Page 1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide Release 12.2(18)ZY and Later Releases Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-11439-03...
Page 2 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.
Page 3: Table Of Contents
Configuring the Switch Using the Setup Facility or the setup Command Using Configuration Mode 3-10 Checking the Running Configuration Before Saving 3-10 Saving the Running Configuration Settings 3-11 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 4 Understanding NSF with SSO Supervisor Engine Redundancy NSF with SSO Supervisor Engine Redundancy Overview SSO Operation NSF Operation Cisco Express Forwarding Multicast MLS NSF with SSO Routing Protocols NSF Benefits and Restrictions Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 5 Configuring Supervisor Engine Redundancy Configuring Redundancy Synchronizing the Supervisor Engine Configurations Displaying the Redundancy States Performing a Fast Software Upgrade Copying Files to the Redundant Supervisor Engine Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 6 Configuring a Custom IEEE 802.1Q EtherType Field Value 8-15 Configuring Flex Links Understanding Flex Links Configuring Flex Links Flex Links Default Configuration Flex Links Configuration Guidelines and Restrictions Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 7 Configuring VLANs 12-1 Understanding How VLANs Work 12-1 VLAN Overview 12-1 VLAN Ranges 12-2 Configurable VLAN Parameters 12-3 Understanding Token Ring VLANs 12-3 VLAN Default Configuration 12-6 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 8 Understanding Cisco IP Phone Support 14-1 Cisco IP Phone Connections 14-1 Cisco IP Phone Voice Traffic 14-2 Cisco IP Phone Data Traffic 14-3 Cisco IP Phone Power Configurations 14-3 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY viii OL-11439-03...
Page 9 Synchronization of Port Roles 17-14 Bridge Protocol Data Unit Format and Processing 17-15 Topology Changes 17-17 Rapid-PVST 17-17 Understanding MST 17-17 MST Overview 17-18 MST Regions 17-18 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 10 Specifying the Link Type to Ensure Rapid Transitions 17-47 Designating the Neighbor Type 17-48 Restarting the Protocol Migration Process 17-49 Displaying the MST Configuration and Status 17-49 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 11 Understanding UDE and UDLR 20-1 UDE and UDLR Overview 20-1 Supported Hardware 20-2 Understanding UDE 20-2 Understanding UDLR 20-3 Configuring UDE and UDLR 20-3 Configuring UDE 20-3 Configuring UDLR 20-6 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 12 Hardware-Assisted IPv4 Multicast 22-6 MVPN Configuration Guidelines and Restrictions 22-7 Configuring MVPN 22-8 Forcing Ingress Multicast Replication Mode (Optional) 22-8 Configuring a Multicast VPN Routing and Forwarding Instance 22-9 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 13 24-6 Displaying the NetFlow Hardware Forwarding Count 24-6 Displaying the FIB Hardware Bridging and Drop Counts 24-7 Displaying the Shared and Well-Known Hardware Adjacency Counters 24-7 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xiii OL-11439-03...
Page 14 Setting the IPv4 Bidirectional PIM Scan Interval 25-19 Displaying IPv4 Bidirectional PIM Information 25-20 Using IPv4 Debug Commands 25-22 Clearing IPv4 Multicast Layer 3 Switching Statistics 25-22 Redundancy for Multicast Traffic 25-23 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 15 Default IGMP Snooping Configuration 27-7 IGMP Snooping Configuration Guidelines and Restrictions 27-7 IGMP Snooping Querier Configuration Guidelines and Restrictions 27-8 Enabling the IGMP Snooping Querier 27-8 Configuring IGMP Snooping 27-9 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 16 Understanding Cisco IOS ACL Support 31-1 Cisco IOS ACL Configuration Guidelines and Restrictions 31-1 Hardware and Software ACL Support 31-2 Optimized ACL Logging with a PFC3B 31-3 Understanding OAL 31-3 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 17 Understanding How Control Plane Policing Works 33-18 CoPP Default Configuration 33-19 CoPP Configuration Guidelines and Restrictions 33-19 Configuring CoPP 33-20 Monitoring CoPP 33-21 Defining Traffic Classification 33-22 Traffic Classification Overview 33-22 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xvii OL-11439-03...
Page 18 35-4 Default DAI Configuration 35-5 DAI Configuration Guidelines and Restrictions 35-5 Configuring DAI 35-6 Enabling DAI on VLANs 35-7 Configuring the DAI Interface Trust State 35-7 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xviii OL-11439-03...
Page 19 Default Values with PFC QoS Disabled 38-38 PFC QoS Configuration Guidelines and Restrictions 38-39 General Guidelines 38-39 PFC3B Guidelines 38-41 Class Map Command Restrictions 38-42 Policy Map Command Restrictions 38-42 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 20 Using Policers to Limit the Amount of Traffic from a PC 38-100 PFC QoS Glossary 38-102 Configuring MPLS QoS 39-1 Terminology 39-2 MPLS QoS Features 39-3 MPLS Experimental Field 39-3 Trust 39-3 Classification 39-3 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 21 39-35 Configuring the P Router—Output Interface 39-37 Configuring the Egress PE Router—Customer Facing Interface 39-38 Configuring Uniform Mode 39-39 Configuring the Ingress PE Router—Customer Facing Interface 39-39 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 22 Configuring 802.1X Port-Based Authentication 42-7 Enabling 802.1X Port-Based Authentication 42-7 Configuring Switch-to-RADIUS-Server Communication 42-8 Enabling Periodic Reauthentication 42-10 Manually Reauthenticating the Client Connected to a Port 42-11 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xxii OL-11439-03...
Page 23 Displaying the CDP Interface Configuration 44-3 Monitoring and Maintaining CDP 44-3 Configuring UDLD 45-1 Understanding How UDLD Works 45-1 UDLD Overview 45-1 UDLD Aggressive Mode 45-2 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xxiii OL-11439-03...
Page 24 47-2 Default NetFlow Configuration 47-5 NetFlow Configuration Guidelines and Restrictions 47-5 Configuring NetFlow 47-6 Configuring NetFlow on the PFC3B 47-6 Configuring NetFlow on the PISA 47-10 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xxiv OL-11439-03...
Page 25 Understanding How Power Management Works 50-1 Enabling or Disabling Power Redundancy 50-2 Powering Modules Off and On 50-3 Viewing System Power Status 50-4 Power Cycling Modules 50-5 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 26 Usage Guidelines 53-1 Using the Layer 2 Traceroute Utility 53-2 Online Diagnostic Tests A P P E N D I X Global Health-Monitoring Tests TestSPRPInbandPing TestSPNPInbandPing Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xxvi OL-11439-03...
Page 27 Exhaustive Memory Tests A-16 TestFibTcamSSRAM A-16 TestAsicMemory A-17 TestAclQosTcam A-17 TestNetflowTcam A-18 TestQoSTcam A-18 IPSEC Services Modules Tests A-19 TestIPSecClearPkt A-19 TestHapiEchoPkt A-19 TestIPSecEncryptDecryptPkt A-20 Stress Tests A-20 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xxvii OL-11439-03...
Page 28 TestEobcStressPing A-21 Critical Recovery Test—TestL3HealthMonitoring A-21 General Tests A-22 ScheduleSwitchover A-22 TestFirmwareDiagStatus A-22 Acronyms A P P E N D I X N D E X Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xxviii OL-11439-03...
Page 29: Related Documentation
Preface This preface describes who should read the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY, and its document conventions. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6500 series switches.
Page 30 Internetwork Design Guide – Internetwork Troubleshooting Guide – Configuration Builder Getting Started Guide – The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio n_guides_list.html For information about MIBs, go to this URL: • http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Conventions...
Page 31: Obtaining Documentation And Submitting A Service Request
Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
Page 32 Preface Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY xxxii OL-11439-03...
Page 33: Product Overview
• Supported Hardware and Software For complete information about the chassis, modules, and software features supported by the Supervisor Engine 32 PISA, refer to the Release Notes for Cisco IOS Release 12.2ZY on the Supervisor Engine 32 PISA: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/release/notes/ol_13011.html To configure Network-Based Application Recognition (NBAR) , see this publication: http://www.cisco.com/en/US/docs/ios/12_4t/qos/configuration/guide/qsnbar1.html...
Page 34: Configuring Embedded Ciscoview Support
Step 8 Router(config)# snmp-server community string ro Configures the SNMP password for read-only operation. Step 9 Configures the SNMP password for read/write operation. Router(config)# snmp-server community string rw Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 35: Displaying Embedded Ciscoview Information
The default password for accessing the switch web page is the enable-level password of the switch. Note For more information about web access to the switch, refer to “Using the Cisco Web Browser” in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html...
Page 36 When you configure NAT and NDE on an interface, the PFC3B sends all traffic in fragmented – packets to the PISA to be processed in software. (CSCdz51590) To configure NAT, refer to the Cisco IOS IP Configuration Guide, Release 12.2, “IP Addressing and Services,” “Configuring IP Addressing,” “Configuring Network Address Translation,” at this URL: http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html...
Page 37 The PISA supports tunnels configured with egress features on the tunnel interface. Examples of – egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCP intercept, CBAC, and encryption. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY...
Page 38 Chapter 1 Product Overview Software Features Supported in Hardware by the PFC3B Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 39: Command-Line Interfaces
This chapter describes the command-line interfaces (CLIs) you use to configure the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, see these Note publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The Release 12.2 publications at this URL:...
Page 40: Accessing The Cli Through The Eia/Tia-232 Console Interface
Router# Step 3 Initiates enable mode enable. Router> enable Step 4 Completes enable mode enable. Password: password Router# Step 5 Exits the session when finished. Router# quit Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 41: Performing Command Line Processing
The history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the history substitution commands. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 42: Cisco Ios Command Modes
Fundamentals Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. To get a list of the commands in a given mode, type a question mark (?) at the system prompt.
Page 43: Displaying A List Of Cisco Ios Commands And Syntax
The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t.
Page 44: Securing The Cli
HTTP over Secure Socket Layer (HTTPS) to make an encrypted connection to the switch. For more information about SSH, see “Configuring Secure Shell” at this URL: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 45: Rom-Monitor Command-Line Interface
Secure Copy Protocol (SCP) to perform an encrypted file transfer. For more information about SCP, see “Secure Copy” at this URL: http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_copy_ps 6017_TSD_Products_Configuration_Guide_Chapter.html For additional information about securing the CLI, see “Cisco IOS Security Configuration Guide: Securing User Services, Release 12.2SX” at this URL: http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/12_2sx/sec_securing_use r_services_12.2sx_book.html...
Page 46 Chapter 2 Command-Line Interfaces ROM-Monitor Command-Line Interface Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 47: Configuring The Switch For The First Time
URL: http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/ffun_r.html For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The Release 12.2 publications at this URL: •...
Page 48: Configuring The Switch
[ ] as you move through the setup command process and are queried by the system to make changes. For example, you will see this display when you use the setup facility: Configuring interface FastEtherent3/1: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 49 Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 28-Mar-01 18:36 by hqluong Image text-base: 0x30020980, data-base: 0x306B8000 Start as Primary processor 00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging out Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 50 Continue with configuration dialog? [yes/no]: y At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 51 OK? Method Status Protocol Vlan1 unassigned YES TFTP administratively down down GigabitEthernet1/1 172.20.52.34 YES NVRAM GigabitEthernet1/2 unassigned YES TFTP administratively down down GigabitEthernet3/1 unassigned YES TFTP administratively down down Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 52 In both cases, a number cannot be the first character. Spaces are also valid password characters; for example, “two words” is a valid password. Leading spaces are ignored; trailing spaces are recognized. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 53 301 interface Vlan1 shutdown no ip address interface GigabitEthernet1/1 shutdown no ip address interface GigabitEthernet1/2 shutdown no ip address <...output truncated...> Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 54: Configuring Interfaces
A no response returns you to the enable prompt (#). You will need to reenter the setup command to reenter your configuration. A yes response saves the running configuration to NVRAM as follows: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 55 16384K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2 Router# For detailed interface configuration information, refer to the Cisco IOS Interface Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/finter_c.html Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY...
Page 56: Using Configuration Mode
EXEC prompt (#) as follows: Router# show running-config Building configuration... Current configuration: Current configuration : 3441 bytes version 12.1 service timestamps debug datetime localtime service timestamps log datetime localtime Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-10 OL-11439-03...
Page 57: Saving The Running Configuration Settings
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-11...
Page 58 This example shows how to use the show running-config command to confirm the configuration of the previously configured static route: Router# show running-config Building configuration... <...output truncated...> ip classless ip route 171.20.52.3 255.255.255.255 Vlan1 no ip http server Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-12 OL-11439-03...
Page 59: Configuring A Bootp Server
-- hardware type im -- impress servers ip -- host IP address lg -- log servers lp -- LPR servers ns -- IEN-116 name servers Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-13 OL-11439-03...
Page 60: Protecting Access To Privileged Exec Commands
Router(config)# enable password lab Router(config)# To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-18. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-14 OL-11439-03...
Page 61: Using The Enable Password And Enable Secret Commands
Router(config-line)# password password privileged level. To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-18. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-15 OL-11439-03...
Page 62: Setting Tacacs+ Password Protection For Privileged Exec Mode
Encrypting Passwords Because protocol analyzers can examine packets (and read passwords), you can increase access security by configuring the Cisco IOS software to encrypt passwords. Encryption prevents the password from being readable in the configuration file. To configure the Cisco IOS software to encrypt passwords, perform this task:...
Page 63: Configuring Multiple Privilege Levels
3-18. Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC mode and privileged EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Page 64: Recovering A Lost Enable Password
Configure the switch to boot up without reading the configuration memory (NVRAM). Step 2 Reboot the system. Step 3 Access enable mode (which can be done without a password when one is not configured). Step 4 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-18 OL-11439-03...
Page 65: Modifying The Supervisor Engine Startup Configuration
ROM-monitor mode. From ROM-monitor mode, you can manually load a software image from bootflash or a Flash PC card. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-19...
Page 66: Configuring The Software Configuration Register
For complete syntax and usage information for the ROM monitor commands, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, publication. You can also enter ROM-monitor mode by restarting and then pressing the Break key during the first 60 seconds of startup.
Page 67 When the entire boot field equals a value between 0-0-1-0 and 1-1-1-1, the switch loads the system • image specified by boot system commands in the startup configuration file. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-21 OL-11439-03...
Page 68 Step 5 Reboots to make your changes take effect. Router# reload To modify the configuration register while the switch is running Cisco IOS, follow these steps: Enter the enable command and your password to enter privileged level as follows: Step 1 Router>...
Page 69: Specifying The Startup System Image
The BOOT environment variable is also described in the “Specify the Startup System Image in the Configuration File” section in the “Loading and Maintaining System Images and Microcode” chapter of the Cisco IOS Configuration Fundamentals Configuration Guide. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-23 OL-11439-03...
Page 70: Understanding Flash Memory
Flash Memory Configuration Process To configure your switch to boot from flash memory, follow these steps: Copy a system image to flash memory using TFTP or rcp (refer to the Cisco IOS Configuration Step 1 Fundamentals Configuration Guide, Release 12.2, “Cisco IOS File Management,” “Loading and Maintaining System Images,”...
Page 71: Config_File Environment Variable
• Cisco IOS software supports the boot bootldr global configuration command and the ROM monitor supports the BOOTLDR environment variable, but because Release 12.2ZY does not require use of a bootloader image, there are no Release 12.2ZY bootloader images.
Page 72 BOOTLDR variable = bootflash:c6msfc2-boot-mz.121-3a.E4 Configuration register is 0x2 Router# To display the contents of the configuration file pointed to by the CONFIG_FILE environment variable, enter the more nvram:startup-config command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 3-26 OL-11439-03...
Page 73: Configuring A Supervisor Engine 32 Pisa
Supervisor Engine 32 PISA does not support switch fabric connectivity. For information about the hardware and software features supported by the • Supervisor Engine 32 PISA, see the Release Notes for Cisco IOS Release 12.2ZY on the Supervisor Engine 32 PISA at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/release/notes/ol_13011.h Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY...
Page 74: Flash Memory On A Supervisor Engine 32 Pisa
You can disable Port 3 and reallocate its port ASIC capacity to the PISA EtherChannel (see the • “Configuring Full PISA EtherChannel Bandwidth” section on page 4-3 section). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 75: Configuring Full Pisa Etherchannel Bandwidth
EtherChannel. While the port is a member of the PISA EtherChannel, all port configuration commands except the [no] channel-group 256 mode on command are ignored. The PISA EtherChannel MTU size is 4,096 bytes. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 76: Displaying Pisa Platform Statistics
For examples of the show platform pisa np command output, see the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 77 • Cisco IOS Release 12.2(33)ZYA1 and later releases Router# clear platform pisa np counter-type counters This example shows how to clear the ACL counters in Cisco IOS Release 12.2(33)ZYA1 and later releases: Router# clear platform pisa np acl counters Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY...
Page 78 Chapter 4 Configuring a Supervisor Engine 32 PISA Displaying PISA Platform Statistics Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 79 (NSF) with stateful switchover (SSO). For complete syntax and usage information for the commands used in this chapter, refer to the Note • Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html •...
Page 80: Configuring Nsf With Sso Supervisor Engine Redundancy
Catalyst 6500 series switches support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. Cisco NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover while continuing to forward IP packets.
Page 81: Cisco Express Forwarding
FIB information. Cisco Express Forwarding A key element of NSF is packet forwarding. In a Cisco networking device, packet forwarding is provided by Cisco Express Forwarding (CEF). CEF maintains the FIB, and uses the FIB information that was current at the time of the switchover to continue forwarding packets during a switchover. This feature reduces traffic interruption during the switchover.
Page 82: Routing Protocols
OPEN message but will establish a BGP session with the NSF-capable device. This function will allow interoperability with non-NSF-aware BGP peers (and without NSF functionality), but the BGP session with non-NSF-aware BGP peers will not be graceful restart capable. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 83 A benefit of IETF IS-IS configuration is operation between peer devices based on a proposed standard. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 84 If the neighbor routers on a network segment are not NSF-aware, you must use the Cisco configuration option. The Cisco IS-IS configuration transfers both protocol adjacency and link-state information from the active to the redundant supervisor engine. An advantage of Cisco configuration is that it does not rely on NSF-aware neighbors.
Page 85: Nsf Benefits And Restrictions
Network stability may be improved with the reduction in the number of route flaps that had been created when routers in the network failed and lost their routing tables. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 86 SSO can coexist but both features work independently. Traffic that relies on VRRP may switch to the VRRP standby in the event of a supervisor engine switchover. Multiprotocol Label Switching (MPLS) is not suported with Cisco NSF with SSO; however, MPLS •...
Page 87: Supervisor Engine Configuration Synchronization
Hardware Configuration Guidelines and Restrictions For redundant operation, the following guidelines and restrictions must be met: Cisco IOS running on the supervisor engine and the PISA supports redundant configurations where • the supervisor engines and PISA routers are identical. If they are not identical, one will boot first and become active and hold the other supervisor engine and PISA in a reset condition.
Page 88: Configuration Mode Restrictions
Verifying BGP NSF, page 5-13 • Configuring OSPF NSF, page 5-14 • Verifying OSPF NSF, page 5-14 Configuring IS-IS NSF, page 5-15 • Verifying IS-IS NSF, page 5-16 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-10 OL-11439-03...
Page 89: Configuring Sso
Multicast MLS NSF with SSO is on by default when SSO is selected as the redundancy mode. To configure multicast NSF with SSO parameters, perform this task: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-11...
Page 90: Verifying Multicast Nsf With Sso
CEF Status [RP] CEF enabled/running dCEF enabled/running CEF switching enabled/running CEF default capabilities: Always FIB switching: Default CEF switching: Default dCEF switching: Update HWIDB counters: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-12 OL-11439-03...
Page 91: Configuring Bgp Nsf
Verify that “bgp graceful-restart” appears in the BGP configuration of the SSO-enabled router by entering the show running-config command: Router# show running-config router bgp 120 bgp graceful-restart neighbor 10.2.2.2 remote-as 300 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-13 OL-11439-03...
Page 92: Configuring Ospf Nsf
To verify OSPF NSF, follow these steps: Verify that “nsf” appears in the OSPF configuration of the SSO-enabled device by entering the show Step 1 running-config command: Router# show running-config Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-14 OL-11439-03...
Page 93: Configuring Is-Is Nsf
Step 4 Router(config-router)# nsf interval [minutes] (Optional) Specifies the minimum time between NSF restart attempts. The default time between consecutive NSF restart attempts is 5 minutes. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-15 OL-11439-03...
Page 94: Verifying Is-Is Nsf
<...Output Truncated...> If the NSF configuration is set to cisco, enter the show isis nsf command to verify that NSF is enabled Step 2 on the device. Using the Cisco configuration, the display output will be different on the active and redundant RPs.
Page 95 L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF L2 Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE L2 NSF CSNP requested:FALSE Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-17 OL-11439-03...
Page 96: Configuring Eigrp Nsf
NSF converge timer is 120s Automatic network summarization is in effect Maximum path: 4 Routing for Networks: Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-18 OL-11439-03...
Page 97: Synchronizing The Supervisor Engine Configurations
Router# copy source_device:source_filename slavesup-bootdisk:target_filename Enter this command to copy a file to the boot : device on a redundant PISA: disk Router# copy source_device:source_filename slavebootdisk:target_filename Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-19 OL-11439-03...
Page 98 Chapter 5 Configuring NSF with SSO Supervisor Engine Redundancy Copying Files to the Redundant Supervisor Engine Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 5-20 OL-11439-03...
Page 99: Configuring Rpr Supervisor Engine Redundancy
For complete syntax and usage information for the commands used in this chapter, refer to the Note • Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html For information about nonstop forwarding (NSF) with stateful switchover (SSO), see Chapter 5, •...
Page 100: Understanding Rpr
Access control lists (ACLs) are reprogrammed into supervisor engine hardware • Note In a switchover, there is a disruption of traffic because some address states are lost and then restored after they are dynamically redetermined. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 101: Supervisor Engine Configuration Synchronization
Hardware Configuration Guidelines and Restrictions For redundant operation, the following guidelines and restrictions must be met: Cisco IOS running on the supervisor engine and the PISA supports redundant configurations where • the supervisor engines and PISA routers are identical. If they are not identical, one will boot first and become active and hold the other supervisor engine and PISA in a reset condition.
Page 102: Configuration Mode Restrictions
RPR mode. Step 3 Verifies that RPR mode is enabled. Router# show running-config Step 4 Displays the operating redundancy mode. Router# show redundancy states Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 103: Synchronizing The Supervisor Engine Configurations
This example shows how to display the redundancy states: Router# show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT Mode = Duplex Unit = Primary Unit ID = 1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 104: Performing A Fast Software Upgrade
Router# Performing a Fast Software Upgrade The fast software upgrade (FSU) procedure supported by RPR allows you to upgrade the Cisco IOS image on the supervisor engines without reloading the system. If you are performing a first-time upgrade to RPR from EHSA, you must reload both supervisor engines.
Page 105: Copying Files To The Redundant Supervisor Engine
Router# copy source_device:source_filename slavesup-bootdisk:target_filename Use the following command to copy a file to the boot : device on a redundant PISA: disk Router# copy source_device:source_filename slavebootdisk:target_filename Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 106 Chapter 6 Configuring RPR Supervisor Engine Redundancy Copying Files to the Redundant Supervisor Engine Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 107: Configuring Interfaces
Checking the Cable Status Using the TDR, page 7-19 For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html...
Page 108: Configuring Interfaces
Step 2 number of the connector or interface card. The following example shows how to select Fast Ethernet, slot 5, interface 1: Router(config)# interfaces fastethernet 5/1 Router(config-if)# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 109 48 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 110: Configuring A Range Of Interfaces
The no interface range command supports VLAN interfaces. • The interface range command supports VLAN interfaces for which Layer 2 VLANs have not been • created with the interface vlan command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 111: Defining And Using Interface-Range Macros
You can define an interface-range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface range macro command string, you must define the macro. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 112: Configuring Optional Interface Features
Configuring Jumbo Frame Support, page 7-10 • Configuring IEEE 802.3x Flow Control, page 7-13 Configuring the Port Debounce Timer, page 7-14 • Adding a Description for an Interface, page 7-15 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 113: Configuring Ethernet Interface Speed And Duplex Mode
Configures the speed of the Ethernet interface. Router(config-if)# speed {10 | 100 | 1000 | {auto [10 100 [1000]]}} Reverts to the default configuration (speed auto). Router(config-if)# no speed Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 114 (link negotiation enabled on one port and disabled on the other port). Table 7-1 shows the four possible link negotiation configurations and the resulting link status for each configuration. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 115 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1238 packets input, 273598 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 116: Configuring Jumbo Frame Support
LAN port MTU size. Jumbo frame support fragments routed traffic in software on the PISA. Note • Jumbo frame support does not fragment bridged traffic. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-10 OL-11439-03...
Page 117 Configuring a nondefault MTU size on a 10-Gigabit Ethernet port limits ingress and egress packets to the global LAN port MTU size. Configuring a nondefault MTU size on an Ethernet port limits routed traffic to the configured MTU size. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-11 OL-11439-03...
Page 118 For Layer 2 Ethernet ports, you can configure only the global egress LAN port MTU size (see the • “Configuring the Global Egress LAN Port MTU Size” section on page 7-13). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-12 OL-11439-03...
Page 119: Configuring Ieee 802.3X Flow Control
Router(config-if)# no flowcontrol {receive | send} Step 3 Displays the flow-control configuration for all ports. Router# show interfaces [type slot/port] flowcontrol type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-13 OL-11439-03...
Page 120: Configuring The Port Debounce Timer
Enabling the port debounce timer causes link down detections to be delayed, resulting in loss of traffic during the debouncing period. This situation might affect the convergence and reconvergence of some Layer 2 and Layer 3 protocols. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-14 OL-11439-03...
Page 121: Adding A Description For An Interface
You can add a description about an interface to help you remember its function. The description appears in the output of the following commands: show configuration show running-config and show interfaces. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-15 OL-11439-03...
Page 122: Understanding Online Insertion And Removal
Monitoring Interface Status, page 7-17 • Clearing Counters on an Interface, page 7-17 • Resetting an Interface, page 7-18 Shutting Down and Restarting an Interface, page 7-18 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-16 OL-11439-03...
Page 123: Monitoring Interface Status
*Sep 30 08:42:55: %CLEAR-5-COUNTERS: Clear counter on interface FastEthernet5/5 The clear counters command clears all the current counters from the interface unless the optional arguments specify a specific interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-17 OL-11439-03...
Page 124: Resetting An Interface
To check if an interface is disabled, enter the EXEC show interfaces command. An interface that has been shut down is shown as administratively down in the show interfaces command display. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-18...
Page 125: Checking The Cable Status Using The Tdr
TDR can test cables up to a maximum length of 115 meters. • See the Release Notes for Cisco IOS Release 12.2ZY on the Supervisor Engine 32 PISA information about which modules support the TDR. To start or stop the TDR test, perform this task:...
Page 126 Chapter 7 Configuring Interfaces Checking the Cable Status Using the TDR Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 7-20 OL-11439-03...
Page 127: Configuring Lan Ports For Layer 2 Switching
For complete syntax and usage information for the commands used in this chapter, refer to the Note • Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html To configure Layer 3 interfaces, see Chapter 19, “Configuring Layer 3 Interfaces.”...
Page 128: Understanding Vlan Trunks
Understanding VLAN Trunks These sections describe VLAN trunks on the Catalyst 6500 series switches: Trunking Overview, page 8-3 • Encapsulation Types, page 8-3 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 129: Trunking Overview
Specifies ISL encapsulation on the trunk link. Some modules do not support ISL Note encapsulation (see the “Trunking Overview” section on page 8-3). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 130: Layer 2 Lan Port Modes
DTP, use the nonegotiate keyword to cause the LAN port to become a trunk but not generate DTP frames. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 131: Default Layer 2 Lan Interface Configuration
When configuring Layer 2 LAN ports, follow these guidelines and restrictions: The following switching modules do not support ISL encapsulation: • – WS-X6502-10GE – WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF – WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 132: Configuring Lan Interfaces For Layer 2 Switching
802.1Q cloud separating the Cisco switches is treated as a single broadcast segment between all switches connected to the non-Cisco 802.1q cloud through 802.1q trunks. Make certain that the native VLAN is the same on all of the 802.1q trunks connecting the Cisco –...
Page 133: Configuring A Lan Port For Layer 2 Switching
To avoid potential issues while changing the role of a port using the switchport command, shut down the interface before applying the switchport command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 134: Configuring A Layer 2 Switching Port As A Trunk
To support the switchport mode trunk command, you must configure the encapsulation as either • ISL or 802.1Q. The following switching modules do not support ISL encapsulation: • WS-X6502-10GE – WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6548-GE-45AF – – WS-X6148-GE-TX, WS-X6148V-GE-TX, WS-X6148-GE-45AF Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 135 Before entering the switchport mode trunk command, you must configure the encapsulation (see • “Configuring the Layer 2 Switching Port as an ISL or 802.1Q Trunk” section on page 8-8). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 136 Purpose (Optional) Configures the 802.1Q native VLAN. Router(config-if)# switchport trunk native vlan vlan_ID Reverts to the default value (VLAN 1). Router(config-if)# no switchport trunk native vlan Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 8-10 OL-11439-03...
Page 137 You can remove VLAN 1. If you remove VLAN 1 from a trunk, the trunk interface continues to send • and receive management traffic, for example, Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), and DTP in VLAN 1.
Page 138 Router# show interfaces [type slot/port] switchport Step 3 Displays the trunk configuration of the interface. Router# show interfaces [type slot/port] trunk type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 8-12 OL-11439-03...
Page 139 Fa5/8 1-1005 Port Vlans allowed and active in management domain Fa5/8 1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-8 02,850,917,999,1002-1005 Port Vlans in spanning tree forwarding state and not pruned Fa5/8 1-6,10,20,50,100,152,200,300,303-305,349-351,400,500,521,524,570,801-8 02,850,917,999,1002-1005 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 8-13 OL-11439-03...
Page 140: Configuring A Lan Interface As A Layer 2 Access Port
End with CNTL/Z. Router(config)# interface fastethernet 5/6 Router(config-if)# shutdown Router(config-if)# switchport Router(config-if)# switchport mode access Router(config-if)# switchport access vlan 200 Router(config-if)# no shutdown Router(config-if)# end Router# exit Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 8-14 OL-11439-03...
Page 141: Configuring A Custom Ieee 802.1Q Ethertype Field Value
For example, a trunk port that is configured with a custom EtherType field value does not recognize the standard 0x8100 EtherType field value on 802.1Q-tagged frames and cannot put the frames into the VLAN to which they belong. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 8-15 OL-11439-03...
Page 142 VLAN. If you misconfigure a custom EtherType field value, frames might be placed into the wrong VLAN. See the Release Notes for Cisco IOS Release 12.2ZY on the Supervisor Engine 32 PISA for a list of • the modules that support custom IEEE 802.1Q EtherType field values.
Page 143: Configuring Flex Links
This chapter describes how to configure Flex Links on the Catalyst 6500 series switch. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h The chapter consists of these sections: Understanding Flex Links, page 9-1 •...
Page 144: Flex Links Default Configuration
STP is disabled on Flex Links ports. If STP is disabled on the switch, be sure that there are no Layer 2 loops in the network topology. Do not configure the following STP features on Flex Links ports or the ports to which the links • connect: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 145: Monitoring Flex Links
Active Up/Backup Standby FastEthernet1/3 FastEthernet2/4 Active Up/Backup Standby Port-channel1 GigabitEthernet7/1 Active Up/Backup Standby Monitoring Flex Links Table 9-1 shows the privileged EXEC command for monitoring the Flex Links configuration. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 146 Flex Links configured on the switch and the state of each active and backup interface (up or standby mode). 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 147: Configuring Etherchannels
Layer 3 LAN ports. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How EtherChannels Work, page 10-1 •...
Page 148: Understanding How Etherchannels Are Configured
(PAgP) or the Link Aggregation Control Protocol (LACP) to form EtherChannels. The EtherChannel protocols allow ports with similar characteristics to form an EtherChannel through dynamic negotiation with connected network devices. PAgP is a Cisco-proprietary protocol and LACP is defined in IEEE 802.3ad.
Page 149 A LAN port in passive mode cannot form an EtherChannel with another LAN port that is also in • passive mode, because neither port will initiate negotiation. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-3 OL-11439-03...
Page 150: Understanding Port Channel Interfaces
An EtherChannel balances the traffic load across the links in an EtherChannel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-4 OL-11439-03...
Page 151: Etherchannel Feature Configuration Guidelines And Restrictions
The WS-X6148-GE-TX and WS-X6148V-GE-TX switching modules do not support more than • 1 Gbps of traffic per EtherChannel. When you add a member port that does not support ISL trunking to an EtherChannel, Cisco IOS • software automatically adds a switchport trunk encapsulation dot1q command to the port-channel interface to prevent configuration of the EtherChannel as an ISL trunk.
Page 152: Configuring Etherchannels
To move an IP address from a Layer 3 LAN port to an EtherChannel, you must delete the IP address • from the Layer 3 LAN port before configuring it on the port channel logical interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-6 OL-11439-03...
Page 153: Configuring Channel Groups
You cannot put Layer 2 LAN ports into a manually created port channel interface. For Cisco IOS to create port channel interfaces for Layer 2 EtherChannels, the Layer 2 LAN ports •...
Page 154 This example shows how to verify the configuration of port channel interface 2: Router# show running-config interface port-channel 2 Building configuration... Current configuration: interface Port-channel2 no ip address switchport switchport access vlan 10 switchport mode access Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-8 OL-11439-03...
Page 155 Age of the Port-channel = 04d:18h:58m:50s Logical slot/port = 14/1 Number of ports = 0 = 0x00000000 HotStandBy port = null Port state = Port-channel Ag-Not-Inuse Protocol PAgP Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-9 OL-11439-03...
Page 156: Configuring The Lacp System Priority And System Id
The load-balancing keywords indicate the following information: dst-ip—Destination IP addresses • dst-mac—Destination MAC addresses • dst-port—Destination Layer 4 port • mpls—Load balancing for MPLS packets • src-dst-ip—Source and destination IP addresses • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-10 OL-11439-03...
Page 157: Configuring The Etherchannel Min-Links Feature
Although the EtherChannel Min-Links feature works correctly when configured only on one end of an EtherChannel, for best results, configure the same number of minimum links on both ends of the EtherChannel. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-11 OL-11439-03...
Page 158 This example shows how to configure port channel interface 1 to be inactive if fewer than 2 member ports are active in the EtherChannel: Router# configure terminal Router(config)# interface port-channel 1 Router(config-if)# port-channel min-links 2 Router(config-if)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 10-12 OL-11439-03...
Page 159: Configuring Vtp
For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How VTP Works, page 11-1 •...
Page 160: Understanding The Vtp Domain
NVRAM. If this happens, the switch cannot be returned to VTP server mode until the NVRAM is functioning. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-2 OL-11439-03...
Page 161: Understanding Vtp Advertisements
VTP pruning increases available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP pruning is disabled. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-3 OL-11439-03...
Page 162 Flooding Traffic with VTP Pruning Switch 4 Interface 2 Interface 4 Flooded traffic is pruned. Switch 2 VLAN Switch 5 Interface 5 Interface 1 Switch 6 Switch 3 Switch 1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-4 OL-11439-03...
Page 163: Vtp Default Configuration
2-capable network devices in the domain enable VTP version 2. In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to • function properly. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-5 OL-11439-03...
Page 164: Configuring Vtp Global Parameters
This example shows one way to configure a VTP password in global configuration mode: Router# configure terminal Router(config)# vtp password WATER Setting device VLAN database password to WATER. Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-6 OL-11439-03...
Page 165: Enabling Vtp Pruning
In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to Note function properly on devices that support Token Ring interfaces. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-7 OL-11439-03...
Page 166: Configuring The Vtp Mode
When VTP is disabled, you can enter VLAN configuration commands in configuration mode instead of Note the VLAN database mode and the VLAN configuration is stored in the startup configuration file. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-8 OL-11439-03...
Page 167 This example shows how to disable VTP on the switch: Router# configuration terminal Router(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. Router(config)# end Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-9 OL-11439-03...
Page 168: Displaying Vtp Statistics
Number of V1 summary errors VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 11-10 OL-11439-03...
Page 169: Configuring Vlans
This chapter describes how to configure VLANs on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How VLANs Work, page 12-1 •...
Page 170: Vlan Ranges
Reserved For system use only. You cannot see or use these VLANs. — Normal Cisco default. You can use this VLAN but you cannot delete it. Yes 2–1001 Normal For Ethernet VLANs; you can create, use, and delete these VLANs.
Page 171: Configurable Vlan Parameters
12-1). The TrBRF can be extended across a network devices interconnected via trunk links. The connection between the TrCRF and the TrBRF is referred to as a logical port. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-3 OL-11439-03...
Page 172 To pass data between rings located on separate network devices, you can associate the rings to the same Note TrBRF and configure the TrBRF for an SRB. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-4 OL-11439-03...
Page 173 TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. Figure 12-4 illustrates the backup TrCRF. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-5 OL-11439-03...
Page 174: Vlan Default Configuration
VLAN ID 1002 1–1005 VLAN name “fddi-default” — 802.10 SAID 101002 1–4294967294 MTU size 1500 1500–18190 Ring number 1–4095 Parent VLAN 0–1005 Translational bridge 1 0–1005 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-6 OL-11439-03...
Page 175 Table 12-6 Token Ring (TrBRF) VLAN Defaults and Ranges Parameter Default Range VLAN ID 1005 1–1005 VLAN name “trnet-default” — 802.10 SAID 101005 1–4294967294 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-7 OL-11439-03...
Page 176: Vlan Configuration Guidelines And Restrictions
VLAN database if you manually delete the vlan.dat file. If you want to modify the VLAN configuration or VTP, use the commands described in this guide and in the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, publication. •...
Page 177: Vlan Configuration Options
• Note VLANs support a number of parameters that are not discussed in detail in this section. For complete information, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, publication. VLAN Configuration Options These sections describe the VLAN configuration options: VLAN Configuration in Global Configuration Mode, page 12-9 •...
Page 178: Creating Or Modifying An Ethernet Vlan
When you create or modify an Ethernet VLAN, note the following information: • Because Layer 3 ports and some software features require internal VLANs allocated from 1006 and up, configure extended-range VLANs starting with 4094. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-10 OL-11439-03...
Page 179: Assigning A Layer 2 Lan Interface To A Vlan
Assigning a Layer 2 LAN Interface to a VLAN A VLAN created in a management domain remains unused until you assign one or more LAN ports to the VLAN. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-11 OL-11439-03...
Page 180: Configuring The Internal Vlan Allocation Policy
VLAN Translation Guidelines and Restrictions, page 12-13 • Configuring VLAN Translation on a Trunk Port, page 12-14 • Enabling VLAN Translation on Other Ports in a Port Group, page 12-15 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-12 OL-11439-03...
Page 181 802.1Q WS-X6502-10GE 1 port in 802.1Q 1 group WS-X6724-SFP 1–12 13–24 802.1Q WS-X6816-GBIC 1–8 802.1Q 9–16 WS-X6516A-GBIC 1–8 802.1Q 9–16 WS-X6516-GBIC 1–8 802.1Q 9–16 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-13 OL-11439-03...
Page 182 Step 4 Exits configuration mode. Router(config-if)# end Step 5 Verifies the VLAN mapping. Router# show interface type slot/port vlan mapping type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-14 OL-11439-03...
Page 183: Mapping 802.1Q Vlans To Isl Vlans
802.1Q VLANs in the range 1 through 1001 and 1006 through 4094 are automatically mapped to the corresponding ISL VLAN. 802.1Q VLAN numbers corresponding to reserved VLAN numbers must be mapped to an ISL VLAN in order to be recognized and forwarded by Cisco network devices. These restrictions apply when mapping 802.1Q VLANs to ISL VLANs: •...
Page 184: Saving Vlan Information
To view the file location, use the dir vlan.dat command. To copy the file (binary), use the copy vlan.dat tftp command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 12-16 OL-11439-03...
Page 185: Configuring Private Vlans
This chapter describes how to configure private VLANs on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How Private VLANs Work, page 13-1 •...
Page 186: Private Vlan Domains
Layer 2 level. Community VLANs—Ports within a community VLAN can communicate with each other but • cannot communicate with ports in other communities at the Layer 2 level. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-2 OL-11439-03...
Page 187: Private Vlan Ports
In a switched environment, you can assign an individual private VLAN and associated IP subnet to each individual or common group of end stations. The end stations need to communicate only with a default gateway to communicate outside the private VLAN. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-3 OL-11439-03...
Page 188: Private Vlan Port Isolation
VLANs, but in the same primary VLAN. When new devices are added, the DHCP server assigns them the next available address from a large pool of subnet addresses. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-4...
Page 189: Private Vlans Across Multiple Switches
Private VLANs and Unicast, Broadcast, and Multicast Traffic, page 13-6 • Private VLANs and SVIs, page 13-6 • See also the “Private VLAN Configuration Guidelines and Restrictions” section on page 13-6. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-5 OL-11439-03...
Page 190: Private Vlan Configuration Guidelines And Restrictions
The guidelines for configuring private VLANs are described in the following sections: Secondary and Primary VLAN Configuration, page 13-7 • Private VLAN Port Configuration, page 13-9 • Limitations with Other Features, page 13-9 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-6 OL-11439-03...
Page 191: Secondary And Primary Vlan Configuration
VLAN port sticky ARP entries do not age out. For information about configuring sticky ARP, see the “Configuring Sticky ARP” section on page 33-25. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-7 OL-11439-03...
Page 192 Chapter 30, “Configuring Network Security”.) • Cisco IOS ACLs applied to the Layer 3 VLAN interface of a primary VLAN automatically apply to the associated isolated and community VLANs. • Do not apply Cisco IOS ACLs to isolated or community VLANs. Cisco IOS ACL configuration applied to isolated and community VLANs is inactive while the VLANs are part of the private VLAN configuration.
Page 193: Private Vlan Port Configuration
Do not configure a remote SPAN (RSPAN) VLAN as a private VLAN primary or secondary VLAN. • For more information about SPAN, see Chapter 48, “Configuring Local SPAN, RSPAN, and ERSPAN.” Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-9 OL-11439-03...
Page 194 VLAN configuration for other ports within the 12 ports is inactive. To reactivate the ports, remove the isolated or community VLAN port configuration and enter the shutdown and no shutdown commands. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-10 OL-11439-03...
Page 195: Configuring A Vlan As A Private Vlan
These commands do not take effect until you exit Note VLAN configuration submode. Step 3 Exits configuration mode. Router(config-vlan)# end Step 4 Verifies the configuration. Router# show vlan private-vlan [type] Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-11 OL-11439-03...
Page 196: Associating Secondary Vlans With A Primary Vlan
Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs. • The secondary_vlan_list parameter can contain multiple community VLAN IDs. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-12 OL-11439-03...
Page 197: Mapping Secondary Vlans To The Layer 3 Vlan Interface Of A Primary Vlan
Clears the mapping between the secondary VLANs and Router(config-if)# [no] private-vlan mapping the primary VLAN. Step 3 Exits configuration mode. Router(config-if)# end Step 4 Verifies the configuration. Router# show interface private-vlan mapping Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-13 OL-11439-03...
Page 198: Configuring A Layer 2 Interface As A Private Vlan Host Port
Configures the Layer 2 port as a private VLAN host port. Router(config-if)# switchport mode private-vlan {host | promiscuous} Clears private VLAN port configuration. Router(config-if)# no switchport mode private-vlan Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-14 OL-11439-03...
Page 199: Configuring A Layer 2 Interface As A Private Vlan Promiscuous Port
Layer 2 interface before you can enter additional switchport commands with keywords. Required only if you have not entered the switchport • command already for the interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-15 OL-11439-03...
Page 200 Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 202 (VLAN0202) 303 (VLAN0303) 440 (VLAN0440) Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-16 OL-11439-03...
Page 201: Monitoring Private Vlans
This is an example of the output from the show vlan private-vlan command: Switch(config)# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ isolated Fa2/1, Gi3/1, Gi3/2 community Fa2/11, Gi3/1, Gi3/4 non-operational Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-17 OL-11439-03...
Page 202 Chapter 13 Configuring Private VLANs Monitoring Private VLANs Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 13-18 OL-11439-03...
Page 203: Configuring Cisco Ip Phone Support
C H A P T E R Configuring Cisco IP Phone Support This chapter describes how to configure support for Cisco IP phones on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL:...
Page 204: Cisco Ip Phone Voice Traffic
The Cisco IP phone transmits voice traffic with Layer 3 IP precedence and Layer 2 CoS values, which are both set to 5 by default. The sound quality of a Cisco IP phone call can deteriorate if the voice traffic is transmitted unevenly.
Page 205: Cisco Ip Phone Data Traffic
Untrusted mode—All traffic in 802.1Q or 802.1p frames received through the access port on the • Cisco IP phone is marked with a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default.
Page 206 The Cisco prestandard PoE implementation defines a method to sense an attached inline-powered device and to apply an initial power level. After activation, a Cisco prestandard device that supports CDP can negotiate a lower or higher power allocation using CDP messaging.
Page 207: Default Cisco Ip Phone Support Configuration
Cisco IP phone, the supervisor engine reduces or increases the allocated power. For example, the default allocated power is 7 W. A Cisco IP phone requiring 6.3 W is plugged into a port. The supervisor engine allocates 7 W for the Cisco IP phone and powers it up. Once the Cisco IP phone is operational, it sends a CDP message with the actual power requirement to the supervisor engine.
Page 208: Cisco Ip Phone Support Configuration Guidelines And Restrictions
– If the Cisco IP phone uses untagged frames and the device uses 802.1p frames – If the Cisco IP phone uses 802.1Q frames and the voice VLAN is the same as the access VLAN – • The Cisco IP phone and a device attached to the Cisco IP phone cannot communicate if they are in the same VLAN and subnet but use different frame types, because traffic between devices in the same subnet is not routed (routing would eliminate the frame type difference).
Page 209: Configuring Voice Traffic Support
When configuring the way in which the Cisco IP phone transmits voice traffic, note the following information: Enter a voice VLAN ID to send CDP packets that configure the Cisco IP phone to transmit voice • traffic in 802.1Q frames, tagged with the voice VLAN ID and a Layer 2 CoS value (the default is 5).
Page 210: Configuring Data Traffic Support
To send CDP packets that configure the Cisco IP phone to trust tagged traffic received from a device connected to the access port on the Cisco IP phone, do not enter the cos keyword and CoS value. To send CDP packets that configure the Cisco IP phone to mark tagged ingress traffic received from •...
Page 211: Configuring Inline Power Support
In Cisco IOS Release 12.2ZYA and later releases, when the auto keyword is entered and CDP – is enabled on the port, an inline-powered device that supports CDP can negotiate a power level up to 16800 milliwatts unless a lower maximum power level is configured.
Page 212 This example shows how to verify the inline power configuration on Fast Ethernet port 5/1: Router# show power inline fastethernet 5/1 Interface Admin Oper Power Device (Watts) ---------- ----- ---------- ------- ------------------- Fa5/1 auto cisco phone device Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 14-10 OL-11439-03...
Page 213: Configuring Ieee 802.1Q Tunneling
Note • For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6148-GE-TX, and WS-X6148V-GE-TX •...
Page 214 VLAN 40 802.1Q trunk port 802.1Q trunk port 802.1Q trunk port Customer B Customer B Trunk VLANs 1 to 200 VLANs 1 to 200 Asymmetric link Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 15-2 OL-11439-03...
Page 215: Q Tunneling Configuration Guidelines And Restrictions
Use asymmetrical links to put traffic into a tunnel or to remove traffic from a tunnel. • Configure tunnel ports only to form an asymmetrical link. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 15-3 OL-11439-03...
Page 216 QoS cannot detect the received CoS value in the 802.1Q 2-byte Tag Control Information field. • On an asymmetrical link, the Cisco Discovery Protocol (CDP) reports a native VLAN mismatch if the VLAN of the tunnel port does not match the native VLAN of the 802.1Q trunk. The 802.1Q tunnel feature does not require that the VLANs match.
Page 217 If the service provider does not want the customer to see its switches, CDP should be disabled on • the 802.1Q tunnel port as follows: Router(config-if)# no cdp enable Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 15-5 OL-11439-03...
Page 218: Configuring 802.1Q Tunneling
The vlan dot1q tag native command is a global command that configures the switch to tag native VLAN traffic, and admit only 802.1Q tagged frames on 802.1Q trunks, dropping any untagged traffic, including untagged traffic in the native VLAN. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 15-6 OL-11439-03...
Page 219 This example shows how to configure the switch to tag native VLAN traffic and verify the configuration: Router# configure terminal Router(config)# vlan dot1q tag native Router(config)# end Router# show vlan dot1q tag native Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 15-7 OL-11439-03...
Page 220 Chapter 15 Configuring IEEE 802.1Q Tunneling Configuring 802.1Q Tunneling Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 15-8 OL-11439-03...
Page 221: Configuring Layer 2 Protocol Tunneling
Note • For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6148-GE-TX, and WS-X6148V-GE-TX •...
Page 222: Configuring Support For Layer 2 Protocol Tunneling
An ingress edge switch rewrites the destination MAC address of the PDUs received on a Layer 2 tunnel port with the Cisco proprietary multicast address (01-00-0c-cd-cd-d0). The PDU is then flooded to the native VLAN of the Layer 2 tunnel port. If you enable Layer 2 protocol tunneling on a port, PDUs of an enabled protocol are not sent out.
Page 223 When the shutdown threshold is exceeded, the port is put in errdisable state. If a shutdown threshold is not specified, the value is 0 (shutdown threshold disabled). Note Refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY for more information about the l2ptguard keyword for the following commands: •...
Page 224 Router# show l2protocol-tunnel summary Port Protocol Threshold (cos/cdp/stp/vtp) ---------------------------------------- Router# This example shows how to clear Layer 2 protocol tunneling port counters: Router# clear l2protocol-tunnel counters Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 16-4 OL-11439-03...
Page 225: Configuring Stp And Mst
(MST) protocol on Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How STP Works, page 17-1 •...
Page 226: Stp Overview
The bridge priority is a 4-bit value when the extended system ID is enabled (see Table 17-1 on page 17-3 and the “Configuring the Bridge Priority of a VLAN” section on page 17-33). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-2 OL-11439-03...
Page 227: Understanding Bridge Protocol Data Units
BPDU, and, if the topology changes, initiate a BPDU transmission. A BPDU exchange results in the following: One network device is elected as the root bridge. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-3 OL-11439-03...
Page 228: Election Of The Root Bridge
(lowering the numerical value) of the ideal network device so that it becomes the root bridge, you force an STP recalculation to form a new spanning tree topology with the ideal network device as the root. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-4 OL-11439-03...
Page 229: Stp Port States
Listening—First transitional state after the blocking state when STP determines that the Layer 2 LAN port should participate in frame forwarding. Learning—The Layer 2 LAN port prepares to participate in frame forwarding. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-5 OL-11439-03...
Page 230 The Layer 2 LAN port waits for the forward delay timer to expire and then moves the Layer 2 LAN port to the forwarding state, where both learning and frame forwarding are enabled. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-6...
Page 231: Blocking State
Layer 2 LAN port enters this state when STP determines that the Layer 2 LAN port should participate in frame forwarding. Figure 17-4 shows a Layer 2 LAN port in the listening state. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-7 OL-11439-03...
Page 232: Learning State
A Layer 2 LAN port in the learning state prepares to participate in frame forwarding. The Layer 2 LAN port enters the learning state from the listening state. Figure 17-5 shows a Layer 2 LAN port in the learning state. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-8 OL-11439-03...
Page 233: Forwarding State
A Layer 2 LAN port in the forwarding state forwards frames, as shown in Figure 17-6. The Layer 2 LAN port enters the forwarding state from the learning state. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-9 OL-11439-03...
Page 234: Disabled State
A Layer 2 LAN port in the disabled state does not participate in frame forwarding or STP, as shown in Figure 17-7. A Layer 2 LAN port in the disabled state is virtually nonoperational. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-10 OL-11439-03...
Page 235: Stp And Ieee 802.1Q Trunks
• STP and IEEE 802.1Q Trunks 802.1Q trunks impose some limitations on the STP strategy for a network. In a network of Cisco network devices connected through 802.1Q trunks, the network devices maintain one instance of STP for each VLAN allowed on the trunks. However, non-Cisco 802.1Q network devices maintain only one instance of STP for all VLANs allowed on the trunks.
Page 236: Understanding How Ieee 802.1W Rstp Works
STP Port State Is Port Included in the Operational Status (IEEE 802.1D) RSTP Port State Active Topology? Enabled Blocking Discarding Enabled Listening Discarding Enabled Learning Learning Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-12 OL-11439-03...
Page 237: Rapid Convergence
Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Rapid Convergence The RSTP provides for rapid recovery of connectivity following the failure of a switch, a switch port, or a LAN.
Page 238: Synchronization Of Port Roles
When the switches connected by a point-to-point link are in agreement about their port roles, the RSTP immediately transitions the port states to forwarding. The sequence of events is shown in Figure 17-9. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-14 OL-11439-03...
Page 239: Bridge Protocol Data Unit Format And Processing
RSTP flag fields. Table 17-4 RSTP BPDU Flags Function Topology change (TC) Proposal 2–3: Port role: Unknown Alternate port or backup port Root port Designated port Learning Forwarding Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-15 OL-11439-03...
Page 240: Processing Superior Bpdu Information
An inferior BPDU is a BPDU with root information (such as higher switch ID or higher path cost) that is inferior to what is currently stored for the port. If a designated port receives an inferior BPDU, it immediately replies with its own information. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-16 OL-11439-03...
Page 241: Topology Changes
UplinkFast and BackboneFast configurations are ignored in Rapid-PVST mode; both features are included in RSTP. Understanding MST These sections describe MST: MST Overview, page 17-18 • MST Regions, page 17-18 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-17 OL-11439-03...
Page 242: Mst Overview
The MST configuration controls to which MST region each switch belongs. The configuration includes the name of the region, the revision number, and the MST VLAN-to-instance assignment map. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-18...
Page 243: Ist, Cist, And Cst
For more information, see the “Spanning Tree Operation Within an MST Region” section on page 17-20 and the “Spanning Tree Operations Between MST Regions” section on page 17-20. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-19 OL-11439-03...
Page 244 1 (A) is also the CIST root. The CIST regional root for region 2 (B) and the CIST regional root for region 3 (C) are the roots for their respective subtrees within the CIST. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-20...
Page 245 MST region. Remember that an MST region looks like a single switch to the CIST. The CIST external root path cost is the root path cost calculated between these virtual switches and switches that do not belong to any region. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-21 OL-11439-03...
Page 246: Hop Count
Boundary Ports In the Cisco prestandard implementation, a boundary port connects an MST region to one of these STP regions: A single spanning tree region running RSTP •...
Page 247: Standard-Compliant Mst Implementation
The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary unless it is running in an STP-compatible mode.
Page 248 BPDUs it sends and that switch B is the designated, not root bridge. As a result, switch A blocks (or keeps blocking) its port, thus preventing the bridging loop. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-24...
Page 249: Interoperability With Ieee 802.1D-1998 Stp
• Configuring the Forward-Delay Time for a VLAN, page 17-35 • Configuring the Maximum Aging Time for a VLAN, page 17-35 • Enabling Rapid-PVST, page 17-36 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-25 OL-11439-03...
Page 250: Default Stp Configuration
You can enable STP on a per-VLAN basis. The Catalyst 6500 series switch maintains a separate instance of STP for each VLAN (except on VLANs on which you disable STP). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-26...
Page 251 Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 00d0.00b8.14c8 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-27 OL-11439-03...
Page 252: Enabling The Extended System Id
The root bridge for each instance of STP should be a backbone or distribution switch. Do not configure an access switch as the STP primary root. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-28 OL-11439-03...
Page 253: Configuring A Secondary Root Bridge
You can run this command on more than one switch to configure multiple backup root bridges. Use the same network diameter and hello time values as you used when configuring the primary root bridge. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-29...
Page 254: Configuring Stp Port Priority
The possible priority range is 0 through 240 (default 128), configurable in increments of 16. Cisco IOS uses the port priority value when the LAN port is configured as an access port and uses VLAN port priority values when the LAN port is configured as a trunk port.
Page 255 ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 200000 160.196 VLAN0006 Back BLK 200000 160.196 VLAN0199 Back BLK 200000 160.196 VLAN0200 Desg FWD 200000 64.196 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-31 OL-11439-03...
Page 256: Configuring Stp Port Cost
Router# show spanning-tree interface gigabitethernet 1/4 Vlan Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 1000 160.196 VLAN0006 Back BLK 1000 160.196 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-32 OL-11439-03...
Page 257: Configuring The Bridge Priority Of A Vlan
1 through 4094, except reserved VLANs (see Table 12-1 49152 | 53248 | 57344 | 61440} on page 12-2). Reverts to the default bridge priority value. Router(config)# no spanning-tree vlan vlan_ID priority Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-33 OL-11439-03...
Page 258: Configuring The Hello Time
This example shows how to configure the hello time for VLAN 200 to 7 seconds: Router# configure terminal Router(config)# spanning-tree vlan 200 hello-time 7 Router(config)# end Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-34 OL-11439-03...
Page 259: Configuring The Forward-Delay Time For A Vlan
1 through 4094, except reserved VLANs (see Table 12-1 on page 12-2). Reverts to the default maximum aging time. Router(config)# no spanning-tree vlan vlan_ID max-age Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-35 OL-11439-03...
Page 260: Enabling Rapid-Pvst
A switch also might continue to assign a boundary role to a port when the switch to which it is connected has joined the region. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-36...
Page 261: Configuring Mst
(configurable on a per-CIST port basis) 1000 Mbps: 4 100 Mbps: 19 10 Mbps: 100 Hello time 2 seconds Forward-delay time 15 seconds Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-37 OL-11439-03...
Page 262: Mst Configuration Guidelines And Restrictions
To specify the MST region configuration and enable MST, perform this task: Command Purpose Step 1 Enters global configuration mode. Router# configure terminal Step 2 Enters MST configuration mode. Router(config)# spanning-tree mst configuration Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-38 OL-11439-03...
Page 263 To return to the default revision number, use the no revision MST configuration command. • To reenable PVST+, use the no spanning-tree mode or the spanning-tree mode pvst global • configuration command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-39 OL-11439-03...
Page 264: Configuring The Root Bridge
With the switch configured as the root bridge, do not manually configure the hello time, forward-delay time, and maximum-age time with the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-40 OL-11439-03...
Page 265: Configuring A Secondary Root Bridge
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-41...
Page 266: Configuring Port Priority
Enters global configuration mode. Router# configure terminal Step 2 (Optional) Specifies an interface to configure, and enters Router(config)# interface {{gigabitethernet 1/port} | {port-channel interface configuration mode. number}} Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-42 OL-11439-03...
Page 267: Configuring Path Cost
Enters global configuration mode. Router# configure terminal Step 2 (Optional) Specifies an interface to configure, and enters Router(config)# interface {{gigabitethernet 1/port} | {port-channel interface configuration mode. number}} Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-43 OL-11439-03...
Page 268: Configuring The Switch Priority
Exercise care when using this command. For most situations, we recommend that you use the spanning-tree mst instance_id root primary and the spanning-tree mst instance_id root secondary global configuration commands to modify the switch priority. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-44 OL-11439-03...
Page 269: Configuring The Hello Time
These messages mean that the switch is alive. For seconds, the range is 1 to 10; the default is 2. Step 3 Returns to privileged EXEC mode. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-45 OL-11439-03...
Page 270: Configuring The Forwarding-Delay Time
(Optional) Saves your entries in the configuration file. Router# copy running-config startup-config To return the switch to its default setting, use the no spanning-tree transmit hold-count global configuration command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-46 OL-11439-03...
Page 271: Configuring The Maximum-Aging Time
RSTP negotiates a rapid transition with the other port by using the proposal-agreement handshake to ensure a loop-free topology as described in the “Rapid Convergence” section on page 17-13. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-47 OL-11439-03...
Page 272: Designating The Neighbor Type
(Optional) Saves your entries in the configuration file. Router# copy running-config startup-config To return the port to its default setting, use the no spanning-tree mst prestandard interface configuration command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-48 OL-11439-03...
Page 273: Restarting The Protocol Migration Process
Displays MST information for the specified instance. show spanning-tree mst instance_id Displays MST information for the specified interface. show spanning-tree mst interface interface_id Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-49 OL-11439-03...
Page 274 Chapter 17 Configuring STP and MST Displaying the MST Configuration and Status Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 17-50 OL-11439-03...
Page 275: Configuring Optional Stp Features
This chapter describes how to configure optional STP features. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How PortFast Works, page 18-2 •...
Page 276: Understanding How Portfast Works
When you enable PortFast BPDU filtering globally and set the port configuration as the default for PortFast BPDU filtering (see the “Enabling PortFast BPDU Filtering” section on page 18-10), then PortFast enables or disables PortFast BPDU filtering. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-2 OL-11439-03...
Page 277: Understanding How Uplinkfast Works
Switch B is in the blocking state. Figure 18-1 UplinkFast Example Before Direct Link Failure Switch A Switch B (Root) Blocked port Switch C Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-3 OL-11439-03...
Page 278: Understanding How Backbonefast Works
Switch B over link L1 and to Switch C over link L2. The Layer 2 LAN interface on Switch C that connects directly to Switch B is in the blocking state. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-4...
Page 279 However, the other network devices ignore these inferior BPDUs and the new network device learns that Switch B is the designated bridge to Switch A, the root bridge. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-5...
Page 280: Understanding How Etherchannel Guard Works
VLANs to which that port belongs. When you disable loop guard, it is disabled for the specified ports. Disabling loop guard moves all loop-inconsistent ports to the listening state. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-6 OL-11439-03...
Page 281 If a set of ports that are already blocked by loop guard are grouped together to form a channel, – spanning tree loses all the state information for those ports and the new channel port may obtain the forwarding state with a designated role. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-7 OL-11439-03...
Page 282: Enabling Portfast
Router# show running-config interface fastethernet 5/8 Building configuration... Current configuration: interface FastEthernet5/8 no ip address switchport switchport access vlan 200 switchport mode access spanning-tree portfast Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-8 OL-11439-03...
Page 283 %Warning:portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION Router(config-if)# ^Z Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-9 OL-11439-03...
Page 284: Enabling Portfast Bpdu Filtering
BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- 2 vlans Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-10 OL-11439-03...
Page 285: Enabling Bpdu Guard
Verifies the configuration. Router# show spanning-tree summary totals This example shows how to enable BPDU Guard: Router# configure terminal Router(config)# spanning-tree portfast bpduguard Router(config)# end Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-11 OL-11439-03...
Page 286: Enabling Uplinkfast
This example shows how to enable UplinkFast: Router# configure terminal Router(config)# spanning-tree uplinkfast Router(config)# exit Router# This example shows how to enable UplinkFast with an update rate of 400 packets per second: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-12 OL-11439-03...
Page 287: Enabling Backbonefast
Number of RLQ request PDUs received (all VLANs) Number of RLQ response PDUs received (all VLANs) Number of RLQ request PDUs sent (all VLANs) Number of RLQ response PDUs sent (all VLANs) Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-13 OL-11439-03...
Page 288: Enabling Etherchannel Guard
| {port-channel port_channel_number} type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet To display ports that are in the root-inconsistent state, enter the show spanning-tree inconsistentports command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-14 OL-11439-03...
Page 289: Enabling Loop Guard
This example shows how to verify the configuration: Router# show spanning-tree interface fastEthernet 4/4 detail Port 196 (FastEthernet4/4) of VLAN0010 is forwarding Port path cost 1000, Port priority 160, Port Identifier 160.196. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-15 OL-11439-03...
Page 290 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default Bpdu filter is enabled Loop guard is enabled on the port BPDU:sent 0, received 0 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 18-16 OL-11439-03...
Page 291: Configuring Layer 3 Interfaces
For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: • The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html • The Release 12.2 publications at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio...
Page 292: Configuring Subinterfaces On Layer 3 Interfaces
– IGMP join – IGMP static group – Multicast routing monitor (MRM) – – Multicast source discovery protocol (MSDP) – – IPv4 Ping – IPv6 Ping Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 19-2 OL-11439-03...
Page 293: Configuring Ipv4 Routing And Addresses
= ethernet, fastethernet, gigabitethernet, tengigabitethernet, or ge-wan Configuring IPv4 Routing and Addresses For complete information and procedures, refer to these publications: Cisco IOS IP and IP Routing Configuration Guide, Release 12.2, at this URL: • http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/fipr_c.html Cisco IOS IP and IP Routing Command Reference, Release 12.2, at these URLs: •...
Page 294 PISA. To prevent policy routing of traffic addressed to the PISA, configure PBR ACLs to deny traffic addressed to the PISA. Any options in Cisco IOS ACLs that provide filtering in a PBR route-map that would cause –...
Page 295 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.10 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 19-5 OL-11439-03...
Page 296: Configuring Ipx Routing And Network Numbers
Configuring IPX Routing and Network Numbers The PISA supports IPX with fast switching. Note For complete information and procedures, refer to these publications: Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.2, at this URL: • http://www.cisco.com/en/US/docs/ios/12_2/atipx/configuration/guide/fatipx_c.html • Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/atipx/command/reference/fatipx_r.html...
Page 297: Configuring Appletalk Routing, Cable Ranges, And Zones
Router(config-if)# end Router# copy running-config startup-config Configuring AppleTalk Routing, Cable Ranges, and Zones For complete information and procedures, refer to these publications: Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.2, at this URL: • http://www.cisco.com/en/US/docs/ios/12_2/atipx/configuration/guide/fatipx_c.html • Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/atipx/command/reference/fatipx_r.html...
Page 298: Configuring Other Protocols On Layer 3 Interfaces
Router# copy running-config startup-config Configuring Other Protocols on Layer 3 Interfaces Refer to these publications for information about configuring other protocols on Layer 3 interfaces: Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Configuration Guide, • Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/apollo/configuration/guide/fapolo_c.html...
Page 299: Configuring Ude And Udlr
(UDLR) on the Catalyst 6500 series switch. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h These sections describe UDE and UDLR: Understanding UDE and UDLR, page 20-1 •...
Page 300: Supported Hardware
You can create a unidirectional link by using a unidirectional transceiver. Unidirectional transceivers are less expensive than bidirectional transceivers. These are the supported unidirectional transceivers: • Receive-only WDM GBIC (WDM-GBIC-REC=) • Receive-only XENPAK (WDM-XENPAK-REC=) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 20-2 OL-11439-03...
Page 301: Understanding Udlr
Configuring UDE These sections describe how to configure UDE: UDE Configuration Guidelines, page 20-4 • Configuring Hardware-Based UDE, page 20-4 • • Configuring Software-Based UDE, page 20-5 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 20-3 OL-11439-03...
Page 302 Unidirectional links do not support ARP. Configuring Hardware-Based UDE There are no software configuration procedures required to support hardware-based UDE. Install a unidirectional transceiver to implement hardware-based UDE. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 20-4 OL-11439-03...
Page 303 Enable port unidirectional mode will automatically disable port udld. You must manually ensure that the unidirectional link does not create a spanning tree loop in the network. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 20-5...
Page 304: Configuring Udlr
You must configure source and destination IPv4 addresses on UDLR back-channel tunnel interfaces. The UDLR back-channel tunnel default mode is GRE. • UDLR back-channel tunnels do not support IPv6 or MPLS. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 20-6 OL-11439-03...
Page 305 10 Gigabit Ethernet port 1/2 is a receive-only UDE port. – The UDLR back-channel tunnel is configured as send-only and is associated with 10 Gigabit – Ethernet port 1/2. ARP and NHRP are enabled. – Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 20-7 OL-11439-03...
Page 306 0 tunnel source 11.0.0.2 tunnel destination 11.0.0.1 tunnel udlr send-only tengigabitethernet 1/2 tunnel udlr address-resolution ! Configure OSPF. router ospf <pid> network 10.0.0.0 0.255.255.255 area 0 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 20-8 OL-11439-03...
Page 307: Configuring Multiprotocol Label Switching
This chapter describes how to configure Multiprotocol Label Switching (MPLS) on a Catalyst 6500 series switch. For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The Release 12.2 publications at this URL:...
Page 308: Understanding Mpls
(for IP to MPLS path), label swapping (for MPLS to MPLS path), label popping (for MPLS to IP path), and encapsulation. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-2...
Page 309 MPLS label switching. Routing protocol generates a routing information base (RIB) that is used for forwarding IP and MPLS data packets. For Cisco Express Forwarding (CEF), necessary routing information from the RIB is extracted and built into a forwarding information base (FIB).
Page 310: Supported Hardware Features
MPLS to MPLS path—Labeled packets can be received and sent to the label path. MPLS Traffic Engineering (MPLS TE)—Enables an MPLS backbone to replicate and expand the • traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-4 OL-11439-03...
Page 311: Supported Cisco Ios Features
VPNs (using only VRF-based IPv4), where IP addresses can be overlapped among the VPNs. See this publication: http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921d7.html. MPLS on Cisco routers—This feature provides basic MPLS support for imposing and removing • labels on IP packets at label edge routers (LERs) and switching labels at label switch routers (LSRs).
Page 312 MPLS VPN configuration. See this publication: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html Any Transport over MPLS (AToM)—Transports Layer 2 packets over an MPLS backbone. See the • “Any Transport over MPLS” section on page 21-13. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-6 OL-11439-03...
Page 313: Mpls Guidelines And Restrictions
Configuring Multiprotocol Label Switching MPLS Label Switching MPLS Guidelines and Restrictions When configuring MPLS, follow these guidelines and restrictions: The PFC3B supports up to 8 load-shared paths. Cisco IOS releases for other platforms support only • 4 load-shared paths. •...
Page 314: Mpls Configuration Examples
Router# show ip route 188.0.0.0 Routing entry for 188.0.0.0/24, 1 known subnets O IA 188.0.0.0 [110/1] via 75.0.77.2, 00:00:10, GigabitEthernet6/2 Router#sh ip ro 88.0.0.0 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-8 OL-11439-03...
Page 315: Vpn Switching
VPN Switching Operation, page 21-10 • • MPLS VPN Guidelines and Restrictions, page 21-11 • MPLS VPN Supported Commands, page 21-11 • MPLS VPN Sample Configuration, page 21-12 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-9 OL-11439-03...
Page 316: Vpn Switching Operation
VPN Switching VPN Switching Operation The IP VPN feature for MPLS allows a Cisco IOS network to deploy scalable IP Layer 3 VPN backbone services to multiple sites deployed on a shared infrastructure while also providing the same access or security policies as a private network.
Page 317: Mpls Vpn Guidelines And Restrictions
If you use a Layer 3 VLAN interface as the MPLS uplink through a Layer 2 port peering with another Note MPLS device, then you can use another Layer 3 VLAN interface as the VRF interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-11 OL-11439-03...
Page 318: Mpls Vpn Sample Configuration
10.4.4.4 0.0.0.0 area 0 network 10.0.0.0 0.0.255.255 area 0 router ospf 65000 vrf blues log-adjacency-changes redistribute bgp 100 subnets network 10.19.0.0 0.0.255.255 area 0 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-12 OL-11439-03...
Page 319: Any Transport Over Mpls
For information on other AToM implementations (ATM AAL5 over MPLS, ATM Cell Relay over MPLS, Frame Relay over MPLS), see this URL: http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SX_OSM_config/mpls.html#Any_ Transport_over_MPLS Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-13 OL-11439-03...
Page 320: Atom Load Balancing
P bits. The PFC3B provides a new command that allows you to trust the P bits while preserving the IP precedence bits. To preserve the IP precedence bits, use the no mls qos rewrite ip dscp command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-14 OL-11439-03...
Page 321 The AToM control word is not supported. • EoMPLS is not supported on Layer 3 VLAN interfaces. • Point-to-point EoMPLS works with a physical interface and subinterfaces. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-15 OL-11439-03...
Page 322: Configuring Eompls
A system can have both an OSM or FlexWAN configuration andEoMPLS configuration enabled at • the same time. Cisco supports this configuration but does not recommend it. Unless the uplinks to the MPLS core are through OSM or FlexWAN-enabled interfaces, OSM or FlexWAN-based EoMPLS connections will not be active;...
Page 323 VLAN Name Status Ports ---- -------------------------------- --------- ------------------------- default active VLAN0002 active VLAN0003 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-17 OL-11439-03...
Page 324 Prefix or Tunnel Id—Address or tunnel to which packets with this label are going. Bytes tag switched— Number of bytes switched out with this incoming label. – Outgoing interface—Interface through which packets with this label are sent. – Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-18 OL-11439-03...
Page 325 Port-based EoMPLS and VLAN-based EoMPLS are mutually exclusive. If you enable a main • interface for port-to-port transport, you also cannot enter commands on a subinterface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-19 OL-11439-03...
Page 326 Building configuration... Current configuration : 112 bytes interface GigabitEthernet7/11.2000 encapsulation dot1Q 2000 xconnect 75.0.78.1 2000 encapsulation mpls Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-20 OL-11439-03...
Page 327 When an PE router receives an LDP Hello message from another PE router, it considers that router and the specified label space to be “discovered.” Router# show mpls ldp discovery Local LDP Identifier: 13.13.13.13:0 Discovery Sources: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-21 OL-11439-03...
Page 328 To view the state of the currently routed VCs, enter the show mpls l2transport vc command: • Router# show mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------- --------------- ---------- ---------- Eth VLAN 2 11.11.11.11 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 21-22 OL-11439-03...
Page 329: Configuring Ipv4 Multicast Vpn Support
Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter contains these sections: Understanding How MVPN Works, page 22-1 •...
Page 330: Multicast Routing And Forwarding And Multicast Domains
(Depending on when the stream is sampled, this means that in a worst-case scenario, it could take up to 180 seconds before a high-bandwidth stream is detected.) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-2 OL-11439-03...
Page 331 MDT. Each PE router maintains a PIM relationship with the other PE routers over the default MDT, as well as a PIM relationship with its directly attached PE routers. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-3 OL-11439-03...
Page 332 (PE1) receives the request. Figure 22-2 shows how the PE router forwards the request to the CE router associated with the multicast source (CE1a). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-4 OL-11439-03...
Page 333: Multicast Tunnel Interfaces
The MTI is automatically created when an MVRF is configured. The BGP peering address is assigned as the MTI interface source address, and the PIM protocol is automatically enabled on each MTI. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-5...
Page 334: Pe Router Routing Table Support For Mvpn
Note • Unlike other tunnel interfaces that are commonly used on Cisco routers, the MVPN MTI is classified as a LAN interface, not a point-to-point interface. The MTI interface is not configurable, but you can use the show interface tunnel command to display its status.
Page 335: Mvpn Configuration Guidelines And Restrictions
MVPN Configuration Guidelines and Restrictions When configuring MVPN, follow these guidelines and restrictions: All PE routers in the multicast domain need to be running a Cisco IOS software image that supports • the MVPN feature. There is no requirement for MVPN support on the P and CE routers.
Page 336: Configuring Mvpn
To avoid disrupting customer traffic, we recommend verifying that the switch is already in ingress multicast replication mode before configuring any MVRFs. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-8 OL-11439-03...
Page 337: Configuring A Multicast Vpn Routing And Forwarding Instance
• Configuring Data MDTs (Optional), page 22-12 • Enabling Data MDT Logging, page 22-12 • Sample Configuration, page 22-13 • Displaying VRF Information, page 22-13 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-9 OL-11439-03...
Page 338 This example show how to configure 55:1111 as the route distinguisher and verify the configuration: Router(config-vrf)# rd 55:1111 Router(config-vrf)# do show ip vrf blue Name Default RD Interfaces blue 55:1111 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-10 OL-11439-03...
Page 339 To configure the default MDT, perform this task: Command Purpose Configures the default MDT. Router(config-vrf)# mdt default group_address Deletes the default MDT. Router(config-vrf)# no mdt default Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-11 OL-11439-03...
Page 340 MDTs by increasing the size of the wildcard bitmask that is used in the mdt data command. Disables data MDT logging. Router(config-vrf)# no log-reuse Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-12 OL-11439-03...
Page 341 Router# show ip pim mdt MDT Group Interface Source * 227.1.0.1 Tunnel1 Loopback0 BIDIR01 * 227.2.0.1 Tunnel2 Loopback0 BIDIR02 * 228.1.0.1 Tunnel3 Loopback0 SPARSE01 * 228.2.0.1 Tunnel4 Loopback0 SPARSE02 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-13 OL-11439-03...
Page 342 2.2.2.2 is directly connected, Loopback2 3.0.0.0/32 is subnetted, 1 subnets 3.3.3.3 [200/0] via 3.1.1.3, 00:20:09 21.0.0.0/8 is directly connected, GigabitEthernet3/16 22.0.0.0/8 [200/0] via 3.1.1.3, 00:20:09 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-14 OL-11439-03...
Page 343: Configuring Multicast Vrf Routing
In addition, BGP extended communities must be enabled (using the neighbor send-community both or neighbor send-community extended command) to support the use of MDTs in the network. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-15...
Page 344: Enabling Ipv4 Multicast Routing Globally
Router(config)# no ip pim vrf vrf_name register-source This example show how to configure a PIM VRF register message source address: Router(config)# ip pim vrf blue register-source loopback 3 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-16 OL-11439-03...
Page 345 IP address for the TCP connection. remote-as ASN—(Optional) Autonomous system number of the MSDP peer. This is for • display-only purposes. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-17 OL-11439-03...
Page 346 The valid range is from 1 to the value of the limit parameter. This example show how to configure the maximum number of multicast routes: Router(config)# ip multicast vrf blue route-limit 200000 20000 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-18 OL-11439-03...
Page 347 104.1.1.2 ip pim vrf vpn201 rp-address 192.200.1.1 ip pim vrf vpn202 rp-address 192.200.2.1 ip pim vrf vpn249 rp-address 192.200.49.6 ip pim vrf vpn250 rp-address 192.200.50.6 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-19 OL-11439-03...
Page 348: Configuring Interfaces For Multicast Routing To Support Mvpn
Purpose Step 1 Enters global configuration mode. Router# configure terminal Step 2 Router(config)# interface type {slot/port | Enters interface configuration mode for the specified number} interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-20 OL-11439-03...
Page 349 Disables IPv4 VRF forwarding. Router(config-if)# no ip vrf forwarding [vrf_name] This example shows how to configure the interface for VRF blue forwarding: Router(config-if)# ip vrf forwarding blue Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-21 OL-11439-03...
Page 350: Sample Configurations For Mvpn
MVPN Router boot system flash slot0: logging snmp-authfail ip subnet-zero no ip domain-lookup ip host tftp 223.255.254.238 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-22 OL-11439-03...
Page 351 209.255.255.14 255.255.255.255 interface Loopback10 ip vrf forwarding mvpn-cus1 ip address 210.101.255.14 255.255.255.255 interface Loopback11 ip vrf forwarding mvpn-cus1 ip address 210.111.255.14 255.255.255.255 ip pim sparse-dense-mode Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-23 OL-11439-03...
Page 352: Mvpn Configuration With Default And Data Mdts
226.2.2.1 mdt data 226.2.2.128 0.0.0.7 ip vrf v3 rd 3:3 route-target export 3:3 route-target import 3:3 mdt default 226.3.3.1 mdt data 226.3.3.128 0.0.0.7 ip vrf v4 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-24 OL-11439-03...
Page 353 155.255.255.33 255.255.255.255 ip pim sparse-mode interface Loopback44 no ip address interface Loopback111 ip vrf forwarding v1 ip address 1.1.1.1 255.255.255.252 ip pim sparse-dense-mode ip ospf network point-to-point Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-25 OL-11439-03...
Page 354 155.0.0.0 0.255.255.255 area 155 network 157.155.1.0 0.0.0.255 area 0 router ospf 33 vrf v3 router-id 155.255.255.33 log-adjacency-changes network 155.255.255.33 0.0.0.0 area 155 router ospf 1 log-adjacency-changes Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-26 OL-11439-03...
Page 355 185.255.255.11 connect-source Loopback11 ip msdp vrf v1 cache-sa-state ip access-list standard MCAST.ANYCAST.CE permit 2.2.2.2 ip access-list standard MCAST.ANYCAST.PE permit 1.1.1.1 ip access-list standard MCAST.BOUNDARY.VRF.v1 deny 226.192.1.1 permit any Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-27 OL-11439-03...
Page 356 MCAST.MVPN.MDT.v3 permit 226.3.0.0 0.0.255.255 ip access-list standard MCAST.MVPN.RP.v4 permit 227.0.0.0 0.255.255.255 access-list 1 permit 226.1.1.1 access-list 2 deny 226.1.1.1 access-list 2 permit any Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 22-28 OL-11439-03...
Page 357: Configuring Ip Unicast Layer 3 Switching
This chapter describes how to configure IP unicast Layer 3 switching on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The Release 12.2 publications at this URL:...
Page 358: Understanding Hardware Layer 3 Switching
• Hardware NetFlow switching for TCP intercept, reflexive ACL forwarding decisions • Hardware Cisco Express Forwarding (CEF) switching for all other IP unicast traffic • The PISA forwards traffic that cannot be Layer 3 switched. Traffic is hardware Layer 3 switched after being processed by access lists and quality of service (QoS).
Page 359 MAC = Dd MSFC Host B MAC = Aa 171.59.3.1 Subnet 1/Sales Host A MAC = Cc 171.59.1.2 Data 171.59.1.2:171.59.2.2 Aa:Dd Host C 171.59.2.2 Data 171.59.1.2:171.59.2.2 Dd:Cc Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 23-3 OL-11439-03...
Page 360: Default Hardware Layer 3 Switching Configuration
L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes 4046399 packets input, 349370039 bytes, 0 no buffer Received 3795255 broadcasts, 2 runts, 0 giants, 0 throttles <...output truncated...> Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 23-4 OL-11439-03...
Page 361: Displaying Hardware Layer 3 Switching Statistics
The Layer 3 switching packet count is updated approximately every five seconds. Note Cisco IOS CEF and dCEF are permanently enabled. No configuration is required to support hardware Layer 3 switching. Hardware Layer 3 switching uses per-flow load balancing based on IP source and destination addresses.
Page 362 Displaying Hardware Layer 3 Switching Statistics Protocol Interface Address GigabitEthernet9/5 172.20.53.206(11) 504 packets, 6110 bytes 00605C865B82 000164F83FA50800 03:49:31 Adjacency statistics are updated approximately every 60 seconds. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 23-6 OL-11439-03...
Page 363: Configuring Ipv6 Multicast Pfc3B Layer 3 Switching
Chapter 33, “Configuring Denial of Service Protection.” • IPv6 Multicast: Bootstrap Router (BSR)—See the BSR information in the Cisco IOS IPv6 • Configuration Guide Cisco IOS IPv6 Command Reference. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 24-1 OL-11439-03...
Page 364: Ipv6 Multicast Guidelines And Restrictions
IPv6 multicast automatic tunnels IPv6 over GRE tunnels – IPv6-in-IPv6 PIM register tunnels – IPv6 multicast basic ISATAP tunnels – ISATAP tunnels with embedded 6to4 tunnels – Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 24-2 OL-11439-03...
Page 365: New Or Changed Ipv6 Multicast Commands
Configuring IPv6 Multicast PFC3B Layer 3 Switching New or Changed IPv6 Multicast Commands New or Changed IPv6 Multicast Commands Refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY for information about these IPv6 multicast commands: ipv6 mfib hardware-switching •...
Page 366: Verifying Mfib Clients
Verifying the (S,G) Forwarding Capability This example shows how to verify the (S,G) forwarding: Router# show platform software ipv6-multicast capability | include (S,G) (S,G) forwarding for IPv6 supported using Netflow Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 24-4 OL-11439-03...
Page 367: Verifying The (*,G) Forwarding Capability
This example shows how to display the replication mode capabilities of the installed modules: Router# show platform software ipv6-multicast capability | begin ^Slot Slot Replication-Capability Replication-Mode 1 Ingress Ingress 2 Egress Ingress 6 Egress Ingress 8 Ingress Ingress Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 24-5 OL-11439-03...
Page 368: Displaying Subnet Entries
This example shows how to display the NetFlow hardware forwarding count: Router# show platform software ipv6-multicast summary IPv6 Multicast Netflow SC summary on Slot[1]: Shortcut Type Shortcut count ---------------------------+-------------- (S, G) (*, G) <...Output deleted...> Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 24-6 OL-11439-03...
Page 369: Displaying The Fib Hardware Bridging And Drop Counts
Subnet bridge adjacency 0x7F802 Control bridge adjacency StarG_M bridge adjacency S_G bridge adjacency Default drop adjacency StarG (spt == INF) adjacency StarG (spt != INF) adjacency Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 24-7 OL-11439-03...
Page 370 Subnet bridge adjacency 0x7F802 Control bridge adjacency StarG_M bridge adjacency S_G bridge adjacency Default drop adjacency 28237 3146058 StarG (spt == INF) adjacency StarG (spt != INF) adjacency Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 24-8 OL-11439-03...
Page 371: Configuring Ipv4 Multicast Layer 3 Switching
This chapter describes how to configure IPv4 multicast Layer 3 switching on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The Release 12.2 publications at this URL:...
Page 372: Ipv4 Multicast Layer 3 Switching Overview
IPv4 Multicast Layer 3 Switching Overview The Policy Feature Card 3B (PFC3B) provides Layer 3 switching for IP multicast flows using the hardware replication table and hardware Cisco Express Forwarding (CEF), which uses the forwarding information base (FIB) and the adjacency table on the PFC3B.
Page 373: Layer 3-Switched Multicast Packet Rewrite
These sections describe partially and completely switched flow: Partially Switched Flows, page 25-4 • Completely Switched Flows, page 25-4 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-3 OL-11439-03...
Page 374 PISA. The PISA updates the corresponding multicast routing table entry and resets the expiration timer for that multicast route. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-4...
Page 375: Non-Rpf Traffic Processing
ACLs automatically download to the PFC3B and are applied to the interface you specify: access-list 100 permit ip A.B.C.0 0.0.0.255 any access-list 100 permit ip A.B.D.0 0.0.0.255 any access-list 100 permit ip any 224.0.0.0 0.0.0.255 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-5 OL-11439-03...
Page 376: Understanding How Ipv4 Bidirectional Pim Works
“Configuring IPv4 Bidirectional PIM” section on page 25-18. Default IPv4 Multicast Layer 3 Switching Configuration Table 25-1 shows the default IP multicast Layer 3 switching configuration. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-6 OL-11439-03...
Page 377: Ipv4 Multicast Layer 3 Switching Configuration Guidelines And Restrictions
A (*,G) entry is not hardware switched if at least one (S,G) entry has an RPF different from the (*,G) • entry’s RPF and the (S,G) is not hardware switched. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-7 OL-11439-03...
Page 378: Unsupported Features
Redundancy for Multicast Traffic, page 25-23 • When you are in configuration mode you can enter EXEC mode commands by entering the do keyword Note before the EXEC mode command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-8 OL-11439-03...
Page 379: Source-Specific Multicast With Igmpv3, Igmp V3Lite, And Urd
Layer 3 interfaces. For complete information and procedures, refer to these publications: • Cisco IOS IP and IP Routing Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/fipr_c.html • Cisco IOS IP and IP Routing Command Reference, Release 12.1, at this URL: http://www.cisco.com/en/US/docs/ios/12_2/ipaddr/command/reference/fipras_r.html...
Page 380: Enabling Ip Multicast Layer 3 Switching Globally
= ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable IP multicast Layer 3 switching on a Layer 3 interface: Router(config-if)# mls ip multicast Router(config-if)# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-10 OL-11439-03...
Page 381: Specifying The Maximum Number Of Multicast Routes
Router(config)# no mls ip multicast threshold This example shows how to configure the Layer 3 switching threshold to 10 packets per second: Router(config)# mls ip multicast threshold 10 Router(config)# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-11 OL-11439-03...
Page 382: Enabling Installation Of Directly Connected Subnets
When you enable the shortcut-consistency checking feature, the multicast route table and the multicast-hardware entries are checked for consistency, and any inconsistencies are corrected. You can view inconsistencies by entering the show mls ip multicast consistency-check command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-12 OL-11439-03...
Page 383: Configuring Acl-Based Filtering Of Rpf Failures
This example shows how to display RPF failure rate-limiting information: Router# show mls ip multicast summary 10004 MMLS entries using 1280464 bytes of memory Number of partial hardware-switched flows:4 Number of complete hardware-switched flows:10000 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-13 OL-11439-03...
Page 384: Displaying Ipv4 Multicast Layer 3 Hardware Switching Summary
Router# The -tive counter means that the outgoing interface list of the corresponding entry is NULL, and this Note indicates that this flow is still active. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-14 OL-11439-03...
Page 385 0 runts, 41 giants, 0 throttles 41 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 198 packets output, 14732 bytes, 0 underruns Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-15 OL-11439-03...
Page 386: Displaying The Ipv4 Multicast Routing Table
The RPF-MFD flag indicatesthat the flow is completely switched by the hardware. The H flag indicates Note the flow is switched by the hardware on the outgoing interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-16 OL-11439-03...
Page 387: Displaying Ipv4 Multicast Layer 3 Switching Statistics
(10.1.0.11, 224.2.2.11) Incoming interface: Vlan10, Packets switched: 0 Hardware switched outgoing interfaces: MFD installed: Vlan10 (10.1.0.10, 224.2.2.10) Incoming interface: Vlan10, Packets switched: 2744 Hardware switched outgoing interfaces: MFD installed: Vlan10 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-17 OL-11439-03...
Page 388: Configuring Ipv4 Bidirectional Pim
Purpose Enables IPv4 bidirectional PIM globally on the switch. Router(config)# ip pim bidir-enable Disables IPv4 bidirectional PIM globally on the switch. Router(config)# no ip pim bidir-enable Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-18 OL-11439-03...
Page 389: Configuring The Rendezvous Point For Ipv4 Bidirectional Pim Groups
Router(config)# no mls ip multicast bidir gm-scan-interval This example shows how to set the IPv4 bidirectional PIM RP RPF scan interval: Router(config)# mls ip multicast bidir gm-scan-interval 30 Router(config)# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-19 OL-11439-03...
Page 390: Displaying Ipv4 Bidirectional Pim Information
GigabitEthernet2/1, Bidir-Upstream/Sparse-Dense, 00:00:04/00:00:00,H Vlan30, Forward/Sparse-Dense, 00:00:04/00:02:55, H (*, 225.1.4.1), 00:00:00/00:02:59, RP 3.3.3.3, flags:BC Bidir-Upstream:GigabitEthernet2/1, RPF nbr 10.53.1.7, RPF-MFD Outgoing interface list: GigabitEthernet2/1, Bidir-Upstream/Sparse-Dense, 00:00:00/00:00:00,H Vlan30, Forward/Sparse-Dense, 00:00:00/00:02:59, H Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-20 OL-11439-03...
Page 391 State:H - Hardware Switched, I - Install Pending, D - Delete Pending, Z - Zombie RP Address State State 60.0.0.60 Vl131 60.0.0.60 Vl151 60.0.0.60 Vl415 60.0.0.60 Gi4/16 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-21 OL-11439-03...
Page 392: Using Ipv4 Debug Commands
PISA, the VLAN, the multicast group address, or the multicast traffic source. For an example of the show mls ip multicast statistics command, see the “Displaying IPv4 Multicast Layer 3 Switching Statistics” section on page 25-17. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-22 OL-11439-03...
Page 393: Redundancy For Multicast Traffic
You do not need to configure anything else for multicast when the unicast routing protocol is working as expected and PIM is configured on all the Layer 3 links associated with the unicast routing protocol. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-23 OL-11439-03...
Page 394 Chapter 25 Configuring IPv4 Multicast Layer 3 Switching Configuring IPv4 Bidirectional PIM Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 25-24 OL-11439-03...
Page 395: Configuring Mldv2 Snooping For Ipv6 Multicast Traffic
IPv6 multicast traffic on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note • Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html •...
Page 396: Mldv2 Snooping Overview
Filter mode change record (unsolicited)—Sent by a host to change the INCLUDE or EXCLUDE – mode of one or more multicast groups. – Source list change record (unsolicited)—Sent by a host to change information about multicast sources. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-2 OL-11439-03...
Page 397: Source-Based Filtering
Proxy reporting forwards only the first report for a multicast group to the router and suppresses all other reports for the same multicast group. Proxy reporting processes solicited and unsolicited reports. Proxy reporting is enabled and cannot be disabled. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-3 OL-11439-03...
Page 398: Joining An Ipv6 Multicast Group
5 (all members of the same VLAN). Host 1 wants to join an IPv6 multicast group and multicasts an MLDv2 report to the group with the equivalent MAC destination address of 0x0100.5E01.0203. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-4...
Page 399 Host 2 Host 3 Host 4 Table 26-2 Updated MLDv2 Snooping Forwarding Table Destination MAC Address Type of Packet Ports 0100.5exx.xxxx MLDv2 0100.5e01.0203 !MLDv2 1, 2, 5 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-5 OL-11439-03...
Page 400: Leaving A Multicast Group
If the source lists do not match, the switch does not remove the host from the LTL index until the host is no longer interested in receiving traffic from any source. Note Disabling explicit host tracking disables fast-leave processing and proxy reporting. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-6 OL-11439-03...
Page 401: Understanding The Mldv2 Snooping Querier
MLDv2 protocol. MLDv2 protocol messages are Internet Control Message Protocol version 6 (ICMPv6) messages. • • MLDv2 message formats are almost identical to IGMPv3 messages. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-7 OL-11439-03...
Page 402: Mldv2 Snooping Querier Configuration Guidelines And Restrictions
Configuring MLDv2 Snooping for IPv6 Multicast Traffic MLDv2 Snooping Querier Configuration Guidelines and Restrictions IPv6 multicast for Cisco IOS software uses MLD version 2. This version of MLD is fully • backward-compatible with MLD version 1 (described in RFC 2710). Hosts that support only MLD version 1 interoperate with a router running MLD version 2.
Page 403: Configuring Mldv2 Snooping
Router(config)# no ipv6 mld snooping Step 2 Exits configuration mode. Router(config)# end Step 3 Verifies the configuration. Router# show ipv6 mld interface vlan vlan_ID | include globally Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-9 OL-11439-03...
Page 404: Configuring A Static Connection To A Multicast Receiver
MAC address from also being sent to other ports in the same VLAN. This example shows how to configure a static connection to a multicast receiver: Router(config)# mac-address-table static 0050.3e8d.6400 vlan 12 interface fastethernet 5/7 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-10 OL-11439-03...
Page 405: Configuring A Multicast Router Port Statically
Router(config-if)# ipv6 mld snooping last-member-query-interval 1000 Router(config-if)# exit Router# show ipv6 mld interface vlan 200 | include last MLD snooping last member query response interval is 1000 ms Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-11 OL-11439-03...
Page 406: Enabling Fast-Leave Processing
Clears the configuration. Router(config-if)# no ipv6 mld snooping ssm-safe-reporting This example shows how to SSM safe reporting: Router(config)# interface vlan 10 Router(config-if)# ipv6 mld snooping ssm-safe-reporting Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-12 OL-11439-03...
Page 407: Configuring Explicit Host Tracking
Router(config)# interface vlan 25 Router(config-if)# ipv6 mld snooping report-suppression Router(config-if)# end Router# Router# show ipv6 mld interface vlan 25 | include report-suppression MLD snooping report-suppression is enabled Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-13 OL-11439-03...
Page 408: Displaying Mldv6 Snooping Information
This example shows how to display a total count of MAC address entries for a VLAN: Router# show mac-address-table multicast 1 count Multicast MAC Entries for vlan 1: Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-14 OL-11439-03...
Page 409 Router# show ipv6 mld snooping statistics interface vlan 25 Snooping staticstics for Vlan25 #channels:2 #hosts Source/Group Interface Reporter Uptime Last-Join Last-Leave 10.1.1.1/226.2.2.2 Gi1/2:Vl25 16.27.2.3 00:01:47 00:00:50 10.2.2.2/226.2.2.2 Gi1/2:Vl25 16.27.2.3 00:01:47 00:00:50 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-15 OL-11439-03...
Page 410 Chapter 26 Configuring MLDv2 Snooping for IPv6 Multicast Traffic Configuring MLDv2 Snooping Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 26-16 OL-11439-03...
Page 411: Configuring Igmp Snooping For Ipv4 Multicast Traffic
IPv4 multicast traffic on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note • Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html •...
Page 412: Igmp Snooping Overview
IGMP snooping learning. Multicast group membership lists can consist of both static and IGMP snooping-learned settings. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-2 OL-11439-03...
Page 413 27-2. Because the forwarding table directs IGMP messages only to the CPU, the message is not flooded to other ports. Any known multicast traffic is forwarded to the group and not to the CPU. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-3 OL-11439-03...
Page 414: Leaving A Multicast Group
If the leave message was from the only remaining interface with hosts interested in the group and IGMP snooping does not receive an IGMP Join in response to the general Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-4...
Page 415: Understanding The Igmp Snooping Querier
VLAN and either allows or blocks traffic based on the following information in these messages: Source lists • Allow (include) or block (exclude) filtering options • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-5 OL-11439-03...
Page 416 5 minutes and relearned to ensure that they are still valid. Turning off explicit host tracking disables fast-leave processing and proxy reporting. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-6 OL-11439-03...
Page 417: Default Igmp Snooping Configuration
IGMP Snooping Configuration Guidelines and Restrictions When configuring IGMP snooping, follow these guidelines and restrictions: To support Cisco Group Management Protocol (CGMP) client devices, configure the PISA as a • CGMP server. Refer to the Cisco IOS IP Configuration Guide, Release 12.2, “Configuring IP Multicast Routing,”...
Page 418: Igmp Snooping Querier Configuration Guidelines And Restrictions
Command Purpose Step 1 Selects the VLAN interface. Router(config)# interface vlan vlan_ID Step 2 Configures the IP address and IP subnet. Router(config-if)# ip address ip_address subnet_mask Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-8 OL-11439-03...
Page 419: Configuring Igmp Snooping
• Displaying IGMP Snooping Information, page 27-14 • Except for the ip igmp snooping command, all IGMP snooping commands are supported only on VLAN Note interfaces. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-9 OL-11439-03...
Page 420: Enabling Igmp Snooping
IGMP snooping fast-leave is disabled and querier is disabled IGMP snooping explicit-tracking is enabled on this interface IGMP snooping last member query interval on this interface is 1000 ms Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-10 OL-11439-03...
Page 421: Configuring The Igmp Snooping Query Interval
When both IGMP fast-leave processing and the IGMP query interval are configured, fast-leave Note processing takes precedence. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-11 OL-11439-03...
Page 422: Enabling Igmp Fast-Leave Processing
Configuring Source Specific Multicast (SSM) Mapping Do not configure SSM mapping in a VLAN that supports IGMPv3 multicast receivers. Note To configure SSM mapping, refer to this publication: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtssmma.html Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-12 OL-11439-03...
Page 423: Configuring Igmpv3 Explicit Host Tracking
Router(config-if)# ip igmp snooping explicit-tracking Router(config-if)# end Router# show ip igmp snooping explicit-tracking vlan 25 Source/Group Interface Reporter Filter_mode ------------------------------------------------------------------------ 10.1.1.1/226.2.2.2 Vl25:1/2 16.27.2.3 INCLUDE 10.2.2.2/226.2.2.2 Vl25:1/2 16.27.2.3 INCLUDE Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-13 OL-11439-03...
Page 424: Displaying Igmp Snooping Information
This example shows how to display a total count of MAC address entries for a VLAN: Router# show mac-address-table multicast 1 count Multicast MAC Entries for vlan 1: Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-14 OL-11439-03...
Page 425 To display IGMP snooping statistics, perform this task: Command Purpose Displays IGMP snooping information on a VLAN Router# show ip igmp snooping statistics interface vlan_ID interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-15 OL-11439-03...
Page 426 Router# show ip igmp snooping statistics interface vlan 25 Snooping statistics for Vlan25 #channels:2 #hosts Source/Group Interface Reporter Uptime Last-Join Last-Leave 10.1.1.1/226.2.2.2 Gi1/2:Vl25 16.27.2.3 00:01:47 00:00:50 10.2.2.2/226.2.2.2 Gi1/2:Vl25 16.27.2.3 00:01:47 00:00:50 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 27-16 OL-11439-03...
Page 427: Configuring Pim Snooping
Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How PIM Snooping Works, page 28-1 •...
Page 428 PIM Join Message Flow with PIM Snooping Router C Router D SP network (*, G) PIM join Router A Router B Receiver RP Source IGMP join Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 28-2 OL-11439-03...
Page 429 (Router A). Figure 28-4 Data Traffic Flow with PIM Snooping Router C Router D SP network G traffic Router A Router B Receiver RP Source Data Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 28-3 OL-11439-03...
Page 430: Default Pim Snooping Configuration
These sections describe how to configure PIM snooping: • Enabling PIM Snooping Globally, page 28-5 • Enabling PIM Snooping in a VLAN, page 28-5 • Disabling PIM Snooping Designated-Router Flooding, page 28-6 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 28-4 OL-11439-03...
Page 431: Enabling Pim Snooping Globally
Router# show ip pim snooping vlan 10 3 neighbors (0 DR priority incapable, 0 Bi-dir incapable) 6 mroutes, 3 mac entries DR is 10.10.10.4 RP DF Set Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 28-5 OL-11439-03...
Page 432: Disabling Pim Snooping Designated-Router Flooding
Verifies the configuration. Router# show running-config | include dr-flood This example shows how to disable PIM snooping designated-router flooding: Router(config)# no ip pim snooping dr-flood Router(config)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 28-6 OL-11439-03...
Page 433: Configuring Rgmp
To disable RGMP on a router, the router must send an RGMP bye message to the Catalyst 6500 series switch. Table 29-1 provides a summary of the RGMP packet types. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 29-1 OL-11439-03...
Page 434: Default Rgmp Configuration
CGMP is not supported in networks where RGMP is enabled on routers. You cannot enable both • RGMP and CGMP on a Layer 3 interface. If RGMP is enabled on a Layer 3 interface, CGMP is silently disabled and vice versa. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 29-2 OL-11439-03...
Page 435: Enabling Rgmp On Layer 3 Interfaces
PIMv2 bootstrap router (BSR) in an RGMP-controlled network. – RGMP in Cisco network devices operates on MAC addresses, not on IP multicast addresses. Because multiple IP multicast addresses can map to one MAC address (see RFC 1112), RGMP cannot differentiate between the IP multicast groups that might map to a MAC address.
Page 436 Chapter 29 Configuring RGMP Enabling RGMP on Layer 3 Interfaces Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 29-4 OL-11439-03...
Page 437: Configuring Network Security
Note For complete syntax and usage information for the commands used in this chapter, refer to these publications: • The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The Release 12.2 publications at this URL: •...
Page 438: Configuring Tcp Intercept
Configuring Unicast RPF Check, page 30-3 • Understanding PFC3B Unicast RPF Check Support For a complete explanation of how Unicast RPF check works, refer to the Cisco IOS Security Configuration Guide, Release 12.2, “Other Security Features,” “Configuring Unicast Reverse Path Forwarding” at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrpf.html...
Page 439: Unicast Rpf Check Guidelines And Restrictions
Exist-only check mode, which only verifies that the source IP address exists in the FIB table. • The most recently configured mode is automatically applied to all ports configured for Unicast RPF Note check. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 30-3 OL-11439-03...
Page 440 This example shows how to verify the configuration: Router# show running-config interface gigabitethernet 4/2 Building configuration... Current configuration : 114 bytes interface GigabitEthernet4/2 ip address 42.0.0.1 255.0.0.0 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 30-4 OL-11439-03...
Page 441 (these packets always pass the Unicast RPF check). This example shows how to configure punt as the multiple path RPF check mode: Router(config)# mls ip cef rpf mpath punt Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 30-5 OL-11439-03...
Page 442 = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable self-pinging: Router(config)# interface gigabitethernet 4/1 Router(config-if)# ip verify unicast source reachable-via any allow-self-ping Router(config-if)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 30-6 OL-11439-03...
Page 443: Understanding Cisco Ios Acl Support
Chapter 32, “Configuring VLAN ACLs”). • Each type of ACL (IP, IPX, and MAC) filters only traffic of the corresponding type. A Cisco IOS • MAC ACL never matches IP or IPX traffic. The PFC3B does not provide hardware support for Cisco IOS IPX ACLs. Cisco IOS IPX ACLs are •...
Page 444: Hardware And Software Acl Support
IP accounting for an ACL access violation on a given port is supported by forwarding all denied • packets for that port to the PISA for software processing without impacting other flows. The PFC3B does not provide hardware support for Cisco IOS IPX ACLs. Cisco IOS IPX ACLs are • supported in software on the PISA.
Page 445: Optimized Acl Logging With A Pfc3B
ACLs used to filter traffic for other features (for example, QoS) – Exception packets (for example, TTL failure and MTU failure) – Packets with IP options Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 31-3 OL-11439-03...
Page 446: Configuring Oal
Range: 5–86,400 (1440 minutes or 24 hours, entered without commas). – Default: 300 seconds (5 minutes). – Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 31-4 OL-11439-03...
Page 447: Guidelines And Restrictions For Using Layer 4 Operators In Acls
These sections describe guidelines and restrictions when configuring ACLs that include Layer 4 port operations: Determining Layer 4 Operation Usage, page 31-6 • Determining Logical Operation Unit Usage, page 31-6 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 31-5 OL-11439-03...
Page 448: Determining Layer 4 Operation Usage
LOU • For example, this ACL would use a single LOU to store two different operator-operand couples: ... Src gt 10 ..Dst gt 10 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 31-6 OL-11439-03...
Page 449 LOU 2 stores “gt 11” and “neq 6” • • LOU 3 stores “gt 20” (with space for one more) • LOU 4 stores “range 11 13” (range needs the entire LOU) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 31-7 OL-11439-03...
Page 450 Chapter 31 Understanding Cisco IOS ACL Support Guidelines and Restrictions for Using Layer 4 Operators in ACLs Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 31-8 OL-11439-03...
Page 451: Configuring Vlan Acls
VACLs can provide access control for all packets that are bridged within a VLAN or that are routed into or out of a VLAN or a WAN interface for VACL capture. Unlike regular Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface.
Page 452: Bridged Packets
Layer 3-switched packets, the ACLs are applied in the following order: VACL for input VLAN Input Cisco IOS ACL Output Cisco IOS ACL VACL for output VLAN Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-2 OL-11439-03...
Page 453 Applying VACLs on Routed Packets Routed Output IOS ACL Input IOS ACL MSFC VACL Bridged Bridged VACL Supervisor Engine Host B Host A (VLAN 20) (VLAN 10) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-3 OL-11439-03...
Page 454: Multicast Packets
Configuring a Match Clause in a VLAN Access Map Sequence, page 32-6 • Configuring an Action Clause in a VLAN Access Map Sequence, page 32-7 • Applying a VLAN Access Map, page 32-8 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-4 OL-11439-03...
Page 455: Vacl Configuration Overview
Configuring a Capture Port, page 32-9 • VACL Configuration Overview VACLs use standard and extended Cisco IOS IP and IPX ACLs, and MAC Layer-named ACLs (see the “Configuring MAC ACLs” section on page 38-54) and VLAN access maps. VLAN access maps can be applied to VLANs or to WAN interfaces for VACL capture. VACLs attached to WAN interfaces support only standard and extended Cisco IOS IP ACLs.
Page 456: Defining A Vlan Access Map
When configuring a match clause in a VLAN access map sequence, note the following information: You can select one or more ACLs. • VACLs attached to WAN interfaces support only standard and extended Cisco IOS IP ACLs. • Use the no keyword to remove a match clause or specified ACLs in the clause.
Page 457: Configuring An Action Clause In A Vlan Access Map Sequence
VACLs applied to WAN interfaces support only the forward capture action. VACLs applied to WAN interfaces do not support the drop, forward, or redirect actions. Forwarded packets are still subject to any configured Cisco IOS security ACLs. • The capture action sets the capture bit for the forwarded packets so that ports with the capture •...
Page 458: Applying A Vlan Access Map
VACLs and VLANs. 1. type = pos, atm, or serial 2. number = slot/port or slot/port_adapter/port; can include a subinterface or channel group descriptor Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-8 OL-11439-03...
Page 459: Vlan Access Map Configuration And Verification Examples
“Configuring the Layer 2 Switching Port as an ISL or 802.1Q Trunk” section on page 8-8 and the “Configuring the Layer 2 Trunk Not to Use DTP” section on page 8-9). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-9 OL-11439-03...
Page 460 A VACL is not active if the VLAN does not have an interface. Router# show vlan filter VLAN Map mordred: Configured on VLANs: 2,4-6 Active on VLANs: 2,4-6 Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-10 OL-11439-03...
Page 461: Configuring Vacl Logging
This example shows how to configure global VACL logging in hardware: Router(config)# vlan access-log maxflow 800 Router(config)# vlan access-log ratelimit 2200 Router(config)# vlan access-log threshold 4000 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-11 OL-11439-03...
Page 462 Chapter 32 Configuring VLAN ACLs Configuring VACL Logging Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 32-12 OL-11439-03...
Page 463: Configuring Denial Of Service Protection
Cisco IOS Security Command Reference, Release 12.2, at this URL • http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html •...
Page 464: Understanding How Dos Protection Works
Use security ACLs if an attack is detected from a particular host. In this example, the host 10.1.1.10 and all traffic from that host is denied: Router(config)# access-list 101 deny ip host 10.1.1.10 any Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-2 OL-11439-03...
Page 465 ACL and drops the packet before it causes damage. When the Catalyst 6500 series switch is used with a Cisco Intrusion Detection Module (CIDM), you can dynamically install the security ACL as a response to the detection of the attack by the sensing engine.
Page 466 Two factors determine when aggressive behavior on the switch begins and ends: The total incomplete connections • Connection requests during the last one-minute sample period • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-4 OL-11439-03...
Page 467 This example shows how to display the available keywords to use with the mls qos protocol arp command: Router(config)# mls qos protocol arp ? pass-through pass-through keyword police police keyword precedence change ip-precedence(used to map the dscp to cos value) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-5 OL-11439-03...
Page 468 ICMP redirects • ICMP unreachable (ACL drop) • No-route (FIB miss) • VACL log • TTL failure • MTU failure • • Multicast IPv4 • Multicast IPv6 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-6 OL-11439-03...
Page 469 This example shows how to rate limit the uRPF check failure packets sent to the PISA to 100000 pps with a burst of 100 packets: Router(config)# mls rate-limit unicast ip rpf-failure 100000 100 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-7 OL-11439-03...
Page 470 (ARP) and requires that it be sent to the PISA. This situation occurs when traffic enters a port and contains the destination of a host on a subnet that is locally connected to the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-8...
Page 471 This example shows how to rate limit logging requests to 5000 pps (the range for this rate limiter is from 10 to 5000 pps): Router(config)# mls rate-limit unicast acl vacl-log 5000 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-9 OL-11439-03...
Page 472 This example shows how to rate limit Layer 2 protocol tunneling packets to 10000 pps with a burst of 10 packets: Router(config)# mls rate-limit layer2 l2pt 10000 10 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-10 OL-11439-03...
Page 473 IPv6 Multicast This rate limiter limits the IPv6 multicast packets. Table 33-1 lists the IPv6 rate limiters and the class of traffic that each rate limiter serves. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-11 OL-11439-03...
Page 474 Router(config)# mls rate-limit multicast ipv6 connected 1500 20 This example shows how to configure a direct association of the rate limiters for a traffic class: Router(config)# mls rate-limit multicast ipv6 default-drop 1000 20 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-12 OL-11439-03...
Page 475: Dos Protection Default Configuration
100000 pps, burst of 100 packets Multicast Directly Connected Multicast Non-RPF Multicast IPv6 If the packets-in-burst is not set, a default of 100 is programmed for multicast cases. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-13 OL-11439-03...
Page 476: Dos Protection Configuration Guidelines And Restrictions
When capturing traffic, these restrictions apply: The incoming captured traffic is not filtered. • The incoming captured traffic is not rate limited to the capture destination. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-14 OL-11439-03...
Page 477 0 -- --- 0-0 M 18404 0.0.0.0 0.0.0.0 0 ---- 0 R rslt: L3_DENY_RESULT rtr_rslt: L3_DENY_RESULT V 36828 0.0.0.0 0.0.0.0 ------ 0 ---- 0 0 -- --- 0-0 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-15 OL-11439-03...
Page 478 DNS, to another interface. Also, VACL capture granularity is only applicable to traffic switched locally; you cannot preserve the granularity if you direct traffic to a remote switch. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-16...
Page 479: Displaying Rate-Limiter Information
MCAST IP OPTION UCAST IP OPTION LAYER_2 PDU LAYER_2 PT IP ERRORS Group:0 S CAPTURE PKT MCAST IGMP MCAST IPv6 DIRECT CON MCAST IPv6 *G M BRIDG Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-17 OL-11439-03...
Page 480: Understanding How Control Plane Policing Works
CoPP policy for packets matching the rate-limiter criteria. The traffic managed by the PISA is divided into three functional components or planes: Data plane • • Management plane • Control plane Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-18 OL-11439-03...
Page 481: Copp Default Configuration
CPU traffic. • CoPP is performed on a per-forwarding-engine basis and software CoPP is performed on an aggregate basis. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-19 OL-11439-03...
Page 482: Configuring Copp
Step 5 Enters the control plane configuration mode. Router(config)# control-plane Router(config-cp)# Step 6 Applies the QoS service policy to the control Router(config-cp)# service-policy input service-policy-name plane. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-20 OL-11439-03...
Page 483: Monitoring Copp
5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 130 police: 96000 bps, 3125 limit, 3125 extended limit conformed 0 packets, 0 bytes; action: transmit Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-21 OL-11439-03...
Page 484: Defining Traffic Classification
• Management—Necessary, frequently used traffic that is required during day-to-day operations. For example, traffic used for remote network access, and Cisco IOS image upgrades and management, such as Telnet, secure shell (SSH), network time protocol (NTP), simple network management protocol (SNMP), terminal access controller access control system (TACACS), hypertext transfer protocol (HTTP), trivial file transfer protocol (TFTP), and file transfer protocol (FTP).
Page 485: Traffic Classification Guidelines
Reporting—Traffic used for generating network performance statistics for the purpose of reporting. • For example, using Cisco IOS IP service level agreements (SLAs) to generate ICMP with different DSCP settings in order to report on response times within different QoS data classes.
Page 486: Sample Basic Acls For Copp Traffic Classification
Router(config)# access-list 122 permit icmp any any port-unreachable This example shows how to permit receipt of responses to the switch that originated the pings: Router(config)# access-list 122 permit icmp any any echo-reply Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-24 OL-11439-03...
Page 487: Configuring Sticky Arp
ARP broadcasts. If you attempt to override the sticky ARP configuration, you will receive an error message. For a complete description of the system error messages, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS System Message Guide, Release 12.2ZY at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/system/messages/sysmsg.html...
Page 488 Chapter 33 Configuring Denial of Service Protection Configuring Sticky ARP Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 33-26 OL-11439-03...
Page 489: Configuring Dhcp Snooping
• Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h Overview of DHCP Snooping DHCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database (also referred to as a DHCP snooping binding table).
Page 490: Dhcp Snooping Option-82 Data Insertion
DHCP server do not reside on the same IP network or subnet, a DHCP relay agent is configured with a helper address to enable broadcast forwarding and to transfer DHCP messages between the clients and the server. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-2 OL-11439-03...
Page 491 – Remote ID suboption fields • Suboption type – Length of the suboption type – Remote ID type – Length of the circuit ID type – Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-3 OL-11439-03...
Page 492: Overview Of The Dhcp Snooping Database Agent
Each entry in the file is tagged with a checksum that is used to validate the entries whenever the file is read. The <initial-checksum> entry on the first line helps distinguish entries associated with the latest write from entries that are associated with a previous write. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-4 OL-11439-03...
Page 493: Default Configuration For Dhcp Snooping
DHCP snooping information option Enabled DHCP option 82 on untrusted port feature Disabled DHCP snooping limit rate None DHCP snooping trust Untrusted DHCP snooping vlan Disabled Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-5 OL-11439-03...
Page 494: Dhcp Snooping Configuration Guidelines And Restrictions
Before globally enabling DHCP snooping on the switch, make sure that the devices acting as the • DHCP server and the DHCP relay agent are configured and enabled. For DHCP server configuration information, refer to “Configuring DHCP” in the Cisco IOS IP and • IP Routing Configuration Guide at: http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfdhcp.html...
Page 495: Enabling Dhcp Snooping Globally
ARP entries in the ARP table will be checked against a nonexistent DHCP database. When DHCP snooping is disabled or in non-DHCP environments, use ARP ACLs to permit or to deny ARP packets. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-7...
Page 496: Enabling Dhcp Option-82 Data Insertion
Disables the DHCP option 82 on untrusted port feature. Router(config)# no ip dhcp snooping information option allow-untrusted Step 2 Verifies the configuration. Router(config)# do show ip dhcp snooping Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-8 OL-11439-03...
Page 497: Enabling Dhcp Snooping Mac Address Verification
Router(config)# ip dhcp snooping vlan {{vlan_ID [vlan_ID]} | {vlan_range} Disables DHCP snooping. Router(config)# no ip dhcp snooping Step 2 Verifies the configuration. Router(config)# do show ip dhcp snooping Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-9 OL-11439-03...
Page 498 DHCP snooping is configured on the following Interfaces: Insertion of option 82 is enabled Verification of hwaddr field is enabled Interface Trusted Rate limit (pps) ------------------------ ------- ---------------- Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-10 OL-11439-03...
Page 499: Configuring The Dhcp Trust State On Layer 2 Lan Interfaces
Router(config-if)# no ip dhcp snooping trust Router(config-if)# do show ip dhcp snooping | begin pps Interface Trusted Rate limit (pps) ------------------------ ------- ---------------- FastEthernet5/12 unlimited Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-11 OL-11439-03...
Page 500: Configuring Dhcp Snooping Rate Limiting On Layer 2 Lan Interfaces
Router# show ip dhcp snooping database [detail] database agent and statistics associated with the transfers. (Optional) Clears the statistics associated with the database Router# clear ip dhcp snooping database statistics agent. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-12 OL-11439-03...
Page 501: Configuration Examples For The Database Agent
Last Failed Reason : Unable to access URL. Total Attempts Startup Failures : Successful Transfers : Failed Transfers : Successful Reads Failed Reads Successful Writes Failed Writes Media Failures First successful access: Read Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-13 OL-11439-03...
Page 502 Step 3 Displays the read status. Router# show ip dhcp snoop data Step 4 Verifies whether the bindings were read successfully. Router# show ip dhcp snoop bind Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-14 OL-11439-03...
Page 503 GigabitEthernet1/1 Router# clear ip dhcp snoop bind Router# show ip dhcp snoop bind MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-15 OL-11439-03...
Page 504: Displaying A Binding Table
Binding type; dynamic binding learned by DHCP snooping or statically-configured binding. VLAN VLAN number of the client interface Interface Interface that connects to the DHCP client host Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 34-16 OL-11439-03...
Page 505: Configuring Dynamic Arp Inspection
Catalyst 6500 series switch. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding DAI, page 35-1 •...
Page 506: Understanding Arp Spoofing Attacks
Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before • updating the local ARP cache or before forwarding the packet to the appropriate destination Drops invalid ARP packets • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-2 OL-11439-03...
Page 507: Interface Trust States And Network Security
Connectivity between Host 1 and Host 2 is lost. Figure 35-2 ARP Packet Validation on a VLAN Enabled for DAI DHCP server Port 6/3 Port 3/3 Host 1 Host 2 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-3 OL-11439-03...
Page 508: Rate Limiting Of Arp Packets
Each log entry contains flow information, such as the receiving VLAN, the port number, the source and destination IP addresses, and the source and destination MAC addresses. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-4...
Page 509: Default Dai Configuration
ARP requests and ARP responses. Make sure to enable DHCP snooping to permit ARP packets that have dynamically assigned IP addresses. For configuration information, see Chapter 34, “Configuring DHCP Snooping.” Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-5 OL-11439-03...
Page 510: Configuring Dai
• Enabling DAI Error-Disabled Recovery, page 35-10 • Enabling Additional Validation, page 35-11 • Configuring DAI Logging, page 35-12 • Displaying DAI Information, page 35-15 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-6 OL-11439-03...
Page 511: Enabling Dai On Vlans
Configuring the DAI Interface Trust State The switch does not check ARP packets that it receives from the other switch on the trusted interface. It simply forwards the packets. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-7 OL-11439-03...
Page 512: Applying Arp Acls For Dai Filtering
-------------- Fa5/12 Trusted None Applying ARP ACLs for DAI Filtering See the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, for Note information about the arp access-list command. To apply an ARP ACL, perform this task: Command...
Page 513: Configuring Arp Packet Rate Limiting
[burst interval seconds] | none} Clears the ARP packet rate-limiting configuration. Router(config-if)# no ip arp inspection limit Step 4 Verifies the configuration. Router(config-if)# do show ip arp inspection interfaces Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-9 OL-11439-03...
Page 514: Enabling Dai Error-Disabled Recovery
Router(config)# do show errdisable recovery | include Reason|---|arp- This example shows how to enable DAI error disabled recovery: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-10 OL-11439-03...
Page 515: Enabling Additional Validation
Router(config)# ip arp inspection validate src-mac Router(config)# do show ip arp inspection | include abled$ Source Mac Validation : Enabled Destination Mac Validation : Disabled IP Address Validation : Disabled Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-11 OL-11439-03...
Page 516: Configuring Dai Logging
VLAN with the same ARP parameters, DAI combines the packets as one entry in the log buffer and generates a single system message for the entry. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-12...
Page 517 (and the log buffer is always empty). An interval setting of 0 overrides a log setting of 0. System messages are sent at the rate of number_of_messages per length_in_seconds. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-13 OL-11439-03...
Page 518 • dhcp-bindings all—Logs all packets that match DHCP bindings. • dhcp-bindings none—Does not log packets that match DHCP bindings. • dhcp-bindings permit—Logs DHCP-binding permitted packets. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-14 OL-11439-03...
Page 519: Displaying Dai Information
ACL-permitted or DHCP-permitted packets for each packet that is denied by source MAC, destination MAC, or IP validation checks, and the switch increments the appropriate failure count. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-15...
Page 520: Dai Configuration Samples
Holdtme Capability Platform Port ID SwitchB Fas 6/3 R S I WS-C6506 Fas 3/3 SwitchA# Enable DAI on VLAN 1 and verify the configuration: Step 2 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-16 OL-11439-03...
Page 521 ------- ---------- ---------- Vlan DHCP Permits ACL Permits Source MAC Failures ---- ------------ ----------- ------------------- Vlan Dest MAC Failures IP Validation Failures ---- ----------------- ---------------------- SwitchA# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-17 OL-11439-03...
Page 522 Holdtme Capability Platform Port ID SwitchB Fas 3/3 R S I WS-C6506 Fas 6/3 SwitchB# Enable DAI on VLAN 1, and verify the configuration: Step 2 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-18 OL-11439-03...
Page 523 ACL Drops ---- --------- ------- ---------- ---------- Vlan DHCP Permits ACL Permits Source MAC Failures ---- ------------ ----------- ------------------- Vlan Dest MAC Failures IP Validation Failures Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-19 OL-11439-03...
Page 524: Sample Two: One Switch Supports Dai
Host 2 is not static, which would make it impossible to apply the ACL configuration on Switch A, you must separate Switch A from Switch B at Layer 3 and use a router to route packets between them. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-20...
Page 525: Verify The Configuration
SwitchA(config-if)# no ip arp inspection trust SwitchA(config-if)# end Switch# show ip arp inspection interfaces fastethernet 6/3 Interface Trust State Rate (pps) --------------- ----------- ---------- Fa6/3 Untrusted Switch# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-21 OL-11439-03...
Page 526 ------- ---------- ---------- Vlan DHCP Permits ACL Permits Source MAC Failures ---- ------------ ----------- ------------------- Vlan Dest MAC Failures IP Validation Failures ---- ----------------- ---------------------- Switch# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 35-22 OL-11439-03...
Page 527: Configuring Traffic Storm Control
For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding Traffic Storm Control, page 36-1 •...
Page 528: Default Traffic Storm Control Configuration
1-second traffic storm control interval, traffic storm control drops all broadcast and multicast traffic until the end of the traffic storm control interval. Default Traffic Storm Control Configuration Traffic storm control is disabled by default. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 36-2 OL-11439-03...
Page 529: Configuration Guidelines And Restrictions
Disables broadcast traffic storm control on the interface. Router(config-if)# no storm-control broadcast level Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 36-3 OL-11439-03...
Page 530 This example shows how to enable multicast traffic storm control on Gigabit Ethernet interface 3/16 and how to configure the traffic storm control level at 70.5 percent: Router# configure terminal Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 36-4 OL-11439-03...
Page 531: Displaying Traffic Storm Control Settings
The show interfaces [{interface_type slot/port} | {port-channel number}] counters command does not Note display the discard count. You must use the storm-control keyword to display the discard count. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 36-5 OL-11439-03...
Page 532 Chapter 36 Configuring Traffic Storm Control Displaying Traffic Storm Control Settings Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 36-6 OL-11439-03...
Page 533: Configuring Unknown Unicast And Multicast Flood Blocking
(UMFB) features on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter contains these sections: Understanding Unknown Traffic Flood Control, page 37-1 •...
Page 534: Configuring Uufb Or Umfb
Router# configure terminal Router(config)# interface fastethernet 5/12 Router(config-if)# switchport Router(config-if)# switchport block unicast Router(config-if)# do show interface fastethernet 5/12 switchport | include Unknown Unknown unicast blocked: enabled Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 37-2 OL-11439-03...
Page 535: Configuring Pfc Qos
Chapter 39, “Configuring MPLS QoS.” • QoS on the Catalyst 6500 series switches (PFC QoS) uses some Cisco IOS modular QoS CLI (MQC). • Because PFC QoS is implemented in hardware, it supports only a subset of the MQC syntax.
Page 536: Understanding How Pfc Qos Works
ASICs, Catalyst 6500 series switches do not support MQC-configured queuing. Figure 38-1 shows an overview of QoS processing in a Catalyst 6500 series switch. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-2 OL-11439-03...
Page 537 Layer 3 DSCP marking with the final internal DSCP (optional) – Layer 2 CoS marking mapped from the final internal DSCP – Layer 2 CoS-based congestion avoidance. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-3 OL-11439-03...
Page 538 Ingress LAN-port traffic can be Layer-2 or Layer-3 switched by the PFC3B or routed in software by the PISA. Egress PFC QoS and egress LAN-port QoS can be applied to LAN-port egress traffic (not – supported with PISA-accelerated features). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-4 OL-11439-03...
Page 539: Component Overview
These sections provide an overview of the ingress port QoS features: Flowchart of Ingress LAN Port PFC QoS Features, page 38-6 • • Port Trust, page 38-7 • Ingress Congestion Avoidance, page 38-7 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-5 OL-11439-03...
Page 540 Port set to trust-dscp? Mutate Ingress Ingress queues and Port is set to drop thresholds trust-cos Mutation? Ingress CoS mutation is supported only on 802.1Q tunnel ports. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-6 OL-11439-03...
Page 541 Supported Policy Feature Cards The policy feature card (PFC3B) is a daughter card that resides on the supervisor engine. The PFC3B provides QoS in addition to other functionality. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-7 OL-11439-03...
Page 542 1022 Microflow policers 64 rates Number of flows per Microflow policer 110,000 Unit of measure for policer statistics Bytes Basis of policer operation Layer 2 length Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-8 OL-11439-03...
Page 543 DSCP, otherwise port CoS is mapped to initial internal DSCP Note DSCP transparency feature makes writing the egress DSCP value into the Layer 3 ToS byte optional. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-9 OL-11439-03...
Page 544 Policy marking and policing on the PFC3B can change the initial internal DSCP value to a final internal DSCP value, which is then used for all subsequently applied QoS features. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-10...
Page 545 Egress DSCP Mutation with a PFC3B, page 38-12 Egress ToS Byte, page 38-13 • Egress PFC QoS Interfaces, page 38-13 • Egress ACL Support for Remarked DSCP, page 38-13 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-11 OL-11439-03...
Page 546 ToS byte. You can attach egress DSCP mutation maps to any interface that PFC QoS supports. If you configure egress DSCP mutation, PFC QoS does not derive the egress CoS value from the mutated Note DSCP value. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-12 OL-11439-03...
Page 547 IP precedence or DSCP value, the Layer 2 feature might redirect or drop the matched packets, which prevents them from being processed by egress QoS. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-13...
Page 548: Understanding Classification And Marking
Layer 3 features (for example, ingress Cisco IOS ACLs, policy based routing (PBR), etc.) before being processed by egress PFC QoS. The Layer 3 features configured on an interface where egress ACL support for remarked DSCP is configured might redirect or drop the packets that have been processed by ingress PFC QoS, which would prevent them from being processed by egress PFC QoS.
Page 549 • Each EtherChannel port-channel interface • Each VLAN interface • You can attach one policy map to each Layer 3 interface to apply egress PFC QoS. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-15 OL-11439-03...
Page 550 Programmable Intelligent Services Accelerator (PISA) marking Write ToS IP traffic byte into from PFC? packet Process traffic CoS = IP precedence for all traffic (not configurable) To egress port Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-16 OL-11439-03...
Page 551: Policers
Policers can act on ingress traffic per-port or per-VLAN. The policers can act on egress traffic per-VLAN Note only. You can create policers to do the following: Mark traffic • Limit bandwidth utilization and mark traffic • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-17 OL-11439-03...
Page 552 You could include both policers in policy map classes that match the group’s traffic. The combination would affect individual flows separately and the group aggregately. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-18 OL-11439-03...
Page 553: Understanding Port-Based Queue Types
Ingress and Egress Buffers and Layer 2 CoS-Based Queues, page 38-20 • Ingress Queue Types, page 38-21 • Egress Queue Types, page 38-22 • Module to Queue Type Mappings, page 38-23 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-19 OL-11439-03...
Page 554 WRED-drop threshold by mapping a CoS value to the queue or to the queue and a threshold. The switch uses the tail-drop threshold for Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-20...
Page 555 2q8t indicates two standard queues, each with eight configurable tail-drop thresholds. • 8q8t indicates eight standard queues, each with eight thresholds, each configurable as either • WRED-drop or tail-drop. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-21 OL-11439-03...
Page 556 —One non-configurable (100 percent) tail-drop threshold 1p3q8t indicates the following: • One strict-priority queue – Three standard queues, each with eight thresholds, each threshold configurable as either – WRED-drop or tail-drop Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-22 OL-11439-03...
Page 557 Total Buffer Ingress Egress Modules Thresholds Scheduler Thresholds Scheduler Size Buffer Size Buffer Size WS-X6524-100FX-MM 1p1q0t — 1p3q1t DWRR 1,116 KB 28 KB 1,088 KB WS-X6548-RJ-21 WS-X6548-RJ-45 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-23 OL-11439-03...
Page 558 Total Buffer Ingress Egress Modules Thresholds Scheduler Thresholds Scheduler Size Buffer Size Buffer Size WS-X6548-GE-TX 1q2t — 1p2q2t 1.4 MB 185 KB 1.2 MB WS-X6548V-GE-TX WS-X6548-GE-45AF Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-24 OL-11439-03...
Page 559: Pfc Qos Default Configuration
These sections describe the PFC QoS default configuration: PFC QoS Global Settings, page 38-26 • • Default Values with PFC QoS Enabled, page 38-27 • Default Values with PFC QoS Disabled, page 38-38 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-25 OL-11439-03...
Page 560: Pfc Qos Global Settings
Marked-down DSCP from DSCP map Marked-down DSCP value equals original DSCP value (no markdown) Policers None Policy maps None Protocol-independent MAC ACL filtering Disabled VLAN-based MAC ACL QoS filtering Disabled Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-26 OL-11439-03...
Page 561: Default Values With Pfc Qos Enabled
Strict priority 15% 1p2q1t Low priority: 70% High priority: 15% Strict priority 15% 1p3q8t Low priority: 50% Medium priority: 20% High priority: 15% Strict priority 15% Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-27 OL-11439-03...
Page 562 The receive queue values shown are the values in effect when the port is configured to trust CoS or DSCP. Note When the port is untrusted, the receive queue values are the same as when QoS is globally disabled. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-28 OL-11439-03...
Page 563 2 and 3 Tail-drop WRED-drop Not supported Threshold 3 4 and 5 Tail-drop WRED-drop Not supported Threshold 4 6 and 7 Tail-drop 100% WRED-drop Not supported Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-29 OL-11439-03...
Page 564 Feature Default Value Standard receive queue 0, 1, 2, 3, 4, 6, and 7 Tail-drop 100% (nonconfigurable) WRED-drop Not supported Strict-priority receive queue Tail-drop 100% (nonconfigurable) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-30 OL-11439-03...
Page 565 Threshold 6 Tail-drop Disabled; 90% WRED-drop Enabled; 60% low, 90% high Threshold 7 Tail-drop Disabled; 100% WRED-drop Enabled;70% low, 100% high Strict-priority receive queue Tail-drop 100% (nonconfigurable) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-31 OL-11439-03...
Page 566 Tail-drop WRED-drop Not supported Threshold 6 None Tail-drop WRED-drop Not supported Threshold 7 Tail-drop 100% WRED-drop Not supported Threshold 8 None Tail-drop 100% WRED-drop Not supported Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-32 OL-11439-03...
Page 567 100% WRED-drop Not supported Standard receive queue 2 Threshold 1 (high priority) Tail-drop 100% WRED-drop Not supported Thresholds 2–8 CoS None Tail-drop 100% WRED-drop Not supported Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-33 OL-11439-03...
Page 568 Default Value Standard transmit queue 1 Threshold 1 0 and 1 (low priority) Tail-drop WRED-drop Not supported Threshold 2 2 and 3 Tail-drop 100% WRED-drop Not supported Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-34 OL-11439-03...
Page 569 Not supported WRED-drop 40% low, 70% high Threshold 2 6 and 7 Tail-drop Not supported WRED-drop 70% low, 100% high Strict-priority transmit queue Tail-drop 100% (nonconfigurable) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-35 OL-11439-03...
Page 570 Disabled; 100% WRED-drop Enabled; 70% low, 100% high Thresholds 2–8 CoS None Tail-drop Disabled; 100% WRED-drop Enabled; 70% low, 100% high Strict-priority transmit queue Tail-drop 100% (nonconfigurable) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-36 OL-11439-03...
Page 571 WRED-drop Enabled; 100% low, 100% high Standard transmit queues 4–7 Thresholds 1–8 CoS None (intermediate priorities) Tail-drop Disabled; 100% WRED-drop Enabled; 100% low, 100% high Strict-priority transmit queue Tail-drop 100% (nonconfigurable) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-37 OL-11439-03...
Page 572: Default Values With Pfc Qos Disabled
Transmit-queue bandwidth allocation ratio 255:1. Transmit-queue size ratio Low priority: 100% (other queues not used). CoS value and drop threshold mapping All QoS labels mapped to the low-priority queue. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-38 OL-11439-03...
Page 573: Pfc Qos Configuration Guidelines And Restrictions
Interface counters are not accurate on interfaces where egress ACL support for remarked DSCP is • configured. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-39 OL-11439-03...
Page 574 – wrr-queue random-detect max-threshold – wrr-queue random-detect min-threshold – wrr-queue threshold – wrr-queue queue-limit – wrr-queue bandwidth – rcv-queue cos-map – – rcv-queue bandwidth Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-40 OL-11439-03...
Page 575: Pfc3B Guidelines
You can view the aggregate policer count in the QoS Policer Resources section of the output of the show platform hardware capacity qos command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-41 OL-11439-03...
Page 576: Class Map Command Restrictions
CIR and PIR Rate Value Range Granularity 32768 to 2097152 (2 Mbs) 32768 (32 Kb) 2097153 to 4194304 (4 Mbs) 65536 (64 Kb) 4194305 to 8388608 (8 Mbs) 131072 (128 Kb) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-42 OL-11439-03...
Page 577: Supported Granularity For Cir And Pir Token Bucket Sizes
16777217 to 33554432 (32 MB) 1048576 (1 MB) Within each range, PFC QoS programs the PFC3B with token bucket sizes that are multiples of the granularity values. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-43 OL-11439-03...
Page 578: Ip Precedence And Dscp Values
Enabling PFC QoS Globally, page 38-45 • Enabling Ignore Port Trust, page 38-46 • Configuring DSCP Transparency, page 38-46 • Enabling Queueing-Only Mode, page 38-47 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-44 OL-11439-03...
Page 579: Enabling Pfc Qos Globally
Verifies the configuration. Router# show mls qos [ipv6] This example shows how to enable PFC QoS globally: Router# configure terminal Router(config)# mls qos Router(config)# end Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-45 OL-11439-03...
Page 580: Enabling Ignore Port Trust
In addition to support for other IP traffic, the PFC3B supports the no mls qos rewrite ip dscp command Note for MPLS traffic, traffic in IP in IP tunnels, and traffic in GRE tunnels. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-46 OL-11439-03...
Page 581: Enabling Queueing-Only Mode
CoS. This example shows how to enable queueing-only mode: Router# configure terminal Router(config)# mls qos queueing-only Router(config)# end Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-47 OL-11439-03...
Page 582: Enabling Microflow Policing Of Bridged Traffic
To enable VLAN-based PFC QoS on a Layer 2 LAN port, perform this task: Command Purpose Step 1 Selects the interface to configure. Router(config)# interface {{type slot/port} | {port-channel number}} Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-48 OL-11439-03...
Page 583: Enabling Egress Acl Support For Remarked Dscp
If you do not enter an IP ACL name or number, egress ACL support for remarked DSCP is enabled • for all IP ingress IP traffic on the interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-49 OL-11439-03...
Page 584: Creating Named Aggregate Policers
For TCP traffic, configure the token bucket size as a multiple of the TCP window size, with a minimum value at least twice as large as the maximum size of the traffic being policed. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-50...
Page 585 PFC QoS does not support ingress markdown with egress drop or ingress drop with egress markdown. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-51...
Page 586: Configuring A Pfc Qos Policy
Verifying Policy Map Configuration, page 38-66 • Attaching a Policy Map to an Interface, page 38-67 PFC QoS policies process both unicast and multicast traffic. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-52 OL-11439-03...
Page 587 – filter IPX traffic. PFC QoS supports time-based Cisco IOS ACLs. – Except for MAC ACLs and ARP ACLs, refer to the Cisco IOS Security Configuration Guide, – Release 12.2, “Traffic Filtering and Firewalls,” at this URL: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html Chapter 30, “Configuring Network Security,”...
Page 588 Layer 3 switched in hardware by the PFC3B. Protocol-independent MAC ACL filtering supports microflow policing when the permitted traffic is • routed in software by the PISA. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-54 OL-11439-03...
Page 589 To disable VLAN-based QoS filtering in MAC ACLs, perform this task: Command Purpose Disables VLAN-based QoS filtering in MAC ACLs. Router(config)# no mac packet-classify use vlan Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-55 OL-11439-03...
Page 590 This list shows the EtherType values and their corresponding protocol keywords: • 0x0600—xns-idp—Xerox XNS IDP – 0x0BAD—vines-ip—Banyan VINES IP – 0x0baf—vines-echo—Banyan VINES Echo – – 0x6000—etype-6000—DEC unassigned, experimental Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-56 OL-11439-03...
Page 591 QoS filtering. sender_ip_wildcardmask} mac any Deletes an ACE from an ARP ACL. Router(config-arp-nacl)# no {permit | deny} {ip {any | host sender_ip | sender_ip sender_ip_wildcardmask} mac any Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-57 OL-11439-03...
Page 592 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-58 OL-11439-03...
Page 593 (Optional—for IPv6 traffic) Configures the class map to filter Router (config-cmap)# match protocol ipv6 IPv6 traffic. Clears IPv6 filtering. Router (config-cmap)# no match protocol ipv6 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-59 OL-11439-03...
Page 594 Router(config-cmap)# match ip precedence 5 Router(config-cmap)# end This example shows how to verify the configuration: Router# show class-map ipp5 Class Map match-all ipp5 (id 1) Match ip precedence 5 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-60 OL-11439-03...
Page 595: Configuring A Policy Map
Router(config-pmap)# class class_name class map. PFC QoS supports class maps that contain a single Note match command. Clears use of the class map. Router(config-pmap)# no class class_name Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-61 OL-11439-03...
Page 596 Configuring Policy Map Class Marking, page 38-63 • Configuring the Policy Map Class Trust State, page 38-63 • Configuring Policy Map Class Policing, page 38-63 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-62 OL-11439-03...
Page 597 Policing with the conform-action transmit keywords sets the port trust state of matched traffic to trust Note DSCP or to the trust state configured by a trust command in the policy map class. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-63 OL-11439-03...
Page 598 By default and with the mask full-flow keywords, PFC QoS bases IP flow identification on – source IP address, destination IP address, the Layer 3 protocol, and Layer 4 port numbers. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-64 OL-11439-03...
Page 599 You can enter the drop keyword to drop all matched traffic. – Ensure that aggregate and microflow policers that are applied to the same traffic each specify – the same conform-action behavior. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-65 OL-11439-03...
Page 600 Exits policy map class configuration mode. Router(config-pmap-c)# end Enter additional class commands to create Note additional classes in the policy map. Step 2 Verifies the configuration. Router# show policy-map policy_name Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-66 OL-11439-03...
Page 601 This example shows how to attach the policy map named pmap1 to Fast Ethernet port 5/36: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-67...
Page 602: Configuring Egress Dscp Mutation On A Pfc3B
You can enter multiple commands to map additional DSCP values to a mutated DSCP value. • You can enter a separate command for each mutated DSCP value. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-68 OL-11439-03...
Page 603 This example shows how to attach the egress DSCP mutation map named mutmap1 to Fast Ethernet port 5/36: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/36 Router(config-if)# mls qos dscp-mutation mutmap1 Router(config-if)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-69 OL-11439-03...
Page 604: Configuring Ingress Cos Mutation On Ieee 802.1Q Tunnel Ports
EtherChannel, the configuration fails on the nonmember port. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-70 OL-11439-03...
Page 605 Router(config)# end Router# This example shows how to verify the map configuration: Router(config)# show mls qos maps cos-mutation COS mutation map testmap cos-in ------------------------------------ cos-out : Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-71 OL-11439-03...
Page 606: Configuring Dscp Value Maps
Mapping Received IP Precedence Values to Internal DSCP Values, page 38-73 • Configuring DSCP Markdown Values, page 38-74 Mapping Internal DSCP Values to Egress CoS Values, page 38-75 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-72 OL-11439-03...
Page 607 Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# mls qos map ip-prec-dscp 0 1 2 3 4 5 6 7 Router(config)# end Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-73 OL-11439-03...
Page 608 You can enter a separate command for each marked-down DSCP value. • Note Configure marked-down DSCP values that map to CoS values consistent with the markdown penalty. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-74 OL-11439-03...
Page 609 Reverts to the default map. Router(config)# no mls qos map dscp-cos Step 2 Exits configuration mode. Router(config)# end Step 3 Verifies the configuration. Router# show mls qos maps Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-75 OL-11439-03...
Page 610: Configuring The Trust State Of Ethernet Lan Ports
By default, all ports are untrusted. You can configure the port trust state on all Ethernet LAN ports ports. On non-Gigabit Ethernet 1q4t/2q2t ports, you must repeat the trust configuration in a class map. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-76 OL-11439-03...
Page 611 Router(config-if)# mls qos trust cos Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 | include trust Trust state: trust COS Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-77 OL-11439-03...
Page 612: Configuring The Ingress Lan Port Cos Value
Configuring a Tail-Drop Receive Queue, page 38-79 • Configuring a WRED-Drop Transmit Queue, page 38-80 • Configuring a WRED-Drop and Tail-Drop Receive Queue, page 38-81 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-78 OL-11439-03...
Page 613 Configuring a Tail-Drop Receive Queue These port types have only tail-drop thresholds in their receive-queues: 1q2t • 1p1q4t • 2q8t • 1q8t • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-79 OL-11439-03...
Page 614 Step 2 Configures the low WRED-drop thresholds. Router(config-if)# wrr-queue random-detect min-threshold queue_id thr1% [thr2%] Reverts to the default low WRED-drop thresholds. Router(config-if)# no wrr-queue random-detect min-threshold [queue_id] Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-80 OL-11439-03...
Page 615 Configuring a WRED-Drop and Tail-Drop Transmit Queue These port types have both WRED-drop and tail-drop thresholds in their transmit queues: 1p3q1t (transmit) • 1p3q8t (transmit) • 1p7q8t (transmit) • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-81 OL-11439-03...
Page 616 Transmit queues [type = 1p2q2t]: Queue Id Scheduling Num of thresholds ----------------------------------------- WRR low WRR high Priority queue random-detect-max-thresholds ---------------------------------- 40[1] 70[2] 40[1] 70[2] <...Output Truncated...> Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-82 OL-11439-03...
Page 617 This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 2/1 Transmit queues [type = 2q2t]: <...Output Truncated...> queue tail-drop-thresholds -------------------------- 60[1] 100[2] 40[1] 100[2] Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-83 OL-11439-03...
Page 618: Mapping Qos Labels To Queues And Drop Thresholds
The standard queue thresholds can be configured as either tail-drop or WRED-drop thresholds on these port types: 1p1q8t (receive) – – 1p3q1t (transmit) – 1p3q8t (transmit) – 1p7q1t (transmit) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-84 OL-11439-03...
Page 619 Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 <...Output Truncated...> queue thresh cos-map --------------------------------------- <...Output Truncated...> Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-85 OL-11439-03...
Page 620 Verifies the configuration. Router# show queueing interface type slot/port type = fastethernet, gigabitethernet, or tengigabitethernet When mapping CoS values to the strict-priority queues, note the following information: Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-86 OL-11439-03...
Page 621 Receive queue 1 (standard) threshold 3 = transmit queue 2 (standard high priority) threshold 1 • Receive queue 1 (standard) threshold 4 = transmit queue 2 (standard high priority) threshold 2 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-87 OL-11439-03...
Page 622: Allocating Bandwidth Between Standard Transmit Queues
DWRR is the dequeuing algorithm on 1p3q1t, 1p2q1t, 1p3q8t and 1p7q8t ports. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-88 OL-11439-03...
Page 623 Step 3 Exits configuration mode. Router(config-if)# end Step 4 Verifies the configuration. Router# show queueing interface type slot/port type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-89 OL-11439-03...
Page 624: Setting The Receive-Queue Size Ratio
This example shows how to set the receive-queue size ratio for Fast Ethernet port 2/2: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 2/2 Router(config-if)# rcv-queue queue-limit 75 15 Router(config-if)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-90 OL-11439-03...
Page 625: Configuring The Transmit-Queue Size Ratio
Valid values are from 1 to 100 percent, except on 1p2q1t egress LAN ports, where valid values for • the high priority queue are from 5 to 100 percent. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-91 OL-11439-03...
Page 626: Common Qos Scenarios
This is the basic port configuration: Access Layer switchport mode access switchport access vlan 10 switchport voice vlan 110 Distribution and Core Interswitch Links switchport mode trunk Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-92 OL-11439-03...
Page 627: Classifying Traffic From Pcs And Ip Phones In The Access Layer
For more information on QoS guidelines, refer to RFC 2597 and RFC 2598 as well as the various QoS design guides published by Cisco Systems, Inc. Do not enable PFC QoS globally and leave all other PFC QoS configuration at default values. When •...
Page 628 CLASSIFY-VOICE match access-group name CLASSIFY-VOICE class-map match-all CLASSIFY-VOICE-SIGNAL match access-group name CLASSIFY-VOICE-SIGNAL class-map match-all CLASSIFY-PC-SAP match access-group name CLASSIFY-PC-SAP class-map match-all CLASSIFY-OTHER match access-group name CLASSIFY-OTHER Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-94 OL-11439-03...
Page 629 Port QoS is enabled To ensure that the class map configuration is correct, enter this command: Router# show class-map Class Map match-all CLASSIFY-OTHER (id 1) Match access-group name CLASSIFY-OTHER Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-95 OL-11439-03...
Page 630: Accepting The Traffic Priority Value On Interswitch Links
QoS policies to the different traffic types. The configuration was done with the MQC QoS policy syntax, which allows you to apply different marking or trust actions to the different traffic classes arriving on a port. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-96 OL-11439-03...
Page 631: Prioritizing Traffic On Interswitch Links
Catalyst 6500 series switch Ethernet modules also have input queue structures, but these are used less often, and because there probably will not be congestion within the switch fabric, this example does not include them. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-97 OL-11439-03...
Page 632 CoS-to-queue mapping, which shows the queue to which each of the eight CoS values is mapped: Router# show queueing interface gigabitethernet 5/1 | begin cos-map queue thresh cos-map --------------------------------------- Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-98 OL-11439-03...
Page 633 (for example, FTP) to the strict priority queue because the FTP traffic could consume all of the bandwidth available to the port, starving the other traffic classes. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-99...
Page 634: Using Policers To Limit The Amount Of Traffic From A Pc
ACL commands: • ip access-list extended CLASSIFY-OTHER permit ip any any Class map commands: • class-map match-all CLASSIFY-OTHER match access-group name CLASSIFY-OTHER Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-100 OL-11439-03...
Page 635 FastEthernet5/1 service-policy input IPPHONE-PC To monitor the policing operation, use these commands: show policy-map interface fastethernet 5/1 show class-map show mls qos ip fastethernet 5/1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-101 OL-11439-03...
Page 636: Pfc Qos Glossary
IP header. IP precedence ranges between zero and seven. Layer 3 IPv4 packet Version Offset TTL Proto FCS IP-SA IP-DA Data length (1 byte) 3 bits for IP precedence • Labels—See labels. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-102 OL-11439-03...
Page 637 DSCP is defined by the six most significant bits of the ToS. DSCP values can range from 0 to 63. Weight—ratio of bandwidth allocated to a queue. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-103 OL-11439-03...
Page 638 Chapter 38 Configuring PFC QoS PFC QoS Glossary Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 38-104 OL-11439-03...
Page 639: Configuring Mpls Qos
(policy maps), and then attach those traffic policies to interfaces. A detailed description of the modular QoS CLI can be found in the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 at this URL: http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/fqos_c.html...
Page 640: Terminology
Packets carry traffic at Layer 3. • Policing is limiting bandwidth used by a flow of traffic. Policing can mark or drop traffic. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-2 OL-11439-03...
Page 641: Mpls Qos Features
EXP bits in the received topmost label of received MPLS packets (after a policy is installed). See the “Configuring a Class Map to Classify MPLS Packets” section on page 39-20 for information. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-3 OL-11439-03...
Page 642: Policing And Marking
QoS. Service can be specified in different ways, for example, using the IP precedence bit settings in IP packets. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-4...
Page 643: Specifying The Qos In The Ip Precedence Field
• PE2—service provider egress LER • CE2—Customer equipment 2 • PE1 and PE2 are at the boundaries between the MPLS network and the IP network. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-5 OL-11439-03...
Page 644: Lers At The Input Edge Of An Mpls Network
LSR. The PFC3B receives the traffic from the input interface and uses the EXP bits to perform classification, marking, and policing. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-6 OL-11439-03...
Page 645: Lers At The Output Edge Of An Mpls Network
The QoS policy ACLs are programmed in QoS TCAM separately for ingress and egress lookup. The ternary content addressable memory (TCAM) egress lookup takes place after the IP forwarding table (FIB) and NetFlow lookups are completed. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-7 OL-11439-03...
Page 646: Lers At The Eompls Edge
Classification for IP-to-MPLS, page 39-9 • Classification for IP-to-MPLS MPLS QoS, page 39-10 • Classification at IP-to-MPLS Ingress Port, page 39-10 • Classification at IP-to-MPLS Egress Port, page 39-10 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-8 OL-11439-03...
Page 647: Lers At The Ip Edge (Mpls, Mpls Vpn)
The PFC3B assigns the egress CoS based on the internal DSCP-to-CoS global map. If the default internal DSCP-to-EXP and the internal DSCP-to-CoS maps are consistent, then the egress CoS has the same value as the imposed EXP. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-9 OL-11439-03...
Page 648 • This section provides information about the MPLS-to-IP MPLS QoS classification. Additionally, this section provides information about the capabilities provided by the ingress and egress modules. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-10 OL-11439-03...
Page 649 LAN port classification is based on the EXP value. OSM and FlexWAN interfaces classify traffic using the match mpls experimental command. The match mpls experimental command matches on the EXP value in the received topmost label. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-11 OL-11439-03...
Page 650 General MPLS QoS features for IP packets • Classification, policing, or marking of CE-to-PE IP traffic through the VPN subinterface • Per-VPN QoS (per-port, per-VLAN, or per-subinterface) • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-12 OL-11439-03...
Page 651: Lsrs At The Mpls Core
The PFC3B assigns the egress CoS using the internal DSCP-to-CoS global map. If the DSCP maps are consistent, then the egress CoS is based on the EXP value in the topmost outgoing label. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-13 OL-11439-03...
Page 652 CoS; it does not match on the EXP in the topmost label. If the egress port is a trunk, the LAN ports and OSM GE-WAN ports copy the egress CoS into the egress 802.1Q field. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-14 OL-11439-03...
Page 653: Mpls Qos Default Configuration
DSCP 16–23 = EXP 2 DSCP 24–31 = EXP 3 DSCP 32–39 = EXP 4 DSCP 40–47 = EXP 5 DSCP 48–55 = EXP 6 DSCP 56–63 = EXP 7 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-15 OL-11439-03...
Page 654: Mpls Qos Commands
• no mls qos mpls trust exp • For information about supported non-MPLS QoS commands, see “Configuring PFC QoS” section on Note page 38-44. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-16 OL-11439-03...
Page 655: Mpls Qos Restrictions And Guidelines
Enabling Queueing-Only Mode, page 39-19 • Configuring a Class Map to Classify MPLS Packets, page 39-20 • Configuring the MPLS Packet Trust State on Ingress Ports, page 39-22 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-17 OL-11439-03...
Page 656: Enabling Qos Globally
IP packets with TOS changed by policing: 6 IP packets with COS changed by policing: 0 Non-IP packets with COS changed by policing: 3 MPLS packets with EXP changed by policing: 0 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-18 OL-11439-03...
Page 657: Enabling Queueing-Only Mode
EXP mutation). – Imposing an additional label when QoS is disabled, the EXP value is based on the original EXP value (in the absence of EXP mutation). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-19 OL-11439-03...
Page 658: Configuring A Class Map To Classify Mpls Packets
Building configuration... Current configuration : 173 bytes interface FastEthernet3/27 ip address 47.0.0.1 255.0.0.0 tag-switching ip Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-20 OL-11439-03...
Page 659 QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module) Int Mod Dir Class-map DSCP Trust Fl AgForward-By AgPoliced-By ------------------------------------------------------------------------------- Vl300 Fa3/27 5 Out iptcp Default 3466610741 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-21 OL-11439-03...
Page 660: Configuring The Mpls Packet Trust State On Ingress Ports
This command affects both Layer 2 and Layer 3 packets; use this command only on interfaces with • Layer 2 switched packets. The no mls qos mpls trust exp command affects ingress marking; it does not affect classification. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-22 OL-11439-03...
Page 661: Configuring A Policy Map
Router# show policy-map ip2tag Policy Map ip2tag Class iptcp set mpls experimental imposition 3 Router# show class iptcp Class Map match-all iptcp (id 62) Match access-group101 Router# configure terminal Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-23 OL-11439-03...
Page 662 When setting the EXP value on all imposed labels, follow these guidelines and restrictions: Use the set mpls experimental imposition command during label imposition. This command sets • the MPLS EXP field on all imposed label entries. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-24 OL-11439-03...
Page 663 When imposing labels onto the received IP traffic with the PFC3B, you can mark the EXP field using • the set mpls experimental imposition command. For more information on this command, see the Cisco IOS Switching Services Command Reference, Release 12.3 located at this URL: http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_s1.html#set_mpls_experimental_i...
Page 664 Match: any R7# show mls qos ip QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module) Int Mod Dir Class-map DSCP Trust Fl AgForward-By AgPoliced-By Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-26 OL-11439-03...
Page 665: Displaying A Policy Map
To display a MPLS QoS policy map class summary, perform this task: Command Purpose Displays a MPLS QoS policy map class summary. Router# show mls qos mpls [{interface interface_type interface_number} | {module slot} Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-27 OL-11439-03...
Page 666: Configuring Mpls Qos Egress Exp Mutation
These sections describe how to configure MPLS QoS egress EXP mutation: Configuring Named EXP Mutation Maps, page 39-29 • Attaching an Egress EXP Mutation Map to an Interface, page 39-29 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-28 OL-11439-03...
Page 667 = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to attach the egress EXP mutation map named mutemap2: Router(config)# interface fastethernet 3/26 Router(config-if)# mls qos exp-mutation mutemap2 Router(config-if)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-29 OL-11439-03...
Page 668: Configuring Exp Value Maps
Router# show mls qos maps This example shows how to configure a named egress-DSCP to egress-EXP map: Router(config)# mls qos map dscp-exp 20 25 to 3 Router(config)# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-30 OL-11439-03...
Page 669: Mpls Diffserv Tunneling Modes
The presence of an egress IP policy (based on the customer’s PHB marking and not on the provider’s Note PHB marking) automatically implies the Short Pipe mode. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-31 OL-11439-03...
Page 670: Uniform Mode
PHB of a packet, that change must be propagated to all encapsulation markings. The propagation is performed by a router only when a PHB is added or exposed due to label imposition or Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-32...
Page 671 Because the IP precedence bits are 3, the BGP label and the IGP label also contain 3 because in Uniform Note mode, the labels always are identical. The packet is treated uniformly in the IP and MPLS networks. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-33 OL-11439-03...
Page 672: Mpls Diffserv Tunneling Restrictions And Usage Guidelines
To set the EXP value, the ingress LAN or OSM port must be untrusted. FlexWAN ports do not have the trust concept, but, as with traditional Cisco IOS routers, the ingress ToS is not changed (unless a marking policy is configured).
Page 673: Configuring Ingress Pe Router—P Facing Interface
Router(config-if)# service-policy input set-MPLS-PHB Configuring Ingress PE Router—P Facing Interface This procedure classifies packets based on their MPLS EXP field and provides appropriate discard and scheduling treatments. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-35 OL-11439-03...
Page 674: Configuration Example
Router(config-c-map)# match mpls experimental 4 Router(config)# policy-map output-qos Router(config-p-map)# class MPLS-EXP-4 Router(config-p-map-c)# bandwidth percent 40 Router(config-p-map)# class class-default Router(config-p-map-c)# random-detect Router(config)# interface pos 4/1 Router(config-if)# service-policy output output-qos Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-36 OL-11439-03...
Page 675: Configuring The P Router—Output Interface
Router(config-c-map)# match mpls experimental 4 Router(config)# policy-map output-qos Router(config-p-map)# class MPLS-EXP-4 Router(config-p-map-c)# bandwidth percent 40 Router(config-p-map)# class class-default Router(config-p-map-c)# random-detect Router(config)# interface pos 2/1 Router(config-if)# service-policy output output-qos Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-37 OL-11439-03...
Page 676: Configuring The Egress Pe Router—Customer Facing Interface
Router(config-c-map)# match ip precedence 4 Router(config)# policy-map output-qos Router(config-p-map)# class IP-PREC-4 Router(config-p-map-c)# bandwidth percent 40 Router(config-p-map)# class class-default Router(config-p-map-c)# random-detect Router(config)# interface GE-WAN 3/2.32 Router(config-if)# service-policy output output-qos Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-38 OL-11439-03...
Page 677: Configuring Uniform Mode
Step 10 Attaches the policy map created in step to the interface as Router(config-if)# service-policy input policy_map_name an input service policy. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-39 OL-11439-03...
Page 678: Configuring The Ingress Pe Router—P Facing Interface
Router(config-if)# service-policy output name policies should be applied on packets leaving the interface. The bandwidth command and random-detect command are not supported on LAN ports. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-40 OL-11439-03...
Page 679: Configuring The Egress Pe Router—Customer Facing Interface
Router(config-if)# service-policy output name policies should be applied on packets coming into the interface. Note The bandwidth command and random-detect command are not supported on LAN ports. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-41 OL-11439-03...
Page 680 Router(config)# policy-map output-qos Router(config-p-map)# class IP-PREC-4 Router(config-p-map-c)# bandwidth percent 40 Router(config-p-map)# class class-default Router(config-p-map-c)# random-detect Router(config)# interface GE-WAN 3/2.32 Router(config-if) mpls propagate-cos Router(config-if)# service-policy output output-qos Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 39-42 OL-11439-03...
Page 681: Configuring Pfc Qos Statistics Data Export
This chapter describes how to configure PFC QoS statistics data export on Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter contains these sections: Understanding PFC QoS Statistics Data Export, page 40-1 •...
Page 682: Pfc Qos Statistics Data Export Default Configuration
Verifies the configuration. This example shows how to enable PFC QoS statistics data export globally and verify the configuration: Router# configure terminal Router(config)# mls qos statistics-export Router(config)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-2 OL-11439-03...
Page 683 When enabled on a port, PFC QoS statistics data export contains the following fields, separated by the delimiter character: Export type (“1” for a port) • Slot/port • Number of ingress packets • Number of ingress bytes • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-3 OL-11439-03...
Page 684 PFC3B slot number • • Number of in-profile bytes • Number of bytes that exceed the CIR • Number of bytes that exceed the PIR • Time stamp Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-4 OL-11439-03...
Page 685 – Slot/port – Number of in-profile bytes Number of bytes that exceed the CIR – Number of bytes that exceed the PIR – Time stamp – Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-5 OL-11439-03...
Page 686 This example shows how to set the PFC QoS statistics data export interval and verify the configuration: Router# configure terminal Router(config)# mls qos statistics-export interval 250 Router(config)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-6 OL-11439-03...
Page 687 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-7 OL-11439-03...
Page 688 --------------------------------------------------------- FastEthernet5/24 QoS Statistics Data export is enabled on following shared aggregate policers: ----------------------------------------------------------------------------- aggr1M QoS Statistics Data Export is enabled on following class-maps: --------------------------------------------------------------- class3 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-8 OL-11439-03...
Page 689 --------------------------------------------------------- FastEthernet5/24 QoS Statistics Data export is enabled on following shared aggregate policers: ----------------------------------------------------------------------------- aggr1M QoS Statistics Data Export is enabled on following class-maps: --------------------------------------------------------------- class3 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-9 OL-11439-03...
Page 690 Chapter 40 Configuring PFC QoS Statistics Data Export Configuring PFC QoS Statistics Data Export Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 40-10 OL-11439-03...
Page 691: Configuring Network Admission Control
For complete syntax and usage information for the commands used in this chapter, refer to these Note publications: Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: • http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html The Network Admission Control feature module at this URL: •...
Page 692: Nac Overview
Understanding NAC NAC Overview NAC is part of the Cisco Self-Defending Network Initiative that helps you identify, prevent, and adapt to security threats in your network. Because of the increased threat and impact of worms and viruses to networked businesses, NAC allows you to check and validate the antivirus status of endpoints or clients before granting network access.
Page 693: Aaa Down Policy
The AAA down policy is a method of allowing a host to remain connected to the network if the AAA server is not available. Typical deployments of NAC use Cisco Secure ACS to validate the client posture and to pass policies back to the Network Access Device (NAD). If the AAA server cannot be reached when the posture validation occurs, instead of rejecting the user (that is, not providing the access to the network), an administrator can configure a default AAA down policy that can be applied to the host.
Page 694: Nac Layer 2 Ip Validation
When you enable NAC Layer 2 IP validation, ARP snooping is the default method to detect connected hosts. If you want the switch to detect hosts when a DHCP snooping binding entry is created, you must enable DHCP snooping. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-4 OL-11439-03...
Page 695 CTA. If EoU bypass is enabled, the switch does not contact the host to request the antivirus condition. Instead, the switch sends a request to the Cisco Secure ACS that includes the IP address, MAC address, service type, and EAPoUDP session ID of the host. The Cisco Secure ACS makes the access control decision and sends the policy to the switch.
Page 696 Cisco Secure ACS and AV Pairs When NAC Layer 2 IP validation is enabled, the Cisco Secure ACS provides NAC AAA services by using RADIUS. Cisco Secure ACS gets information about the antivirus status of the endpoint system and validates the antivirus condition of the endpoint.
Page 697 Audit Servers End devices that do not run Cisco Trust Agent (CTA) will not be able to provide credentials when challenged by Network Access Devices. These devices are described as agentless or nonresponsive. The NAC architecture has been extended to incorporate audit servers. An audit server is a third-party server that can probe, scan, and determine security compliance of a host without the need for presence of Cisco trust agent on the host.
Page 698 If the default ACL is configured on the switch and the Cisco Secure ACS sends a host access policy to the switch, the switch applies the policy to traffic from the host connected to a switch port. If the policy applies to the traffic, the switch forwards the traffic.
Page 699 If the switch receives no response, the switch ends the session with the Cisco Secure ACS, and the host is no longer validated. The switch uses the IP device tracking table to detect and manage hosts connected to the switch. The switch also uses ARP or DHCP snooping to detect hosts.
Page 700 When SSO mode redundancy is configured, a switchover triggers a reposturing of all currently postured hosts. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-10...
Page 701: Configuring Nac
You must configure Layer 3 routes from the switch to the host for the Layer 2 IP to operate correctly. • Layer 2 IP is not allowed if the parent VLAN of the port has VACL capture or Cisco IOS firewall •...
Page 702 URL-redirect ACEs) requires filtering, you should define a VLAN ACL on the switch port access VLAN. This configuration allows you to bypass the redirection of the HTTP traffic destined for the remediation servers. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-12 OL-11439-03...
Page 703: Configuring Nac Layer 2 Ip Validation
Step 8 Returns to global configuration mode. Router(config)# exit Step 9 Enables AAA. Router(config)# aaa new-model Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-13 OL-11439-03...
Page 704 RADIUS attribute (Attribute[8]) in access-request or accounting-request packets. Step 15 Configures the network access server to recognize and Router(config)# radius-server vsa send authentication use vendor-specific attributes. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-14 OL-11439-03...
Page 705 Router(config-if)# ip access-group 5 in Router(config-if)# ip admission name nac Router(config-if)# exit Router(config)# aaa new-model Router(config)# aaa authentication eou default group radius Router(config)# radius-server host admin key rad123 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-15 OL-11439-03...
Page 706: Configuring Eapoudp
To return to the global default EAPoUDP values, use the no forms of the eou global configuration commands. To disable the EAPoUDP associations, use the no forms of the eou interface configuration commands. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-16 OL-11439-03...
Page 707: Configuring Identity Profiles And Policies
Router(config-identity-prof)# exit Router(config)# end Configuring a NAC AAA Down Policy This feature is only available on the Catalyst 6500 series switch and the Catalyst 7600 router. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-17 OL-11439-03...
Page 708 Enables the IP device tracking table. Router(config)# ip device tracking To disable the IP device tracking table, use the no ip device tracking global configuration commands. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-18 OL-11439-03...
Page 709 Step 18 Returns to privileged EXEC mode. Router(config)# end Step 19 Displays the NAC configuration or network admission cache entries. Router# show ip admission {[cache] [configuration] [eapoudp]} Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-19 OL-11439-03...
Page 710 3 radius-server attribute 8 include-in-access-req radius-server host 40.0.0.4 auth-port 1645 acct-port 1646 test username administrator idle-time 1 key cisco radius-server vsa send authentication Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-20 OL-11439-03...
Page 711: Monitoring And Maintaining Nac
Displays information about the entries in the IP device Router# show ip device tracking {all | interface interface_id | ip ip_address | mac mac_address} tracking table. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-21 OL-11439-03...
Page 712 Chapter 41 Configuring Network Admission Control Monitoring and Maintaining NAC Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 41-22 OL-11439-03...
Page 713: Configuring Ieee 802.1X Port-Based Authentication
(clients) from gaining access to the network. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: •...
Page 714: Device Roles
The Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server, version 3.0. RADIUS uses a client-server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
Page 715: Authentication Initiation And Message Exchange
Catalyst switch server Client (RADIUS) Cisco Router EAPOL-Start EAP-Request/Identity EAP-Response/Identity RADIUS Access-Request EAP-Request/OTP RADIUS Access-Challenge EAP-Response/OTP RADIUS Access-Request EAP-Success RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-3 OL-11439-03...
Page 716: Ports In Authorized And Unauthorized States
If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. Supported Topologies The 802.1X port-based authentication is supported in two topologies: Point-to-point • Wireless LAN • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-4 OL-11439-03...
Page 717: Default 802.1X Port-Based Authentication Configuration
3600 seconds reauthentication attempts Quiet period 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-5 OL-11439-03...
Page 718: X Port-Based Authentication Guidelines And Restrictions
Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination port. You can enable 802.1X on a SPAN source port. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-6 OL-11439-03...
Page 719: Configuring 802.1X Port-Based Authentication
Step 5 Enables 802.1X port-based authentication on the Router(config-if)# dot1x port-control auto interface. Disables 802.1X port-based authentication on the Router(config-if)# no dot1x port-control auto interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-7 OL-11439-03...
Page 720: Configuring Switch-To-Radius-Server Communication
= 30 Seconds TxPeriod = 30 Seconds Configuring Switch-to-RADIUS-Server Communication RADIUS security servers are identified by any of the following: Host name • Host IP address • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-8 OL-11439-03...
Page 721 If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. For more information, refer to the Cisco IOS Security Configuration Guide, Release 12.2, publication and the Cisco IOS Security Command Reference, Release 12.2, publication at this URL:...
Page 722: Enabling Periodic Reauthentication
This example shows how to enable periodic reauthentication and set the number of seconds between reauthentication attempts to 4000: Router(config-if)# dot1x reauthentication Router(config-if)# dot1x timeout reauth-period 4000 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-10 OL-11439-03...
Page 723: Manually Reauthenticating The Client Connected To A Port
You can provide a faster response time to the user by entering a smaller number than the default. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-11...
Page 724: Changing The Switch-To-Client Retransmission Time
This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request: Router(config)# dot1x timeout tx-period 60 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-12 OL-11439-03...
Page 725: Setting The Switch-To-Client Retransmission Time For Eap-Request Frames
Step 3 Returns to privileged EXEC mode. Router(config-if)# end Step 4 Verifies your entries. Router# show dot1x all type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-13 OL-11439-03...
Page 726: Setting The Switch-To-Client Frame Retransmission Number
If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), all attached clients are denied access to the network. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-14 OL-11439-03...
Page 727: Resetting The 802.1X Configuration To The Default Values
EXEC command. For detailed information about the fields in these displays, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-15 OL-11439-03...
Page 728 Chapter 42 Configuring IEEE 802.1X Port-Based Authentication Displaying 802.1X Status Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 42-16 OL-11439-03...
Page 729: Configuring Port Security
This chapter describes how to configure the port security feature. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding Port Security, page 43-1 •...
Page 730: Port Security With Sticky Mac Addresses
MAC addresses saves dynamically learned MAC addresses in the startup-config file and the port does not have to learn addresses from ingress traffic after bootup or a restart. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-2...
Page 731: Default Port Security Configuration
Enter the clear port-security dynamic global configuration command to clear all dynamically • learned secure addresses. See the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, for complete syntax information. •...
Page 732: Enabling Port Security
MAC addresses on the port before you enable port security on a trunk (see “Configuring the Maximum Number of Secure MAC Addresses on a Port” section on page 43-7). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-4 OL-11439-03...
Page 733 Router(config-if)# no switchport port-security Step 5 Verifies the configuration. Router(config-if)# do show port-security interface type slot/port | include Port Security type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-5 OL-11439-03...
Page 734: Configuring The Port Security Violation Mode On A Port
End with CNTL/Z. Router(config)# interface fastethernet 3/12 Router(config-if)# switchport port-security violation protect Router(config-if)# do show port-security interface fastethernet 5/12 | include Protect Violation Mode : Protect Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-6 OL-11439-03...
Page 735: Configuring The Maximum Number Of Secure Mac Addresses On A Port
End with CNTL/Z. Router(config)# interface fastethernet 3/12 Router(config-if)# switchport port-security maximum 64 Router(config-if)# do show port-security interface fastethernet 5/12 | include Maximum Maximum MAC Addresses : 64 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-7 OL-11439-03...
Page 736: Enabling Port Security With Sticky Mac Addresses On A Port
This example shows how to enable port security with sticky MAC addresses on Fast Ethernet port 5/12: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/12 Router(config-if)# switchport port-security mac-address sticky Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-8 OL-11439-03...
Page 737: Configuring A Static Secure Mac Address On A Port
5/12 and verify the configuration: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/12 Router(config-if)# switchport port-security mac-address 1000.2000.3000 Router(config-if)# end Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-9 OL-11439-03...
Page 738: Configuring Secure Mac Address Aging On A Port
End with CNTL/Z. Router(config)# interface fastethernet 5/12 Router(config-if)# switchport port-security aging type inactivity Router(config-if)# do show port-security interface fastethernet 5/12 | include Type Aging Type : Inactivity Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-10 OL-11439-03...
Page 739: Displaying Port Security Settings
The maximum allowed number of secure MAC addresses for each interface – The number of secure MAC addresses on the interface – – The number of security violations that have occurred – The violation mode. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-11 OL-11439-03...
Page 740 Fa5/5 0005.0005.0003 SecureConfigured Fa5/5 0011.0011.0001 SecureConfigured Fa5/11 25 (I) 0011.0011.0002 SecureConfigured Fa5/11 25 (I) ------------------------------------------------------------------- Total Addresses in System: 10 Max Addresses limit in System: 128 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 43-12 OL-11439-03...
Page 741: Configuring Cdp
• Understanding How CDP Works CDP is a protocol that runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers, and switches. CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols.
Page 742: Enabling Cdp Globally
Step 2 Enables CDP on the port. Router(config-if)# cdp enable Disables CDP on the port. Router(config-if)# no cdp enable type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 44-2 OL-11439-03...
Page 743: Displaying The Cdp Interface Configuration
Displays information about the types of debugging that are Router# show debugging enabled. Refer to the Debug Command Reference for more information about CDP debug commands. 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 44-3 OL-11439-03...
Page 744 2/45 JAB023807H1 Fas 5/1 WS-C2948 2/44 JAB023807H1 Gig 1/2 WS-C2948 2/50 JAB023807H1 Gig 1/1 WS-C2948 2/49 JAB03130104 Fas 5/8 WS-C4003 2/47 JAB03130104 Fas 5/9 WS-C4003 2/48 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 44-4 OL-11439-03...
Page 745: Configuring Udld
Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How UDLD Works, page 45-1 •...
Page 746: Udld Aggressive Mode
One side of a link has a port stuck (both Tx and Rx) • One side of a link remains up while the other side of the link has gone down • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 45-2 OL-11439-03...
Page 747: Default Udld Configuration
This command only configures fiber-optic LAN ports. Note Individual LAN port configuration overrides the setting of this command. Disables UDLD globally on fiber-optic LAN ports. Router(config)# no udld {enable | aggressive} Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 45-3 OL-11439-03...
Page 748: Enabling Udld On Individual Lan Interfaces
This command is only supported on fiber-optic Note LAN ports. Step 3 Verifies the configuration. Router# show udld type slot/number type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 45-4 OL-11439-03...
Page 749: Configuring The Udld Probe Message Interval
To reset all LAN ports that have been shut down by UDLD, perform this task: Command Purpose Resets all LAN ports that have been shut down by UDLD. Router# udld reset Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 45-5 OL-11439-03...
Page 750 Chapter 45 Configuring UDLD Configuring UDLD Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 45-6 OL-11439-03...
Page 751: Configuring Nde
This chapter describes how to configure NetFlow Data Export (NDE). Note For complete syntax and usage information for the commands used in this chapter, refer to these publications: The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY at • this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html...
Page 752: Nde On The Pfc3B
NDE to export. For more details about flow masks, refer to Chapter 47, “Configuring NetFlow”. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-2 OL-11439-03...
Page 753 46-3—Version 5 flow record format • Table 46-4—Version 7 flow record format • NetFlow version 9 record formats are describedin this document: Cisco IOS NetFlow Configuration Guide. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-3 OL-11439-03...
Page 754 Current seconds since 0000 UTC 1970 12–15 unix_nsecs Residual nanoseconds since 0000 UTC 1970 16–19 flow_sequence Sequence counter of total flows seen 20–23 reserved Unused (zero) bytes Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-4 OL-11439-03...
Page 755 4. In PFC3BXL or PFC3B mode, for ICMP traffic, contains the ICMP code and type values. 5. Always zero for hardware-switched flows. 6. Populated in PFC3BXL or PFC3B mode. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-5 OL-11439-03...
Page 756 3. Always zero when policy-based routing is configured. 4. In PFC3BXL or PFC3B mode, for ICMP traffic, contains the ICMP code and type values. 5. Always zero for hardware-switched flows. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-6 OL-11439-03...
Page 757 • NetFlow Traffic Sampling NetFlow traffic sampling provides NetFlow data for a subset of traffic forwarded by a Cisco router or switch by analyzing only one randomly selected packet out of n sequential packets (n is a user-configurable parameter) from the traffic that is processed by the router or switch. NetFlow traffic...
Page 758 • The statistics are exported. • On Cisco 6500 series switches, NetFlow traffic sampling is supported only on the MSFC for software switched packets. For more information on configuring NetFlow traffic sampling, see the Cisco IOS NetFlow Configuration Guide. NetFlow Flow Sampling NetFlow flow sampling does not limit the number of packets that are analyzed by NetFlow.
Page 759 1 in 128 4096 1 in 256 4096 1 in 512 4096 1 in 1024 4096 1 in 2048 8192 1 in 4096 16384 1 in 8192 32768 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-9 OL-11439-03...
Page 760: Default Nde Configuration
• When you configure NAT and NDE on an interface, the PFC3B sends all fragmented packets to the • PISA to be processed in software. (CSCdz51590) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-10 OL-11439-03...
Page 761: Configuring Nde On The Pfc3B
• BGP AS Not all of the additional fields are populated with all flow masks. See the “NDE Versions” section on page 46-3 for additional information. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-11 OL-11439-03...
Page 762 NetFlow flow sampling on individual Layer 3 interfaces. With all other flow masks, NetFlow flow sampling is enabled or disabled globally. The Layer 3 interface must be configured with an IP address. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-12 OL-11439-03...
Page 763: Configuring Nde On The Pisa
You can use a loopback interface. This example shows how to configure a loopback interface as the NDE flow source: Router(config)# ip flow-export source loopback 0 Router(config)# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-13 OL-11439-03...
Page 764: Enabling Nde For Ingress-Bridged Ip Traffic
To enable NetFlow for bridged IP traffic on a VLAN, you must create a corresponding VLAN interface, Note assign it an IP address, and enter the no shutdown command to bring up the interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-14 OL-11439-03...
Page 765: Displaying The Nde Address And Port Configuration
IPWRITE_IPC_FAILED = 0 IPWRITE_OUTPUT_FAILED = 0 IPWRITE_MTU_FAILED = 0 IPWRITE_ENCAPFIX_FAILED = 0 Netflow Aggregation Enabled source-prefix aggregation export is disabled destination-prefix aggregation exporting flows to 10.34.12.245 (9999) Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-15 OL-11439-03...
Page 766: Configuring Nde Flow Filters
This example shows how to configure a port flow filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to full): Router(config)# mls nde flow include dest-port 23 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-16 OL-11439-03...
Page 767 This example shows how to configure a TCP protocol flow filter so that only expired flows from destination port 35 are exported: Router(config)# mls nde flow include protocol tcp dest-port 35 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-17 OL-11439-03...
Page 768: Displaying The Nde Configuration
IPWRITE_NO_FIB = 0 IPWRITE_ADJ_FAILED = 0 IPWRITE_PROCESS = 0 IPWRITE_ENQUEUE_FAILED = 0 IPWRITE_IPC_FAILED = 0 IPWRITE_OUTPUT_FAILED = 0 IPWRITE_MTU_FAILED = 0 IPWRITE_ENCAPFIX_FAILED = 0 Netflow Aggregation Enabled Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 46-18 OL-11439-03...
Page 769: Configuring Netflow
NetFlow table to apply QOS policies. The NetFlow Data Export (NDE) feature provides the ability to export the statistics to an external device (called a NetFlow collector). You can configure NetFlow to collect statistics for both routed and bridged traffic. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-1 OL-11439-03...
Page 770: Netflow On The Pisa
The NetFlow table on the PFC3B captures statistics for flows routed in hardware. The PFC3B supports sampled NetFlow and NetFlow aggregation. The PFC3B does not support NetFlow ToS-based router aggregation. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-2 OL-11439-03...
Page 771 IP address, so the NetFlow table can become very large. See the “NetFlow Configuration Guidelines and Restrictions” section on page 47-5 for information about NetFlow table capacity. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-3 OL-11439-03...
Page 772 Pay attention to response messages. If the Feature Manager turns off hardware assist for a feature, • you need to ensure that feature processing does not overload the RP processor. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-4 OL-11439-03...
Page 773: Default Netflow Configuration
Table 47-3 NetFlow Table Utilization Recommended NetFlow Table Utilization Total NetFlow Table Capacity PFC3B 117,760 (115 K) entries 131,072 (128 K) entries Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-5 OL-11439-03...
Page 774: Configuring Netflow On The Pfc3B
When you configure NetFlow for Layer 2 traffic on the PISA, it is enabled automatically on the PFC3B. • When you configure multicast NetFlow on the PISA, it is enabled automatically on the PFC3B. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-6 OL-11439-03...
Page 775 32 to 4092 seconds. Flows can age as much as 4 seconds sooner or later than the configured interval. On average, flows age within 2 seconds of the configured value. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-7...
Page 776 Router# show mls netflow aging This example shows how to display the MLS aging-time configuration: Router# show mls netflow aging enable timeout packet threshold ------ ------- ---------------- Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-8 OL-11439-03...
Page 777 NetFlow for ingress-bridged IP traffic on the PFC3B is enabled when you configure NetFlow for ingress-bridged IP traffic on the PISA. See the “Enabling NetFlow for Ingress-Bridged IP Traffic” section on page 47-11. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-9 OL-11439-03...
Page 778: Configuring Netflow On The Pisa
(for PISA and PFC3B). show ip cache flow aggregation Shows the configuration for NetFlow aggregation. show ip cache verbose flow Shows the configuration for multicast NetFlow. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-10 OL-11439-03...
Page 779 To enable NetFlow for bridged IP traffic on a VLAN, you must create a corresponding VLAN • interface, assign it an IP address, and enter the no shutdown command to bring up the interface. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-11 OL-11439-03...
Page 780 (MDFS). However, this prerequisite does not apply when configuring NetFlow multicast support on the Supervisor Engine 32 PISA. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 47-12 OL-11439-03...
Page 781: Configuring Local Span, Rspan, And Erspan
For complete syntax and usage information for the commands used in this chapter, refer to the Note • Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdr ef.html OSM WAN ports and FlexWAN ports do not support SPAN, RSPAN or ERSPAN.
Page 782 RSPAN source session on one switch, you associate a set of source ports or VLANs with an RSPAN VLAN. To configure an RSPAN destination session on another switch, you associate the destination ports with the RSPAN VLAN. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-2 OL-11439-03...
Page 783 RSPAN VLANs. ERSPAN source sessions do not copy locally sourced ERSPAN GRE-encapsulated traffic from source ports. Each ERSPAN source session can have either ports or VLANs as sources, but not both. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-3 OL-11439-03...
Page 784: Monitored Traffic
SPAN at s1 sends a copy of the packet to SPAN destination d1 and egress SPAN at s2 sends a copy of the packet to SPAN destination d1. If the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-4...
Page 785: Local Span, Rspan, And Erspan Sources
For local SPAN, you can configure per-VLAN filtering on destination trunk ports using allowed VLAN lists (see the “Configuring Destination Trunk Port VLAN Filtering” section on page 48-21). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-5 OL-11439-03...
Page 786: Local Span, Rspan, And Erspan Configuration Guidelines And Restrictions
Guard, UplinkFast, BackboneFast, EtherChannel Guard, Root Guard, Loop Guard) VLAN trunk protocol (VTP) – Dynamic trunking protocol (DTP) – IEEE 802.1Q tunneling – SPAN destination ports can participate in IEEE 802.3Z Flow Control. Note Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-6 OL-11439-03...
Page 787: Local Span, Rspan, And Erspan Session Limits
For local SPAN and RSPAN, you can configure Source VLAN Filtering (see the “Configuring Source VLAN Filtering for Local SPAN and RSPAN” section on page 48-20). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-7 OL-11439-03...
Page 788: Vspan Guidelines And Restrictions
VSPAN only monitors traffic that leaves or enters Layer 2 ports in the VLAN. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-8 OL-11439-03...
Page 789: Rspan Guidelines And Restrictions
ERSPAN Guidelines and Restrictions These are ERSPAN guidelines and restrictions: For ERSPAN packets, the “protocol type” field value in the GRE header is 0x88BE. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-9 OL-11439-03...
Page 790 You configure the same address in both the source and destination sessions with the ip address command. The ERSPAN ID differentiates the ERSPAN traffic arriving at the same destination IP address from • various different ERSPAN source sessions. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-10 OL-11439-03...
Page 791: Configuring Destination Port Permit Lists (Optional)
Router(config)# monitor permit-list destination interface gigabitethernet 5/1-4, gigabitethernet 6/1 This example shows how to verify the configuration: Router(config)# do show monitor permit-list SPAN Permit-list :Admin Enabled Permit-list ports :Gi5/1-4,Gi6/1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-11 OL-11439-03...
Page 792: Configuring Local Span
To tag the monitored traffic as it leaves a destination port, you must configure the destination port to trunk unconditionally before you configure it as a destination (see the “Configuring a Destination Port as an Unconditional Trunk” section on page 48-21). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-12 OL-11439-03...
Page 793: Configuring Rspan
Configures the VLAN as an RSPAN VLAN. Router(config-vlan)# remote-span Clears the RSPAN VLAN configuration. Router(config-vlan)# no remote-span Step 4 Updates the VLAN database and returns to privileged Router(config-vlan)# end EXEC mode. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-13 OL-11439-03...
Page 794 In the no monitor session range command, do not enter spaces before or after the dash. If Note you enter multiple ranges, do not enter spaces before or after the commas. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-14 OL-11439-03...
Page 795 In lists, you must enter a space before and after the comma. In ranges, you must enter a space Note before and after the dash. interface_range is interface type slot/first_port - last_port. • mixed_interface_list is, in any order, single_interface , interface_range , ... • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-15 OL-11439-03...
Page 796: Configuring Erspan
| both]} Step 6 (Optional) Configures source VLAN filtering when Router(config-mon-erspan-src)# filter single_vlan | vlan_list | vlan_range | mixed_vlan_list the ERSPAN source is a trunk port. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-16 OL-11439-03...
Page 797 , interface_range , ... • single_vlan is the ID number of a single VLAN. • vlan_list is single_vlan , single_vlan , single_vlan ... • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-17 OL-11439-03...
Page 798 Clears the monitor configuration. Router(config)# no monitor session {session_number | all | range session_range[[,session_range],...]} Step 3 (Optional) Describes the ERSPAN destination session. Router(config-mon-erspan-dst)# description session_description Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-18 OL-11439-03...
Page 799 You must also change all ERSPAN source session destination IP addresses (see the Note “Configuring ERSPAN Source Sessions” section on page 48-16, Step ERSPAN_flow_id can range from 1 to 1023. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-19 OL-11439-03...
Page 800: Configuring Source Vlan Filtering For Local Span And Rspan
This example shows how to monitor VLANs 1 through 5 and VLAN 9 when the source is a trunk port: Router(config)# monitor session 2 filter vlan 1 - 5 , 9 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-20...
Page 801: Configuring A Destination Port As An Unconditional Trunk
Configures the list of VLANs allowed on the trunk. Router(config-if)# switchport trunk allowed vlan {add | except | none | remove} vlan [,vlan[,vlan[,...]] type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-21 OL-11439-03...
Page 802 13 switchport mode trunk switchport nonegotiate monitor session 1 source vlan 10 - 13 monitor session 1 destination interface Gi1/1 – 4 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-22 OL-11439-03...
Page 803: Verifying The Configuration
This example shows how to remove options for sources for a session: Router(config)# no monitor session 2 source interface gigabitethernet 1/2 Router(config)# no monitor session 2 source interface port-channel 102 tx Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-23 OL-11439-03...
Page 804 32.1.1.1 This example shows the configuration of ERSPAN destination session 13: monitor session 13 type erspan-destination destination interface Gi6/1 source erspan-id 130 ip address 10.11.1.1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 48-24 OL-11439-03...
Page 805: Configuring Snmp Ifindex Persistence
For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding SNMP IfIndex Persistence, page 49-1 •...
Page 806: Enabling Snmp Ifindex Persistence Globally
To enable SNMP ifIndex persistence only on a specific interface, perform this task: Command Purpose Step 1 Selects an interface to configure. Router(config)# interface {vlan vlan_ID} | {type slot/port} | {port-channel port_channel_number} Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 49-2 OL-11439-03...
Page 807: Clearing Snmp Ifindex Persistence Configuration From A Specific Interface
Ethernet interface 3/1. If SNMP ifIndex persistence is globally disabled, SNMP ifIndex persistence will be disabled for Ethernet interface 3/1. router(config)# interface ethernet 3/1 router(config-if)# snmp ifindex clear router(config-if)# exit Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 49-3 OL-11439-03...
Page 808 Chapter 49 Configuring SNMP IfIndex Persistence Configuring SNMP IfIndex Persistence Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 49-4 OL-11439-03...
Page 809: Power Management And Environmental Monitoring
Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How Power Management Works, page 50-1 •...
Page 810: Enabling Or Disabling Power Redundancy
• System power equals the power capability of one supply. • No change in module status because the power capability is unchanged. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-2 OL-11439-03...
Page 811: Powering Modules Off And On
Router(config)# no power enable module slot_number Note When you enter the no power enable module slot command to power down a module, the module’s configuration is not saved. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-3 OL-11439-03...
Page 812: Viewing System Power Status
2 power-input 2: AC low<<< new power-supply 2 power-input 3: AC high<<< new power-supply 2 power-output: low (mode 1)<<< high for highest mode only power-supply 2 power-output-fail: OK Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-4 OL-11439-03...
Page 813: Power Cycling Modules
1300 W power supplies, you might have configuration limitations depending on the size of chassis and type of modules installed. For information about power consumption, refer to the Release Notes for Cisco IOS Release 12.2ZY on the Supervisor Engine 32 PISA publication at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/release/notes/ol_13011.html...
Page 814 Usage: Module Device Bytes: Total Used %Used bootflash: 31981568 15688048 disk0: 128577536 105621504 sup-bootflash: 31981568 29700644 const_nvram: 129004 nvram: 391160 22065 dfc#7-bootflash: 15204352 616540 dfc#8-bootflash: 15204352 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-6 OL-11439-03...
Page 815 Lbl-in - ingress label, Lbl-eg - egress label, LOUsrc - LOU source, LOUdst - LOU destination, ADJ - ACL adjacency Module ACLent ACLmsk QoSent QoSmsk Lbl-in Lbl-eg LOUsrc LOUdst AND OR 0% 0% Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-7 OL-11439-03...
Page 816 Catalyst 6500 series switch. Router# show platform hardware capacity qos QoS Policer Resources Aggregate policers: Module Total Used %Used 1024 1024 Microflow policer configurations: Module Total Used %Used Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-8 OL-11439-03...
Page 817: Determining Sensor Temperature Threshold
(sensor value > 60) is system minor alarm threshold #2 for module 1 device-1 temperature: (sensor value > 70) is system major alarm module 1 device-2 temperature: 29C Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-9 OL-11439-03...
Page 818: Understanding How Environmental Monitoring Works
To view the system status information, enter the show environment command: Router# show environment environmental alarms: no alarms Router# show environment alarm environmental alarms: no alarms Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-10 OL-11439-03...
Page 819 4 outlet temperature: 32C module 4 inlet temperature: 32C module 5: module 5 power-output-fail: OK module 5 outlet temperature: 39C module 5 inlet temperature: 34C Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-11 OL-11439-03...
Page 820: Understanding Led Environmental Indications
5 minutes. Minor STATUS LED orange Monitors the condition if a minor alarm is generated. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-12 OL-11439-03...
Page 821 3. The STATUS LED is red on the failed supervisor engine. If there is no redundant supervisor, the SYSTEM LED is red also. 4. See the “Understanding How Power Management Works” section on page 50-1 for instructions. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-13 OL-11439-03...
Page 822 Chapter 50 Power Management and Environmental Monitoring Understanding How Environmental Monitoring Works Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 50-14 OL-11439-03...
Page 823: Configuring Online Diagnostics
This chapter describes how to configure the online diagnostics on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding How Online Diagnostics Work, page 51-1 •...
Page 824: Setting Bootup Online Diagnostics Level
This example shows how to set the bootup online diagnostic level: Router(config)# diagnostic bootup level complete Router(config)# This example shows how to display the bootup online diagnostic level: Router(config)# do show diagnostic bootup level Router(config)# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-2 OL-11439-03...
Page 825: Configuring On-Demand Online Diagnostics
The EOBC connection is disrupted during this test and will cause the health-monitoring tests to fail and take recovery action. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-3...
Page 826: Scheduling Online Diagnostics
You can schedule tests to run only once or to repeat at an interval. Use the no form of this command to remove the scheduling. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-4...
Page 827: Configuring Health-Monitoring Diagnostics
This example shows how to run the test on the specified module if health monitoring has not previously been enabled: Router(config)# diagnostic monitor module 1 test 1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-5 OL-11439-03...
Page 828: Running Online Diagnostic Tests
Displaying Online Diagnostic Tests and Test Results You can display the online diagnostic tests that are configured for specific modules and check the results of the tests using the show commands. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-6 OL-11439-03...
Page 829 29) TestFabricSnakeForward ----------> M**N****I** not configured 30) TestFabricSnakeBackward ---------> M**N****I** not configured 31) TestFibTcamSSRAM ----------------> ***D****IR* not configured 32) ScheduleSwitchover --------------> ***D****I** not configured Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-7 OL-11439-03...
Page 830 21) TestIPv6FibShortcut -------------> . 22) TestMPLSFibShortcut -------------> . 23) TestNATFibShortcut --------------> . 24) TestAclPermit -------------------> . 25) TestAclDeny ---------------------> . 26) TestQoSTcam ---------------------> . 27) TestNetflowInlineRewrite: Port ---------- Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-8 OL-11439-03...
Page 831 First test failure time -----> n/a Last test failure time ------> n/a Last test pass time ---------> n/a Total failure count ---------> 0 Consecutive failure count ---> 0 ________________________________________________________________________ Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-9 OL-11439-03...
Page 832: Schedule Switchover
– mode. Turn off all background health-monitoring tests on the supervisor engine and switching modules using Note the no diagnostic monitor module num test all command. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 51-10 OL-11439-03...
Page 833: Using Top-N Reports
This chapter describes how to use Top-N reports on the Catalyst 6500 series switches. Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY, at this URL: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.h This chapter consists of these sections: Understanding Top-N Reports, page 52-1 •...
Page 834: Understanding Top-N Reports Operation
These sections describe how to use Top-N reports: Enabling Top-N Reports Creation, page 52-3 • Displaying Top-N Reports, page 52-3 • Clearing Top-N Reports, page 52-4 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 52-2 OL-11439-03...
Page 835: Enabling Top-N Reports Creation
If a port’s type changes from Layer 2 to Layer 3 during the polling interval. • If a port’s type changes from Layer 3 to Layer 2 during the polling interval. • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 52-3 OL-11439-03...
Page 836: Clearing Top-N Reports
This example shows how to remove a report number 4: Router# clear top counters interface report 4 04:52:12: %TOPN_COUNTERS-5-KILLED: TopN report 4 killed by the console Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 52-4 OL-11439-03...
Page 837: Using The Layer 2 Traceroute Utility
Usage Guidelines When using the Layer 2 traceroute utility, follow these guidelines: Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For the Layer 2 • traceroute utility to function properly, do not disable CDP. If any devices in the Layer 2 path are transparent to CDP, the Layer 2 traceroute utility cannot identify these devices on the path.
Page 838: Using The Layer 2 Traceroute Utility
[vlan vlan_id] [detail] Uses IP addresses to trace the path that packets take through Router# traceroute mac ip {source_ip_address | source_hostname} {destination_ip_address | the network. destination_hostname} [detail] Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 53-2 OL-11439-03...
Page 839 Po110 [auto, auto] => Po120 [auto, auto] 4 AGNI / WS-C6509 / 2.1.1.11 : Po120 [auto, auto] => Gi8/12 [full, 1000M] Destination 0001.0000.0304 found on AGNI[WS-C6509] (2.1.1.11) Layer 2 trace completed. Router# Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 53-3 OL-11439-03...
Page 840 Chapter 53 Using the Layer 2 Traceroute Utility Using the Layer 2 Traceroute Utility Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY 53-4 OL-11439-03...
Page 841: Global Health-Monitoring Tests
Layer 2 forwarding engine, the Layer 3 and 4 forwarding engine, and the replication engine on the path from the switch processor to the route Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 842: Appendix A Online Diagnostic Test
Do not disable. Test is automatically disabled during Recommendation CPU-usage spikes in order to maintain accuracy. Default Release 12.2(18)ZY2. Corrective action Reset the active supervisor engine. Hardware support Active and standby supervisor engine. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 843: Testscratchregister
The ports in the test port group are tested in parallel. Table A-4 TestNonDisruptiveLoopback Test Attributes Attribute Description Disruptive/Nondisruptive Nondisruptive. Recommendation Do not disable. Default Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 844: Testloopback
Disruptive for looped-back ports. Disruption is typically less than one second. Duration of the disruption depends on the configuration of loopback port (for example, Spanning Tree Disruptive/Nondisruptive Protocol.). Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 845: Testtransceiverintegrity
This test runs by default during bootup or after a reset or OIR. Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support All modules including supervisor engines. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 846: Pfc Layer 2 Forwarding Engine Tests
This test runs by default during bootup or after a reset or OIR. Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support Supervisor engines only. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 847: Testdontconditionallearn
Layer 2 forwarding engine. The BPDU feature is verified during the diagnostic packet lookup by the Layer 2 forwarding engine. Table A-11 TestBadBpduTrap Test Attributes Attribute Description Disruptive/Nondisruptive Disruptive. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 848: Testmatchcapture
This test runs by default during bootup or after a reset or OIR. Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support Supervisor engines only. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 849: Teststaticentry
TestIPv6FibShortcut, page A-11 • TestMPLSFibShortcut, page A-11 • TestNATFibShortcut, page A-12 • • TestL3Capture2, page A-12 • TestAclPermit, page A-13 • TestAclDeny, page A-13 TestQoS, page A-14 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 850: Testfibdevices
This test runs by default during bootup or after a reset or OIR. Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support Supervisor engines. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-10 OL-11439-03...
Page 851: Testipv6Fibshortcut
This test runs by default during bootup or after a reset or OIR. Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support Supervisor engines. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-11 OL-11439-03...
Page 852: Testnatfibshortcut
This test runs by default during bootup or after a reset or OIR. Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support Supervisor engines. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-12 OL-11439-03...
Page 853: Testaclpermit
Table A-21 TestACLDeny Test Attributes Attribute Description Disruptive/Nondisruptive Disruptive. Recommendation Do not disable. Default Release 12.2(18)ZY. Corrective action Automatic ASIC reset for recovery. Hardware support Supervisor engines. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-13 OL-11439-03...
Page 854: Testnetflowshortcut
Supervisor engines and DFC-enabled modules. Replication Engine Tests These are the Replication Engine tests: TestL3VlanMet, page A-15 • TestIngressSpan, page A-15 • TestEgressSpan, page A-16 • Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-14 OL-11439-03...
Page 855: Testl3Vlanmet
This test runs by default during bootup or after a reset or OIR. Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support Supervisor engines and WS-65xx and WS-67xx modules. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-15 OL-11439-03...
Page 856: Testegressspan
The TestFibTcamSSRAM test checks the FIB TCAM and Layer 3 Adjacency SSRAM memory. Table A-27 TestFibTcamSSRAM Test Attributes Attribute Description Disruptive/Nondisruptive Disruptive. Disruption is several hours. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-16 OL-11439-03...
Page 857: Testasicmemory
Do not run any traffic in the background on the module that you are testing. The supervisor engine must be rebooted after running Recommendation this test. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-17 OL-11439-03...
Page 858: Testnetflowtcam
The supervisor engine must be rebooted after running Recommendation this test. Default Off. Release 12.2(18)ZY. Corrective action Not applicable. Hardware support All modules including supervisor engines. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-18 OL-11439-03...
Page 859: Ipsec Services Modules Tests
Run this test on-demand. This test cannot be run from Recommendation on-demand CLI. Default Release 12.2(18)ZY. Corrective action None. See the system message guide for more information. Hardware support VPN service module. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-19 OL-11439-03...
Page 860: Testipsecencryptdecryptpkt
Disruptive. Disruption is several minutes. Use this test to qualify hardware before installing it in your Recommendation network. Default Off. Release 12.2(18)ZY. Corrective action Not applicable. Hardware support PFC3. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-20 OL-11439-03...
Page 861: Testeobcstressping
(for example, Spanning Tree Protocol). Disruptive/Nondisruptive Forwarding and port functions are disrupted during the test. Recommendation Do not disable. Default Release 12.2(18)ZY. Corrective action Not applicable. Hardware support DFC-equipped modules Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-21 OL-11439-03...
Page 862: General Tests
This test runs by default during bootup or after a reset or OIR Release 12.2(18)ZY Corrective action None. See the system message guide. Hardware support All modules, including supervisor engines. Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY A-22 OL-11439-03...
Page 863 Bisync BSTUN Block Serial Tunnel broadcast and unknown server bridge-group virtual interface content-addressable memory committed access rate circuit card assembly Cisco Discovery Protocol Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 864: Appendix B Acronym
802.1Q DRAM dynamic RAM DRiP Dual Ring Protocol DSAP destination service access point DSCP differentiated services code point DSPU downstream SNA Physical Units Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 865 Intrusion Detection System Module IOS File System IGMP Internet Group Management Protocol IGRP Interior Gateway Routing Protocol ILMI Integrated Local Management Interface Internet Protocol interprocessor communication Internetwork Packet Exchange Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 866 MSDP Multicast Source Discovery Protocol multiple spanning tree maximum transmission unit MVAP multiple VLAN access port Network Analysis Module Name Binding Protocol NCIA Native Client Interface Architecture Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 867 Programmable Intelligent Services Accelerator Point-to-Point Protocol PRID Policy Rule Identifiers PVST+ Per VLAN Spanning Tree+ QoS device manager QoS manager quality of service RACL router interface access control list Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 868 MAC filter Standby Monitor Present SMRP Simple Multicast Routing Protocol Station Management SNAP Subnetwork Access Protocol SNMP Simple Network Management Protocol single router mode stateful switchover Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 869 VLAN Membership Policy Server virtual private network VPN routing and forwarding VLAN Trunking Protocol VVID voice VLAN ID wide area network WCCP Web Cache Communications Protocol weighted fair queueing Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 870 Appendix B Acronyms Table B-1 List of Acronyms (continued) Acronym Expansion WRED weighted random early detection weighted round-robin Xerox Network System Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY OL-11439-03...
Page 871 Authentication, Authorization, and Accounting 31-2 access port, configuring See AAA 8-14 ACEs and ACLs Authentication, Authorization, and Accounting 30-1, 31-1, 33-1 (AAA) 33-1 acronyms, list of A-1, B-1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-1 OL-11439-03...
Page 872 30-2 see BPDUs CiscoView bridging 19-2 CIST regional root broadcast storms See MSTP see traffic-storm control CIST root See MSTP class command 38-61 class-map command 38-53 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-2 OL-11439-03...
Page 873 ACLs 3-21 33-24 configuration example sample classes 33-22 EoMPLS port mode copy running-config startup-config command 21-17, 21-20 3-11 EoMPLS VLAN mode copy system 21-17 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-3 OL-11439-03...
Page 874 See DHCP snooping binding database configuring uniform mode 39-39 DHCP option 82 short pipe mode 39-31 circuit ID suboption 34-4 uniform mode 39-32 configuration guidelines 34-6 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-4 OL-11439-03...
Page 875 33-3 35-16 uRPF failure rate limiters configuring 33-7 35-13, 35-14 VACL log rate limiters 33-9 displaying 35-16 logging of dropped packets, described 35-4 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-5 OL-11439-03...
Page 876 CLI commands 50-10 command 10-10 environment variables command example 10-11 CONFIG_FILE 3-25 10-4 controlling 3-25 switchport trunk encapsulation dot1q 10-5 viewing 3-25 understanding 10-1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-6 OL-11439-03...
Page 877 3-24 MSTP 17-45 security precautions 3-24 hello time, STP 17-34 write protection 3-24 High Capacity Power Supply Support 50-4 Flex Links history configuration guidelines Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-7 OL-11439-03...
Page 878 4-4, 4-5, 7-4 leaving multicast group 27-4 interfaces range macro command understanding 27-2 Interior Gateway Routing Protocol snooping querier See IGRP, configuring enabling 27-8 Internet Group Management Protocol Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-8 OL-11439-03...
Page 879 7-10 completely and partially switched 25-3 Layer 3 MLS cache 25-2 overview 25-2 packet rewrite 25-3 keyboard shortcuts router displaying interface information 25-14 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-9 OL-11439-03...
Page 880 53-1 MSTP 17-47 Layer 3 maximum aging time, STP 17-35 IP MMLS and MLS cache 25-2 maximum hop count, MSTP 17-47 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-10 OL-11439-03...
Page 881 46-16 39-3 configuring a protocol flow filter 46-17 IP Precedence 39-2 mls nde sender command QoS Tags 46-11 39-2 monitoring queueing-only mode 39-19 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-11 OL-11439-03...
Page 882 RGMP 17-49 29-1 enabling the mode 17-38 multicast, displaying routing table 25-16 extended system ID multicast flood blocking 37-1 effects on root switch multicast groups 17-40 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-12 OL-11439-03...
Page 883 See system image 46-17 NDE configuration, default out of profile 46-10 NDE version 8 46-3 see QoS out of profile Netflow Multiple Export Destinations 46-14 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-13 OL-11439-03...
Page 884 42-13 VPN supported commands 21-11 switch-to-client frame-retransmission VPN switching 21-9 number 42-14 PIM, IP MMLS and 25-9 switch-to-client retransmission time 42-12 PIM snooping default configuration 42-5 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-14 OL-11439-03...
Page 885 PortFast community VLANs 13-2, 13-3 See STP PortFast configuration guidelines 13-7, 13-9, 13-11 PortFast BPDU filtering configuring 13-11 See STP PortFast BPDU filtering host ports 13-14 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-15 OL-11439-03...
Page 886 DSCP mutation 38-68, 39-29 See private VLANs DSCP values to CoS values 38-75 PVRST IP precedence values to DSCP values 38-73 See Rapid-PVST 17-17 QoS markdown 38-19 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-16 OL-11439-03...
Page 887 38-90, 38-91 configuring supervisor engine QoS transmit queues 38-22, 38-85, 38-86 routing protocols QoS trust-cos redundancy (RPR) port keyword 38-14 configuring QoS trust-dscp configuring supervisor engine Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-17 OL-11439-03...
Page 888 25-5 security unicast 30-2 configuring 30-1, 31-1, 33-1 security, port 43-1 See redundancy (RPR) security precautions with Flash memory card 3-24 RSTP serial interfaces Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-18 OL-11439-03...
Page 889 IP MMLS interfaces 25-14 25-9 show ip mroute command SPAN displaying IP multicast routing table 25-16 configuration guidelines 48-6 show ip pim interface command configuring 48-11 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-19 OL-11439-03...
Page 890 17-36 17-10 spanning-tree vlan port-priority forwarding state 17-9 command 17-30 learning state 17-8 command example listening state 17-31 17-7 spanning-tree vlan priority overview 17-2 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-20 OL-11439-03...
Page 891 18-12 command example 18-12, 18-13 switchport trunk encapsulation negotiate understanding default 18-3 subdomains, private VLAN switchport trunk native vlan 13-2 8-10 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-21 OL-11439-03...
Page 892 MAC addresses and VLANs configuration 53-2 20-3 multicast traffic 53-2 overview 20-2 multiple devices on a port UDE and UDLR 53-2 20-1 unicast traffic UDLD 53-1 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-22 OL-11439-03...
Page 893 21-16 see QoS untrusted VLANs upgrade guidelines 21-15 allowed on trunk 8-11 UplinkFast configuration guidelines 12-8 See STP UplinkFast configuration options 25-9 global configuration mode 12-9 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-23 OL-11439-03...
Page 894 IP phone 14-6 default configuration 14-5 overview 14-1 xconnect command 21-15 configuration example 21-12 guidelines and restrictions 21-11 advertisements 11-3 client, configuring 11-8 Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY IN-24 OL-11439-03...

This manual is also suitable for:

Catalyst supervisor engine 32 pisa

Cisco WS-SUP32-GE-3B - Supervisor Engine 32 Software Configuration Manual

Product Overview

Command-Line Interfaces

Configuring the Switch for the First Time

Configuring a Supervisor Engine 32 PISA

Configuring NSF with SSO Supervisor Engine Redundancy

Configuring RPR Supervisor Engine Redundancy

Configuring Interfaces

Configuring LAN Ports for Layer 2 Switching

Configuring Flex Links

Configuring Etherchannels

Configuring VTP

Configuring Private Vlans

Configuring IEEE 802.1Q Tunneling

Configuring Layer 2 Protocol Tunneling

Configuring Optional STP Features

Quick Links

Related Manuals for Cisco WS-SUP32-GE-3B - Supervisor Engine 32

Summary of Contents for Cisco WS-SUP32-GE-3B - Supervisor Engine 32