configure aggregate policers only in nonhierarchical policy maps on physical ports. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-72 OL-13270-06...
Page 893
Valid interfaces include physical ports. Step 9 service-policy input policy-map-name Specifies the policy-map name, and apply it to an ingress port. Only one policy map per ingress port is supported. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-73 OL-13270-06...
For dscp1...dscp8, enter eight DSCP values that correspond to CoS values 0 to 7. Separate each DSCP value with a space. The DSCP range is 0 to 63. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-75 OL-13270-06...
0 to 7. Separate each DSCP value with a space. The DSCP range is 0 to 63. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-76 OL-13270-06...
(Optional) Save your entries in the configuration file. To return to the default map, use the no mls qos policed-dscp global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-77 OL-13270-06...
DSCP Value CoS Value 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63 If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-78 OL-13270-06...
You can configure multiple DSCP-to-DSCP-mutation maps on an ingress port. The default DSCP-to-DSCP-mutation map is a null map, which maps an incoming DSCP value to the same DSCP value. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-79 OL-13270-06...
To return to the default WTD threshold percentages, use the no mls qos srr-queue input threshold queue-id global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-82 OL-13270-06...
The bandwidth and the buffer allocation control how much data can be buffered before packets are dropped. On ingress queues, SRR operates only in shared mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-83...
Then, SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr-queue input bandwidth weight1 weight2 global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-84 OL-13270-06...
Does the bandwidth of the port need to be rate limited? • How often should the egress queues be serviced and which technique (shaped, shared, or both) • should be used? Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-85 OL-13270-06...
The egress queue default settings are suitable for most situations. You should change them only when Note you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-86 OL-13270-06...
Page 907
For qset-id, enter the ID of the queue-set specified in Step 2. The range is 1 to 2. The default is 1. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-87 OL-13270-06...
The egress queue default settings are suitable for most situations. You should change them only when Note you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-88 OL-13270-06...
Page 909
This example shows how to map DSCP values 10 and 11 to egress queue 1 and to threshold 2: Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 2 10 11 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-89...
2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-90 OL-13270-06...
1, 2, 3, and 4. This means that queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3. Switch(config)# interface gigabitethernet2/0/1 Switch(config-if)# srr-queue bandwidth share 1 2 3 4 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-91 OL-13270-06...
The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-92 OL-13270-06...
Display QoS information at the port level, including the buffer queueing | statistics] allocation, which ports have configured policers, the queueing strategy, and the ingress and egress statistics. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-93 OL-13270-06...
Page 914
The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. show running-config | include rewrite Display the DSCP transparency setting. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 37-94 OL-13270-06...
EtherChannel, and the failed link. Inbound broadcast and multicast packets on one link in an EtherChannel are blocked from returning on any other link of the EtherChannel. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-2...
Page 917
2 Switch 3 Figure 38-3 Cross-Stack EtherChannel Blade switch stack Switch 1 StackWise Plus port connections Switch A Switch 2 Channel group 1 Switch 3 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-3 OL-13270-06...
EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-4 OL-13270-06...
Understanding EtherChannels Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports. You can use PAgP only in single-switch EtherChannel configurations;...
Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.
Ports that are configured in the on mode in the same channel group must have compatible port characteristics, such as speed and duplex. Ports that are not compatible are suspended, even though they are configured in the on mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-7 OL-13270-06...
In Figure 38-5, an EtherChannel of sixteen blade servers communicates with a router. Because the router is a single-MAC-address device, source-based Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-8 OL-13270-06...
Spanning tree detects this condition and acts accordingly. Any PAgP or LACP configuration on a winning switch stack is not affected, but the PAgP or LACP configuration on the losing switch stack is lost after the stack reboots. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-9 OL-13270-06...
Do not configure a port that is an active or a not-yet-active member of an EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x on an EtherChannel port, an error message appears, and IEEE 802.1x is not enabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-11 OL-13270-06...
If you enabled PAgP on a port in the auto or desirable mode, you must reconfigure it for either the on mode or the LACP mode before adding this port to a cross-stack EtherChannel. PAgP does not support cross-stack EtherChannels. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-12 OL-13270-06...
Page 927
If you configure the port as a static-access port, assign it to only one VLAN. The range is 1 to 4094. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-13 OL-13270-06...
Page 928
(Optional) Save your entries in the configuration file. To remove a port from the EtherChannel group, use the no channel-group interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-14 OL-13270-06...
To move an IP address from a physical port to an EtherChannel, you must delete the IP address from the Note physical port before configuring it on the port-channel interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-15 OL-13270-06...
Ensure that there is no IP address assigned to the physical port. Step 4 no switchport Put the port into Layer 3 mode. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-16 OL-13270-06...
Page 931
Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-17 OL-13270-06...
IP • address. src-mac—Load distribution is based on the source-MAC • address of the incoming packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-18 OL-13270-06...
Catalyst 1900 switch using the same port in the EtherChannel from which it learned the source address. Only use the pagp learn-method command in this situation. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-19...
If one of the active links becomes inactive, a link that is in the hot-standby mode becomes active in its place. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-20...
(Optional) Save your entries in the configuration file. To return the LACP system priority to the default value, use the no lacp system-priority global configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-21 OL-13270-06...
(Optional) Save your entries in the configuration file. To return the LACP port priority to the default value, use the no lacp port-priority interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-22 OL-13270-06...
Interfaces connected to servers are referred to as downstream interfaces, and interfaces connected to distribution switches and network devices are referred to as upstream interfaces. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-23 OL-13270-06...
Page 938
Traffic from half of the active Ethernet interfaces flows through blade switch 1 to distribution • switch 1. Traffic from the remaining active Ethernet interfaces flows through blade switch 2 to distribution • switch 2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-24 OL-13270-06...
An interface cannot be a member of more than one link-state group. • You can configure only two link-state groups per nonstacking-capable switch. • You can configure only ten link-state groups per stacking-capable switch. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-25 OL-13270-06...
This example shows how to create a link-state group and to configure the interface: Switch# configure terminal Switch(config)# link state track 1 Switch(config)# interface port-channel 1 Switch(config-if)# link state group 1 upstream Switch(config-if)# end Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-26 OL-13270-06...
Downstream Interfaces : Gi0/3(Up) Gi0/4(Up) (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled For detailed information about the fields in the display, see the command reference for this release. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-27 OL-13270-06...
Page 942
Chapter 38 Configuring EtherChannels and Link-State Tracking Configuring Link-State Tracking Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 38-28 OL-13270-06...
For more detailed IP unicast configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides. For complete syntax and usage information for the commands used in this chapter, see these command references from the Cisco.com page under Documentation >...
Types of Routing Routers and Layer 3 switches can route packets in these ways: By using default routing • By using preprogrammed static routes for the traffic • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-2 OL-13270-06...
It processes routing protocol messages and updates received from peer routers. • It generates, maintains, and distributes the distributed Cisco Express Forwarding (dCEF) database • to all stack members. The routes are programmed on all switches in the stack bases on this database.
Page 946
Partitioning on the switch stack into two or more stacks might lead to undesirable behavior in the Caution network. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-4 OL-13270-06...
By default, IP routing is disabled on the switch, and you must enable it before routing can take place. For detailed IP routing configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides.
Maximum interval between advertisements: 600 seconds. • Minimum interval between advertisements: 0.75 times maximum • interval Preference: 0. • IP proxy ARP Enabled. IP routing Disabled. IP subnet-zero Disabled. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-6 OL-13270-06...
(Optional) Save your entry in the configuration file. Use the no ip subnet-zero global configuration command to restore the default and to disable the use of subnet zero. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-7 OL-13270-06...
39-3, the router in network 128.20.0.0 is connected to subnets 128.20.1.0, 128.20.2.0, and 128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no network default route, the router discards the packet. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-8 OL-13270-06...
MAC address from an IP address is called address resolution. The process of learning the IP address from the MAC address is called reverse address resolution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-9...
For more information on RARP, see the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides from the Cisco.com page.
(Optional) Save your entries in the configuration file. To disable an encapsulation type, use the no arp arpa or no arp snap interface configuration command. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-11 OL-13270-06...
(ICMP) redirect message, identifying the local router that the host should use. The switch caches the redirect messages and forwards each packet as efficiently as possible. This method cannot detect when the default router has failed or is unavailable. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-12 OL-13270-06...
It must be greater than maxadvertinterval and cannot be greater than 9000 seconds. If you change the maxadvertinterval value, this value also changes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-13 OL-13270-06...
Use the no ip directed-broadcast interface configuration command to disable translation of directed broadcasts to physical broadcasts. Use the no ip forward-protocol global configuration command to remove a protocol or a port. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-15 OL-13270-06...
By default, both UDP and NDP forwarding are enabled if a helper address has been defined for an interface. The description for the ip forward-protocol interface configuration command in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 lists the ports that are forwarded by default if you do not specify any UDP ports.
When a flooded UDP datagram is sent on an interface (and the destination address is possibly changed), the datagram is processed by the normal IP output routines and is, therefore, subject to ACLs, if they are present on the output interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-17 OL-13270-06...
Remove one or all entries from the hostname and the address cache. clear ip route {network [mask] |*} Remove one or more routes from the IP routing table. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-18 OL-13270-06...
(RIP) router configuration command. For information on specific protocols, see sections later in this chapter and to the Cisco IOS IP Configuration Guide, Release 12.2. The IP base feature set supports only RIP as a routing Note protocol.
RIP is configured with a default metric. RIP sends updates to the interfaces in specified networks. If an interface’s network is not specified, it is not advertised in any RIP update. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-20 OL-13270-06...
(Optional) Disable automatic summarization. By default, the switch summarizes subprefixes when crossing classful network boundaries. Disable summarization (only RIP Version 2) to advertise subnet and host routing information to classful network boundaries. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-22 OL-13270-06...
Return to privileged EXEC mode. Step 6 show running-config interface [interface-id] Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-23 OL-13270-06...
If split horizon is enabled, neither autosummary nor interface summary addresses (those configured with Note the ip summary-address rip router configuration command) are advertised. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-24 OL-13270-06...
This section briefly describes how to configure Open Shortest Path First (OSPF). For a complete description of the OSPF commands, see the “OSPF Commands” chapter of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
Page 968
OSPF is an Interior Gateway Protocol (IGP) designed expressly for IP networks, supporting IP subnetting and tagging of externally derived routing information. OSPF also allows packet authentication and uses IP multicast when sending and receiving packets. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-26 OL-13270-06...
Page 969
Chapter 39 Configuring IP Unicast Routing Configuring OSPF The Cisco implementation conforms to the OSPF Version 2 specifications with these key features: Definition of stub areas is supported. • Routes learned through any IP routing protocol can be redistributed into another IP routing protocol.
Configuring OSPF OSPF for Routed Access With Cisco IOS Release 12.2(55)SE, the IP Base image supports OSPF for routed access. The IP services image is required if you need multiple OSPFv2 and OSPFv3 instances without route restrictions. Additionally, the IP services image is required to enable the multi-VRF-CE feature.
OSPF NSF Capability Beginning with Cisco IOS Release 12.2(58)SE, the switch supports the OSPFv2 NSF IETF format in addition to the the OSPFv2 NSF Cisco format that is supported in earlier releases. For information about this feature, see NSF—OSPF (RFC 3623 OSPF Graceful Restart).
(Optional) Set the estimated number of seconds to wait before sending a link state update packet. The range is 1 to 65535 seconds. The default is 1 second. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-32 OL-13270-06...
An NSSA does not flood all LSAs from the core into the area, but can import autonomous-system external routes within the area by redistribution. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-33 OL-13270-06...
Page 976
(Optional) Save your entries in the configuration file. Use the no form of these commands to remove the configured parameter value or to return to the default value. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-34 OL-13270-06...
Enable OSPF routing, and enter router configuration mode. Step 3 summary-address address mask (Optional) Specify an address and IP subnet mask for redistributed routes so that only one summary route is advertised. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-35 OL-13270-06...
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no interface loopback 0 global configuration command to disable the loopback interface. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-37 OL-13270-06...
IP base image always behaves as if the connected and summary keywords were configured. Enhanced IGRP (EIGRP) is a Cisco-proprietary enhanced version of the IGRP. EIGRP uses the same distance vector algorithm and distance information as IGRP; however, the convergence properties and the operating efficiency of EIGRP are significantly improved.
Page 981
Less CPU usage because full update packets need not be processed each time they are received. • Protocol-independent neighbor discovery mechanism to learn about neighboring routers. • Variable-length subnet masks (VLSMs). • Arbitrary route summarization. • Scalable for large networks. • Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-39 OL-13270-06...
Neighbor discovery and recovery is achieved by periodically sending small hello packets. As long as hello packets are received, the Cisco IOS software learns that a neighbor is alive and functioning. When this status is determined, the neighboring routers can exchange routing information.
Page 983
NSF capability Disabled. The switch supports EIGRP NSF-capable routing for IPv4. Note Offset-list Disabled. Router EIGRP Disabled. Set metric No metric set in the route map. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-41 OL-13270-06...
Release 12.4. EIGRP NSF Capability Beginning with Cisco IOS Release 12.2(58)SE, the switch supports EIGRP Cisco NSF routing to speed up convergence and eliminate traffic loss following a stack master change. For details about this NSF capability, see the “Configuring Nonstop Forwarding” chapter in the High Availability Configuration Guide, Cisco IOS XE Release 3S at: http://www.cisco.com/en/US/docs/ios/ios_xe/ha/configuration/guide/ha-nonstp_fwdg_xe.html#wp108...
You can limit the offset list with an access list or an interface. Step 8 auto-summary (Optional) Enable automatic summarization of subnet routes into network-level routes. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-43 OL-13270-06...
Display which interfaces EIGRP is active on and information about EIGRP relating to those interfaces. Step 10 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-44 OL-13270-06...
(Optional) Save your entries in the configuration file. Use the no forms of these commands to disable the feature or to return the setting to the default value. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-45...
Table 39-8 lists the privileged EXEC commands for deleting neighbors and displaying statistics. For explanations of fields in the resulting display, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide...
Internet. You can find detailed information about BGP in Internet Routing Architectures, published by Cisco Press, and in the “Configuring BGP” chapter in the Cisco IP and IP Routing Configuration Guide. For details about BGP commands and keywords, see the “IP Routing Protocols” part of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
Page 990
A router or switch running Cisco IOS does not select or use an IBGP route unless it has a route available to the next-hop router and it has received synchronization from an IGP (unless IGP synchronization is disabled).
Protocols” part of the Cisco IOS IP Configuration Guide, Release 12.2. For details about specific commands, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2. For a list of BGP commands that are visible but not supported by the switch, see Appendix B, “Unsupported Commands in Cisco IOS Release 12.2(58)SE.”...
Page 992
Update source: Best local address. • Version: BGP Version 4. • Weight: Routes learned through BGP peer: 0; routes sourced by the local router: • 32768. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-50 OL-13270-06...
Page 993
Keepalive: 60 seconds; holdtime: 180 seconds. 1. NSF = nonstop forwarding. 2. NSF awareness can be enabled for IPv4 on switches with the IP services feature set by enabling graceful restart. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-51 OL-13270-06...
For more information, see the “BGP Nonstop Forwarding (NSF) Awareness” section of the Cisco IOS IP Routing Protocols Configuration Guide, Release 12.4.
Page 995
If NSF awareness is enabled on the switch, but not on the neighbor, this message appears: Graceful Restart Capability: advertised Step 13 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-53 OL-13270-06...
Page 996
EIGRP, which also use the network command to specify where to send updates. For detailed descriptions of BGP configuration, see the “IP Routing Protocols” part of the Cisco IOS IP Configuration Guide, Release 12.2. For details about specific commands, see the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2.
BGP sessions so that the configuration changes take effect. There are two types of reset, hard reset and soft reset. Cisco IOS Releases 12.1 and later support a soft reset without any prior configuration. To use a soft reset without preconfiguration, both BGP peers must support the soft-route refresh capability, which is advertised in the OPEN message sent when the peers establish a TCP session.
You can disable next-hop processing by using route maps or the neighbor next-hop-self router configuration command. Prefer the path with the largest weight (a Cisco-proprietary parameter). The weight attribute is local to the router and not propagated in routing updates. By default, the weight attribute is 32768 for paths that the router originates and zero for other paths.
Page 999
Step 10 bgp deterministic med (Optional) Configure the switch to consider the MED variable when choosing among routes advertised by different peers in the same autonomous system. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-57 OL-13270-06...
(Optional) Save your entries in the configuration file. Use the no route-map map-tag command to delete the route map. Use the no set ip next-hop ip-address command to re-enable next-hop processing. Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide 39-58 OL-13270-06...