Page 1 IPv6 Multicast BSR and BSR Scoped Zone Support IPv6 Multicast Listen Discovery (MLD) and Multicast Listen Discovery Snooping Jumbo Frames Link Aggregation Control Protocol Cisco IOS XE IP Application Services Features in Cisco IOS XE 3.1.0SG Link Layer Discovery Protocol Link State Tracking Location Service...
Page 2: Table Of Contents
GLBP 1-15 Cisco IOS XE IP Application Services Features in Cisco IOS XE 3.1.0SG 1-15 HSRP 1-16 Cisco IOS XE IP Application Services: HSRP Features in Cisco IOS XE 3.1.0SG 1-16 SSO Aware HSRP 1-16 IP Routing Protocols 1-17 1-17...
Page 3 Security Features 1-33 802.1X Identity-Based Network Security 1-34 Cisco TrustSec MACsec Encryption 1-35 Cisco TrustSec Security Architecture 1-36 Cisco TrustSec Security Groups, SGTs and SGACLs 1-36 Dynamic ARP Inspection 1-37 Dynamic Host Configuration Protocol Snooping 1-37 Flood Blocking 1-37 Hardware-Based Control Plane Policing 1-37 Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 4 1-43 Debugging Features 1-43 Web-based Authentication 1-43 New and Modified IOS Software Features Supported in Cisco IOS 15.2(1)E and Cisco IOS XE 3.5.0E 1-44 Command-Line Interfaces Accessing the Switch CLI Accessing the CLI Using the EIA/TIA-232 Console Interface Accessing the CLI Through Telnet...
Page 5 Contents Configuring the Relay Device Obtaining Configuration Files Example Configuration Configuring the Switch Using Configuration Mode to Configure Your Switch Verifying the Running Configuration Settings Saving the Running Configuration Settings to Your Start-Up File 3-10 Reviewing the Configuration in NVRAM 3-10 Configuring a Default Gateway 3-11...
Page 6 Contents Resetting a Switch to Factory Default Settings 3-32 Administering the Switch Managing the System Time and Date System Clock Understanding Network Time Protocol Configuring NTP Default NTP Configuration Configuring NTP Authentication Configuring NTP Associations Configuring NTP Broadcast Service Configuring NTP Access Restrictions Configuring the Source IP Address for NTP Packets 4-10 Displaying the NTP Configuration...
Page 7 Contents Default MAC Address Table Configuration 4-30 Changing the Address Aging Time 4-30 Removing Dynamic Address Entries 4-31 Configuring MAC Change Notification Traps 4-31 Configuring MAC Move Notification Traps 4-33 Configuring MAC Threshold Notification Traps 4-35 Adding and Removing Static Address Entries 4-36 Configuring Unicast MAC Address Filtering 4-37...
Page 8 Contents Traffic on the VSL 5-16 Layer 2 Protocols 5-17 Layer 3 Protocols 5-18 System Monitoring 5-20 Environmental Monitoring 5-20 File System Access 5-20 Diagnostics 5-21 Network Management 5-21 Dual-Active Detection 5-23 Dual-Active Detection Using Enhanced PAgP 5-23 Dual-Active Detection Using Fast-Hello 5-24 Recovery Actions 5-24...
Page 9 Configuring the Rollback Timer to Safeguard Against Upgrade Issues 5-77 The ISSU Compatibility Matrix 5-79 License Upgrade on a VSS 5-81 Configuring the Cisco IOS In-Service Software Upgrade Process Prerequisites to Performing ISSU About ISSU Stateful Switchover Overview NSF Overview ISSU Process Overview...
Page 10 Compatibility Verification Using Cisco Feature Navigator 6-15 Performing the ISSU Process 6-15 Upgrading ISSU to Cisco IOS XE 3.4.0SG/15.1(2)SG from a Prior Release 6-16 Downgrading ISSU from Cisco IOS XE 3.4.0SG/15.1(2)SG to a Prior Release 6-17 Verifying the ISSU Software Installation...
Page 11 Switching to the Standby Supervisor Engine 7-23 Stopping the ISSU Rollback Timer (Optional) 7-25 Loading New Cisco IOS XE Software on the New Standby Supervisor Engine 7-26 Using changeversion to Automate an ISSU Upgrade 7-28 Aborting a Software Upgrade During ISSU...
Page 12 Contents Support for WS-X46490-CSFP-E on a 10-slot Chassis 8-17 Selecting the Uplink Port on a Supervisor Engine 7L-E 8-18 Single Supervisor Mode 8-18 Redundant Supervisor Mode 8-19 Digital Optical Monitoring Transceiver Support 8-19 Configuring Optional Interface Features 8-20 Configuring Ethernet Interface Speed and Duplex Mode 8-20 Speed and Duplex Mode Configuration Guidelines 8-20...
Page 13 Contents Checking Interfaces Status Displaying MAC Addresses Checking Cable Status Using Time Domain Reflectometer Overview Running the TDR Test TDR Guidelines Using Telnet Changing the Logout Timer Monitoring User Sessions Using Ping Understanding How Ping Works Running Ping Using IP Traceroute Understanding How IP Traceroute Works Running IP Traceroute Using Layer 2 Traceroute...
Page 14 Performing a Manual Switchover 11-12 Performing a Software Upgrade 11-12 Manipulating Bootflash on the Standby Supervisor Engine 11-14 Configuring Cisco NSF with SSO Supervisor Engine Redundancy 12-1 About NSF with SSO Supervisor Engine Redundancy 12-1 About Cisco IOS NSF-Aware and NSF-Capable Support 12-2...
Page 15 Selecting a Power Management Mode 13-10 Power Management Limitations in Catalyst 4500 Series Switches 13-10 Available Power for Catalyst 4500 Series Switches Power Supplies 13-14 Special Considerations for the 4200 W AC and 6000 W AC Power Supplies 13-15 Combined Mode Power Resiliency...
Page 16 Displaying Power Policing on an Interface 14-14 Configuring Errdisable Recovery 14-14 Enhanced Power PoE Support on the E-Series Chassis 14-15 Configuring Universal PoE 14-16 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant 15-1 About Network Assistant 15-2 Community Overview 15-2 Clustering Overview 15-2...
Page 17 Contents Configuring Network Assistant in a Networked Switch in Cluster Mode 15-17 Configuring VLANs, VTP, and VMPS 16-1 VLANs 16-1 About VLANs 16-1 VLAN Configuration Guidelines and Restrictions 16-3 VLAN Ranges 16-3 Configurable Normal-Range VLAN Parameters 16-4 VLAN Default Configuration 16-4 Configuring VLANs 16-5...
Page 18 About SmartPort Macros and Static SmartPort 19-1 Configuring SmartPort Macros 19-2 Passing Parameters Through the Macro 19-3 Macro Parameter Help 19-3 Default SmartPort Macro Configuration 19-4 cisco-global 19-4 cisco-desktop 19-4 cisco-phone 19-5 Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E OL-30933-01...
Page 19 Configuring Static SmartPort Macros 19-13 Default Static SmartPort Configuration 19-13 Static SmartPort Configuration Guidelines 19-14 Applying Static SmartPort Macros 19-14 Configuring Cisco IOS Auto Smartport Macros 20-1 About Auto Smartport Macros 20-1 Device Classifier 20-2 Device Visibility Mode 20-3 Configuring Auto Smartport Macros...
Page 20 Contents STP Timers 21-4 Creating the STP Topology 21-5 STP Port States 21-5 MAC Address Allocation 21-6 STP and IEEE 802.1Q Trunks 21-6 Per-VLAN Rapid Spanning Tree 21-6 Default STP Configuration 21-7 Configuring STP 21-7 Enabling STP 21-8 Enabling the Extended System ID 21-9 Configuring the Root Bridge 21-9...
Page 21 Contents MST Configuration Restrictions and Guidelines 21-29 Configuring MST 21-29 Enabling MST 21-29 Configuring MST Instance Parameters 21-31 Configuring MST Instance Port Parameters 21-32 Restarting Protocol Migration 21-33 Displaying MST Configurations 21-33 Configuring Flex Links and MAC Address-Table Move Update 22-1 About Flex Links 22-1...
Page 22 Contents Setting Manual Preemption for VLAN Load Balancing 23-13 Configuring SNMP Traps for REP 23-14 Monitoring REP 23-14 Configuring Optional STP Features 24-1 About Root Guard 24-2 Enabling Root Guard 24-2 About Loop Guard 24-3 Enabling Loop Guard 24-4 About EtherChannel Guard 24-6 Enabling EtherChannel Guard (Optional) 24-6...
Page 23 Contents Configuring the LACP System Priority and System ID 25-13 Configuring EtherChannel Load Balancing 25-14 Removing an Interface from an EtherChannel 25-15 Removing an EtherChannel 25-15 Displaying EtherChannel to a Virtual Switch System 25-16 Understanding VSS Client 25-16 Virtual Switch System 25-16 Dual-Active Scenarios 25-16...
Page 24 Contents Displaying IGMP Snooping Information 26-14 Displaying Querier Information 26-15 Displaying IGMP Host Membership Information 26-15 Displaying Group Information 26-16 Displaying Multicast Router Interfaces 26-17 Displaying MAC Address Multicast Entries 26-18 Displaying IGMP Snooping Information on a VLAN Interface 26-18 Displaying IGMP Snooping Querier Information 26-19 Understanding Multicast VLAN Registration...
Page 25 Contents Enabling MLD Immediate Leave 27-8 Configuring MLD Snooping Queries 27-9 Disabling MLD Listener Message Suppression 27-10 Displaying MLD Snooping Information 27-10 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling 28-1 About 802.1Q Tunneling 28-2 Configuring 802.1Q Tunneling 28-3 802.1Q Tunneling Configuration Guidelines 28-3...
Page 26 Configuring LLDP Power Negotiation 30-11 Configuring Location TLV and Location Service 30-12 Monitoring and Maintaining LLDP, LLDP-MED, and Location Service 30-14 Cisco IOS Carries Ethernet Features in Cisco IOS XE 3.1.0SG 30-15 Configuring UDLD 31-1 About UDLD 31-1 UDLD Topology...
Page 27 Adjacency Tables 34-2 Adjacency Discovery 34-2 Adjacency Resolution 34-2 Adjacency Types That Require Special Handling 34-3 Unresolved Adjacency 34-3 Catalyst 4500 Series Switch Implementation of CEF 34-3 Hardware and Software Switching 34-4 Hardware Switching 34-5 Software Switching 34-5 Load Balancing 34-6...
Page 28 Internet Group Management Protocol 36-3 Protocol-Independent Multicast 36-3 Rendezvous Point (RP) 36-4 IGMP Snooping 36-4 IP Multicast Implementation on the Catalyst 4500 Series Switch 36-4 Restrictions on IP Multicast 36-5 CEF, MFIB, and Layer 2 Forwarding 36-6 IP Multicast Tables 36-7 Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 29 Contents Hardware and Software Forwarding 36-9 Non-Reverse Path Forwarding Traffic 36-10 Multicast Fast Drop 36-11 Multicast Forwarding Information Base 36-12 S/M, 224/4 36-13 Multicast HA 36-13 Configuring IP Multicast Routing 36-13 Default Configuration in IP Multicast Routing 36-13 Enabling IP Multicast Routing 36-14 Enabling PIM on an Interface 36-14...
Page 30 Contents ANCP Guidelines and Restrictions 37-5 Configuring Bidirection Forwarding Detection 38-1 Finding Feature Information 38-1 Contents 38-1 Prerequisites for Bidirectional Forwarding Detection 38-2 Restrictions for Bidirectional Forwarding Detection 38-2 Information About Bidirectional Forwarding Detection 38-3 BFD Operation 38-3 Neighbor Relationships 38-3 BFD Detection of Failures 38-4...
Page 31 Contents Standards 38-28 MIBs 38-29 RFCs 38-29 Technical Assistance 38-29 Configuring Policy-Based Routing 39-1 About Policy-Based Routing 39-1 About PBR 39-2 Understanding Route-Maps 39-2 Using Policy-Based Routing 39-5 Policy-Based Routing Configuration Tasks 39-6 Enabling IPv4 PBR 39-6 Enabling IPv6 PBR 39-9 Enabling Local PBR 39-11...
Page 32 Contents Configuring VRF-lite for IPv6 40-15 Configuring VRF-Aware Services 40-15 Configuring the User Interface for ARP 40-15 Configuring the User Interface for PING 40-15 Configuring the User Interface for uRPF 40-16 Configuring the User Interface for Traceroute 40-16 Configuring the User Interface for FTP and TFTP 40-16 Configuring the User Interface for Telnet and SSH 40-17...
Page 33 Contents MQC-based QoS Configuration 41-13 Platform-supported Classification Criteria and QoS Features 41-14 Platform Hardware Capabilities 41-15 Prerequisites for Applying a QoS Service Policy 41-15 Restrictions for Applying a QoS Service Policy 41-15 Classification 41-16 Classification Statistics 41-16 Configuring a Policy Map 41-16 Attaching a Policy Map to an Interface 41-17...
Page 34 Contents Platform Hardware Capabilities 41-49 Prerequisites for Applying a QoS Service Policy 41-49 Restrictions for Applying a QoS Service Policy 41-50 Classification 41-50 Classification Statistics 41-50 Configuring a Policy Map 41-50 Attaching a Policy Map to an Interface 41-51 Policing 41-51 How to Implement Policing 41-52...
Page 35 Cisco IP Phone Voice Traffic 42-2 Cisco IP Phone Data Traffic 42-2 Configuring a Port to Connect to a Cisco 7960 IP Phone 42-3 Configuring Voice Ports for Voice and Data Traffic 42-3 Overriding the CoS Priority of Incoming Frames...
Page 36 Configuring Cisco TrustSec MACsec 44-10 Configuring Cisco TrustSec Credentials on the Switch 44-10 Configuring Cisco TrustSec Switch-to-Switch Link Security in 802.1X Mode 44-11 Configuring Cisco TrustSec Switch-to-Switch Link Security in Manual Mode 44-12 Cisco TrustSec Switch-to-Switch Link Security Configuration Example 44-14 Configuring 802.1X Port-Based Authentication...
Page 37 Usage Guidelines for Using Authentication Failed VLAN Assignment 45-18 Using 802.1X with Port Security 45-19 Using 802.1X Authentication with ACL Assignments and Redirect URLs 45-20 Cisco Secure ACS and AV Pairs for URL-Redirect 45-20 ACLs 45-21 Using 802.1X with RADIUS-Provided Session Timeouts 45-21 Using 802.1X with Voice VLAN Ports...
Page 38 Configuring 802.1X with Authentication Failed 45-70 Configuring 802.1X with Voice VLAN 45-72 Configuring Voice Aware 802.1x Security 45-73 Configuring 802.1X with VLAN Assignment 45-75 Cisco ACS Configuration for VLAN Assignment 45-76 Enabling Fallback Authentication 45-77 Enabling Periodic Reauthentication 45-81 Enabling Multiple Hosts 45-83...
Page 39 MSP-IOS Sensor Device Classifier Interaction 45-118 Configuring Device Sensor 45-118 Enabling MSP 45-119 Enabling Accounting Augmentation 45-119 Creating a Cisco Discovery Protocol Filter 45-120 Creating an LLDP Filter 45-120 Creating a DHCP Filter 45-121 Applying a Protocol Filter to the Device Sensor Output 45-121...
Page 40 Contents Configuring the PPPoE Intermediate Agent 46-1 Related Documents 46-2 RFCs 46-2 About PPPoE Intermediate Agent 46-2 Enabling PPPoE IA on a Switch 46-2 Configuring the Access Node Identifier for PPPoE IA on a Switch 46-2 Configuring the Identifier String, Option, and Delimiter for PPPoE IA on an Switch 46-3 Configuring the Generic Error Message for PPPoE IA on an Switch 46-3...
Page 41 Contents Web-Based Authentication Configuration Task List 47-7 Configuring the Authentication Rule and Interfaces 47-7 Configuring AAA Authentication 47-9 Configuring Switch-to-RADIUS-Server Communication 47-9 Configuring the HTTP Server 47-11 Customizing the Authentication Proxy Web Pages 47-11 Specifying a Redirection URL for Successful Login 47-12 Configuring the Web-Based Authentication Parameters 47-13...
Page 42 Contents Example 1: Configuring a Maximum Limit of Secure MAC Addresses for All VLANs 48-19 Example 2: Configuring a Maximum Limit of Secure MAC Addresses for Specific VLANs 48-20 Example 3: Configuring Secure MAC Addresses in a VLAN Range 48-20 Trunk Port Security Configuration Guidelines and Restrictions 48-21 Port Mode Changes...
Page 43 Contents Default Configuration 49-11 Enabling Layer 2 Control Packet QoS 49-12 Disabling Layer 2 Control Packet QoS 49-13 Layer 2 Control Packet QoS Configuration Examples 49-14 Layer 2 Control Packet QoS Guidelines and Restrictions 49-16 Policing IPv6 Control Traffic 49-16 Configuring Dynamic ARP Inspection 50-1 About Dynamic ARP Inspection...
Page 44 Contents Limiting the Rate of Incoming DHCP Packets 51-13 Configuration Examples for the Database Agent 51-15 Example 1: Enabling the Database Agent 51-15 Example 2: Reading Binding Entries from a TFTP File 51-17 Example 3: Adding Information to the DHCP Snooping Database 51-18 Displaying DHCP Snooping Information 51-18...
Page 45 Contents Configuring EtherType Matching 52-15 Configuring Named IPv6 ACLs 52-16 Applying IPv6 ACLs to Layer 2 and 3 Interface 52-17 Configuring VLAN Maps 52-17 VLAN Map Configuration Guidelines 52-18 Creating and Deleting VLAN Maps 52-19 Examples of ACLs and VLAN Maps 52-19 Applying a VLAN Map to a VLAN 52-21...
Page 46 Contents IPv6 Addressing and Basic Connectivity 53-2 DHCP 53-3 Security 53-3 53-3 Management 53-4 Multicast 53-4 Static Routes 53-5 First-Hop Redundancy Protocols 53-5 Unicast Routing 53-5 53-5 OSPF 53-6 EIGRP 53-6 IS-IS 53-6 Multiprotocol BGP 53-6 Tunneling 53-7 IPv6 Default States 53-7 Port Unicast and Multicast Flood Blocking 54-1...
Page 47 Contents VLAN-Based SPAN 56-5 SPAN Traffic 56-6 SPAN and RSPAN Session Limits 56-6 Default SPAN and RSPAN Configuration 56-6 Configuring SPAN 56-7 SPAN Configuration Guidelines and Restrictions 56-7 Configuring SPAN Sources 56-8 Configuring SPAN Destinations 56-9 Monitoring Source VLANs on a Trunk Interface 56-9 Configuration Scenario 56-10...
Page 48 Contents Core System Filter 57-6 Capture Filter 57-7 Display Filter 57-7 Input and Output Classification 57-7 Actions 57-8 Storing Captured Packets to Buffer in Memory 57-8 Storing Captured Packets to a .pcap File 57-8 Decoding and Displaying Packets 57-9 Displaying Live Traffic 57-9 Displaying from the .pcap File 57-9...
Page 49 Configuring IP SLAs Object Tracking 58-8 Configuring Static Routing Support 58-10 Configuring a Primary Interface 58-10 Configuring a Cisco IP SLAs Monitoring Agent and Track Object 58-11 Configuring a Routing Policy and Default Route 58-11 Monitoring Enhanced Object Tracking 58-12...
Page 50 Contents Onboard Failure Logging (OBFL) 60-1 Prerequisites for OBFL 60-1 Restrictions for OBFL 60-2 Information About OBFL 60-2 Overview of OBFL 60-2 Information about Data Collected by OBFL 60-2 OBFL Data Overview 60-2 Temperature 60-3 Operational Uptime 60-4 Interrupts 60-6 Message Logging 60-7 Default Settings for OBFL...
Page 51 Contents Configuring NetFlow-lite 62-1 About NetFlow Packet Sampling 62-2 Feature Interaction 62-2 System-wide Restrictions 62-2 Interface-level Restrictions 62-2 Monitor-level Restrictions 62-2 Configuring NetFlow Packet Sampling 62-2 Configuring Information about the External Collector 62-3 Example 62-3 Usage Guidelines 62-4 Configuring Sampling Parameters 62-4 Example 62-5...
Page 52 Contents Configuring SNMP Traps 64-16 Configuring Fault Alarms 64-16 Configuring IP SLAs CFM Operation 64-18 Manually Configuring an IP SLAs CFM Probe or Jitter Operation 64-19 Configuring an IP SLAs Operation with Endpoint Discovery 64-21 Configuring CFM on C-VLAN (Inner VLAN) 64-24 Feature Support and Behavior 64-26...
Page 53 Configuring Cisco IOS IP SLA Operations 67-1 Understanding Cisco IOS IP SLAs 67-2 Using Cisco IOS IP SLAs to Measure Network Performance 67-3 IP SLAs Responder and IP SLAs Control Protocol 67-4 Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 54 Contents Response Time Computation for IP SLAs 67-4 IP SLAs Operation Scheduling 67-5 IP SLAs Operation Threshold Monitoring 67-5 Configuring IP SLAs Operations 67-6 IP SLA Default Configuration 67-6 IP SLA Configuration Guidelines 67-6 Configuring the IP SLAs Responder 67-7 Analyzing IP Service Levels by Using the UDP Jitter Operation 67-8 Analyzing IP Service Levels by Using the ICMP Echo Operation...
Page 55 Setting a Password for a Switch and Content Engines Example 70-11 Verifying WCCP Settings Example 70-12 Configuring MIB Support 71-1 Determining MIB Support for Cisco IOS Releases 71-1 Using Cisco IOS MIB Tools 71-2 Downloading and Compiling MIBs 71-2 Guidelines for Working with MIBs...
Page 56 Contents Changing the Configuration Register Using Prompts 72-4 Console Download 72-4 Error Reporting 72-5 Debug Commands 72-5 Exiting the ROM Monitor 72-6 N D E X Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E OL-30933-01...
Page 57 Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide Release IOS XE 3.6.0E and IOS 15.2(2)E Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: DOC-OL-30933=1...
Page 58 OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...
Page 59 Preface This preface describes who should read this document, how it is organized, and its conventions. The preface also tells you how to obtain Cisco documents, as well as how to obtain technical assistance. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 4500 series switches.
Page 60: Configuring Supervisor Engine Redundancy Using Rpr And Sso On Supervisor Engine 6-E And Supervisor Engine 6L-E
Supervisor Engine 8-E Chapter 12 Configuring Cisco NSF with SSO Describes how to configure supervisor engine Supervisor Engine Redundancy redundancy using Cisco nonstop forwarding (NSF) with stateful switchover (SSO). Chapter 13 Environmental Monitoring and Describes how to configure power management and Power Management environmental monitoring features.
Page 61 Describes how to configure 802.1Q and Layer 2 VLAN Mapping, and Layer 2 protocol Tunneling. Protocol Tunneling Chapter 30 Configuring CDP Describes how to configure the Cisco Discovery Protocol (CDP). Chapter 31 Configuring LLDP, LLDP-MED, Describes how to configure Link Layer Discovery and Location Service Protocol (LLDP).
Page 62 Preface Chapter Title Description Chapter 51 Configuring Control Plane Describes how to protect your Catalyst 4500 series Policing and Layer 2 Control switch using control plane policing (CoPP). Packet QoS Chapter 52 Configuring Dynamic ARP Describes how to configure Dynamic ARP Inspection Inspection.
Page 63 Chapter Title Description Chapter 72 Configuring WCCP Version 2 Describes how to configure the Catalyst 4500 series Services switches to redirect traffic to cache engines (web caches) using the Web Cache Communication Protocol (WCCP), and describes how to manage cache engine clusters (cache farms).
Page 64: Related Documentation
Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Related Documentation Refer to the following documents for additional Catalyst 4500 series information: Catalyst 4500 Series Switch Documentation Home • http://www.cisco.com/en/US/products/hw/switches/ps4324/tsd_products_support_series_home.ht Catalyst 4900 Series Switch Documentation Home •...
Page 65 Catalyst 4500 Series Software System Message Guide • http://www.cisco.com/en/US/products/hw/switches/ps4324/products_system_message_guides_list .html Cisco IOS Documentation Platform- independent Cisco IOS documentation may also apply to the Catalyst 4500 and 4900 switches. These documents are available at the following URLs: Cisco IOS configuration guides, Release 15.2M&T • http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-15-2m-t/products-installation-and-co nfiguration-guides-list.html...
Page 66 Commands listed in task tables show only the relevant information for completing the task and not all available options for the command. For a complete description of a command, refer to the command in the Catalyst 4500 Series Switch Cisco IOS Command Reference. Notices The following notices pertain to this software license.
Page 67 Preface THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT “AS IS”' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;...
Page 68: Obtaining Documentation And Submitting A Service Request
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 69: Product Overview
3.5.0E, page 1-44 Note For more information about the chassis, modules, and software features supported by the Catalyst 4500 series switch, refer to the Release Notes for the Catalyst 4500 Series Switch at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html Layer 2 Software Features...
Page 70: Q Tunneling, Vlan Mapping, And Layer 2 Protocol Tunneling
Cisco IOS Auto SmartPort macros dynamically configure ports based on the device type detected on the port. When the switch detects a new device on a port it applies the appropriate Cisco IOS Auto Smartports macro. When a link-down event occurs on the port, the switch removes the macro. For example, when you connect a Cisco IP phone to a port, Cisco IOS Auto SmartPorts automatically applies the IP phone macro.
Page 71: Cisco Discovery Protocol
Using CDP, a device can advertise its existence to other devices and receive information about other devices on the same LAN. CDP enables Cisco switches and routers to exchange information, such as their MAC addresses, IP addresses, and outgoing interfaces. CDP runs over the data-link layer only, allowing two systems that support different network-layer protocols to learn about each other.
Page 72: Flex Links And Mac Address-Table Move Update
Beginning with Release IOS XE 3.5.0E and IOS 15.2(1)E, the Catalyst 4500 series switch supports an application of local IGMP snooping, Multicast VLAN Registration (MVR). MVR is designed for...
Page 73: Ipv6 Multicast Bsr And Bsr Scoped Zone Support
The user can configure candidate BSRs and a set of candidate RPs for each administratively scoped region in the user's domain. For information on BSR and BSR Scoped Zone Support, see this URL with the following caveats related to support on a Catalyst 4500 Series switch: http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/xe-3s/ip6-mcast-bsr.html –...
Page 74: Ipv6 Multicast Listen Discovery (Mld) And Multicast Listen Discovery Snooping
Chapter 1 Product Overview Layer 2 Software Features Note: If a prefix is not scope specific (for example, FF00::/8), it will only be announced to a non-scoped BSR. If the candidate RP is not configured with a group list, it will behave as if a group list with only the prefix FF00::/8 is configured.
Page 75: Link Aggregation Control Protocol
Feature guides document features that are supported on many different software releases and platforms. Your Cisco software release or platform may not support all the features documented in a feature guide. See the Feature Information table at the end of the feature guide for information about which features in that guide are supported in your software release.
Page 76: Link State Tracking
The location service feature allows the switch to provide location and attachment tracking information for its connected devices to a Cisco Mobility Services Engine (MSE). The tracked device can be a wireless endpoint, a wired endpoint, or a wired switch or controller. The switch informs device link up and link down events through encrypted Network Mobility Services Protocol (NMSP) location and attachment notifications to the MSE.
Page 77: Quality Of Service
Catalyst 4500 series switch supports trusted boundary, which uses the Cisco Discovery Protocol (CDP) to detect the presence of a Cisco IP phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
Page 78: Resilient Ethernet Protocol
Layer 2 Software Features Resilient Ethernet Protocol Resilient Ethernet Protocol (REP) is a Cisco proprietary protocol that provides an alternative to Spanning Tree Protocol (STP) to control network loops, handle link failures, and improve convergence time. REP controls a group of ports connected in a segment, ensures that the segment does not create any bridging loops, and responds to link failures within the segment.
Page 79: Svi Autostate
DHCP data that was already snooped, and the security benefits continue uninterrupted. For information about SSO, see Chapter 12, “Configuring Cisco NSF with SSO Supervisor Engine Redundancy.” SVI Autostate When an SVI has multiple ports on a VLAN, normally the SVI will go down when all the ports in the VLAN go down.
Page 80: Virtual Switching Systems
Chapter 5, “Configuring Virtual Switching Systems.” Virtual Switch System Client Catalyst 4500 series switches support enhanced PAgP. If a Catalyst 4500 series switch is connected to a Catalyst 6500 series Virtual Switch System (VSS) with a PAgP EtherChannel, the Catalyst 4500 series switch will automatically serve as a VSS client, using enhanced PAgP on this EtherChannel for dual-active detection.
Page 81: Y.1731 (Ais And Rdi)
Compared to conventional software-based switches, Layer 3 switches process more packets faster by using application-specific integrated circuit (ASIC) hardware instead of microprocessor-based engines. The following sections describe the key Layer 3 switching software features on the Catalyst 4500 series switch: •...
Page 82: Bidirectional Forwarding Detection
Catalyst 4900M, Catalyst 4948E, and Catalyst 4948E-F Ethernet switches. With Cisco IOS XE 3.5.0E and IOS 15.2(1)E, supported was extended to Supervisor Engine 7-E, and Supervisor Engine 7L-E. With Cisco IOS XE 3.6.0E and IOS 15.2(2)E, supported was extended to Supervisor Engine 8-E.
Page 83: Enhanced Object Tracking
The Enhanced Object Tracking (EOT) feature separates the tracking mechanism from HSRP and creates a separate standalone tracking process that can be used by other Cisco IOS processes as well as HSRP. This feature allows tracking of other objects in addition to the interface line-protocol state.
Page 84: Hsrp
Feature guides document features that are supported on many different software releases and platforms. Your Cisco software release or platform may not support all the features documented in a feature guide. See the Feature Information table at the end of the feature guide for information about which features in that guide are supported in your software release.
Page 85: Sso Aware Hsrp
(called the autonomous system path), and a list of other path attributes. The Catalyst 4500 series switch supports BGP version 4, including classless interdomain routing (CIDR). CIDR lets you reduce the size of your routing tables by creating aggregate routes, resulting in supernets.
Page 86: Is-Is
EIGRP support for IPv6 will enable customers to use their existing EIGRP knowledge and processes, allowing them to deploy an IPv6 network at a low cost. For details on EIGRP, refer to this URL: http://www.cisco.com/en/US/products/ps6630/products_ios_protocol_option_home.html IS-IS The Intermediate System-to-Intermediate System Protocol (IS-IS Protocol) uses a link-state routing algorithm.
Page 87: In Service Software Upgrade
SSO requires the same version of Cisco IOS on both the active and standby supervisor engines. Because of version mismatch during an upgrade or downgrade of the Cisco IOS software, a Catalyst 4500 series switch is forced into operating in RPR mode. In this mode, after the switchover you can observe link-flaps and a disruption in service.
Page 88 ANCP (rather than IGMP) or direct static configuration on the CLI. • Cisco Group Management Protocol (CGMP) server—CGMP server manages multicast traffic. Multicast traffic is forwarded only to ports with attached hosts that request the multicast traffic. •...
Page 89: Nsf With Sso
With NSF/SSO, IP phone calls do not drop. NSF/SSO is supported for OSPF, BGP, EIGRP, IS-IS, and Cisco Express Forwarding (CEF). NSF/SSO is typically deployed in the most critical parts of an enterprise or service provider network, such as Layer 3 aggregation/core or a resilient Layer 3 wiring closet design.
Page 90: Policy-Based Routing
(such as a satellite link of high bandwidth) to stub networks that have a back channel. For information on configuring unidirectional link routing, refer to the URL http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup720/ude_udl r.html VRF-lite VPN routing and forwarding (VRF-lite) is an extension of IP routing that provides multiple routing instances.
Page 91: Virtual Router Redundancy Protocol
For details on VRRP, refer to this URL: http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_vrrp_ps6441_TSD_Products_ Configuration_Guide_Chapter.html Management Features The Catalyst 4500 series switch offers network management and control using the CLI or through alternative access methods, such as SNMP. The switch software supports these network management features: Cisco Call Home, page 1-24 •...
Page 92: Cisco Call Home
For platform-specific information on Cisco IOS IP SLA, see Chapter 69, “Configuring Cisco IOS IP SLA Operations.” For more detail on Cisco IOS IP SLAs, see the Cisco IOS IP SLAs Configuration Guide, Release 12.4T: http://www.cisco.com/en/US/docs/ios/ipsla/configuration/guide/12_4t/sla_12_4t_book.html Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 93: Cisco Media Services Proxy
Product Overview Management Features Catalyst 4500 series switch also supports a Built-in Traffic Simulator using Cisco IOS IP SLAs video operations to generate synthetic traffic for a variety of video applications, such as Telepresence, IPTV and IP video surveillance camera. You can use the simulator tool: for network assessment before deploying applications that have stringent network performance •...
Page 94: Cisco Medianet Flow Metadata
Flow Metadata is supported on releases prior to Cisco IOS Release 15.1(1)SG. Flow metadata is the data that describes a flow in the network. This Flow Metadata describes the five tuple flow along with the attributes.
Page 95 Configuration guidelines for Cisco IOS Mediatrace and Performance Monitor include the following: Video monitoring is supported only on physical ports. • Limitations for Cisco IOS Mediatrace and Performance Monitor on a Catalyst 4500 Series Switch include the following: Both features can only be configured to monitor ingress traffic.
Page 96: Cisco Network Assistant
IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator.
Page 97: Embedded Ciscoview
Embedded Event Manager (EEM) is a distributed and customized approach to event detection and recovery offered directly in a Cisco IOS device. EEM offers the ability to monitor events and take informational, corrective, or any desired EEM action when the monitored events occur or when a threshold is reached.
Page 98: Forced 10/100 Autonegotiation
ACL. Intelligent Power Management Working with powered devices (PDs) from Cisco, this feature uses power negotiation to refine the power consumption of an 802.3af-compliant PD beyond the granularity of power consumption provided by the 802.3af class. Power negotiation also enables the backward compatibility of newer PDs with older modules that do not support either 802.3af or high-power levels as required by IEEE standard.
Page 99: Netflow-Lite
SSH will be limited to providing a remote login session to the switch and will only function as a server. Simple Network Management Protocol Simple Network Management Protocol (SNMP) facilitates the exchange of management information between network devices. The Catalyst 4500 series switch supports these SNMP types and enhancements: • SNMP—A full Internet standard SNMP v2—Community-based administrative framework for version 2 of SNMP...
Page 100: Smart Install
Management Features Smart Install Beginning with Cisco IOS XE 3.4.0SG and 15.1(2)SG, the Catalyst 4500 series switch supported Smart Install, which is a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches. You can ship a switch to a location, place it in the network and power it on with no configuration required on the device.
Page 101: Wireshark
Note and Catalyst 4500X. Starting with Cisco IOS Release XE 3.3.0SG and the IP Base and Enterprise Services feature sets, the Catalyst 4500 series switch supports Wireshark. This is a packet analyzer program, formerly known as Ethereal that supports multiple protocols and presents information in a graphical and text-based user interface.
Page 102: X Identity-Based Network Security
Chapter 1 Product Overview Security Features Dynamic ARP Inspection, page 1-37 • Dynamic Host Configuration Protocol Snooping, page 1-37 • Flood Blocking, page 1-37 • Hardware-Based Control Plane Policing, page 1-37 • IP Source Guard, page 1-38 • IP Source Guard for Static Hosts, page 1-38 •...
Page 103 In this situation, 802.1X user authentication typically fails with the port closed, and the user is denied access. Inaccessible Authentication Bypass provides a configurable alternative on the Catalyst 4500 series switch to grant a critical port network access in a locally specified VLAN.
Page 104: Cisco Trustsec Macsec Encryption
A security group is a grouping of users, endpoint devices, and resources that share access control policies. Security groups are defined by the administrator in the Cisco ISE or Cisco Secure ACS. As new users and devices are added to the Cisco TrustSec domain, the authentication server assigns these new entities to appropriate security groups.
Page 105: Dynamic Arp Inspection
DHCP data that was already snooped, and the security benefits continue uninterrupted. For DHCP server configuration information, refer to the chapter, “Configuring DHCP,” in the Cisco IOS IP and IP Routing Configuration Guide at the following URL: http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_dhcp_rdmp_ps6350_TSD_Produ...
Page 106: Ip Source Guard
Chapter 1 Product Overview Security Features CDP, EAPOL, STP, DTP, VTP, ICMP, CGMP, IGMP, DHCP, RIPv2, OSPF, PIM, TELNET, SNMP, HTTP, and packets destined to 224.0.0.* multicast link local addresses. Predefined system policies or user-configurable policies can be applied to those control protocols. Through Layer 2 Control Packet QoS, you can police control packets arriving on a physical port or VLAN;...
Page 107 All ICMP and DHCP version 6 control packets are permitted even when Source Guard or Prefix • Guard is enabled. For a brief overview of FHS, see the URL: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6553/aag_c45-707354.pdf For detailed information on how to implement FHS, see the URL: http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/12-4t/ip6-first-hop-security.html Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 108: Local Authentication, Radius, And Tacacs+ Authentication
NAC Layer 2 IP validation • NAC Layer 2 IP is an integral part of Cisco Network Admission Control. It offers the first line of defense for infected hosts (PCs and other devices attached to a LAN port) attempting to connect to the corporate network.
Page 109: Network Security With Acls
An access control list (ACL) filters network traffic by controlling whether routed packets are forwarded or blocked at the router interfaces. The Catalyst 4500 series switch examines each packet to determine whether to forward or drop the packet based on the criteria you specified within the access lists.
Page 110: Session Aware Networking
If the amount of broadcast traffic reaches the threshold during this interval, broadcast frames are dropped, and optionally the port is shut down Starting with Cisco IOS Release 12.2(40)SG, the Catalyst 4500 series switch allows suppression of broadcast and multicast traffic on a per-port basis.
Page 111: Utilities
For information about TDR, see Chapter 9, “Checking Port Status and Connectivity.” Debugging Features The Catalyst 4500 series switch has several commands to help you debug your initial setup. These commands are included in the following command groups: platform •...
Page 112: New And Modified Ios Software Features Supported In Cisco Ios 15.2(1)E And Cisco Ios Xe 3.5.0E
Chapter 1 Product Overview New and Modified IOS Software Features Supported in Cisco IOS 15.2(1)E and Cisco IOS XE 3.5.0E New and Modified IOS Software Features Supported in Cisco IOS 15.2(1)E and Cisco IOS XE 3.5.0E This document provides a list of new and modified software features supported in Cisco IOS Release 15.2(1)E and Cisco IOS XE Release 3.5.0E.
Page 113 Chapter 1 Product Overview New and Modified IOS Software Features Supported in Cisco IOS 15.2(1)E and Cisco IOS XE 3.5.0E http://cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-e/sec-acl-support-fil- ter-ip-option.html http://cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/xe-3e/sec-acl-support-fil- ter-ip-option.html ACL - TCP Flags Filtering http://cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-e/sec-create-filter-tcp.html http://cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/xe-3e/sec-create-filter-tcp.html ACL - Named ACL Support for Noncontiguous Ports on an Access Control Entry http://cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-e/sec-named-acl-support-for-non-...
Page 114 Chapter 1 Product Overview New and Modified IOS Software Features Supported in Cisco IOS 15.2(1)E and Cisco IOS XE 3.5.0E http://www.cisco.com/en/US/docs/ios-xml/ios/snmp/configuration/xe-3e/snmp-xe-3e-book.html NETCONF XML PI http://www.cisco.com/en/US/docs/ios-xml/ios/cns/configuration/15-e/cns-15-e-book.html IPv6 PIM Passive http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-e/ip6-mcast-pim-pass.html HSRP aware PIM http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_pim/configuration/15-e/imc_hsrp_aware.html OSPFv3 ABR Type 3 LSA Filtering http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro-abr-type-3.html http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro-ospfv3-dc-ignore.html...
Page 115: Command-Line Interfaces
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 116: Accessing The Switch Cli
Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA). Perform the initial switch configuration over a connection to the EIA/TIA-232 console interface. Refer to the Catalyst 4500 Series Switch Module Installation Guide for console interface cable connection procedures. To access the switch through the console interface, perform this task:...
Page 117: Performing Command-Line Processing
Chapter 2 Command-Line Interfaces Performing Command-Line Processing To make a Telnet connection to the switch, perform this task: Command Purpose Step 1 From the remote host, enter the telnet command and the telnet {hostname | ip_addr} name or IP address of the switch you want to access. Step 2 At the prompt, enter the password for the CLI.
Page 118: Performing History Substitution
The Cisco IOS user interface has many different modes: user EXEC, privileged EXEC (enable), global configuration, interface, subinterface, and protocol-specific. The commands available to you depend on which mode you are in. To get a list of the commands in a given mode, enter a question mark (?) at the system prompt.
Page 119: Getting A List Of Commands And Syntax
Telnet. The Cisco IOS command interpreter, called the EXEC, interprets and runs the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t.
Page 120: Virtual Console For Standby Supervisor Engine
EXEC mode. Virtual Console for Standby Supervisor Engine Catalyst 4500 series switches can be configured with 2 supervisor engines to provide redundancy. When the switch is powered, one of the supervisor engines becomes active and remains active until a switchover occurs.
Page 121: Rommon Command-Line Interface
Chapter 2 Command-Line Interfaces ROMMON Command-Line Interface To log in to the standby supervisor engine using a virtual console, enter the following command: Switch# session module 2 Connecting to standby virtual console Type "exit" or "quit" to end this session Switch-standby-console# exit If the standby console is not enabled, the following message appears: Switch-standby-console#...
Page 122: Archiving Crashfiles Information
When you enter ROMMON mode, the prompt changes to rommon 1>. Use the ? command to see the available ROMMON commands. For more information about the ROMMON commands, refer to the Cisco IOS Command Reference. Archiving Crashfiles Information This feature allows you to archive crashinfo files (otherwise overwritten if another system reset were to happen first to the bootflash).
Page 123 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E ========= Context ====================== pc=10999E70 lr=10999E34 msr=02029230 vector=00000600 cr=20004022 ctr=108EC3EC xer=00000000 r0=10999E34 r1=2421F930 r2=0000001E r3=234BBFD8 r4=0000000A r5=00000000 r6=2421F918 r7=00000000 r8=00000000 r9=00000000 r10=14850000 r11=234BBFD4 r12=EB93A100 r13=B4E9F3F3 r14=10CD0984 r15=00000000 r16=156CA504 r17=156CA504 r18=00000001 r19=00000000 r20=00000000 r21=00000000 r22=00000000 r23=00000000 r24=00000000 r25=00000000 r26=00000000 r27=00000000...
Page 124 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 2421FAF0: 00000000 00000000 00000000 00000000 2421FB00: 00000000 00000000 2421FB10 1099BCFC 2421FB10: 00000000 10992CEC FFFFFFFF ========= Popped stack ====================== 2421F730: E8000800 151B1AB0 2421F748 132BBFA8 2421F740: 000E8000 151B1AB0 2421F760 132BC0D0 2421F750: 000E8000 00009B0A E8000800 151B1AB0 2421F760: 2421F778 132BC2A0 E8000800 00009B0A 2421F770: 00000800 153B1B7C 2421F790 123FAF28...
Page 125 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 151A3B48: 1586D760 10C7FE38 10C7F17C 1586FF98 10C7FE38 10C7F17C 151A3B30: 1586D760 10C84B24 10C7F17C 1586D760 10C7FE38 10C7F17C 151A3B18: 1586FF98 10C84B24 10C7F17C 1586FF98 10C7FE38 10C7F17C 151A3B00: 1586D760 10C84B24 10C7F17C 1586D760 10C7FE38 10C7F17C 151A3AE8: 1586FF98 10C84B24 10C7F17C 1586FF98 10C7FE38 10C7F17C 151A3AD0: 1586D760 10C84B24 10C7F17C 1586FBF0 10C84B24 10C7F17C 151A3AB8: 1586FBF0 10C7FE38 10C7F17C 1586D760 10C7FE38 10C7F17C...
Page 126 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E Flags: analyze crashblock on_old_queue Status 0x00000000 Orig_ra 0x00000000 Routine 0x00000000 Signal 0 Caller_pc 0x00000000 Callee_pc 0x00000000 Dbg_events 0x00000000 State Totmalloc 153104 Totfree 9040 Totgetbuf Totretbuf Edisms Eparm 0x156CA328 Elapsed Ncalls...
Page 127 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E ---- Level 2 Interrupt stack (0x3F8 bytes used, out of 0x2328 available) ---- intstacks[2]: base 0x156D90B0 stack 0x156DB3D0 routine 0x0 count 0x2 size 0x2328 0x2328 desc 0x156C0C78 156DAFE0: 156DAFE8 FFFFFFFF 156DB020 119E1374 B6B8...
Page 128 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 156D8FE0: 20526576 69657700 156D9000: 1ADBEEF 1896AD90 156D9030 0 146CF310 156D9020: 146D0000 14620EA0 D 1893E4BC 156D9038 134D23A4 156D9058 12023A6C 156D9040: 0 1B1DDC40 156D9050 D 1B1DDC40 156D9080 11ED3534 156D9060: 40 132D6244 0 14620EA0 146D0000 14620EA0...
Page 129 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E ---- Level 7 Interrupt stack (0x0 bytes used, out of 0x2328 available) ---- intstacks[7]: base 0x156CE0E8 stack 0x156D0408 routine 0x0 count 0x0 size 0x2328 0x2328 desc 0x156BEE74 ---- Level 8 Interrupt stack (base 0x0, size 0x0) is invalid ---- ---- Level 9 Interrupt stack (base 0x0, size 0x0) is invalid ----...
Page 130 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 2421F8D0: 0 2421F8E8 10C1FD9C 2421F8F8 2421F8F0: 15868B74 15868B74 2421F910 117CF5C0 2421F968 1586A45C 2421F920 15868B74 2421F910: 2421F918 0 14850000 0 2421F930 10999978 2421F930 2421F930: 2421F940 10999E34 2421F940 15868B74 2421F948 11B430B8 2421F9B0 10C84444 2421F950: 2421F978 0 2421F9C0 0 240CC3C8...
Page 131 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E 234BBAF0: 0 23056294 23054D90 13597D4C 0 FD0110DF 234BBB10: AB1234CD FFFE0000 0 13D9A594 10027870 234BBB54 234BBAE0 8000000E 234BBB30: 234BBB50: FD0110DF AB1234CD FFFE0000 0 156CD7F4 119EB018 234BC350 234BBB24 234BBB70: 800003EA 1 119F6768 0 234466EC 234FFE84...
Page 132 6 06:21:21.779: %SYS-5-CONFIG_I: Configured from memory by console *Sep 6 06:21:21.875: %SYS-5-RESTART: System restarted -- Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICES-M), Experimental Version 12.2(20100723:074204) [/../../../../ios/sys 179] Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Mon 06-Sep-10 22:11 by cisco *Sep 6 06:21:23.363: Slot 0 : delete...
Page 133 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E L2CAPTECC: 0x0 L2ERRDET: 0x0 L2ERRDIS: 0x0 L2ERRATTR: 0x0 L2ERRADDRH: 0x0L2ERRADDRL: 0x0 L2_ERRCTL: 0x0 DDR_CAPTURE_DATA_HI: 0x0 DDR_CAPTURE_DATA_LO: 0x0 DDR_CAPTURE_ECC: 0x0 DDR_ERR_DETECT: 0x0 DDR_ERR_DISABLE: 0x0 DDR_ERR_INT_EN: 0x9 DDR_CAPTURE_ATTRIBUTES: 0x0 DDR_CAPTURE_ADDRESS: 0x0 DDR_CAPTURE_EXT_ADDRESS: 0x0 DDR_ERR_SBE: 0xff0000...
Page 134 Chapter 2 Command-Line Interfaces Displaying a Crash Dump for Supervisor Engine 6-E and 6L-E Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 2-20 OL-30933-01...
Page 135: Configuring The Switch For The First Time
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 136: Configuring Dhcp-Based Autoconfiguration
Example Configuration, page 3-7 • If your DHCP server is a Cisco device, or if you are configuring the switch as a DHCP server, refer to the “IP Addressing and Services” section in the Cisco IOS IP and IP Routing Configuration Guide for Cisco IOS Release 12.1 for additional information about configuring DHCP.
Page 137: Dhcp Client Request Process
Chapter 3 Configuring the Switch for the First Time Configuring DHCP-Based Autoconfiguration With DHCP-based autoconfiguration, no DHCP client-side configuration is needed on your switch because your switch (the DHCP client) is automatically configured at startup with IP address information and a configuration file. However, you need to configure the DHCP server or the DHCP server feature on your switch for various lease options associated with IP addresses.
Page 138: Configuring The Dhcp Server
Configuring DHCP-Based Autoconfiguration Configuring the DHCP Server A switch can act as both the DHCP client and the DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch. You should configure the DHCP server, or the DHCP server feature running on your switch, with reserved leases that are bound to each switch by the switch hardware address.
Page 139: Configuring The Dns Server
LAN must respond. Examples of such broadcast packets are DHCP, DNS, and in some cases, TFTP packets. If the relay device is a Cisco router, enable IP routing (ip routing global configuration command) and configure helper addresses (ip helper-address interface configuration command). For example, in...
Page 140: Obtaining Configuration Files
Chapter 3 Configuring the Switch for the First Time Configuring DHCP-Based Autoconfiguration Figure 3-2 Relay Device Used in Autoconfiguration Switch Cisco router (DHCP client) (Relay) 10.0.0.2 10.0.0.1 20.0.0.1 20.0.0.2 20.0.0.3 20.0.0.4 DHCP server TFTP server DNS server Obtaining Configuration Files...
Page 141: Example Configuration
Figure 3-3 DHCP-Based Autoconfiguration Network Example Switch 1 Switch 2 Switch 3 Switch 4 00e0.9f1e.2001 00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (maritsu) Table 3-2 shows the configuration of the reserved leases on either the DHCP server or the DHCP server feature running on your switch.
Page 142: Configuring The Switch
Chapter 3 Configuring the Switch for the First Time Configuring the Switch DNS Server Configuration The DNS server maps the TFTP server name maritsu to IP address 10.0.0.3. TFTP Server Configuration (on UNIX) The TFTP server base directory is set to /tftpserver/work/. This directory contains the network-confg file used in the two-file read method.
Page 143: Using Configuration Mode To Configure Your Switch
Chapter 3 Configuring the Switch for the First Time Configuring the Switch Using Configuration Mode to Configure Your Switch To configure your switch from configuration mode, follow these steps: Connect a console terminal to the console interface of your supervisor engine. Step 1 After a few seconds, you see the user EXEC prompt (Switch>).
Page 144: Saving The Running Configuration Settings To Your Start-Up File
Chapter 3 Configuring the Switch for the First Time Configuring the Switch <...output truncated...> line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi Switch# Saving the Running Configuration Settings to Your Start-Up File This command saves the configuration settings that you created in configuration mode.
Page 145: Configuring A Default Gateway
Chapter 3 Configuring the Switch for the First Time Configuring the Switch line con 0 exec-timeout 0 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi Switch# Configuring a Default Gateway The switch uses the default gateway only when it is not configured with a routing protocol.
Page 146 Chapter 3 Configuring the Switch for the First Time Configuring the Switch To configure a static route, perform this task: Command Purpose Step 1 Configures a static route to the remote network. Switch(config)# ip route dest_IP_address mask {forwarding_IP | vlan vlan_ID} Step 2 Verifies that the static route is displayed correctly.
Page 147: Controlling Access To Privileged Exec Commands
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands ip default-gateway 172.20.52.35 ip classless ip route 171.20.5.3 255.255.255.255 Vlan1 no ip http server x25 host z line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login...
Page 148: Using The Enable Password And Enable Secret Commands
If you specify an encryption type, you must provide an encrypted password—an encrypted password you copy from another Catalyst 4500 series switch configuration. You cannot recover a lost encrypted password. You must clear NVRAM and set a new password. See the Note “Recovering a Lost Enable Password”...
Page 149: Controlling Switch Access With Tacacs+
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 150 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Figure 3-4 Typical TACACS+ Network Configuration UNIX workstation (TACACS+ Catalyst 6500 server 1) series switch 171.20.10.7 UNIX workstation (TACACS+ server 2) 171.20.10.8 Configure the switches with the TACACS+ server addresses.
Page 151: Tacacs+ Operation
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands TACACS+ Operation When a user attempts a simple ASCII login by authenticating to a switch using TACACS+, this process occurs: When the connection is established, the switch contacts the TACACS+ daemon to obtain a username prompt, which is then displayed to the user.
Page 152 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services, • page 3-21 • Starting TACACS+ Accounting, page 3-21 Default TACACS+ Configuration TACACS+ and AAA are disabled by default. To prevent a lapse in security, you cannot configure TACACS+ through a network management application.
Page 153 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Command Purpose Step 7 Verifies your entries. show tacacs Step 8 (Optional) Saves your entries in the configuration file. copy running-config startup-config To remove the specified TACACS+ server name or address, use the no tacacs-server host hostname global configuration command.
Page 154 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Command Purpose Step 3 Creates a login authentication method list. aaa authentication login default list-name method1 method2... • To create a default list that is used when a named list is not specified in the login authentication command, use the default keyword followed by the methods that you plan to use in default situations.
Page 155 Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services AAA authorization limits the services available to a user. When AAA authorization is enabled, the switch uses information retrieved from the user’s profile, which is located either in the local user database or on the security server, to configure the user’s session.
Page 156: Displaying The Tacacs+ Configuration
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands To enable TACACS+ accounting for each Cisco IOS privilege level and for network services, perform this task, beginning in privileged EXEC mode: Command Purpose Step 1 Enters global configuration mode.
Page 157: Configuring Multiple Privilege Levels
3-24. Configuring Multiple Privilege Levels By default, Cisco IOS software has two modes of password security: user EXEC mode and privileged EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Page 158: Logging In To A Privilege Level
Chapter 3 Configuring the Switch for the First Time Controlling Access to Privileged EXEC Commands Logging In to a Privilege Level To log in at a specified privilege level, enter this command: Command Purpose Logs in to a specified privilege level. Switch# enable level Exiting a Privilege Level To exit to a specified privilege level, enter this command:...
Page 159: Recovering A Lost Enable Password
Chapter 3 Configuring the Switch for the First Time Recovering a Lost Enable Password Recovering a Lost Enable Password For more information on the configuration register which is preconfigured in NVRAM, see “Configuring Note the Software Configuration Register” section on page 3-26.
Page 160: Understanding The Rom Monitor
NVRAM To avoid possibly halting the Catalyst 4500 series switch switch, remember that valid configuration Caution register settings might be combinations of settings and not just the individual settings listed in Table 3-3.
Page 161: Modifying The Boot Field And Using The Boot Command
Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Table 3-3 Software Configuration Register Bits Bit Number Hexadecimal Meaning 00 to 03 0x0000 to 0x000F Boot field (see Table 3-4) 0x0010 Unused 0x0020 Bit two of console line speed 0x0040 Causes system software to ignore NVRAM contents 0x0080...
Page 162: Modifying The Boot Field
Reboots the switch to make your changes take effect. Switch# reload To modify the configuration register while the switch is running Cisco IOS software, follow these steps: Enter the enable command and your password to enter privileged level, as follows: Step 1 Switch>...
Page 163: Verifying The Configuration Register Setting
Supervisor Engine 6-E and Supervisor Engine 6L-E Switch# show version Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICES-M), Version 15.1(1)SG5.214, CISCO INTERNAL USE ONLY DEVTEST VERSION , synced to END_OF_FLO_ISP Copyright (c) 1986-2012 by Cisco Systems, Inc. Compiled Tue 17-Jan-12 23:07 by gsbuprod ROM: 12.2(44r)SG(0.146)
Page 164: Specifying The Startup System Image
Switch# show version Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.03.00.SG5. CISCO INTERNAL USE ONLY UNIVERSAL DEVELOPMENT K10 IOSD VERSION , synced to V150_5_20_SID Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Wed 14-Dec-11 07:59 by gsbuprod ROM: 15.0(1r)SG(0.326)
Page 165: Flash Memory Features
Step 1 Copy a system image to flash memory using TFTP or other protocols. Refer to the “Cisco IOS File Management” and “Loading and Maintaining System Images” chapters in the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, at the following URL: http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_2sr/cf_12_2sr_book.html...
Page 166: Resetting A Switch To Factory Default Settings
Switch# 00:01:48: %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram Switch# If the Catalyst 4500 series switch is accessible to a TFTP server, you can copy an image to the bootflash memory with the TFTP command: Switch# copy tftp://192.20.3.123/tftpboot/abc/cat4500-entservices-mz.bin bootflash: Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 167 Configuring the Switch for the First Time Resetting a Switch to Factory Default Settings When the copying is completed, you can reboot the just-copied Catalyst 4500 series switch image to the image stored in the bootflash memory with the reload command: Switch# reload System configuration has been modified.
Page 168 Chapter 3 Configuring the Switch for the First Time Resetting a Switch to Factory Default Settings Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 3-34 OL-30933-01...
Page 169: Administering The Switch
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 170: System Clock
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP, page 4-3 • Configuring Time and Date Manually, page 4-11 • System Clock The core of the time service is the system clock, which monitors the date and time. This clock starts when the system starts.
Page 171: Configuring Ntp
Managing the System Time and Date Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 172: Default Ntp Configuration
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP Associations, page 4-6 • Configuring NTP Broadcast Service, page 4-7 • Configuring NTP Access Restrictions, page 4-8 • Configuring the Source IP Address for NTP Packets, page 4-10 •...
Page 173 Chapter 4 Administering the Switch Managing the System Time and Date Command Purpose Step 4 Specifies one or more key numbers (defined in Step 3) that a peer ntp trusted-key key-number NTP device must provide in its NTP packets for this switch to synchronize to it.
Page 174: Configuring Ntp Associations
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP Associations An NTP association can be a peer association (this switch can either synchronize to the other device or allow the other device to synchronize to it), or it can be a server association (meaning that only this switch synchronizes to the other device, and not the other way around).
Page 175: Configuring Ntp Broadcast Service
Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP Broadcast Service The communications between devices running NTP (known as associations) are usually statically configured; each device is given the IP addresses of all devices with which it should form associations. Accurate timekeeping is possible by exchanging NTP messages between each pair of devices with an association.
Page 176: Configuring Ntp Access Restrictions
Chapter 4 Administering the Switch Managing the System Time and Date To configure the switch to receive NTP broadcast packets from connected peers, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Specifies the interface to receive NTP broadcast packets, and enter interface interface-id interface configuration mode.
Page 177 Chapter 4 Administering the Switch Managing the System Time and Date Creating an Access Group and Assigning a Basic IP Access List To control access to NTP services by using access lists, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Creates an access group, and apply a basic IP access list.
Page 178: Configuring The Source Ip Address For Ntp Packets
Chapter 4 Administering the Switch Managing the System Time and Date To remove access control to the switch NTP services, use the no ntp access-group {query-only | serve-only | serve | peer} global configuration command. This example shows how to configure the switch to allow itself to synchronize to a peer from access list 99.
Page 179: Displaying The Ntp Configuration
For detailed information about the fields in these displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.3. Configuring Time and Date Manually If no other source of time is available, you can manually configure the time and date after the system is restarted.
Page 180: Displaying The Time And Date Configuration
Chapter 4 Administering the Switch Managing the System Time and Date Displaying the Time and Date Configuration To display the time and date configuration, use the show clock [detail] privileged EXEC command. The system clock keeps an authoritative flag that shows whether the time is authoritative (believed to be accurate).
Page 181: Configuring Summer Time (Daylight Saving Time)
Chapter 4 Administering the Switch Managing the System Time and Date Configuring Summer Time (Daylight Saving Time) To configure summer time (daylight saving time) in areas where it starts and ends on a particular day of the week each year, perform this task: Command Purpose Step 1...
Page 182: Managing Software Licenses Using Permanent Right-To-Use Features
Chapter 4 Administering the Switch Managing Software Licenses Using Permanent Right-To-Use Features If summer time in your area does not follow a recurring pattern (configure the exact date and time of the next summer time events), perform this task: Command Purpose Step 1 Enters global configuration mode.
Page 183: About A Prtu License
UID. Therefore, to activate a license on a new switch, you had to obtain a new license for the new UID. With PRTU licenses, logging on the Cisco server is un necessary to download and install the license. The license is available with the image.
Page 184: Guidelines For The Rtu License Model
Guidelines for the RTU License Model • The PRTU license model is based on mutual trust between you and Cisco. When you apply an PRTU license, it is implied that you have first purchased the license from Cisco. This agreement is explained in detail in the EULA, which is displayed when you activate the license.
Page 185: Deactivating A Prtu License
Displaying Software License Information To display information about the software licenses on your switch, use one of these methods: Use Cisco License Manager to view license and device information. In the GUI, the discovery and • polling features collect all the license and device information that appears in the Properties window.
Page 186 Chapter 4 Administering the Switch Managing Software Licenses Using Permanent Right-To-Use Features License State: Active, In Use License Count: Non-Counted License Priority: Medium Store Index: 1 Store Name: Primary License Storage Index: 4 Feature: ipbase Version: 1.0 License Type: Evaluation Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License State: Inactive...
Page 187 Chapter 4 Administering the Switch Managing Software Licenses Using Permanent Right-To-Use Features Comment: Hash: 9w09jAFGBzi2w6XQCljLOBe2p+Y= License Index: 2 License: 11 ipbase 1.0 LONG TRIAL DISABLED 1440 DISABLED STANDALONE ADD INFINITE_KEYS INFINITE_KEYS NEVER NEVER NiL SLM_CODE DEMO NiL NiL Ni NiL NiL 5_MINS NiL YXNJUtpFJiC2Rpdt1SJNVQBCpQUBNt59tdkJJTgKwmLTKj:vmp,sVkMiiRYLfMHQfj$AQEBIf8B//kagzg0R7bT5rn 6dVYVPUFmxB1UsblGgbkInHYo55DJzHE/Bqnlf9keNdSyzPbUhSRqwInXo3snsLU7rOtdOxoIxYZAo3LYmUJ+MFzsq lhKoJVlPyEvQ8H21MNUjVbhoN0gyIWsyiJaM8AQIkVBQFzhr10GYolVzdzfJfEPQIx6tZ++/Vtc/q3SF/5Ko8XCY=...
Page 188 Chapter 4 Administering the Switch Managing Software Licenses Using Permanent Right-To-Use Features License Store: Dynamic License Storage License Store: Primary License Storage License Store: Dynamic License Storage StoreIndex: 1 Feature: entservices Version: 1.0 License Type: PermanentRightToUse License State: Inactive License Count: Non-Counted StoreIndex: 3 Feature: ipbase Version: 1.0 License Type: PermanentRightToUse License State: Inactive...
Page 189: Configuring A System Name And Prompt
A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.3 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.3.
Page 190: Configuring A System Name
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 191: Default Dns Configuration
Chapter 4 Administering the Switch Configuring a System Name and Prompt Default DNS Configuration Table 4-3 shows the default DNS configuration. Table 4-3 Default DNS Configuration Feature Default Setting DNS enable state Enabled. DNS default domain name None configured. DNS servers No name server addresses are configured.
Page 192: Displaying The Dns Configuration
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 193 Chapter 4 Administering the Switch Creating a Banner To configure a MOTD login banner, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Specifies the message of the day. banner motd c message c To delete the MOTD banner, use the no banner motd global configuration command.
Page 194 Chapter 4 Administering the Switch Creating a Banner This example shows the banner that appears from the previous configuration: Unix> telnet 172.2.5.4 Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. it is a secure site. Only authorized users are allowed. For access, contact technical support.
Page 195: Configuring A Login Banner
Chapter 4 Administering the Switch Creating a Banner Configuring a Login Banner You can configure a login banner to be displayed on all connected terminals. This banner appears after the MOTD banner and before the login prompt. To configure a login banner, perform this task: Command Purpose Step 1...
Page 196: Managing The Mac Address Table
Chapter 4 Administering the Switch Managing the MAC Address Table This example shows how to configure a login banner for the switch by using the dollar sign ($) symbol as the beginning and ending delimiter: Switch# configuration terminal Switch(config)# banner login $ Access for authorized users only.
Page 197: Mac Addresses And Vlans
Chapter 4 Administering the Switch Managing the MAC Address Table address and its associated port number to the address table. As stations are added or removed from the network, the switch updates the address table, adding new dynamic addresses and aging out those that are not in use.
Page 198: Default Mac Address Table Configuration
Chapter 4 Administering the Switch Managing the MAC Address Table When PVLANs are configured, address learning depends on the type of MAC address: Dynamic MAC addresses learned in one VLAN of a PVLAN are replicated in the associated • VLANs. For example, a MAC address learned in a private-VLAN secondary VLAN is replicated in the primary VLAN.
Page 199: Removing Dynamic Address Entries
Chapter 4 Administering the Switch Managing the MAC Address Table Command Purpose Step 4 Verifies your entries. show mac address-table aging-time Step 5 (Optional) Saves your entries in the configuration file. copy running-config startup-config Removing Dynamic Address Entries To remove all dynamic entries, use the clear mac address-table dynamic command in EXEC mode. You can also remove a specific MAC address (clear mac address-table dynamic address mac-address), remove all addresses on the specified physical port or port channel (clear mac address-table dynamic interface interface-id), or remove all addresses on a specified...
Page 200 Chapter 4 Administering the Switch Managing the MAC Address Table Command Purpose Step 3 Enables the switch to send MAC change traps to the snmp-server enable traps mac-notification change NMS. To disable the switch from sending MAC change notification traps, use the no snmp-server enable traps mac-notification change global configuration command.
Page 201: Configuring Mac Move Notification Traps
Chapter 4 Administering the Switch Managing the MAC Address Table This example shows how to specify 172.69.59.93 as the network management system, enable the switch to send MAC change notification traps to the network management system, enable the MAC change notification feature, set the interval time to 60 seconds, set the history-size to 100 entries, and enable traps whenever a MAC address is added on the specified port: Switch# configure terminal...
Page 202 Chapter 4 Administering the Switch Managing the MAC Address Table To configure MAC move notification, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Specifies the recipient of the trap message. snmp-server host host-addr traps | informs version }} [...
Page 203: Configuring Mac Threshold Notification Traps
Chapter 4 Administering the Switch Managing the MAC Address Table Configuring MAC Threshold Notification Traps When you configure MAC threshold notification, an SNMP notification is generated and sent to the network management system when a MAC address table (MAT) threshold limit is reached or exceeded. To configure MAC address threshold notification, perform this task: Command Purpose...
Page 204: Adding And Removing Static Address Entries
Chapter 4 Administering the Switch Managing the MAC Address Table Command Purpose Step 6 Returns to privileged EXEC mode. Step 7 Displays the MAC utilization threshold notification show mac address-table notification threshold show running-config status. Step 8 (Optional) Saves your entries in the configuration copy running-config startup-config file.
Page 205: Configuring Unicast Mac Address Filtering
Chapter 4 Administering the Switch Managing the MAC Address Table To add a static address, perform this task: Command Purpose Step 1 Enters global configuration mode. configure terminal Step 2 Adds a static address to the MAC address table. mac address-table static mac-addr vlan vlan-id interface interface-id For mac-addr, specify the destination MAC unicast address to add to •...
Page 206 Chapter 4 Administering the Switch Managing the MAC Address Table If you add a unicast MAC address as a static address and configure unicast MAC address filtering, • the switch either adds the MAC address as a static address or drops packets with that MAC address, depending on which command was entered last.
Page 207: Disabling Mac Address Learning On A Vlan
Chapter 4 Administering the Switch Managing the MAC Address Table Disabling MAC Address Learning on a VLAN By default, MAC address learning is enabled on all VLANs on the switch. By controlling which VLANs can learn MAC addresses, you can manage the available MAC address table space. By disabling learning on a VLAN, you can conserve the MAC address table space because all the MAC addresses seen on this VLAN are not learned.
Page 208: Usage Guidelines
Chapter 4 Administering the Switch Managing the MAC Address Table Usage Guidelines These guidelines are advisory only. Contact the Cisco solution provider team for specific solution Note implementations. When disabling MAC address learning on a VLAN, consider these guidelines: If learning is disabled on a VLAN with an SVI interface, it floods every IP packet in the Layer 2 •...
Page 209 Chapter 4 Administering the Switch Managing the MAC Address Table Figure 4-2 Disabling MAC Address Learning: Point-to-Point Links Core Switch Core Switch FW Sync Distribution Distribution External External Switch Switch FW interface FW interface L2/L3 Internal Internal FW interface FW interface Firewall VLAN a VLAN a...
Page 210: Feature Compatibility
Chapter 4 Administering the Switch Managing the MAC Address Table Layer 2 Firewall or Cache In this topology, a rewritten Layer 3 packet is routed back to a Layer 2 firewall (or cache) before exiting. When the packet reenters the switch from the firewall, it possesses the switch’s MAC address because the packet was previously routed.
Page 211: Feature Incompatibility
Chapter 4 Administering the Switch Managing the MAC Address Table Feature Incompatibility The following features are incompatible with disabling MAC address learning and do not work properly when the feature is enabled: 802.1X—The 802.1X class of features does not work when learning is disabled because some of •...
Page 212: Displaying Address Table Entries
Configuration capabilities allow comprehensive changes to devices, if the required security privileges have been granted. The configuration and monitoring capabilities for the Catalyst 4500 series of switches mirror those available in CiscoView in all server-based CiscoWorks solutions, including CiscoWorks LAN Management Solution (LMS) and CiscoWorks Routed WAN Management Solution (RWAN).
Page 213: Understanding Embedded Ciscoview
Chapter 4 Administering the Switch Configuring Embedded CiscoView Support These sections describe the Embedded CiscoView support available with Cisco IOS Release 12.1(20)EW and later releases: • Understanding Embedded CiscoView, page 4-45 Installing and Configuring Embedded CiscoView, page 4-45 • Displaying Embedded CiscoView Information, page 4-48 •...
Page 214 Delete bootflash:cv/Cat4000IOS-4.0_error.html? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_install.html? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_jks.jar? [confirm]y Delete bootflash:cv/Cat4000IOS-4.0_nos.jar? [confirm]y Delete bootflash:cv/applet.html? [confirm]y Delete bootflash:cv/cisco.x509? [confirm]y Delete bootflash:cv/identitydb.obj? [confirm]y Switch# Switch# squeeze bootflash: All deleted files will be removed. Continue? [confirm]y Squeeze operation may take a while. Continue? [confirm]y...
Page 215 ADP version Output modifiers < For more information about web access to the switch, refer to the “Using the Cisco Web Browser” chapter in the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/12_4t/cf_12_4t_book.html Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 216: Displaying Embedded Ciscoview Information
7263 Cat4000IOS-5.1_error.html Cat4000IOS-5.1_install.html 2743 Cat4000IOS-5.1_jks.jar 20450 Cat4000IOS-5.1_nos.jar 20782 applet.html 12388 cisco.x509 identitydb.obj 2523 Switch# show ciscoview version Engine Version: 5.3.4 ADP Device: Cat4000IOS ADP Version: 5.1 ADK: 49 Switch# Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 4-48 OL-30933-01...
Page 217: Configuring Virtual Switching Systems
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Master Command List, Release 12.2SX and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 218: Understanding Virtual Switching Systems
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Understanding Virtual Switching Systems These sections describe a VSS: VSS Overview, page 5-2 • VSS Redundancy, page 5-11 • Multichassis EtherChannels, page 5-14 • Packet Handling, page 5-16 • System Monitoring, page 5-20 •...
Page 219: Key Concepts
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Hardware Requirements, page 5-9 • Understanding VSL Topology, page 5-11 • Key Concepts The VSS incorporates the following key concepts: Virtual Switching System, page 5-3 • VSS Active and VSS Standby Switch, page 5-3 •...
Page 220 Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Virtual Switch Link For the two switches of the VSS to act as one network element, they need to share control information and data traffic. The virtual switch link (VSL) is a special link that carries control and data traffic between the two switches of a VSS, as shown in Figure 5-3.
Page 221: Vss Functionality
• Multichassis EtherChannel Beginning with Cisco Release IOS XE 3.5.0E and IOS 15.2(1)SG, Layer 3 MEC is supported on the Note Catalyst 4500 series switch. Cisco Release IOS XE 3.4.0SG does not support Layer 3 MEC. An EtherChannel (also known as a port channel) is a collection of two or more physical links that combine to form one logical link.
Page 222 Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems System Management, page 5-6 • Quad-Supervisor (In-chassis Standby Supervisor Engine) Support, page 5-6 • Asymmetric chassis support, page 5-8 • Interface Naming Convention, page 5-8 • Module Number Convention, page 5-8 •...
Page 223 Configuring Virtual Switching Systems Understanding Virtual Switching Systems The Catalyst 4500 series switches support dual supervisors in a redundant chassis, which can be configured for SSO or RPR mode. However, when a chassis is running in VSS mode, it supports a second supervisor engine, but only in rommon mode.
Page 224 Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Asymmetric chassis support Catalyst 4500 and Catalyst 4500X VSS require the same supervisor engine type in both chassis. The chassis can differ in type (i.e., +E and -E chassis can be in a single VSS) and also can differ in the number of slots in chassis.
Page 225: Hardware Requirements
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Energywise • Fast UDLD • Flexlink • Mediatrace (Medianet active video monitoring feature) • Metadata (Medianet feature) • Per VLAN Learning • REP and associated featurettes • • UDLR • VLAN Translation (1:1 and 1:2-Selective QinQ) •...
Page 226 Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Table 5-1 VSS Hardware Requirements Hardware Count Requirements Supervisor Engines VSS is available on Supervisor Engine 7-E, Supervisor Engine 7L-E, Supervisor Engine 8-E, and on the Catalyst 4500-X switch series. All supervisor engines or systems in a VSS must match precisely.
Page 227: Understanding Vsl Topology
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Oversubscribed linecard ports can be used for VSL but total bandwidth requirements of VSL or any • traffic drop because of a certain hashing mechanism must be accounted for before using oversubscribed linecard ports for VSL.
Page 228: Overview
“SSO Dependencies” section on page 5-27 for additional details about the requirements for SSO redundancy on a VSS. See Chapter 12, “Configuring Cisco NSF with SSO Supervisor Engine Redundancy” for information about configuring SSO and NSF. With SSO redundancy, the VSS Standby supervisor engine is always ready to assume control following a fault on the VSS Active supervisor engine.
Page 229: Failed Switch Recovery
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Figure 5-6 Switches’ Roles in a VSS Failed Switch Recovery If the VSS Active switch or supervisor engine fails, the VSS initiates a stateful switchover (SSO) and the former VSS Standby supervisor engine assumes the VSS Active role. The failed switch performs recovery action by reloading the supervisor engine.
Page 230: Vsl Failure
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems VSL Failure To ensure fast recovery from VSL failures, fast link failure detection is enabled in virtual switch mode on all VSL port channel members. Fast link notification is based upon internal hardware assisted BFD sessions between the pair of physical Note VSL links.
Page 231: Mec Failure Scenarios
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems An MEC can support up to eight physical links, which can be distributed in any proportion between the VSS Active and VSS Standby switch. Figure 5-7 MEC Topology Router, switch or server Virtual switch Supervisor...
Page 232: Packet Handling
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems All MEC Links to the VSS Standby Switch Fail If all links fail to the VSS Standby switch, the MEC becomes a regular EtherChannel with operational links to the VSS Active switch. Control protocols continue to run in the VSS Active switch.
Page 233: Layer 2 Protocols
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems The VSL transports control messages between the two switches. Messages include protocol messages that are processed by the VSS Active supervisor engine, but received or transmitted by interfaces on the VSS Standby switch.
Page 234: Layer 3 Protocols
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems EtherChannel Control Protocols Link Aggregation Control Protocol (LACP) and Port Aggregation Protocol (PAgP) packets contain a device identifier. The VSS defines a common device identifier for both chassis. You should use PAgP or LACP on MECs instead of mode ON, although all three modes are supported.
Page 235 Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems The same router MAC address, assigned by the VSS Active supervisor engine, is used for all Layer 3 interfaces on both VSS member switches. After a switchover, the original router MAC address is still used.
Page 236: System Monitoring
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems To avoid multicast route changes as a result of the switchover, we recommend that all links carrying Note multicast traffic be configured as MEC rather than Equal Cost Multipath (ECMP). For packets traversing VSL, all Layer 3 multicast replication occurs on the egress switch.
Page 237: Diagnostics
Transferring a Large File over VSL, page 5-23 • Telnet over SSH Sessions and the Web Browser User Interface A VSS supports remote access using Telnet over SSH sessions and the Cisco web browser user interface. Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)SG 5-21...
Page 238 If the VSS performs a switchover, Telnet over SSH sessions and web browser sessions are disconnected. SNMP The SNMP agent runs on the VSS Active supervisor engine. CISCO-VIRTUAL-SWITCH-MIB is a new MIB for virtual switch mode and contains the following main components: cvsGlobalObjects — Domain #, Switch #, Switch Mode •...
Page 239: Dual-Active Detection
Port aggregation protocol (PAgP) is a Cisco-proprietary protocol for managing EtherChannels. If a VSS MEC terminates to a Cisco switch, you can run PAgP protocol on the MEC. If PAgP is running on the MECs between the VSS and an upstream or downstream switch, the VSS can use PAgP to detect a dual-active scenario.
Page 240: Dual-Active Detection Using Fast-Hello
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Cisco IOS Release at this URL: http://www.cisco.com/en/US/products/ps6350/tsd_products_support_series_home.html When the VSS Standby switch detects VSL failure, it initiates SSO and becomes VSS Active. Subsequent PAgP messages to the connected switch from the newly VSS Active switch contain the new VSS Active ID.
Page 241: Configuring A Recovery Ip Address
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems If the running configuration of the switch in recovery mode has been changed without saving, the switch Note will not automatically reload. In this situation, you must write the configuration to memory and then reload manually using the reload command.
Page 242: Vss Initialization
Chapter 5 Configuring Virtual Switching Systems Understanding Virtual Switching Systems Scenario 1 The VSS System is configured as follows: Global IP address- GIP • switch 1 IP address - IP1 • switch 2 IP address - IP2 • In this scenario, if switch 1 enters recovery mode, it will use IP1 for the fa1 interface on switch 1. Conversely, if switch 2 enters recovery mode, it will use IP2 for the fa1 interface on switch2.
Page 243: Sso Dependencies
SSO and NSF must be configured and enabled on both switches. For detailed information on configuring and verifying SSO and NSF, see Chapter 12, “Configuring Cisco NSF with SSO Supervisor Engine Redundancy.” If these conditions are unsatisfied, the VSS stops booting and ensures that the forwarding plane is not performing forwarding.
Page 244: Vss Configuration Guidelines And Restrictions
General VSS Restrictions and Guidelines When configuring the VSS, note the following guidelines and restrictions: In Cisco IOS XE 3.4.0E (15.1(2)SG, E, VSS did not support SMI (both Director and Client). • Beginning with Cisco IOS XE 3.5.0E (15.2(1)E, VSS supports SmartInstall Director but not SMI Client.
Page 245 Chapter 5 Configuring Virtual Switching Systems VSS Configuration Guidelines and Restrictions The SMI Director has only one instance on VSS and runs on the VSS active switch. The standby • Catalyst 4500 switch in a VSS is not listed as a director in the output of the sh vstack status command.
Page 246: Multichassis Etherchannel Restrictions And Guidelines
• Configuring Easy VSS Beginning with Cisco IOS XE 3.6.0E (IOS 15.2(2)E), the Catalyst 4500 series switch supports Easy VSS, which enables you to configure VSS with a single command on the active switch and no action on the VSS standby switch.
Page 247 "potential" VSL interfaces in the output of the vsl ? command in easy-vss mode. This output also displays a list of indirectly-reachable Layer 3 interfaces. Cisco IOS XE 3.6.0E (IOS 15.2(2)E) only supports reachability using a default route. Management and user-created VRF are not supported.
Page 248 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Perform the following task on the VSS active switch that you want to make the master switch, which manages the standby switch after VSS boot-up: Command Purpose Step 1 Switches to easy VSS sub-mode Switch# switch convert mode easy-virtual-switch Step 2 Displays a list of local inter-faces (with their peer...
Page 249: Backing Up The Standalone Configuration
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Preferably, conversion to VSS should be done on a maintenance window. If you plan to use the same port Note channel number for VSL, default the existing port channel configurations that are available on standalone switches.
Page 250 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Backing Up the Standalone Configuration Save the configuration files for both switches operating in standalone mode. You need these files to revert to standalone mode from virtual switch mode. On Switch 1, perform this task: Command Purpose Step 1...
Page 251 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Perform the following task on Switch 2: Command Purpose Step 1 Configures the virtual switch domain on Switch B. Switch-2(config)# switch virtual domain 100 Step 2 Configures Switch B as virtual switch number 2. Switch-2(config-vs-domain)# switch 2 Step 3 Exits config-vs-domain.
Page 252: Converting The Switch To Virtual Switch Mode
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Command Purpose Step 4 Activates the port channel. Switch-2(config-if)# no shutdown Step 5 Exits interface configuration mode. Switch-2(config-if)# exit You must add the VSL physical ports to the port channel. In the following example, interfaces 10-Gigabit Ethernet 3/1 and 3/2 on Switch 1 are connected to interfaces 10-Gigabit Ethernet 5/2 and 5/3 on Switch 2.
Page 253: Optional) Configuring Vss Standby Switch Modules
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS To convert Switch 1 to virtual switch mode, perform this task: Command Purpose Converts Switch 1 to virtual switch mode. Switch-1# switch convert mode virtual After you enter the command, you are prompted to confirm the action.
Page 254: Displaying Vss Information
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS slot 4 slot-type 225 port-type 61 number 48 virtual-slot 36 slot 5 slot-type 82 port-type 31 number 2 virtual-slot 37 These commands are not available to the user and that various numbers used in these commands are internal to the system and used to identify a module.
Page 255: Converting A Vss To Standalone Switch
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS LOCAL FALSE(N ) 100(100) ACTIVE REMOTE FALSE(N ) 100(100) STANDBY 7496 7678 Peer 0 represents the local switch Flags : V - Valid In dual-active recovery mode: No Executing the command on VSS member switch role = VSS Standby, id = 2 RRP information for Instance 2 -------------------------------------------------------------------- Valid...
Page 256: Copying The Vss Configuration To A Backup File
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Copying the VSS Configuration to a Backup File Save the configuration file from the VSS Active switch. You may need this file if you convert to virtual switch mode again. You only need to save the file from the VSS Active switch, because the configuration file on the VSS Standby switch is identical to the file on the VSS Active switch.
Page 257: Configuring Vss Parameters
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS To convert the peer switch to standalone, perform this task on the VSS Standby switch: Command Purpose Converts Switch 2 to standalone mode. Switch-2# switch convert mode stand-alone After you enter the command, you are prompted to confirm the action.
Page 258 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Command Purpose Step 2 Configures the priority for the switch. The switch Switch(config-vs-domain)# switch [1 | 2] priority [priority_num] with the higher priority assumes the VSS Active role. The range is 1 (lowest priority) to 255 (highest priority);...
Page 259 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Configuring a VSL To configure a port channel to be a VSL, perform this task: Command Purpose Step 1 Enters configuration mode for the specified port Switch(config)# interface port-channel channel_num channel. Step 2 Assigns the port channel to the virtual link for the Switch(config-if)# switch virtual link switch_num...
Page 260: Displaying Vsl Information
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Displaying VSL Information To display information about the VSL, perform one of these tasks: Command Purpose Displays information about the VSL. Switch# show switch virtual link Displays information about the VSL port channel. Switch# show switch virtual link port-channel Displays information about the VSL ports.
Page 261: Configuring Vsl Qos
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS LMP hello timer Hello Tx (T4) ms Hello Rx (T5*) ms Interface State ------------------------------------------------------------------------- Gi1/3/11 operational 1000 30000 29144 *T5 = min_rx * multiplier Cfg : Configured Time Cur : Current Time Rem : Remaining Time Configuring VSL QoS When a physical port is configured as a member of a VSL port-channel, a queuing policy is automatically...
Page 262: Configuring The Router Mac Address
Chassis. This is the Cisco MAC address assigned • to the chassis. use-virtual—Use the mac-address range reserved for the VSS. This is the served Cisco MAC address • pool, which is derived from a base MAC address +vvs domain-id.
Page 263: Configuring Multichassis Etherchannels
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Command Purpose Enters VSS configuration mode. Switch(config)# switch virtual domain domain_id Assigns the router MAC address from a reserved pool of Switch(config-vs-domain)# mac-address use-virtual domain-based addresses. Note This is the default. This is shown in the configuration, even if it the default.
Page 264 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Switch(config-if)# ip address 172.32.52.10 255.255.255.0 Switch(config-if)# end This example shows how to verify the configuration of port channel interface 1: Switch# show running-config interface port-channel 1 Building configuration... Current configuration: interface Port-channel1 ip address 172.32.52.10 255.255.255.0 Switch# Configuring Physical Interfaces as Layer 3 EtherChannels...
Page 265 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Switch(config-if)# no ip address Switch(config-if)# channel-group 1 mode desirable Switch(config-if)# end See the “Configuring a Range of Interfaces” section on page 8-4 for information about the range Note keyword. The following two examples show how to verify the configuration of GigabitEthernet interface 1/3/26: Switch# show running-config interface gigabitEthernet 1/3/26 Building configuration...
Page 266 Te1/1/4(D) Po20(SU) Te2/1/1(P) Prior to Cisco Release IOS XE 3.5.0E and IOS 15.2(1)SG, when you tried to add a port to an EtherChannel from different chassis of the VSS system, an error message displayed: Switch(config)# int gi2/3/26 Switch(config-if)# no switchport...
Page 267: Configuring Dual-Active Detection
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Configuring Dual-Active Detection The following sections describe how to configure dual-active detection: Configuring Enhanced PAgP Dual-Active Detection, page 5-51 • Configuring Fast-Hello Dual-Active Detection, page 5-52 • Displaying Dual-Active Detection, page 5-53 •...
Page 268: Configuring Fast-Hello Dual-Active Detection
Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Switch(config-vs-domain)# dual-active detection pagp Switch(config-vs-domain)# dual-active detection pagp trust channel-group 20 Switch(config-vs-domain)# exit Switch(config)# interface port-channel 20 Switch(config-if)# no shutdown Switch(config-if)# exit This example shows the error message if you try to enable PAgP dual-active detection when a trusted port channel is not shut down first: Switch(config)# switch virtual domain 100 Switch(config-vs-domain)# dual-active detection pagp...
Page 269 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS When you configure fast hello dual-active interface pairs, note the following information: You can configure a maximum of four interfaces on each chassis to connect with the other chassis • in dual-active interface pairs. Attempting to configure more than four interfaces causes an error message to display (and your command is rejected).
Page 270 Chapter 5 Configuring Virtual Switching Systems Configuring a VSS Received id: e8b7.488e.b7c0 Expected id: e8b7.488e.b700 This example shows how to display the summary status for dual-active detection when recovery is triggered by RRP rather than PagP: Switch# show switch virtual dual-active summary Switch(recovery-mode)# show switch virtual dual-act summary Pagp dual-active detection enabled: Yes In dual-active recovery mode: Yes...
Page 271: In-Service Software Upgrade (Issu) On A Vss
Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS Dual-active fast-hello link counters: Port -------------------------------------- Gi1/1/5 This example shows how to display the status of total packets exchanged between the fast-hello links on the VSS: Switch# show switch virtual dual-active fast-hello packet Executing the command on VSS member switch role = VSS Active, id = 2 Dual-active fast-hello packet counters: SwitchId : 2...
Page 272 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS Figure 5-9 Upgrading VSS System Active Standby (version X) (version X) Active (Reboot) (version X) Active Standby (version X) (version Y) Statefull Switchover Active (Reboot) (version Y) Standby Active (version X)
Page 273: Related Documents
Upgrades Prerequisites to Performing ISSU Before performing ISSU, you must meet these prerequisites: Ensure that the current Cisco IOS XE version running in the system supports ISSU. Also ensure that • the target version supports ISSU. You can enter various commands on the switch to determine supervisor engine versioning and Cisco IOS XE software compatibility.
Page 274: About Performing Issu
• with one supervisor engine running as the SSO active, and the other as the SSO standby. The pre- and post-upgrade Cisco IOS XE software image files must both be available in the local • file systems (bootflash, SD card, or USB) of both the Active and the standby supervisor engines before you begin the ISSU process.
Page 275 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS automatically; using a single command • ISSU using the four-command sequence The manual ISSU upgrade process involves issuing four distinct ISSU EXEC commands in sequence issu loadversion •...
Page 276 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS During the ISSU process, several show commands are available to evaluate the success of each command before proceeding to the next step. ISSU using the Single Command Sequence (issu changeversion) The use of multiple ISSU commands dictates an additional level of care to ensure no service disruption.
Page 277: Guidelines For Performing Issu
In a downgrade scenario, if any feature is not available in the downgrade revision of the • Cisco IOS XE software handle, that feature should be disabled prior to initiating the ISSU process. Compatibility Matrix ISSU requires additional information to determine compatibility between software versions. Therefore, a compatibility matrix is defined that contains information about other IOS XE software image with respect to the one in question.
Page 278: Compatibility Verification Using Cisco Feature Navigator
Cisco.com so that users can determine in advance whether a successful upgrade can be achieved using the ISSU process. You can perform the ISSU process when the old and new Cisco IOS XE software are compatible. The compatibility matrix information stores the compatibility among releases as follows: Compatible—The base-level system infrastructure and all optional HA-aware subsystems are...
Page 279: How To Perform The Issu Process
Unlike SSO, which is a mode of operation for the device and a prerequisite for performing ISSU, the ISSU process is a series of steps performed while the switch is in operation. The steps result in an upgrade to new or modified Cisco IOS XE software, and have a minimal impact to traffic. Note...
Page 280: Verifying Redundancy Mode Before Beginning The Issu Process
Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS Command or Action Purpose Step 3 Displays current or historical status, mode, and related Switch# show redundancy redundancy information about the device. Step 4 Identifies which switch of the VSS is currently performing Switch# show switch virtual the Active role, and which switch the Standby.
Page 281 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.03.00.SGN1.33 CISCO INTERNAL USE ONLY UNIVERSAL PRODUCTION K10 IOSD VERSION , synced to END_OF_FLO_ISP Copyright (c) 1986-2012 by Cisco Systems, Inc.
Page 282 00:33:33 Switch# The new version of the Cisco IOS XE software must be present on both of the supervisor engines. The directory information displayed for each of the supervisor engines shows that the new version is present. Switch# dir bootflash:...
Page 283: Issu Using The Four-Command Sequence: Step 1 (Loadversion)
Starts the ISSU process and (optionally) overrides the Switch# issu loadversion active-slot] active-image-new [standby-slot] automatic rollback when the new Cisco IOS XE software standby-image-new version is detected to be incompatible. It may take several minutes after entering the issu loadversion command for Cisco IOS XE software to load onto the standby supervisor engine and for the standby supervisor engine to transition to SSO mode.
Page 284: Issu Using The Four-Command Sequence: Step 2 (Runversion)
Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS %issu loadversion executed successfully, Standby is being reloaded Switch# show issu state detail Slot = 1 RP State = Active ISSU State = Load Version Operating Mode = Stateful Switchover Current Image = bootflash:old_image Pre-ISSU (Original) Image = bootflash:old_image Post-ISSU (Targeted) Image = bootflash:new_image...
Page 285 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS Command or Action Purpose Step 1 Enables privileged EXEC mode. Switch> enable Enter your password if prompted. Step 2 Forces a switchover from the active to the standby Switch# issu runversion [standby-slot] [standby-image-new]] supervisor engine and reloads the former active (current...
Page 286: Issu Using The Four Command Sequence: Step 3 (Acceptversion)
This step is optional. It is needed only if you wish to stop the ISSU rollback timer. Otherwise you may proceed to the next step (commitversion) Cisco IOS XE software maintains an ISSU rollback timer to safeguard against an upgrade that may leave the new active supervisor engine in a state in which communication with the standby supervisor engine is severed.
Page 287: Issu Using The Four Command Sequence: Step 4 (Commitversion)
This example shows how to reset and reload the current standby supervisor engine (slot 1) with the new Cisco IOS XE software version. After you enter the commitversion command, the standby supervisor engine boots in the Standby Hot state.
Page 288: Using Changeversion To Automate An Issu Upgrade
VSS has reached the desired state. At the end of the commitversion state, the ISSU process has completed. At this stage, any further Cisco IOS XE software version upgrade or downgrade will require that a new ISSU process be invoked anew.
Page 289 Current Software state = ACTIVE Uptime in current state = 45 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.03.00.SGN1.33 CISCO INTERNAL USE ONLY UNIVERSAL PRODUCTION K10 IOSD VERSION , synced to END_OF_FLO_ISP Copyright (c) 1986-2012 by Cisco Systems, Inc.
Page 290 Current Software state = STANDBY HOT Uptime in current state = 25 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.03.00.SGN1.33 CISCO INTERNAL USE ONLY UNIVERSAL PRODUCTION K10 IOSD VERSION , synced to END_OF_FLO_ISP Copyright (c) 1986-2012 by Cisco Systems, Inc.
Page 291 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS Switch# dir bootflash: Directory of bootflash:/ 29122 -rw- 119519232 Aug 13 2012 19:13:14 +00:00 cat4500e-universal.SSA.03.03.00.SGN1.34.151-2.SGN1.34.bin 29125 -rw- 119286584 Aug 13 2012 22:30:02 +00:00 cat4500e-universal.SSA.03.03.00.SGN1.33.151-2.SGN1.33.bin 820875264 bytes total (581648384 bytes free) Switch# dir slavebootflash: Directory of slavebootflash:/ 58372...
Page 292 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS 00:18:43 00:18:17 00:18:16 Switch#show issu state detail Slot = 11 RP State = Active ISSU State = Init Operating Mode = Stateful Switchover Current Image = bootflash:cat4500e-universal.SSA.03.03.00.SGN1.34.151-2.SGN1.34.bin Pre-ISSU (Original) Image = N/A Post-ISSU (Targeted) Image = N/A Slot = 1...
Page 293 Current Software state = ACTIVE Uptime in current state = 21 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.03.00.SGN1.34 CISCO INTERNAL USE ONLY UNIVERSAL PRODUCTION K10 IOSD VERSION , synced to END_OF_FLO_ISP Copyright (c) 1986-2012 by Cisco Systems, Inc.
Page 294: Aborting A Software Upgrade During Issu
Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS ISSU State = Init Changeversion = TRUE Operating Mode = Stateful Switchover Current Image = bootflash:x.bin Pre-ISSU (Original) Image = N/A Post-ISSU (Targeted) Image = N/A Aborting a Software Upgrade During ISSU You can abort the ISSU process at any stage manually (prior to entering the issu commitversion command) by entering the issu abortversion command.
Page 295: Configuring The Rollback Timer To Safeguard Against Upgrade Issues
Conversely, you may want to configure the rollback timer to more than 45 minutes in order to have enough time to verify the operation of the new Cisco IOS XE software before committing the new software image.
Page 296 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS The rollback timer can be configured only in the ISSU Init state. Note This task explains how to configure the rollback timer: Command or Action Purpose Step 1 Enables privileged EXEC mode.
Page 297: The Issu Compatibility Matrix
Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS The ISSU Compatibility Matrix The ISSU Compatibility Matrix contains information about the compatibility of the IOS XE software version currently running on the system, and other versions. The Compatibility Matrix deals with two kinds of information: Stored Information, page 5-81 •...
Page 298 Chapter 5 Configuring Virtual Switching Systems In-Service Software Upgrade (ISSU) on a VSS Negotiated Information While the Stored compatibility matrix information is used before an ISSU upgrade is attempted, the Negotiated compatibility matrix information pertains to the ISSU state after or during an ISSU upgrade attempt.
Page 299: License Upgrade On A Vss
Chapter 5 Configuring Virtual Switching Systems License Upgrade on a VSS 7200 131105 7201 131151 7203 131127 7301 131137 List of Clients: Client Name Base/Non-Base ================================================ ISSU Proto client Base ISSU RF Base ISSU CF client Base ISSU Network RF client Base 7200 ISSU Archive Client...
Page 300 Chapter 5 Configuring Virtual Switching Systems License Upgrade on a VSS A VSS standby booting as the active does not pose a network problem because all non-VSL ports Note are shutdown. Step 4 Install the license on the former VSS standby, the one also functioning as the active. During this time, the VSS active operates without interruption.
Page 301: Configuring The Cisco Ios In-Service Software Upgrade Process
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 302: Prerequisites To Performing Issu
NFL daughter card and so on). • The new and old Cisco IOS software images must be loaded into the file systems (bootflash or compact flash) of both the active and the standby supervisor engines before you begin the ISSU process.
Page 303: About Issu
SSO is typically deployed in service provider networks. In this example, Cisco NSF with SSO is enabled at the access layer (edge) of the service provider network. A fault at this point could result in loss of service for enterprise customers requiring access to the service provider network.
Page 304 SSO capable-routers access layer Customers Additional levels of availability may be gained by deploying Cisco NSF with SSO at other points in the network where a single point of failure exists. Figure 6-2 illustrates an optional deployment strategy that applies Cisco NSF with SSO at the enterprise network access layer.
Page 305: Nsf Overview
NSF Overview Cisco NSF works with the SSO feature in Cisco IOS software. SSO is a prerequisite of Cisco NSF. NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover.
Page 306: Issu Process Overview
About ISSU ISSU Process Overview The ISSU process allows you to perform a Cisco IOS software upgrade or downgrade while the system continues to forward packets. (For an illustration of the commands used during the ISSU process, refer Figure 6-8 on page 6-11.) Cisco IOS ISSU takes advantage of the Cisco IOS high availability...
Page 307 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU An ISSU-capable switch consists of two supervisor engines (active and standby) and one or more line cards. Before initiating the ISSU process, copy the Cisco IOS software into the file systems of both supervisor engines (see Figure 6-4).
Page 308 Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU After you have copied the Cisco IOS software to both file systems, load the new version of Cisco IOS software onto the standby supervisor engine (see Figure 6-5).
Page 309 Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU After a switchover (NSF or SSO, not RPR), the standby supervisor engine takes over as the new active supervisor engine (see Figure 6-6). Figure 6-6 Switch Over to Standby Supervisor Engine...
Page 310 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU The former active supervisor engine is loaded with an old Cisco IOS image so that if the new active supervisor engine experiences problems, you can abort and conduct a switchover to the former active, which is already running the old image.
Page 311: Performing An Issu Upgrade: 2 Methods
Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU Figure 6-8 Steps During the ISSU Process Standby Active Loadversion Loadversion Active Standby Abortversion Standby Active Abortversion Switchover Commitversion Commitversion Runversion Runversion Active Active Standby Standby *Acceptversion Commitversion Commitversion * This command is optional.
Page 312: Changeversion Process
Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process About ISSU Changeversion Process The issu changeversion command launches a single-step complete ISSU upgrade cycle. It performs the logic for all four of the standard commands (issu loadversion, issu runversion, issu acceptversion, and issu commitversion) without user intervention, streamlining the upgrade through a single CLI step.
Page 313: Changeversion Deployment Scenario
• In a downgrade scenario, if any feature is not available in the downgrade revision of the Cisco IOS software handle, that feature should be disabled prior to initiating the ISSU process. Versioning Capability in Cisco IOS Software to Support ISSU Before the introduction of ISSU, the SSO mode of operation required each supervisor engine to be running the same versions of Cisco IOS software.
Page 314: Compatibility Matrix
Incompatible versions cannot progress to SSO operational mode. Compatibility Matrix You can perform the ISSU process when the Cisco IOS software on both the active and the standby supervisor engine is capable of ISSU and the old and new images are compatible. The compatibility matrix information stores the compatibility among releases as follows: Compatible—The base-level system infrastructure and all optional HA-aware subsystems are...
Page 315: Snmp Support For Issu
SNMP for SSO provides a mechanism for synchronizing the SNMP configurations and the MIBs that support SSO from the active supervisor engine to the standby supervisor engine, assuming that both supervisor engines are running the same version of Cisco IOS software. This assumption is not valid for ISSU.
Page 316: Upgrading Issu To Cisco Ios Xe 3.4.0Sg/15.1(2)Sg From A Prior Release
Upgrading ISSU to Cisco IOS XE 3.4.0SG/15.1(2)SG from a Prior Release Because images prior to Cisco IOS XE 3.4.0SG/15.1(2)SG use the earlier CLI format and Cisco IOS XE 3.4.0SG and 15.1(2)SG images use a newer CLI format, your upgrade consists of the following: •...
Page 317: Downgrading Issu From Cisco Ios Xe 3.4.0Sg/15.1(2)Sg To A Prior Release
2000::1/64 Downgrading ISSU from Cisco IOS XE 3.4.0SG/15.1(2)SG to a Prior Release Because a Cisco IOS XE 3.4.0SG/15.1(2)SG image uses a new CLI format and prior images use earlier CLI formats, the downgrade procedure include the following: Downgrading mgmtVrf from new CLI format to older CLI format, removing any IPv6 addresses on •...
Page 318: Verifying The Issu Software Installation
Init state—The initial state is two supervisor engines, one active and one standby, before the ISSU • process is started. It is also the final state after the ISSU process completes. Load version (LV) state—The standby supervisor engine is loaded with the new version of Cisco • IOS software.
Page 319: Verifying Redundancy Mode Before Beginning The Issu Process
Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Command or Action Purpose Step 1 Enables privileged EXEC mode. Switch> enable • Enter your password if prompted. Step 2 Displays the state of the during the ISSU process.
Page 320: Verifying The Issu State Before Beginning The Issu Process
Secondary Version = N/A Current Version = bootflash:old_image The new version of the Cisco IOS software must be present on both of the supervisor engines. The directory information displayed for each of the supervisor engines (or supervisor engines) shows that the new version is present.
Page 321: Loading New Cisco Ios Software On The Standby Supervisor Engine
61341696 bytes total (1116224 bytes free) Loading New Cisco IOS Software on the Standby Supervisor Engine This task describes how to use ISSU to load a new version of Cisco IOS software to the standby supervisor engine. Prerequisites Ensure that the new version of Cisco IOS software image is already present in the file system of both •...
Page 322 It may take several seconds after the issu loadversion command is entered for Cisco IOS software to load onto the standby supervisor engine and for the standby supervisor engine to transition to SSO mode. This causes the standby supervisor engine to reload with the new image.
Page 323 Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Switch# show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT Mode = Duplex Unit = Primary Unit ID = 1 Redundancy Mode (Operational) = Stateful Switchover...
Page 324: Switching To The Standby Supervisor Engine
= 18 RF debug mask = 0x0 Switching to the Standby Supervisor Engine This task describes how to switchover to the standby supervisor engine, which is running the new Cisco IOS software image. Perform this task at the active supervisor engine:...
Page 325 Active Location = slot 2 Current Software state = ACTIVE Uptime in current state = 11 minutes Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICES-M), Version 12.2(31)SGA, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc.
Page 326: Stopping The Issu Rollback Timer (Optional)
This optional task describes how to stop the rollback timer. If you do not run the following procedure before the rollback timer “timeout,” the system automatically aborts the ISSU process and reverts to the original Cisco IOS software version. By default the rollback timer is 45 minutes.
Page 327: Loading New Cisco Ios Software On The New Standby Supervisor Engine
Configured Rollback Time = 45:00 Loading New Cisco IOS Software on the New Standby Supervisor Engine This task explains how to load new version of Cisco IOS software to the new standby supervisor engine. Perform this task at the active supervisor engine:...
Page 328 Secondary Version = N/A Current Version = bootflash:new_image The ISSU process has been completed. At this stage, any further Cisco IOS software version upgrade or downgrade requires that a new ISSU process be invoked. Software Configuration Guide—Release IOS XE 3.6.0SG and IOS 15.2(2)SG...
Page 329: Using Changeversion To Automate An Issu Upgrade
This task describes how to use the issu changeversion command to perform a one step ISSU upgrade. Prerequisites Ensure that the new version of Cisco IOS software image is already present in the file system of both • the active and standby supervisor engines. Also ensure that appropriate boot parameters (BOOT...
Page 330 Active Location = slot 5 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 331 Standby Location = slot 6 Current Software state = STANDBY HOT Uptime in current state = 2 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 332 Active Location = slot 6 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 333 Active Location = slot 5 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 334: Aborting A Software Upgrade During Issu
Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Pre-ISSU (Original) Image = N/A Post-ISSU (Targeted) Image = N/A Slot = 6 RP State = Standby ISSU State = Init Changeversion = TRUE Operating Mode = Stateful Switchover Current Image = bootflash:x.bin...
Page 335: Configuring The Rollback Timer To Safeguard Against Upgrade Issues
A user may want to configure the rollback timer to more than 45 minutes in order to have enough time to verify the operation of the new Cisco IOS software before committing the new image.
Page 336: Displaying Issu Compatibility Matrix Information
Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process The rollback timer cannot be set in LV state, as the following example illustrates: Switch# show issu state detail Slot = 1 RP State = Active...
Page 337 Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Switch> enable Switch# show issu comp-matrix negotiated CardType: WS-C4507R(112), Uid: 2, Image Ver: 12.2(31)SGA Image Name: cat4500-ENTSERVICES-M pSid pUid Compatibility ======================================================= 262151 COMPATIBLE 262160 COMPATIBLE 262163...
Page 338 Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process 262156 262148 262155 262158 262172 262166 262159 262167 2002 N - did not negotiate 2003 262185 2004 262175 2008 262147 2008 262168 2010 262171 2012 262180...
Page 339 Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process 2010 ARP HA Base 2012 ISSU HSRP Client Non-Base 2021 XDR Int Priority ISSU cliBase 2022 XDR Proc Priority ISSU clBase 2023 FIB HWIDB ISSU client...
Page 340: Displaying Issu Compatibility Matrix Information
Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Dynamic(0) was introduced in Cisco IOS Release 12.2(50)SG with the Dynamic Image Version Compatibility (DIVC) feature. With DIVC, Dynamic(0) is stored instead of Incomp(1), Base(2), or Comp(3). Compatibility is determined during runtime when two different DIVC-capable images are running in the active and standby supervisor engines during ISSU.
Page 341 Chapter 6 Configuring the Cisco IOS In-Service Software Upgrade Process Performing the ISSU Process Message group summary: GrpId pSid pUid Nego Result ============================================================= 131078 131100 131123 ..List of Clients: Client Name Base/Non-Base ================================================ ISSU Proto client Base ISSU RF...
Page 342: Related Documents
Configuring the Cisco IOS In-Service Software Upgrade Process Related Documents Related Documents Related Topic Document Title Performing ISSU Cisco IOS Software: Guide to Performing In Service Software Upgrades Information about Cisco Nonstop Forwarding Cisco Nonstop Forwarding http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsnsf20s .html Information about Stateful Switchover Stateful Switchover http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/sso120s.
Page 343 Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 344: Configuring The Cisco Ios Xe In Service Software Upgrade Process
• model, same memory, and so on). The new and old Cisco IOS XE software images must be loaded into the file systems (bootflash, SD • card, or USB) of both the active and the standby supervisor engines before you begin the ISSU process.
Page 345 ISSU-compatible IOS XE software. The current Cisco IOS XE version running in the system must also support ISSU. You can enter various commands on the Catalyst 4500 series switch to determine supervisor engine versioning and Cisco IOS XE software compatibility. Alternatively, you can use the ISSU application on Cisco Feature Navigator to determine this.
Page 346: About Performing Issu
SSO is typically deployed in service provider networks. In this example, Cisco NSF with SSO is enabled at the access layer (edge) of the service provider network. A fault at this point could result in loss of service for enterprise customers requiring access to the service provider network.
Page 347 SSO capable-routers access layer Customers Additional levels of availability may be gained by deploying Cisco NSF with SSO at other points in the network where a single point of failure exists. Figure 7-2 illustrates an optional deployment strategy that applies Cisco NSF with SSO at the enterprise network access layer.
Page 348 For further information on SSO, see the Stateful Switchover document. Cisco NSF works with the SSO feature in Cisco IOS XE software. SSO is a prerequisite of Cisco NSF. NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover.
Page 349: Issu Process
About Performing ISSU ISSU Process The ISSU process allows you to perform a Cisco IOS XE software upgrade or downgrade while the system continues to forward packets. (For an illustration of the commands used during the ISSU process, refer to Figure 7-8.) Cisco IOS XE ISSU takes advantage of the Cisco IOS XE high availability...
Page 350 Figure 7-4). Note In the following figure, Cisco IOS XE 3.x.y SG represents the current version of Cisco IOS XE 3.z.y SG represents the image you are migrating to. Figure 7-4 Copy New Version of Cisco IOS XE Software on Both Supervisor Engines...
Page 351 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU After you have copied the Cisco IOS XE software to both file systems, load the new version of Cisco IOS XE software onto the standby supervisor engine (see Figure 7-5).
Page 352 Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU After a switchover (NSF/SSO, not RPR), the standby supervisor engine takes over as the new active supervisor engine (see Figure 7-6). Figure 7-6 Switch Over to Standby Supervisor Engine...
Page 353 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU The former active supervisor engine is loaded with an old Cisco IOS XE image so that if the new active supervisor engine experiences problems, you can abort and conduct a switchover to the former active, which is already running the old software image.
Page 354: Performing An Issu Upgrade: 2 Methods
Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU Figure 7-8 shows the steps during the ISSU process. Figure 7-8 Steps During the ISSU Process Standby Active Loadversion Loadversion Active Standby Abortversion Standby Active...
Page 355: Changeversion Process
Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process About Performing ISSU Changeversion Process The issu changeversion command launches a single-step complete ISSU upgrade cycle. It performs the logic for all four of the standard commands (issu loadversion, issu runversion, issu acceptversion, and issu commitversion) without user intervention, streamlining the upgrade through a single CLI step.
Page 356: Changeversion Deployment Scenario
• In a downgrade scenario, if any feature is not available in the downgrade revision of the Cisco IOS XE software handle, that feature should be disabled prior to initiating the ISSU process. Compatibility Matrix ISSU requires additional information to determine compatibility between software versions. Therefore, a compatibility matrix is defined that contains information about other IOS XE software image with respect to the one in question.
Page 357: Snmp Support For Issu
It is always the newest release that contains the latest information about compatibility with existing releases in the field. The compatibility matrix is available within the Cisco IOS XE software image and on Cisco.com so that users can determine in advance whether an upgrade can be done using the ISSU process.
Page 358: How To Perform The Issu Process
Upgrading ISSU to Cisco IOS XE 3.4.0SG/15.1(2)SG from a Prior Release Because images prior to Cisco IOS XE 3.4.0SG/15.1(2)SG use the earlier CLI format and Cisco IOS XE 3.4.0SG and 15.1(2)SG images use a newer CLI format, your upgrade consists of the following: •...
Page 359 Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Perform an ISSU upgrade to a Cisco IOS XE 3.4.0SG/15.1(2)SG image. Step 1 Step 2 Run the VRF upgrade command. Switch# config t Enter configuration commands, one per line.
Page 360: Downgrading Issu From Cisco Ios Xe 3.4.0Sg/15.1(2)Sg To A Prior Release
How to Perform the ISSU Process Downgrading ISSU from Cisco IOS XE 3.4.0SG/15.1(2)SG to a Prior Release Because a Cisco IOS XE 3.4.0SG/15.1(2)SG image uses a new CLI format and prior images use earlier CLI formats, the downgrade procedure include the following: •...
Page 361: Verifying The Issu Software Installation
Init state—The initial state for two supervisor engines, one active and one standby, before the ISSU • process is started. It is also the final state after the ISSU process completes. Load version (LV) state—The standby supervisor engine is loaded with the new version of Cisco • IOS XE software.
Page 362 Active Location = slot 5 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 363: Verifying The Issu State Before Beginning The Issu Process
61341696 bytes total (1116224 bytes free) Loading New Cisco IOS XE Software on the Standby Supervisor Engine This task describes how to use ISSU to load a new version of Cisco IOS XE software to the standby supervisor engine. Prerequisites Ensure that the new version of Cisco IOS XE software image is already present in the file system of •...
Page 364 Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Optionally, perform additional tests and commands to determine the current state of peers and • interfaces for later comparison. • Ensure the system (both active and standby supervisor engines) is in SSO redundancy mode. If the system is in RPR mode, you can still upgrade the system using the ISSU CLI commands, but the system will experience extended packet loss during the upgrade.'...
Page 365 Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process ISSU State = Load Version Operating Mode = Stateful Switchover Current Image = bootflash:old_image Pre-ISSU (Original) Image = bootflash:old_image Post-ISSU (Targeted) Image = bootflash:new_image...
Page 366: Switching To The Standby Supervisor Engine
Switching to the Standby Supervisor Engine This task describes how to switchover to the standby supervisor engine, which is running the new Cisco IOS XE software image. Perform the following steps at the active supervisor engine. Command or Action Purpose Step 1 Enables privileged EXEC mode.
Page 367: Pre-Issu (Original) Image = Bootflash:old_Image
Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Pre-ISSU (Original) Image = bootflash:old_image Post-ISSU (Targeted) Image = bootflash:new_image Slot = 5 RP State = Standby ISSU State = Run Version...
Page 368: Stopping The Issu Rollback Timer (Optional)
This optional task describes how to stop the rollback timer. If you do not run the following procedure before the rollback timer “timeout,” the system automatically aborts the ISSU process and reverts to the original Cisco IOS XE software version. By default the rollback timer is 45 minutes.
Page 369: Loading New Cisco Ios Xe Software On The New Standby Supervisor Engine
Configured Rollback Time = 00:45:00 Loading New Cisco IOS XE Software on the New Standby Supervisor Engine This task explains how to load new version of Cisco IOS XE software to the new standby supervisor engine. Perform the following steps at the active supervisor engine:...
Page 370: Mode = Duplex Unit = Primary Unit Id
How to Perform the ISSU Process This example shows how to reset and reload the current standby supervisor engine (slot 1) with the new Cisco IOS XE software version. After you enter the commitversion command, the standby supervisor engine boots in the Standby Hot state.
Page 371: Using Changeversion To Automate An Issu Upgrade
This task describes how to use the issu changeversion command to perform a one step ISSU upgrade. Prerequisites Ensure that the new version of Cisco IOS XE software image is already present in the file system of • both the active and standby supervisor engines. Also ensure that appropriate boot parameters...
Page 372: Switch> Enable
Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Perform the following steps at the active supervisor engine: Command or Action Purpose Step 1 Enables privileged EXEC mode. Switch> enable Enter your password if prompted.
Page 373: Issu Loadversion Executed Successfully, Standby Is Being Reloaded
Active Location = slot 5 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 374: Switch# Show Issu State Detail
Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process *Feb 25 20:41:03.639: %INSTALLER-7-ISSU_OP_SUCC: issu changeversion successfully executed 'issu runversion' Switchover occurs. Note .... Look at the console of new active supervisor engine.
Page 375 How to Perform the ISSU Process Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 376: Aborting A Software Upgrade During Issu
How to Perform the ISSU Process Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.00.00.1.68 CISCO UNIVERSAL DEVELOPMENT K10 IOSD TEST VERSION Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 377 Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process If you abort the process after you issue the issu loadversion command, the standby supervisor engine is reset and reloaded with the original software.
Page 378: Configuring The Rollback Timer To Safeguard Against Upgrade Issues
A user may want to configure the rollback timer to more than 45 minutes in order to have enough time to verify the operation of the new Cisco IOS XE software before committing the new software image.
Page 379: Displaying Issu Compatibility Matrix Information
Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process This example shows how to set the rollback timer to 3600 seconds: Switch> enable Switch# configure terminal Enter configuration commands, one per line.
Page 380 Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process How to Perform the ISSU Process Command or Action Purpose Step 1 Enables privileged EXEC mode. Enter your password if Switch> enable prompted. Step 2 Switch# show issu comp-matrix...
Page 381: Cisco High Availability Features In Cisco Ios Xe 3.1.0Sg
..Cisco High Availability Features in Cisco IOS XE 3.1.0SG This section provides a list of High Availability software features that are supported in Cisco IOS XE 3.1.0SG. Links to the feature documentation are included. Feature guides may contain information about more than one feature. To find information about a specific feature within a feature guide, see the Feature Information table at the end of the guide.
Page 382 Chapter 7 Configuring the Cisco IOS XE In Service Software Upgrade Process Cisco High Availability Features in Cisco IOS XE 3.1.0SG Enhanced High System Availability http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-stateful-switchover.ht Software Configuration Guide—Release IOS XE 3.6.0SG and IOS 15.2(2)SG 7-40 OL-30933-01...
Page 383: Configuring Interfaces
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 384: About Interface Configuration
When you are facing the front of the switch, the interfaces are numbered from left to right. You can identify interfaces by physically checking the slot/interface location on the switch. You can also use the Cisco IOS show commands to display information about a specific interface or all the interfaces. Using the interface Command...
Page 385 Chapter 8 Configuring Interfaces Using the interface Command Hardware is Ethernet SVI, address is 0004.dd46.7aff (bia 0004.dd46.7aff) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface"...
Page 386: Configuring A Range Of Interfaces
Chapter 8 Configuring Interfaces Configuring a Range of Interfaces 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out --More-- <...output truncated...> To begin configuring Fast Ethernet interface 5/5, as shown in the following example, enter the interface Step 4 keyword, interface type, slot number, and interface number in global configuration mode: Switch# configure terminal...
Page 387 Chapter 8 Configuring Interfaces Configuring a Range of Interfaces The interface range command works only with VLAN interfaces that have been configured with the Note interface vlan command (the show running-configuration command displays the configured VLAN interfaces). VLAN interfaces that are not displayed by the show running-configuration command cannot be used with the interface range command.
Page 388: Using The Ethernet Management Port
PC. Use the Ethernet management port instead of the switch console port for network management. When managing a switch, connect the PC to the Ethernet management port on a Catalyst 4500 series switch. (Figure 8-1).
Page 389: Fa1 Interface And Mgmtvrf
Note different routing domain for the Fa1 interface. On bootup the fa1 port assumes the following default configuration. Images prior to Cisco IOS XE 3.4.0SG/15.1(2)SG use the old VRF definition format for management VRF as shown below. ip vrf mgmtVrf...
Page 390 Chapter 8 Configuring Interfaces Using the Ethernet Management Port Images starting from Cisco IOS XE 3.4.0SG/15.1(2)SG use the new VRF definition format for management VRF as shown below. vrf definition mgmtVrf address-family ipv4 exit-address-family address-family ipv6 exit-address-family interface FastEthernet1 vrf forwarding mgmtVrf...
Page 391: Sso Model
The Cisco IOS configuration for the management port is synchronized between the two supervisor Note engines. Under Cisco IOS, they possess the same IP address. To avoid address overlapping during a switchover on a redundant chassis, you should assign a different IP address on the management port from the one you assigned to the same port in the ROMMON configuration.
Page 392: Issu Model
In SSO mode, the running configurations on the active and standby supervisor engines must match. You cannot enable the management port on a redundant chassis if one of the two supervisor engines is running an Cisco IOS image prior to Cisco IOS Release 12.2(50)SG (wherein a management port is not supported).
Page 393: Defining And Using Interface-Range Macros
Chapter 8 Configuring Interfaces Defining and Using Interface-Range Macros The LED is green (on) when the link is active. • The LED is off when the link is down. • The LED is amber when there is a POST failure. •...
Page 394: Deploying Sfp+ In X2 Ports
Note WS-X4908-10GE, WS-X4904-10GE, and WS-C4900M. To use an SFP+ in an X2 port to obtain 10-Gigabit Ethernet bandwidth, the Catalyst 4500 series switch supports OneX Convertor modules. When you plug a OneX Convertor module into an X2 port, it converts the X2 port into an SFP+ port into which you can plug in an SFP+. An SFP+ in a OneX Convertor module provides the same functionality as an X2 and maintains the same port numbering.
Page 395: Deploying 10-Gigabit Ethernet Or Gigabit Ethernet Ports
When you modify the uplink mode, you must reboot the switch. Deploying 10-Gigabit Ethernet or Gigabit Ethernet Ports To increase the flexibility of X2 ports, the Catalyst 4500 series switch as well as Catalyst 4900M and Catalyst 4948E support TwinGig Convertor modules. When you plug a TwinGig Convertor module into an X2 hole, it converts a single X2 hole (capable of holding one pluggable X2 optic) into two SFP holes (capable of holding two pluggable SFP optics).
Page 396: Limitations On Using A Twingig Convertor
Deploying 10-Gigabit Ethernet or Gigabit Ethernet Ports In Cisco IOS, ports 1 through 18 always exist. This means that you can apply configurations on them and they display in the CLI output. However, only the X2 or the SFP ports can be active at any particular time.
Page 397 Chapter 8 Configuring Interfaces Deploying 10-Gigabit Ethernet or Gigabit Ethernet Ports Te1/1 notconnect full 10G 10GBase-LR Te1/2 connected full 10G 10GBase-LR Te1/3 notconnect full 10G No X2 Te1/4 notconnect full 10G No X2 Te1/5 notconnect full 10G No X2 Te1/6 notconnect full 10G No X2...
Page 398: Supervisor Engine 6-E And Supervisor Engine 6L-E
This feature enables you to use all four 10-Gigabit Ethernet ports on the supervisor engines as blocking ports when in redundant mode. Prior to Cisco IOS Release 12.2(40)SG, Catalyst 4500 Supervisor Engine V-10GE allowed you to enable either the dual wire-speed 10-Gigabit Ethernet ports or four TwinGig convertor based Gigabit Ethernet SFP uplink ports when operating in redundant mode.
Page 399: Selecting Uplink Mode On A Supervisor Engine 6-E
Chapter 8 Configuring Interfaces Selecting Uplink Mode on a Supervisor Engine 6-E Selecting Uplink Mode on a Supervisor Engine 6-E You can use the hw-module uplink mode command to change the uplink mode to either shared-backplane or tengigabitethernet mode. Only two 10-Gigabit Ethernet ports or four 1-Gigabit Ethernet ports can be used on the supervisor Note engine.
Page 400: Selecting The Uplink Port On A Supervisor Engine 7L-E
In VSS, this output provides the current mode of both active and standby switches. Selecting the Uplink Port on a Supervisor Engine 7L-E With Cisco IOS Release 15.0(2)SG, the SFP+/SFP uplink modes on Supervisor Engine 7L-E (WS-X45-SUP-7L-E) have changed. The number of uplink ports now depends on the supervisor engine mode (single or redundant) and the uplink mode configuration (1-Gigabit or 10-Gigabit).
Page 401: Single Supervisor Mode
Chapter 8 Configuring Interfaces Digital Optical Monitoring Transceiver Support Single Supervisor Mode In single supervisor mode, WS-X45-SUP-7L-E supports the uplink configuration of at most either two 10-Gigabit or four 1-Gigabit ports (Table 8-1). Table 8-1 Uplink Options for Single Supervisor Mode Supervisor Engine Uplink Ports Speeds Achievable with the Following Combination of Pluggables (Band Width)
Page 402: Configuring Optional Interface Features
SEEPROM (Serial Electrically Erasable Programmable Read Only Memory). Note For details on transceiver module compatibility, refer to this URL: http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html Configuring Optional Interface Features The following sections describe optional procedures: Configuring Ethernet Interface Speed and Duplex Mode, page 8-20 •...
Page 403: Setting The Interface Speed
Chapter 8 Configuring Interfaces Configuring Optional Interface Features When you set the interface speed to 1000 (Mbps) or auto 1000, the duplex mode is full duplex. You • cannot change the duplex mode. • If the interface speed is set to 10 or 100, the duplex mode is set to half duplex by default unless you explicitly configure it.
Page 404: Setting The Interface Duplex Mode
Chapter 8 Configuring Interfaces Configuring Optional Interface Features Command Purpose Step 1 Specifies the interface to be configured. Switch(config)# interface gigabitethernet1/1 Step 2 Disables autonegotiation on the interface. Switch(config-if)# speed nonegotiate To restore autonegotiation, enter the no speed nonegotiate command in the interface configuration mode.
Page 405: Adding A Description For An Interface
Chapter 8 Configuring Interfaces Configuring Optional Interface Features Input queue: 50/2000/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 50 packets input, 11300 bytes, 0 no buffer Received 50 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected...
Page 406 Chapter 8 Configuring Interfaces Configuring Optional Interface Features To configure flow control, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Enters interface configuration mode and specifies the interface to be Switch(config)# interface interface-id enabled for flowcontrol.
Page 407 Chapter 8 Configuring Interfaces Configuring Optional Interface Features Duplex: full Trunk encap. type: 802.1Q,ISL Trunk mode: on,off,desirable,nonegotiate Channel: Broadcast suppression: percentage(0-100), hw Flowcontrol: rx-(off,on,desired),tx-(off,on,desired) VLAN Membership: static, dynamic Fast Start: Queuing: rx-(N/A), tx-(1p3q1t, Sharing/Shaping) CoS rewrite: ToS rewrite: Inline power: SPAN: source/destination UDLD:...
Page 408: Configuring Jumbo Frame Support
• Maximum Transmission Units The Catalyst 4500 series switch allows you to configure a maximum of 32 different maximum transmission unit (MTU) sizes system wide. This means that the maximum number of different MTU sizes that you can configure with the system mtu, mtu, ip mtu, and ipv6 mtu command on all Layer 2 and Layer 3 interfaces combined is 32.
Page 409 Jumbo frame support does not fragment Layer 2 switched packets. Note The Catalyst 4500 series switch does not compare the packet size with the MTU at the egress port, but jumbo frames are dropped in ports that do not support them. The frames can be transmitted in ports that do support jumbo frames, even though the MTU is not configured to jumbo size.
Page 410: Configuring Mtu Sizes
Configuring Optional Interface Features Layer 3 and Layer 2 EtherChannels Starting with Release Cisco IOS Release 12.2(25)EW, you could configure all the interfaces in an EtherChannel provided that they have the same MTU. Changing the MTU of an EtherChannel changes the MTU of all member ports.
Page 411: Interacting With Baby Giants
Interacting with Baby Giants The baby giants feature, introduced in Cisco IOS Release 12.1(12c)EW, uses the global command system mtu size to set the global baby giant MTU. This feature also allows certain interfaces to support Ethernet payload size of up to 1552 bytes.
Page 412: Configuring Auto-Mdix On A Port
Chapter 8 Configuring Interfaces Configuring Optional Interface Features Command Purpose Step 2 Configures the debounce timer. Switch(config-if)# link debounce [time debounce_time] By default, debounce is disabled. Reverts to the default setting. Switch(config-if)# no link debounce Step 3 Verifies the configuration. Switch# show interfaces debounce The default time is 10ms for E-series supervisor engines and line cards.
Page 413 Chapter 8 Configuring Interfaces Configuring Optional Interface Features The following line cards support Auto-MDIX by default, when port auto-negotiation is enabled: Note WS-X4424-GB-RJ45, WS-X4448-GB-RJ45,WS-X4548-GB-RJ45 and WS-X4412-2GB-T. You cannot disable them with the mdix command. Note The following line cards do not support Auto-MDIX, neither by default nor by CLI: WS-X4548-GB-RJ45V, WS-X4524-GB-RJ45V, WS-X4506-GB-T,WS-X4148-RJ, WS-X4248-RJ21V, WS-X4248-RJ45V, WS-X4224-RJ45V and WS-X4232-GB-RJ.
Page 414: Displaying The Interface Auto-Mdix Configuration
Chapter 8 Configuring Interfaces Configuring Optional Interface Features Switch(config-if)# end Displaying the Interface Auto-MDIX Configuration To display the interface speed and duplex mode configuration for an interface, perform this task: Command Purpose Step 1 Enables privileged EXEC mode. Switch> enable Enter your password if prompted.
Page 415: Understanding Online Insertion And Removal
Switch# Understanding Online Insertion and Removal The online insertion and removal (OIR) feature supported on the Catalyst 4500 series switch allows you to remove and replace modules while the system is online. You can shut down the module before removal and restart it after insertion without causing other software or interfaces to shut down.
Page 416: Shutting Down A Module
Chapter 8 Configuring Interfaces Online Insertion and Removal on a WS-4500X-32 Shutting down a Module To shut down a module safely, either enter the hw-module module stop command or press the OIR button for 5 seconds. Note The hw-module module stop command is enabled only on the uplink modules of the WS-C4500X-32. The following example shows what happens if a module is up and you enter the hw-module module stop command: Switch# hw-module module 2 stop...
Page 417: Common Scenarios
Chapter 8 Configuring Interfaces Monitoring and Maintaining the Interface M MAC addresses Status --+--------------------------------+---+------------+----------------+--------- 1 0022.bde2.1061 to 0022.bde2.1080 0.2 15.0(1r)SG(0 0.DEV-0 2 0022.bde2.1579 to 0022.bde2.1580 0.1 Switch# The following example shows what happens if a module has not been stopped and you enter this command: Switch# hw-module module 2 start % Module 2 not stopped...
Page 418: Monitoring Interface And Controller Status
Monitoring and Maintaining the Interface Monitoring Interface and Controller Status The Cisco IOS software for the Catalyst 4500 series switch contains commands that you can enter at the EXEC prompt to display information about the interface, including the version of the software and the hardware, the controller status, and statistics about the interfaces.
Page 419: Shutting Down And Restarting An Interface
“administratively down.” Configuring Interface Link Status and Trunk Status Events You can configure interface link status and trunk status events. On the Catalyst 4500 series switch, the following interface logging event notifications are supported both globally and per interface: Enable or disable notification on the interface whenever its data link status is changed.
Page 420: Configuring Link Status Event Notification For An Interface
Chapter 8 Configuring Interfaces Monitoring and Maintaining the Interface logging event link-status use-global—Default link status logging event configuration on the • interface; its configuration should follow the switch global link status logging event setting. The interface trunk status logging event can be configured in the same configuration states. Configuring Link Status Event Notification for an Interface To enable or disable a link status logging event, enter one of the following commands: Command...
Page 421 Chapter 8 Configuring Interfaces Monitoring and Maintaining the Interface default(use-global) default(use-global) The following example displays the configuration and logging message output for link status and trunk status logging events: // The global link status and trunk status logging events are enabled. Switch# show running | include logging show running | include logging logging event link-status global...
Page 422: Resetting The Interface To The Default Configuration
Chapter 8 Configuring Interfaces Monitoring and Maintaining the Interface Resetting the Interface to the Default Configuration If you have configured a interface with many command lines and you want to clear all the configuration on that interface, use the default interface global configuration command, as follows: Switch(config)# default interface fastEthernet 3/5 Interface FastEthernet3/5 set to default configuration This command clears all the configurations and shut down the interface:...
Page 423: Checking Port Status And Connectivity
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 424: Checking Interfaces Status
“Checking Module Status” section on page 9-1. This example shows how to display the status of all interfaces on a Catalyst 4500 series switch, including transceivers. Output of this command displays “Unapproved GBIC” for non-Cisco transceivers: Switch# show interfaces status...
Page 425: Displaying Mac Addresses
With TDR, you can check the status of copper cables on the 48-port 10/100/1000 BASE-T modules for the Catalyst 4500 series switch. TDR detects a cable fault by sending a signal through the cable and reading the signal that is reflected back. All or part of the signal can be reflected back either by cable defects or by the end of the cable.
Page 426: Running The Tdr Test
Chapter 9 Checking Port Status and Connectivity Checking Cable Status Using Time Domain Reflectometer Four pairs of standard category 5 cable exist. Each pair can assume one of the following states: open (not Note connected), broken, shorted, or terminated. The TDR test detects all four states and displays the first three as “Fault”...
Page 427: Tdr Guidelines
Chapter 9 Checking Port Status and Connectivity Using Telnet Switch# show cable-diagnostics tdr interface gi4/13 Interface Speed Local pair Cable length Remote channel Status Gi4/13 0Mbps 102 +-2m Unknown Fault 100 +-2m Unknown Fault 102 +-2m Unknown Fault 102 +-2m Unknown Fault After this command is deprecated, use the diagnostic start and the show diagnostic result commands to...
Page 428: Changing The Logout Timer
Chapter 9 Checking Port Status and Connectivity Changing the Logout Timer To establish a Telnet connection to a host by using the hostname, configure and enable DNS. Note To establish a Telnet connection to another device on the network from the switch, enter this command: Command Purpose Opens a Telnet session to a remote host.
Page 429: Using Ping
Chapter 9 Checking Port Status and Connectivity Using Ping Interface User Mode Idle Peer Address Switch# show users all Line User Host(s) Idle Location 0 con 0 idle 00:00:00 1 vty 0 00:00:00 2 vty 1 00:00:00 3 vty 2 00:00:00 4 vty 3 00:00:00...
Page 430: Running Ping
Chapter 9 Checking Port Status and Connectivity Using IP Traceroute Destination unreachable—If the default gateway cannot reach the specified network, a Destination • Unreachable message is returned. • Network or host unreachable—If there is no entry in the route table for the host or network, a Network or Host Unreachable message is returned.
Page 431: Running Ip Traceroute
Switch# trace ip ABA.NYC.mil Type escape sequence to abort. Tracing the route to ABA.NYC.mil (26.0.0.73) 1 DEBRIS.CISCO.COM (192.180.1.6) 1000 msec 8 msec 4 msec 2 BARRNET-GW.CISCO.COM (192.180.16.2) 8 msec 8 msec 8 msec 3 EXTERNAL-A-GATEWAY.STANFORD.EDU (192.42.110.225) 8 msec 4 msec 4 msec 4 BB2.SU.BARRNET.NET (192.200.254.6) 8 msec 8 msec 8 msec...
Page 432: Layer 2 Traceroute Usage Guidelines
Chapter 9 Checking Port Status and Connectivity Using Layer 2 Traceroute If you want the switch to trace the path from a host on a source device to a host on a destination device, the switch can identify only the path from the source device to the destination device. It cannot identify the path that a packet takes from source host to the source device or from the destination device to the destination host.
Page 433: Running Layer 2 Traceroute
Chapter 9 Checking Port Status and Connectivity Using Layer 2 Traceroute This feature is not supported in Token Ring VLANs. • Running Layer 2 Traceroute To display the physical path that a packet takes from a source device to a destination device, enter either one of these commands: Command Purpose...
Page 434: Configuring Icmp
Data routes are sometimes less than optimal. For example, it is possible for the router to be forced to resend a packet through the same interface on which it was received. If this occurs, the Cisco IOS software sends an ICMP Redirect message to the originator of the packet telling the originator that the router is on a subnet directly connected to the receiving device, and that it must forward the packet to another system on the same subnet.
Page 435: Enabling Icmp Mask Reply Messages
URL: http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_hsrp_ps6350_TSD_Products_Confi guration_Guide_Chapter.html To enable the sending of ICMP Redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received, enter the following command in interface configuration mode:...
Page 436 Chapter 9 Checking Port Status and Connectivity Configuring ICMP Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 9-14 OL-30933-01...
Page 437 Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Software Configuration Guide—Release IOS XE 3.5.0E and IOS 15.2(1)E...
Page 438: About Supervisor Engine Redundancy
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor About Supervisor Engine Redundancy Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html About Supervisor Engine Redundancy...
Page 439: Sso Operation
SSO Operation SSO is supported in Cisco IOS Release 12.2(20)EWA and later releases. When a redundant supervisor engine runs in SSO mode, the redundant supervisor engine starts up in a fully-initialized state and synchronizes with the persistent configuration and the running configuration of the active supervisor engine.
Page 440: About Supervisor Engine Redundancy Synchronization
NetFlow • The following features are learned on the redundant supervisor engine if the SSO feature is enabled: All Layer 3 protocols on Catalyst 4500 series switches (Switch Virtual Interfaces) • About Supervisor Engine Redundancy Synchronization During normal operation, the persistent configuration (RPR and SSO) and the running configuration (SSO only) are synchronized by default between the two supervisor engines.
Page 441: Rpr Supervisor Engine Configuration Synchronization
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Supervisor Engine Redundancy Guidelines and Restrictions RPR Supervisor Engine Configuration Synchronization Because the redundant supervisor engine is only partially initialized in RPR mode, it interacts with the active supervisor engine only to receive configuration changes at startup and upon saving the configuration changes.
Page 442 RPR requires Cisco IOS Release 12.1(12c)EW, Release 12.1(19)E or later releases. SSO requires Cisco IOS Release 12.2(20)EWA or later releases. The Catalyst 4507R switch and the 4510R switch are the only Catalyst 4500 series switches that • support supervisor engine redundancy.
Page 443: Configuring Supervisor Engine Redundancy
Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Configuring Supervisor Engine Redundancy The Cisco Express Forwarding (CEF) table is cleared on a switchover. As a result, routed traffic is • interrupted until route tables reconverge. This reconvergence time is minimal because the SSO feature reduces the supervisor engine redundancy switchover time from 30+ seconds to subsecond, so Layer 3 also has a faster failover time if the switch is configured for SSO.
Page 444: Configuring Redundancy
When configuring redundancy, note the following: The sso keyword is supported in Cisco IOS Release 12.2(20)EWA and later releases. • The rpr keyword is supported in Cisco IOS Release 12.1(12c)EW and later releases.
Page 445 Current Software state = STANDBY HOT Uptime in current state = 2 days, 2 hours, 39 minutes Image Version = Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-I5S-M), Version 12.2(20)EWA(3 .92), CISCO INTERNAL USE ONLY ENHANCED PRODUCTION VERSION Copyright (c) 1986-2004 by cisco Systems, Inc.
Page 446: Virtual Console For Standby Supervisor Engine
Configuring Supervisor Engine Redundancy Virtual Console for Standby Supervisor Engine Catalyst 4500 series switches can be configured with two supervisor engines to provide redundancy. When the switch is powered, one of the supervisor engines becomes active and remains active until a switchover occurs.
Page 447: Synchronizing The Supervisor Engine Configurations
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Configuring Supervisor Engine Redundancy The virtual console is noninteractive. Because the virtual console does not detect the interactive • nature of a command, any command that requires user interaction causes the virtual console to wait until the RPC timer aborts the command.
Page 448: Performing A Manual Switchover
Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Performing a Manual Switchover To manually synchronize individual elements of the standard auto-sync configuration, disable the default Note automatic synchronization feature. When you configure the auto-sync standard, the individual sync options such as no auto-sync Note startup-config are ignored.
Page 449: Performing A Software Upgrade
Cisco IOS Release 12.1(x)E, and a standby supervisor engine running Cisco IOS Release 12.2(x)S. The standby supervisor engine resets repeatedly. If you are trying to upgrade redundant supervisor engines from Cisco IOS Release 12.1(x)E to 12.2(x)S, this requires a full system reboot.
Page 450: Manipulating Bootflash On The Redundant Supervisor Engine
Switch# copy running-config start-config Step 9 Reloads the redundant supervisor engine and brings it Switch# redundancy reload peer back online (using the new release of the Cisco IOS software). Note Before proceeding to Step 10, ensure that the switch is operating in RPR mode.
Page 451 Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Manipulating Bootflash on the Redundant Supervisor Engine To manipulate the redundant supervisor engine bootflash, perform one or more of the following commands: Command Purpose Lists the contents of the slot0: device on the redundant Switch# dir slaveslot0:target_filename supervisor engine.
Page 452 Chapter 10 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and Supervisor Manipulating Bootflash on the Redundant Supervisor Engine Software Configuration Guide—Release IOS XE 3.5.0E and IOS 15.2(1)E 10-16 OL_28731-01...
Page 453: Manipulating Bootflash On The Standby Supervisor Engine
Supervisor Engine 7L-E, and Supervisor Engine 8-E Catalyst 4500 series switches allow a standby supervisor engine to take over if the active supervisor engine fails. In software, supervisor engine redundancy is enabled by running the redundant supervisor engine in route processor redundancy (RPR) or stateful switchover (SSO) operating mode.
Page 454: Rpr Operation
Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor About Supervisor Engine Redundancy If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 455 About Supervisor Engine Redundancy RPR Operation RPR is supported in Cisco IOS-XE Release 3.1.0SG and later releases. When a standby supervisor engine runs in RPR mode, it starts up in a partially-initialized state and is synchronized with the persistent configuration of the active supervisor engine.
Page 456 NetFlow • The following features are learned on the standby supervisor engine if the SSO feature is enabled: All Layer 3 protocols on Catalyst 4500 series switches (Switch Virtual Interfaces) • Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 457 Chapter 11 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor About Supervisor Engine Redundancy Synchronization About Supervisor Engine Redundancy Synchronization During normal operation, the persistent configuration (RPR and SSO) and the running configuration (SSO only) are synchronized by default between the two supervisor engines. In a switchover, the new active supervisor engine uses the current configuration.
Page 458 Supervisor engine redundancy does not provide supervisor engine load balancing. • The Cisco Express Forwarding (CEF) table is cleared on a switchover. As a result, routed traffic is • interrupted until route tables reconverge. This reconvergence time is minimal because the SSO feature reduces the supervisor engine redundancy switchover time from 30+ seconds to subsecond, so Layer 3 also has a faster failover time if the switch is configured for SSO.
Page 459 Chapter 11 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor Configuring Supervisor Engine Redundancy Static IP routes are maintained across a switchover because they are configured from entries in the • configuration file. • Information about Layer 3 dynamic states that is maintained on the active supervisor engine is not synchronized to the standby supervisor engine and is lost on switchover.
Page 460 Active Location = slot 3 Current Software state = ACTIVE Uptime in current state = 9 minutes Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 15.0(100)XO(1.42), INTERIM SOFTWARE Copyright (c) 1986-2010 by Cisco Systems, Inc.
Page 461 1 13:11:16: %C4K_REDUNDANCY-3-SIMPLEX_MODE: The peer Supervisor has been lost Virtual Console for Standby Supervisor Engine Catalyst 4500 series switches can be configured with 2 supervisor engines to provide redundancy. When the switch is powered, one of the supervisor engines becomes active and remains active until a switchover occurs.
Page 462 Chapter 11 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor Configuring Supervisor Engine Redundancy Once you enter the standby virtual console, the terminal prompt automatically changes to hostname-standby-console where hostname is the configured name of the switch. The prompt is restored to the original setting when you exit the virtual console.
Page 463 Chapter 11 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor Configuring Supervisor Engine Redundancy Command Purpose Step 1 Enters redundancy configuration mode. Switch(config)# redundancy Step 2 Enters main-cpu configuration submode. Switch(config-red)# main-cpu Step 3 Synchronizes the configuration elements. Switch(config-r-mc)# auto-sync {startup-config | config-register | bootvar | standard} Step 4...
Page 464 ISSU to upgrade software for both RPR and SSO redundant mode. The software upgrade procedure supported by supervisor engine redundancy allows you to reload the Cisco IOS software image on the redundant supervisor engine, and once complete, reload the active supervisor engine once.
Page 465 Switch# copy running-config start-config Step 9 Reloads the standby supervisor engine and brings it back Switch# redundancy reload peer online (using the new release of the Cisco IOS-XE software). Step 10 Conducts a manual switchover to the standby supervisor Switch# redundancy force-switchover engine.
Page 466 Chapter 11 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor Manipulating Bootflash on the Standby Supervisor Engine This example illustrates how to verify that the running configuration on the active supervisor engine has successfully synchronized with the redundant supervisor engine: Switch# config terminal Switch(config)# redundancy Switch(config-red)# main-cpu...
Page 467 Chapter 11 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor Manipulating Bootflash on the Standby Supervisor Engine Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 11-15 OL_28731-01...
Page 468 Chapter 11 Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E, Supervisor Manipulating Bootflash on the Standby Supervisor Engine Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 11-16 OL_28731-01...
Page 469: Configuring Cisco Nsf With Sso Supervisor Engine Redundancy
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 470: About Cisco Ios Nsf-Aware And Nsf-Capable Support
NSF does not support IPv6. Note Note NSF- capable devices include Catalyst 4500 series switches, Catalyst 6500 series switches, Cisco 7500 series routers, Cisco 10000 series routers, and Cisco 12000 series routers. A typical topology for NSF and NSF-aware routers is given below.
Page 471: Nsf With Sso Supervisor Engine Redundancy Overview
NSF with SSO Supervisor Engine Redundancy Overview Catalyst 4500 series switches support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover.
Page 472: Sso Operation
In networking devices running SSO, both supervisor engines must be running the same Cisco IOS software version and ROMMON version so that the redundant supervisor engine is always ready to assume control following a fault on the active supervisor engine.
Page 473: Cisco Express Forwarding
About NSF with SSO Supervisor Engine Redundancy Cisco Express Forwarding A key element of NSF is packet forwarding. In a Cisco networking device, packet forwarding is provided by Cisco Express Forwarding (CEF). CEF maintains the FIB and uses the FIB information that was current at the time of the switchover to continue forwarding packets during a switchover.
Page 474: Ospf Operation
Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy About NSF with SSO Supervisor Engine Redundancy If the BGP session is lost during the supervisor engine switchover, the NSF-aware BGP peer marks all the routes associated with the NSF-capable router as stale; however, it continues to use these routes to make forwarding decisions for a set period of time.
Page 475: Is-Is Operation
If the neighbor routers on a network segment are not NSF-aware, you must use the Cisco configuration option. The Cisco IS-IS configuration transfers both protocol adjacency and link-state information from the active to the redundant supervisor engine. An advantage of Cisco configuration is that it does not rely on NSF-aware neighbors.
Page 476: Eigrp Operation
Cisco IS-IS Configuration Using the Cisco configuration option, full adjacency and LSP information is saved, or checkpointed, to the redundant supervisor engine. Following a switchover, the newly active supervisor engine maintains its adjacencies using the check-pointed data, and can quickly rebuild its routing tables.
Page 477: Nsf Guidelines And Restrictions
Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy If at least one of the peer routers is NSF-aware, the restarting router then receives updates and rebuilds its database. The restarting router must then find out if it had converged so that it can notify the routing information base (RIB).
Page 478: Configuring Sso
Step 5 Displays the operating redundancy mode. Switch# show redundancy states The sso keyword is supported in Cisco IOS Release 12.2(20)EWA and later releases. Note This example shows how to configure the system for SSO and display the redundancy state: Switch>...
Page 479: Configuring Cef Nsf
Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy keep_alive threshold = 18 RF debug mask = 0x0 Switch# Configuring CEF NSF The CEF NSF feature operates by default while the networking device is running in SSO mode. No configuration is necessary.
Page 480: Verifying Bgp Nsf
Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy Command Purpose Step 2 Enables a BGP routing process, which places the Switch(config)# router bgp as-number switch in switch configuration mode. Step 3...
Page 481: Configuring Ospf Nsf
Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy Sent 1544 messages, 0 notifications, 0 in queue Default minimum time between advertisement runs is 30 seconds Configuring OSPF NSF All peer devices participating in OSPF NSF must be made OSPF NSF-aware, which happens Note automatically when you install an NSF software image on the device.
Page 482: Configuring Is-Is Nsf
Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy External flood list length 0 Non-Stop Forwarding enabled, last NSF restart 00:02:06 ago (took 44 secs) Area BACKBONE(0) Number of interfaces in this area is 1 (0 loopback)
Page 483: Verifying Is-Is Nsf
<...Output Truncated...> Step 2 If the NSF configuration is set to cisco, enter the show isis nsf command to verify that NSF is enabled on the device. Using the Cisco configuration, the display output differs on the active and redundant RPs.
Page 484: Configuring Eigrp Nsf
Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redundancy L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF p2p Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE...
Page 485: Cisco High Availability Features In Cisco Ios Xe 3.1.0Sg
Distance: internal 90 external 170 Cisco High Availability Features in Cisco IOS XE 3.1.0SG This section provides a list of High Availability software features that are supported in Cisco IOS XE 3.1.0SG. Links to the feature documentation are included. Feature guides may contain information about more than one feature. To find information about a specific feature within a feature guide, see the Feature Information table at the end of the guide.
Page 486 Chapter 12 Configuring Cisco NSF with SSO Supervisor Engine Redundancy Cisco High Availability Features in Cisco IOS XE 3.1.0SG NSF - OSPF http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-nonstop-forwarding.ht NSF/SSO (Nonstop Forwarding with Stateful Switchover) http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-nonstop-forwarding.ht SSO - HDLC http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-stateful-switchover.ht SSO - HSRP http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-stateful-switchover.ht SSO - Multilink PPP (MLP) http://www.cisco.com/en/US/docs/ios-xml/ios/ha/configuration/xe-3s/ha-config-stateful-switchover.ht...
Page 487: Environmental Monitoring And Power Management
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 488: Using Cli Commands To Monitor Your Environment
Chapter 13 Environmental Monitoring and Power Management About Environmental Monitoring System Alarms, page 13-6 • Environmental monitoring of chassis components provides early warning indications of possible component failure. This warning helps you to ensure the safe and reliable operation of your system and avoid network interruptions.
Page 489 Chapter 13 Environmental Monitoring and Power Management About Environmental Monitoring Chassis Type : WS-C4510R-E Power consumed by backplane : 40 Watts Switch Bandwidth Utilization : 0% Supervisor Led Color : Green Module 2 Status Led Color : Green Module 5 Status Led Color : Green Module 6 Status Led Color...
Page 490: Displaying On Board Failure Logging (Obfl) Information For 9000W Ac
Chapter 13 Environmental Monitoring and Power Management About Environmental Monitoring The following example illustrates how to display the environment condition on WS-C4500X-32 with a Supervisor Engine 7-E. The thresholds appear within parentheses. Switch> show environment no temperature alarms Module Sensor Temperature Status ------+--------------------------+--------------------+------------...
Page 491: Emergency Actions
Chapter 13 Environmental Monitoring and Power Management About Environmental Monitoring If a 9000W power supply is installed in the left bay, the show logging onboard subslot 0 detail command displays logging information for that power supply. If a 9000W power supply is installed in the right bay, enter the show logging onboard subslot 1 detail command, as follows: Switch# show logging onboard subslot 0 detail PID: WS-C4506-E...
Page 492: System Alarms
The timer values and the emergency actions depend on the type of supervisor engine. Refer to the Catalyst 4500 Series Switch Module Installation Guide for information on LEDs, including Note the startup behavior of the supervisor engine system LED.
Page 493: Power Management
Syslog message when the alarm is issued. partial failure. Power Management This section describes the power management feature in the Catalyst 4500 series switches. It includes the following topics: Power Management for the Catalyst 4500 Series Switches, page 13-7 •...
Page 494: Supported Power Supplies
You can select from several different power supplies to ensure that you have enough power for the modules installed in your switch. You should select a power supply based on the modules and the amount of PoE desired using the Cisco Note Power Calculator: http://tools.cisco.com/cpc/...
Page 495: Power Management Modes For The Catalyst 4500 Switch
338 (not to exceed Total Maximum Available = 750) Switch# Power Management Modes for the Catalyst 4500 Switch The Catalyst 4500 series switches support two power management modes: Redundant mode—Redundant mode uses one power supply as a primary power supply and the •...
Page 496: Selecting A Power Management Mode
1000 W can support a fully loaded Catalyst 4503 switch with no powered device support. • 1300 W can support a fully loaded Catalyst 4503 switch with Cisco powered devices. • Each PoE port on a WS-X4148-RJ45V module requires 6.3 W. Five fully loaded WS-X4148-RJ45V •...
Page 497 Chapter 13 Environmental Monitoring and Power Management Power Management If you have too many IP phones drawing power from the system, power to IP phones is cut, and some phones may be powered down to reduce the power requirements to match the power supplies. In the first scenario (power requirements exceed the power supplied), the system attempts to resolve this power usage limitation by evaluating the type and number of modules installed.
Page 498 When all slots are required only one WS-X4448-GB-RJ45 line card can be used. Configuring Redundant Mode on a Catalyst 4500 Series Switch By default, the power supplies in a Catalyst 4500 series switch are set to operate in redundant mode. To effectively use redundant mode, follow these guidelines: Use two power supplies of the same type.
Page 499 The maximum available power for chassis and PoE for each power supply are listed in Table 13-5 • on page 13-14. To configure combined mode on your Catalyst 4500 series switch, perform this task: Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 13-13 OL_28731-01...
Page 500: Available Power For Catalyst 4500 Series Switches Power Supplies
Available Power for Catalyst 4500 Series Switches Power Supplies Table 13-5 lists the power available for use in the various Catalyst 4500 series switches power supplies. When your switch is configured to combined mode, the total available power in not the mathematical sum of the individual power supplies.
Page 501: Special Considerations For The 4200 W Ac And 6000 W Ac Power Supplies
Chapter 13 Environmental Monitoring and Power Management Power Management Table 13-5 Available Power for Switch Power Supplies (continued) Power Supply Redundant Mode (W) Combined Mode (W) Sharing Ratio 1400 W AC Chassis = 1360 Chassis = 2473 9/11 PoE = 0 PoE = 0 2800 W AC Chassis = 1360...
Page 502 Chapter 13 Environmental Monitoring and Power Management Power Management PS1-1 220V good PS1-2 220V good PS1-3 220V good PWR-C45-9000ACV AC 9000W good good good PS2-1 220V good PS2-2 220V good PS2-3 220V good Power supplies needed by system : 2 Maximum Inputs = 3 Power supplies currently available : 2 Power Summary Maximum...
Page 503 Chapter 13 Environmental Monitoring and Power Management Power Management Table 13-7 Output Power in Conbined Mode for the 4200 W AC Power Supply Power Supply 12 V (data) (W) -50 V (PoE) (W) Total Power (W) Both sides at 110 V AC 1188 1531 1700...
Page 504 Chapter 13 Environmental Monitoring and Power Management Power Management Table 13-10 illustrates how the 9000 W AC power supply is evaluated in redundant mode. Table 13-10 Power Output in Redundant Mode for the 9000 W AC Power Supply Power Supply 12V (data) (W) -50V (PoE) (W) Total Power (W)
Page 505: Combined Mode Power Resiliency
Chapter 13 Environmental Monitoring and Power Management Power Management Combined Mode Power Resiliency This feature only applies in combined mode when both power supply bays contain the 4200 W AC or Note 6000 W AC power supply. Using the combined mode power resiliency feature, you can limit the power usage to a maximum of two or three (configurable) inputs for 4000W and 6000W power supplies.
Page 506 Chapter 13 Environmental Monitoring and Power Management Power Management PWR-C45-4200ACV AC 4200W good good good PS2-1 110V good PS2-2 110V good Power supplies needed by system Power supplies currently available : 2 Power Summary Maximum (in Watts) Used Available ---------------------- ---- --------- System Power (12V)
Page 507: Special Considerations For The 1400 W Dc Power Supply
Chapter 13 Environmental Monitoring and Power Management Power Management Power supplies currently available : 2 Power Summary Maximum (in Watts) Used Available ---------------------- ---- --------- System Power (12V) 1323 2646 Inline Power (-50V) 6022 Backplane Power (3.3V) ---------------------- ---- --------- Total 1363 (not to exceed Total Maximum Available = 7412) Special Considerations for the 1400 W DC Power Supply...
Page 508: Special Considerations For The 1400 W Dc Sp Triple Input Power Supply
Unlike the 1400 W DC power supply, the 1400 W DC SP power supply has submodules (multiple inputs) that can be powered on or off. With Cisco IOS Release 12.2(25)EW, the output of the show power command is modified to display the status of these submodules:...
Page 509: Power Management For The Catalyst 4948 Switches
PHY's operating circuitry and save power. This functionality is provided per port and is not enabled by default. To avoid issues with EEE functionality on any port during run-time, Cisco provides the power efficient-ethernet auto command to enable or disable EEE.
Page 510: Determining Eee Capability
Chapter 13 Environmental Monitoring and Power Management IEEE 802.3az Energy Efficient Ethernet For more details, see the URL: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/white_paper_c11-676336.pdf Sections include: Determining EEE Capability, page 13-24 • Enabling EEE, page 13-24 • Determining EEE Status, page 13-24 • Determining EEE Capability...
Page 511 Chapter 13 Environmental Monitoring and Power Management IEEE 802.3az Energy Efficient Ethernet EEE status can have the following values: EEE: N/A—The port is not capable of EEE. EEE: Disabled—The port EEE is disabled. EEE: Disagreed—The port EEE is not set because a remote link partner might be incompatible with EEE;...
Page 512 Chapter 13 Environmental Monitoring and Power Management IEEE 802.3az Energy Efficient Ethernet Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 13-26 OL_28731-01...
Page 513: Configuring Power Over Ethernet
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 514: Hardware Requirements
Ethernet port. Catalyst 4500 series switches can sense if a powered device is connected to a PoE module. They can supply PoE to the powered device if there is no power on the circuit. (If there is power on the circuit, the switch does not supply it.) The powered device can also be connected to an AC power source and supply...
Page 515 Chapter 14 Configuring Power over Ethernet Power Management Modes The Catalyst 4500 series switch has three PoE modes: auto—PoE interface. The supervisor engine directs the switching module to power up the interface • only if the switching module discovers the phone and the switch has enough power. You can specify the maximum wattage that is allowed on the interface.
Page 516: Intelligent Power Management
When a powered device (PD) is attached to a PoE-capable port, the port detects the PD and provision power accordingly. If a Cisco PD is used, the switch and PD negotiate power using CDP packets to determine the precise amount of power needed by the PD. If the PD is 802.3af compatible, the difference between what is mandated by the 802.3af class and what is actually needed by the PD is...
Page 517: Configuring Power Consumption For Powered Devices On An Interface
(7 W on a legacy PoE module and 15.4W on the IEEE PoE modules introduced in Cisco IOS Release 12.2(18)EW). When the switch receives a CDP packet from the powered device, the wattage automatically adjusts downward to the specific amount required by that device.
Page 518: Displaying The Operational Status For An Interface
Chapter 14 Configuring Power over Ethernet Displaying the Operational Status for an Interface Interface AdminPowerMax AdminConsumption (Watts) (Watts) ---------- --------------- -------------------- Gi7/1 15.4 15.4 Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# int gi 7/1 Switch(config-if)# power inline consumption 5000 Switch(config-if)# exit Switch(config)# exit...
Page 519: Displaying All Poe Detection And Removal Events
Switch# Displaying all PoE Detection and Removal Events Starting with Cisco IOS Release 15.0(2)SG2/XE 3.2.2SG, a Catalyst 4500 series switch can display all PoE detection and removal events. To enable PoE event logging, you use the power inline logging global command: Switch# conf terminal Enter configuration commands, one per line.
Page 520: Displaying The Poe Consumed By A Module
*Oct 17 12:02:54.915: %ILPOWER-7-DETECT: Interface Gi5/5: Power Device detected: IEEE PD Displaying the PoE Consumed by a Module A Catalyst 4500 series switch can measure the actual PoE consumption for an 802.3af-compliant PoE module. You can observe this consumption by using show power module and show power detail commands.
Page 521 Chapter 14 Configuring Power over Ethernet Displaying the PoE Consumed by a Module The operating PoE consumption for an 802.3af-compliant module can be non-zero, even when no Note powered devices are attached to the module, because of the PoE consumed by FPGAs and other hardware components on the module.
Page 522 Gi1/8 auto 10.3 10.3 CNU Platform Gi1/9 auto 10.3 10.3 CNU Platform Gi1/10 auto 15.4 15.4 Cisco/Ieee PD Gi1/11 auto 10.3 10.3 CNU Platform Gi1/12 auto 10.3 10.3 CNU Platform --------- ------ ---------- ---------- ---------- ------------------- ----- Totals: 128.2 128.2 switch# Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 523 Chapter 14 Configuring Power over Ethernet Displaying the PoE Consumed by a Module switch# show power inline module 2 Chassis Inline Power Supply: Available:800(w) Used:138(w) Remaining:662(w) Interface Admin Oper Power(Watts) Device Class From PS To Device --------- ------ ---------- ---------- ---------- ------------------- ----- Gi2/1 auto 11.5...
Page 524: Poe Policing And Monitoring
Chapter 14 Configuring Power over Ethernet PoE Policing and Monitoring Gi2/45 auto Gi2/46 auto Gi2/47 auto Gi2/48 auto --------- ------ ---------- ---------- ---------- ------------------- ----- Totals: 138.2 123.0 Switch# PoE Policing and Monitoring Note This functionality is supported on the WS-X4548-RJ45V+, WS-X4648-RJ45V-E, and WS-X4648-RJ45V+E line cards.
Page 525: Configuring Power Policing On An Interface
• Configured consumption values, in case any exist • CDP allocated values (for Cisco devices using CDP) • Allocated power from IEEE discovery (for devices using this mechanism) To activate default PoE policing, enter the following: Switch# conf t Enter configuration commands, one per line.
Page 526: Displaying Power Policing On An Interface
Chapter 14 Configuring Power over Ethernet PoE Policing and Monitoring Interface Admin Oper Admin Oper Cutoff Oper State State Police Police Power Power --------- ------ ---------- ---------- ---------- ------ ----- Gi2/1 auto errdisable errdisable overdrawn Displaying Power Policing on an Interface You can display power policing on an interface, on a module, or for all the PoE-capable line cards in a chassis.
Page 527: Enhanced Power Poe Support On The E-Series Chassis
IEEE 802.3af PoE as well as the Cisco proprietary Inline Power standard. With Cisco IOS Release 12.2(44)SG, the WS-X4648-RJ45V+E line card can also support the IEEE 802.3at standard with up to 30 W available per-port. The WS-X4648-RJ45V-E line card also supports up to 20 W.
Page 528: Configuring Universal Poe
The default power inline configurations usually are sifficient; no additional configuration is required even for high power-consumption Cisco powered devices (for example, a Cisco AP1250 Wireless Access Point). When a high-power consumption device is attached to a port on a WS-X4648-RJ45V-E or WS-X4648-RJ45V+E line card, the switch and device negotiate power using CDP packets to automatically determine the extended amount of power needed by the device.
Page 529 Chapter 14 Configuring Power over Ethernet Enhanced Power PoE Support on the E-Series Chassis The following example shows how to automatically enable power on both signal and spare pairs from switch port gigabit ethernet 2/1: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface gigabitethernet 2/1 Switch(config-if)# power inline four-pair forced Switch(config-if)# shutdown...
Page 530 Chapter 14 Configuring Power over Ethernet Enhanced Power PoE Support on the E-Series Chassis Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 14-18 OL_28731-01...
Page 531: Configuring The Catalyst 4500 Series Switch With Cisco Network Assistant
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 532: About Network Assistant
The switches in the cluster use the switch clustering technology so that you can configure and troubleshoot a group of different Catalyst 4500 series switch platforms through a single IP address. Using switch clusters simplifies the management of multiple switches, regardless of their physical location and platform families.
Page 533: Network Assistant-Related Parameters And Their Defaults
3. You can only change this value for a cluster of devices. Port number on the Network Assistant and on the Catalyst 4500 series switch must match. Value can be changed to any non-default number above 1024. 4. Required for Network Assistant to access the device.
Page 534: Configuring Your Switch For Network Assistant
• (Minimum) Required Configuration If you use the default configuration, access the Catalyst 4500 series switch and enter the ip http server (for HTTP) or ip http secure-server (for HTTPS) global configuration command. To configure the Catalyst 4500 series switch, perform this task:...
Page 535: Additional) Configuration Required To Use Community
Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Your Switch for Network Assistant Command Purpose Step 5 Configures the HTTPS port. Switch(config)# ip http timeout-policy idle idle_time life life_time requests requests The idle keyword specifies the maximum amount of time a connection can stay idle.
Page 536: Managing A Network Using Community
Switch# show running-config Managing a Network Using Community This section describes how to use communities to manage devices (including Catalyst 4500 series switches, routers, access points, and PIX firewalls) using the Network Assistant application. Access points have been eliminated from the device limits. There is no current limit for the number of Note access points that can be managed by CNA.
Page 537: Candidate And Member Requirements
To join a community, a candidate must meet these requirements: An IP address has been obtained. • Cisco Discovery Protocol (CDP) version 2 is enabled (the default) (if you want the device to be • auto-discovered). HTTP (or HTTPS) is enabled.
Page 538: Community Names
Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Managing a Network Using Community Do not disable CDP on candidates, members, or on any network devices that you might want Network Note Assistant to discover. PIX firewalls do not support the CDP, so they are not automatically shown as neighbors in the Topology Note view.
Page 539: Access Modes In Network Assistant
Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Managing a Network Using Community Access Modes in Network Assistant When Network Assistant is connected to a community or cluster, two access modes are available: read-write and read-only, depending on the password.
Page 540: Converting A Cluster Into A Community
Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Converting a Cluster into a Community If you are logged into a community and you delete that community from some other CNA instance, then Note unless you close that community session, you can perform all the configurations through that session.
Page 541: Managing A Network Using Cluster
15-2). Managing a Network Using Cluster This section describes how to use clustering to create and manage Catalyst 4500 series switches using the standalone Network Assistant application or the command-line interface (CLI). Use clustering to group the switches in your network. You must enter the cluster run command on each switch to be managed.
Page 542: Network Assistant And Vty
Managing a Network Using Cluster Has 16 VTY lines. • On a Catalyst 4500 series switch, the default is 4 lines. You configure the switch to set the value Note to 16. Is not a command or cluster member switch of another cluster.
Page 543: Using The Cli To Manage Switch Clusters
Telnet session (through a console or Telnet connection) and to access the cluster member switch CLI. The command mode changes and the Cisco IOS commands operate as usual. Enter the exit privileged EXEC command on the cluster member switch to return to the command-switch CLI.
Page 544 Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Command Purpose Step 6 Enables the selected interface to be in the specified VLAN. Switch(config-if)# switchport access vlan vlan_id Step 7 Select the VLAN instance for configuration.
Page 545 Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Command Purpose Step 27 Returns to privileged EXEC mode. Switch(config-line)# end Step 28 Verifies the configuration. Switch# show running-config This example shows how to configure Network Assistant on a networked switch in community mode:...
Page 546 Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode subject-name cn=IOS-Self-Signed-Certificate-913087 revocation-check none rsakeypair TP-self-signed-913087 crypto pki certificate chain TP-self-signed-913087 certificate self-signed 01 3082028E 308201F7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030...
Page 547: Configuring Network Assistant In A Networked Switch In Cluster Mode
Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode interface GigabitEthernet1/13 interface GigabitEthernet1/14 interface GigabitEthernet1/15 interface GigabitEthernet1/16 interface GigabitEthernet1/17 interface GigabitEthernet1/18 interface GigabitEthernet1/19 interface GigabitEthernet1/20 interface Vlan1 no ip address interface Vlan2 ip address 123.123.123.1 255.255.255.0...
Page 548 Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Command Purpose Step 7 Selects the interface that connects to your CNA-enabled PC. Switch(config-vlan)# interface {vlan vlan_ID | {fastethernet | gigabitethernet}...
Page 549 Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode Switch(config)# line con 0 Switch(config-line)# exec-timeout 0 0 Switch(config-line)# password keepout Switch(config-line)# login Switch(config-line)# line vty 5 15 Switch(config-line)# password keepout...
Page 550 Chapter 15 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mode interface GigabitEthernet1/8 interface GigabitEthernet1/9 interface GigabitEthernet1/10 interface GigabitEthernet1/11 interface GigabitEthernet1/12 interface GigabitEthernet1/13 interface GigabitEthernet1/14 interface GigabitEthernet1/15 interface GigabitEthernet1/16 interface GigabitEthernet1/17...
Page 551: Configuring Vlans, Vtp, And Vmps
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 552 Layer 3 switches. See the “About Layer 3 Interfaces” section on page 34-1 information on inter-VLAN routing on Catalyst 4500 series switches. Figure 16-1 shows an example of three VLANs that create logically defined networks.
Page 553: Vlan Configuration Guidelines And Restrictions
Before creating a VLAN, put the Catalyst 4500 series switch in VTP server mode or VTP transparent mode. If the Catalyst 4500 series switch is a VTP server, you must define a VTP domain. For information on configuring VTP, see the “VLAN Trunking Protocol”...
Page 554: Configurable Normal-Range Vlan Parameters
Normal Used for Ethernet VLANs; you can create, use, and delete these VLANs. 1002–1005 Normal Cisco defaults for FDDI and Token Ring. You cannot delete VLANs 1002–1005. 1006–4094 Extended For Ethernet VLANs only. When configuring extended-range VLANs, note the following: Layer 3 ports and some software features require internal •...
Page 555: Configuring Vlans
VLAN state active active; suspend; shutdown Catalyst 4500 series switches do not support Token Ring or FDDI media. The switch does not forward Note FDDI, FDDI-NET, TrCRF, or TrBRF traffic, but it does propagate the VLAN configuration by using VTP. The software reserves parameters for these media types, but they are not supported.
Page 556: Configuring Vlans In Global Configuration Mode
Chapter 16 Configuring VLANs, VTP, and VMPS VLANs Configuring VLANs in Global Configuration Mode If the switch is in VTP server or transparent mode (see the “VLAN Trunking Protocol” section on page 16-7), you can configure VLANs in global and VLAN configuration modes. When you configure VLANs in global and config-vlan configuration modes, the VLAN configuration is saved in the vlan.dat files, not the running-config or startup-config files.
Page 557: Assigning A Layer 2 Lan Interface To A Vlan
“Configuring Ethernet Interfaces for Layer 2 Switching” section on page 18-5. VLAN Trunking Protocol This section describes the VLAN Trunking Protocol (VTP) on the Catalyst 4500 series switches, and includes the following major subsections: • About VTP, page 16-8 VTP Configuration Guidelines and Restrictions, page 16-12 •...
Page 558: About Vtp
Network Management Protocol (SNMP). By default, the Catalyst 4500 series switch is in VTP server mode and the domain is set to NULL until the switch receives an advertisement for a domain over a trunk link or you configure a management domain.
Page 559: Understanding Vtp Modes
Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Understanding VTP Modes You can configure a Catalyst 4500 series switch to operate in any one of these VTP modes: Server—In VTP server mode, you can create, modify, and delete VLANs and specify other •...
Page 560 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Catalyst 4500 series switches do not support Token Ring or FDDI media. The switch does not forward Note FDDI, FDDI-Net, Token Ring Concentrator Relay Function (TrCRF), or Token Ring Bridge Relay Function (TrBRF) traffic, but it does propagate the VLAN configuration by using VTP.
Page 561: Understanding Vtp Pruning
Switch 1. Switch 1 floods the broadcast and every network device in the network receives it, even though Switches 3, 5, and 6 have no interfaces in the Red VLAN. You can enable pruning globally on the Catalyst 4500 series switch (see the “Enabling VTP Pruning”...
Page 562: Vtp Configuration Guidelines And Restrictions
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Figure 16-3 Flooding Traffic with VTP Pruning Switch 4 Interface 2 Interface 4 Flooded traffic is pruned. Switch 2 VLAN Switch 5 Interface 5 Interface 1 Switch 6 Switch 3 Switch 1 Enabling VTP pruning on a VTP server enables pruning for the entire management domain.
Page 563: Vtp Default Configuration
Enabling or disabling VTP pruning on a VTP server enables or disables VTP pruning for the entire • management domain. Configuring VLANs as eligible for pruning on a Catalyst 4500 series switch affects pruning • eligibility for those VLANs on that switch only, not on all network devices in the VTP domain.
Page 564: Configuring Vtp
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Configuring VTP These sections describe how to configure VTP: Configuring VTP Global Parameters, page 16-14 • Configuring the VTP Mode, page 16-16 • Starting a Takeover, page 16-19 • Displaying VTP Statistics, page 16-19 •...
Page 565 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol This example shows how to configure a VTP password in EXEC mode: Switch# vtp password WATER Setting device VLAN database password to WATER. Switch# The password is not stored in the running-config file. Note This example shows how to configure a hidden password: Switch# configure terminal...
Page 566: Configuring The Vtp Mode
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol VTP version 1 and VTP version 2 are not interoperable on network devices in the same VTP domain. Caution Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain supports version 2.
Page 567 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol When VTP is disabled, you can enter VLAN configuration commands in configuration mode instead of Note the VLAN database mode and the VLAN configuration is stored in the startup configuration file. This example shows how to configure the switch as a VTP server: Switch# configure terminal Switch(config)# vtp mode server...
Page 568 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol This example shows an example of the VTP configuration parameters when the device is running VTP version 2: Switch# show vtp status VTP Version capable : 1 to 3 VTP version running VTP Domain Name : Lab_Network VTP Pruning Mode...
Page 569: Starting A Takeover
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Trunking Protocol Starting a Takeover This process applies to VTP version 3 only. To start a takeover, perform this task: Command Purpose Changes the operational state of a switch from a Switch# vtp primary-server [vlan | mst]| [force] secondary to a primary server and advertises the configuration to the whole domain.
Page 570: Displaying Vtp Devices In A Domain
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 Displaying VTP Devices in a Domain To display information for all the VTP devices in a domain, perform this task: Command Purpose Gathers and displays information for all the VTP devices...
Page 571: Understanding The Vmps Server
VLAN for that host. A Catalyst 4500 series switch running Cisco IOS software does not support the functionality of a VMPS. It can only function as a VLAN Query Protocol (VQP) client, which communicates with a VMPS through the VQP.
Page 572: Fallback Vlan
VMPS server. Although Catalyst 4500 series and Catalyst 6500 series switches running Catalyst operating system Note software support VMPS in all three operation modes, the User Registration Tool (URT) supports open mode only.
Page 573: Illegal Vmps Client Requests
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server If a VLAN is already assigned to this port, VMPS compares the requesting MAC address to this port: If the VMPS is in secure mode, it sends a “port-shutdown” response, whether a fallback VLAN has •...
Page 574: Default Vmps Client Configuration
• Configuring the IP Address of the VMPS Server To configure a Catalyst 4500 series switch as a VMPS client, you must enter the IP address or hostname of the switch acting as the VMPS. To define the primary and secondary VMPS on a Catalyst 4500 series switch, perform this task:...
Page 575 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Switch(config)# vmps server 172.20.128.179 primary Switch(config)# vmps server 172.20.128.178 Switch(config)# end You can configure up to four VMPS servers using this CLI on the VMPS client. Note Switch# show vmps VQP Client Status: -------------------- VMPS VQP Version:...
Page 576 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Voice Ports If a VVID (voice VLAN ID) is configured on a dynamic access port, the port can belong to both an access VLAN and a voice VLAN. Consequently, an access port configured for connecting an IP phone can have separate VLANs for the following: Data traffic to and from the PC that is connected to the switch through the access port of the IP phone •...
Page 577: Administering And Monitoring The Vmps
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Configuring the Retry Interval You can set the number of times that the VMPS client attempts to contact the VMPS before querying the next server. To configure the retry interval, perform this task: Command Purpose Step 1...
Page 578: Troubleshooting Dynamic Port Vlan Membership
Denied: Wrong Domain: Wrong Version: Insufficient Resource: 0 Refer to the Cisco IOS Command Reference for details on VMPS statistics. Note Troubleshooting Dynamic Port VLAN Membership VMPS errdisables a dynamic port under the following conditions: The VMPS is in secure mode, and it does not allow the host to connect to the port. The VMPS •...
Page 579: Dynamic Port Vlan Membership Configuration Example
The Catalyst 6000 family Switch 3 (running Catalyst Operating System) and the URT are secondary • VMPS servers. End stations are connected to these clients: • Catalyst 4500 series XL Switch 2 (running Catalyst Cisco IOS) – – Catalyst 4500 series XL Switch 9 (running Catalyst Cisco IOS) •...
Page 580 Catalyst 4500 series switch operating as a VMPS client. Figure 16-6 illustrates a topology with an end station attached to a Cisco IP Phone, which is attached to a Catalyst 4500 series switch. Figure 16-5 Topology with an End Station Attached Directly to a Catalyst 4500 Series Switch...
Page 581 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Display VMPS information configured for the switch: switch# show vmps VQP Client Status: -------------------- VMPS VQP Version: Reconfirm Interval: 60 min Server Retry Count: 3 VMPS domain server: 172.20.26.152 172.20.26.150 (primary, current Configure port Fa0/1 on Switch 2 as a dynamic port.
Page 582: Vmps Database Configuration File Example
Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server VMPS Database Configuration File Example This example shows a sample VMPS database configuration file as it appears on a VMPS server. A VMPS database configuration file is an ASCII text file that is stored on a TFTP server accessible to the switch that functions as the VMPS server.
Page 583 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server !vmps-port-policies {vlan-name <vlan_name> | vlan-group <group-name>} ! {port-group <group-name> | device <device-id> port <port-name>} vmps-port-policies vlan-group Engineering port-group WiringCloset1 vmps-port-policies vlan-name Green device 198.92.30.32 port Fa0/9 vmps-port-policies vlan-name Purple device 198.4.254.22 port Fa0/10 port-group “Executive Row”...
Page 584 Chapter 16 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 16-34 OL_28731-01...
Page 585: Configuring Ip Unnumbered Interface
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 586: Ip Unnumbered Interface Support With Dhcp Server And Relay Agent
IP address. The IP unnumbered interface can “borrow” the IP address from another interface that is already configured on the Catalyst 4500 series switch, which conserves network and address space. When used with the DHCP server/relay agent, this feature allows a host address assigned by the DHCP server to be learned dynamically at the DHCP relay agent.
Page 587: Ip Unnumbered Interface With Connected Host Polling
Chapter 17 Configuring IP Unnumbered Interface IP Unnumbered Configuration Guidelines and Restrictions Figure 17-2 Format of the Agent Remote ID Suboption 12 bytes Type Length Reserved NAS IP address Interface Reserved VLAN ID (byte 1) (byte 2) (bytes 3-4) (bytes 5-8) (byte 9) (byte 10) (bytes 11-12)
Page 588: Configuring Ip Unnumbered Interface Support With Dhcp Server
Configuring IP Unnumbered Interface Configuring IP Unnumbered Interface Support with DHCP Server The option to add dhcp host routes as connected routes is available in Cisco IOS. When using • connected mode, however, the clear ip route * command deletes the dhcp host connected routes permanently.
Page 589: Configuring Ip Unnumbered Interface Support On A Range Of Ethernet Vlans
Chapter 17 Configuring IP Unnumbered Interface Configuring IP Unnumbered Interface Support with DHCP Server In the following example, Ethernet VLAN 10 is configured as an IP unnumbered interfaces: Switch> enable Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface vlan 10 Switch(config-if)# ip unnumbered Lookback 0 Configuring IP Unnumbered Interface Support on a Range of Ethernet VLANs...
Page 590: Configuring Ip Unnumbered Interface Support With Connected Host Polling
Chapter 17 Configuring IP Unnumbered Interface Configuring IP Unnumbered Interface Support with Connected Host Polling Configuring IP Unnumbered Interface Support with Connected Host Polling To configure IP unnumbered interface support with connected host polling, perform this task: Command Purpose Step 1 Enables privileged EXEC mode.
Page 591: Displaying Ip Unnumbered Interface Settings
Displays the status of unnumbered interface with connected Switch# show ip interface [type number] unnumbered [detail] host polling for the Catalyst 4500 series switch. The following example shows how to display the status of unnumbered interfaces with connected host polling:...
Page 592: Troubleshooting Ip Unnumbered Interface
Troubleshooting IP Unnumbered Interface Troubleshooting IP Unnumbered Interface To understand how to debug connect host polling, see the Cisco IOS documentation of the debug arp command on cisco.com. When an IP unnumbered interface shares the IP address of a loopback interface whose prefix is advertised in an OSPF network, you must modify the loopback interface as a point-to-point interface.
Page 593: Configuring Layer 2 Ethernet Interfaces
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 594: Layer 2 Ethernet Switching
Catalyst 4500 series switch are full-duplex mode only, providing 2-Gbps effective bandwidth. Switching Frames Between Segments Each Ethernet interface on a Catalyst 4500 series switch can connect to a single workstation or server, or to a hub through which workstations or servers connect to the network.
Page 595: Vlan Trunks
Chapter 18 Configuring Layer 2 Ethernet Interfaces About Layer 2 Ethernet Switching VLAN Trunks A trunk is a point-to-point link between one or more Ethernet switch interfaces and another networking device such as a router or a switch. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend VLANs across an entire network.
Page 596: Default Layer 2 Ethernet Interface Configuration
VLANs allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the native VLAN of the trunk with the spanning tree instance of the non-Cisco 802.1Q switch.
Page 597: Configuring Ethernet Interfaces For Layer 2 Switching
Configuring Ethernet Interfaces for Layer 2 Switching Configuring Ethernet Interfaces for Layer 2 Switching The following sections describe how to configure Layer 2 switching on a Catalyst 4500 series switch: Configuring an Ethernet Interface as a Layer 2 Trunk, page 18-5 •...
Page 598 Chapter 18 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Command Purpose Step 8 (Optional) Configures the list of VLANs allowed to be pruned Switch(config-if)# switchport trunk pruning vlan {add | except | none | from the trunk (see the “VLAN Trunking Protocol”...
Page 599: Configuring An Interface As A Layer 2 Access Port
Chapter 18 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching This example shows how to verify the trunk configuration: Switch# show interfaces fastethernet 5/8 trunk Port Mode Encapsulation Status Native vlan Fa5/8 desirable n-802.1q trunking Port Vlans allowed on trunk Fa5/8 1-1005 Port...
Page 600: Clearing Layer 2 Configuration
Chapter 18 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Command Purpose Step 8 Displays the running configuration of the interface. Switch# show running-config interface {fastethernet | gigabitethernet} slot/port Step 9 Displays the switch port configuration of the interface. Switch# show interfaces [{fastethernet | gigabitethernet | tengigabitethernet} slot/port] switchport...
Page 601 Chapter 18 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Command Purpose Step 3 Displays the running configuration of the interface. Switch# show running-config interface {fastethernet | gigabitethernet | tengigabitethernet} slot/port Step 4 Displays the switch port configuration of the interface. Switch# show interfaces [{fastethernet | gigabitethernet | tengigabitethernet} slot/port] switchport...
Page 602 Chapter 18 Configuring Layer 2 Ethernet Interfaces Configuring Ethernet Interfaces for Layer 2 Switching Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 18-10 OL_28731-01...
Page 603 VLANs. A Catalyst 4500 series switch comprises of two bridge domains (BDs), BD 0 and BD 1. By default, all ports belong to BD 0 and you can move them to BD 1 manually.
Page 604 On a Catalyst 4500 series switch, we can have two BDs (0 and 1). Because each BD supports 4K VLAN's, we can support 8K VLANs. An EVC-Lite VLAN can be associated with the BD 0 and 1 interfaces. However, traffic flowing on this VLAN under BD 1 will never flow under BD 0 and vice-versa.
Page 605: Configuring Smartport Macros
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 606: Configuring Smartport Macros
Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 607: Passing Parameters Through The Macro
Chapter 20 Configuring SmartPort Macros Configuring SmartPort Macros Passing Parameters Through the Macro Some commands might not be sufficiently generic for all the interfaces; for example, VLAN ID for Layer 2 interfaces and the IP address for Layer 3 interface. Retaining such commands in macro definitions requires that you change the value of such parameters (such as VLAN ID or IP address) before applying the macro to different interfaces.
Page 608: Default Smartport Macro Configuration
• cisco-switch, page 20-5 • cisco-global This is the example for the cisco-global macro: # Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap errdisable recovery interval 60 # VTP requires Transparent mode for future 802.1x Guest VLAN...
Page 609: Cisco-Phone
# and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity # Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone # Configure port as an edge network port spanning-tree portfast...
Page 610: Smartport Macro Configuration Guidelines
If a command fails when you apply a macro, either due to a syntax error or to a configuration error, the macro continues to apply the remaining commands to the interface. • cisco-global needs to be applied at the global configuration mode. We recommend that you apply this macro before any other interface level macro. •...
Page 611 Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.
Page 612: Creating Smartport Macros
Chapter 20 Configuring SmartPort Macros Configuring SmartPort Macros Creating SmartPort Macros To create a SmartPort macro, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Creates a macro definition, and enter a macro name. A macro definition Switch(config)# macro name macro-name can contain up to 3000 characters.
Page 613 If you apply a macro without entering the keyword values, the commands are invalid and are not applied. For example, here is how you apply this command: Switch(config-if)# macro apply cisco-phone ? WORD Keyword to replace with a value e.g. $AVID, $VVID <cr>...
Page 614: Cisco-Global
This example shows how to use the system-defined macro cisco-desktop to assign a value of 35 to the access VLAN of the Fast Ethernet interface 2/9. This macro requires the $AVID keyword, which is the access VLAN of the port.
Page 615: Cisco-Phone
-------------------------------------------------------------- cisco-phone This example shows how to use the system-defined macro cisco-phone to assign a value of 35 to the access VLAN and 56 to the voice VLAN on the Fast Ethernet interface 2/9. This macro requires the $AVID and $VVID keywords, which are the access and voice VLANs of the Note port.
Page 616: Cisco-Router
-------------------------------------------------------------- cisco-router This example shows how to use the system-defined macro cisco-router to assign a value of 451 to the native VLAN on the Fast Ethernet interface 2/9. This macro requires the $NVID keyword, which is the native VLANs of the port.
Page 617: Displaying Smartport Macros
Switch# show parser macro description Interface Macro Description -------------------------------------------------------------- Fa2/9 cisco-router -------------------------------------------------------------- Displaying SmartPort Macros To display the SmartPort macros, use one or more of the privileged EXEC commands in Table 20-2. Table 20-2 Commands for Displaying SmartPort Macros...
Page 618: Static Smartport Configuration Guidelines
PC, to a switch port. cisco-phone Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
Page 619 You can delete a macro-applied configuration on a port by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, to apply the macro and to set the access VLAN ID to 25 on an interface:...
Page 620 # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable -------------------------------------------------------------- Switch# configure terminal Switch(config)# interface gigabitethernet1/0/4 Switch(config-if)# macro apply cisco-desktop $AVID 25 Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 20-16 OL_28731-01...
Page 621: Configuring Cisco Ios Auto Smartport Macros
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 622: Device Classifier
Auto Smartport module, comprising a limited set of Cisco devices. They are built into Cisco IOS and cannot be changed. The default profiles are stored as a text file in nonvolatile storage and allow the DC to identify a much larger set of devices. The default profiles are updated as part of the Cisco IOS archive download.
Page 623: Device Visibility Mode
Chapter 21 Configuring Cisco IOS Auto Smartport Macros Configuring Auto Smartport Macros When a new device is detected, the corresponding shell trigger executes the Auto Smartport configuration macro. Auto Smartport has built-in mappings for a large set of devices. You can use the commands described in the “Configuring Mapping Between User-Defined Triggers and Built-in...
Page 624: Auto Smartport Default Configuration
Switch(config)# interface interface_id Switch(config-if)# no macro auto processing Auto Smartport Default Configuration By default, Cisco IOS shell is enabled and Auto Smartport is disabled globally. Table 21-1 shows the Auto Smartport built-in event triggers that are embedded in the switch software by default.
Page 625: Auto Smartport Configuration Guidelines
Use this macro to apply the switch macro for Cisco switches. It enables SMARTPORT trunking on the port. CISCO_ROUTER_AUTO_ Use this macro to apply the router macro for Cisco routers. It enables QoS, SMARTPORT trunking, and spanning-tree protection on the port. CISCO_AP_AUTO_...
Page 626: Configuring Auto Smartport Built-In Macro Parameters
Consult the specific device documentation to ensure the device's firmware is current. The LWAP’s WLC software version must be 6.0.188 ( => Cisco IOS 12.4(21a)JA2) or later to make •...
Page 627 [[parameter=value] {function contents}]} command deletes the mapping. This example shows how to use two built-in Auto Smartport macros for connecting Cisco switches and Cisco IP phones to the switch. This example modifies the default voice VLAN, access VLAN, and native VLAN for the trunk interface:...
Page 628: Configuring User-Defined Event Triggers
802.1X-Based Event Trigger When using MAB or 802.1X authentication to trigger Auto Smartport macros, you need to create an event trigger that corresponds to the Cisco AV pair (auto-smart-port=event trigger) sent by the RADIUS server. To configure an event trigger, perform this task:...
Page 629: Mac Address-Based Event Trigger
Chapter 21 Configuring Cisco IOS Auto Smartport Macros Configuring Auto Smartport Macros Command Purpose Step 4 Displays the event triggers on the switch. Switch# show shell triggers Step 5 (Optional) Saves your entries in the configuration file. Switch# copy running-config startup-config Use the no shell trigger identifier global configuration command to delete the event trigger.
Page 630: Configuring Auto Smartport User-Defined Macros
<output truncated> Configuring Auto Smartport User-Defined Macros The Cisco IOS shell provides basic scripting capabilities for configuring the user-defined Auto Smartport macros. These macros can contain multiple lines and can include any CLI command. You can also define variable substitution, conditionals, functions, and triggers within the macro.
Page 631 (Optional) Saves your entries in the configuration file. Switch# copy running-config startup-config This example shows how to map a user-defined event trigger called Cisco Digital Media Player (DMP) to a user-defined macro. Connect the DMP to an 802.1X- or MAB-enabled switch port.
Page 632 Chapter 21 Configuring Cisco IOS Auto Smartport Macros Configuring Auto Smartport Macros switchport mode access switchport port-security switchport port-security maximum 1 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity spanning-tree portfast spanning-tree bpduguard enable...
Page 633: Displaying Auto Smartport
Chapter 21 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Table 21-5 lists the shell keywords that are not supported in macros and antimacros. Table 21-5 Unsupported Cisco IOS Shell Reserved Keywords Command Description Pipeline. case Conditional construct. esac Conditional construct.
Page 634 Chapter 21 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Switch# show macro auto monitor type table Valid Type Profile Name min Conf =========== ========= ================== ======== ==== Valid Default Apple-Device Valid Default Aruba-Device Valid Default Avaya-Device Valid Default...
Page 635 Chapter 21 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Valid Default Linksys-Device Valid Default LinksysWAP54G-Device Valid Default HTC-Device Valid Default MotorolaMobile-Device Valid Default VMWare-Device Valid Default ISE-Appliance Valid Built-in Cisco-Device Valid Built-in Cisco-Router Valid Built-in Router Valid Built-in...
Page 636 Chapter 21 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Trigger mapping function: CISCO_LWAP_AUTO_SMARTPORT This example shows how to use the show shell functions privileged EXEC command to view the built-in macros in the switch software: Switch# show shell functions...
Page 637 Chapter 21 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport <output truncated> Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 21-17 OL_28731-01...
Page 638 Chapter 21 Configuring Cisco IOS Auto Smartport Macros Displaying Auto Smartport Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 21-18 OL_28731-01...
Page 639: Configuring Stp And Mst
Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 640: Understanding The Bridge Id
Configuring STP and MST About STP A Catalyst 4500 series switch use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single spanning tree runs on each configured VLAN (provided you do not manually disable the spanning tree).
Page 641: Extended System Id
VLAN ID STP MAC Address Allocation A Catalyst 4500 series switch chassis has either 64 or 1024 MAC addresses available to support software features like STP. Enter the show module command to view the MAC address range on your chassis.
Page 642: Election Of The Root Bridge
Chapter 22 Configuring STP and MST About STP The identifier of the transmitting port • Values for the hello, forward delay, and max-age protocol timers • When a switch transmits a BPDU frame, all switches connected to the LAN on which the frame is transmitted receive the BPDU.
Page 643: Creating The Stp Topology
Chapter 22 Configuring STP and MST About STP Creating the STP Topology The goal of the spanning tree algorithm is to make the most direct link the root port. When the spanning tree topology is calculated based on default parameters, the path between source and destination end stations in a switched network might not be optimal according to link speed.
Page 644: Mac Address Allocation
When you connect a Cisco switch to a non-Cisco device (that supports 802.1Q) through an 802.1Q trunk, the Cisco switch combines the spanning tree instance of the 802.1Q native VLAN of the trunk with the spanning tree instance of the non-Cisco 802.1Q switch. However, all per-VLAN spanning tree information is maintained by Cisco switches separated by a network of non-Cisco 802.1Q switches.
Page 645: Default Stp Configuration
Chapter 22 Configuring STP and MST Default STP Configuration Default STP Configuration Table 22-4 shows the default spanning tree configuration. Table 22-4 Spanning Tree Default Configuration Values Feature Default Value Enable state Spanning tree enabled for all VLANs Bridge priority value 32,768 Spanning tree port priority value (configurable on a per-interface basis—used on interfaces configured as...
Page 646: Enabling Stp
Chapter 22 Configuring STP and MST Configuring STP The spanning tree commands described in this chapter can be configured on any interface except those Note configured with the no switchport command. Enabling STP Note By default, spanning tree is enabled on all the VLANs. You can enable a spanning tree on a per-VLAN basis.
Page 647: Enabling The Extended System Id
Chapter 22 Configuring STP and MST Configuring STP BPDU: sent 3, received 3417 Switch# Enabling the Extended System ID Note The extended system ID is enabled permanently on chassis that support 64 MAC addresses. Use the spanning-tree extend system-id command to enable the extended system ID on chassis that support 1024 MAC addresses.
Page 648 Chapter 22 Configuring STP and MST Configuring STP To configure a switch to become the root bridge for the specified VLAN, use the spanning-tree vlan vlan-ID root command to modify the bridge priority from the default value (32,768) to a significantly lower value.
Page 649 Chapter 22 Configuring STP and MST Configuring STP Timers:hello 0, topology change 0, notification 0, aging 300 Port 323 (FastEthernet6/3) of VLAN1 is forwarding Port path cost 19, Port priority 128, Port Identifier 129.67. Designated root has priority 32768, address 0001.6445.4400 Designated bridge has priority 32768, address 0001.6445.4400 Designated port id is 129.67, designated path cost 0 Timers:message age 2, forward delay 0, hold 0...
Page 650: Configuring A Secondary Root Switch
Chapter 22 Configuring STP and MST Configuring STP Because the bridge priority is now set at 8192, this switch becomes the root of the spanning tree. Note Configuring a Secondary Root Switch When you configure a switch as the secondary root, the spanning tree bridge priority is modified from the default value (32,768) to 16,384.
Page 651: Configuring Stp Port Priority
The possible priority range is 0 through 240, configurable in increments of 16 (the default is 128). The Cisco IOS software uses the port priority value when the interface is configured as an access port Note and uses VLAN port priority values when the interface is configured as a trunk port.
Page 652 Chapter 22 Configuring STP and MST Configuring STP ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Desg FWD 19 128.129 VLAN1002 Desg FWD 19 128.129 VLAN1003 Desg FWD 19 128.129 VLAN1004 Desg FWD 19 128.129 VLAN1005 Desg FWD 19 128.129 Switch# This example shows how to display the details of the interface configuration when the interface is configured as an access port: Switch# show spanning-tree interface fastethernet 3/1 detail...
Page 653: Configuring Stp Port Cost
Chapter 22 Configuring STP and MST Configuring STP The show spanning-tree port-priority command displays only information for ports with an active Note link. If there is no port with an active link, enter a show running-config interface command to verify the configuration.
Page 654 Chapter 22 Configuring STP and MST Configuring STP Command Purpose Step 3 Configures the VLAN port cost for an interface. The Switch(config-if)# [no] spanning-tree vlan vlan_ID cost port_cost port_cost value can be from 1 to 200,000,000. Use the no keyword to restore the defaults. Step 4 Exits configuration mode.
Page 655: Configuring The Bridge Priority Of A Vlan
Chapter 22 Configuring STP and MST Configuring STP The show spanning-tree command displays only information for ports with an active link (green light Note is on). If there is no port with an active link, you can issue a show running-config command to confirm the configuration.
Page 656: Configuring The Maximum Aging Time For A Vlan
Chapter 22 Configuring STP and MST Configuring STP To configure the spanning tree hello time of a VLAN, perform this task: Command Purpose Step 1 Configures the hello time of a VLAN. The hello_time Switch(config)# [no] spanning-tree vlan vlan_ID hello-time hello_time value can be from 1 to 10 seconds.
Page 657: Configuring The Forward-Delay Time For A Vlan
Chapter 22 Configuring STP and MST Configuring STP This example shows how to verify the configuration: Switch# show spanning-tree vlan 200 bridge brief Hello Max Vlan Bridge ID Time Age Delay Protocol ---------------- -------------------- ---- ---- ----- -------- VLAN200 49152 0050.3e8d.64c8 ieee Switch# Configuring the Forward-Delay Time for a VLAN...
Page 658: Disabling Spanning Tree Protocol
Chapter 22 Configuring STP and MST Configuring STP Disabling Spanning Tree Protocol To disable spanning tree on a per-VLAN basis, perform this task: Command Purpose Step 1 Disables spanning tree on a per-VLAN basis. Switch(config)# no spanning-tree vlan vlan_ID Step 2 Exits configuration mode.
Page 659: Specifying The Link Type
Chapter 22 Configuring STP and MST Configuring STP Switch# clear spanning-tree detected-protocols The following example shows how to verify the configuration: Switch# show spanning-tree summary totals Switch is in rapid-pvst mode Root bridge for:VLAN0001 Extended system ID is disabled Portfast Default is disabled PortFast BPDU Guard Default is disabled...
Page 660: About Mst
Spanning Tree Plus (PVST+) and is backward compatible with 802.1D STP, 802.1w (Rapid Spanning Tree Protocol [RSTP]), and the Cisco PVST+ architecture. MST allows you to build multiple spanning trees over trunks. You can group and associate VLANs to spanning tree instances.
Page 661: Ieee 802.1W Rstp
Chapter 22 Configuring STP and MST About MST MST establishes and maintains additional spanning trees within each MST region. These spanning • trees are termed MST instances (MSTIs). The IST is numbered 0, and the MSTIs are numbered 1, 2, 3, and so on. Any MSTI is local to the MST region and is independent of MSTIs in another region, even if the MST regions are interconnected.
Page 662: Rstp Port Roles
Chapter 22 Configuring STP and MST About MST RSTP Port Roles In RSTP, the port roles are defined as follows: Root—A forwarding port elected for the spanning tree topology. • Designated—A forwarding port elected for every switched LAN segment. • Alternate—An alternate path to the root bridge to that provided by the current root port.
Page 663: Common Spanning Tree
– Common Spanning Tree CST (802.1Q) is a single spanning tree for all the VLANs. In a Catalyst 4500 series switch running PVST+, the VLAN 1 spanning tree corresponds to CST. In a Catalyst 4500 series switch running MST, IST (instance 0) corresponds to CST.
Page 664: Mst Instances
Chapter 22 Configuring STP and MST About MST MST Instances We support 65 instances including instance 0. Each spanning tree instance is identified by an instance ID that ranges from 0 to 4094. Instance 0 is mandatory and is always present. Rest of the instances are optional.
Page 665: Boundary Ports
Chapter 22 Configuring STP and MST About MST To form an MST region, bridges can be either of the following: An MST bridge that is the only member of the MST region. • An MST bridge interconnected by a LAN. A LAN’s designated bridge has the same MST •...
Page 666: Link Type
Chapter 22 Configuring STP and MST About MST To prevent a misconfiguration, the PortFast operation is turned off if the port receives a BPDU. You can display the configured and operational status of PortFast by using the show spanning-tree mst interface command.
Page 667: Mst Configuration Restrictions And Guidelines
VLAN is mapped. The topology change stays local to the first MST region, and the Cisco Access Manager (CAM) entries in the other region are not flushed. To make the topology change visible throughout other MST regions, you can map that VLAN to IST or connect the PVST+ switch to the two regions through access links.
Page 668 Switch(config-mst)# show current Current MST configuration Name Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1-4094 ------------------------------------------------------------------------------- Switch(config-mst)# name cisco Switch(config-mst)# revision 2 Switch(config-mst)# instance 1 vlan 1 Switch(config-mst)# instance 2 vlan 1-1000 Switch(config-mst)# show pending Pending MST configuration Name [cisco] Revision Instance...
Page 669: Configuring Mst Instance Parameters
Chapter 22 Configuring STP and MST Configuring MST Switch(config-mst)# instance 1 vlan 2000-3000 Switch(config-mst)# no instance 1 vlan 1500 Switch(config-mst)# show pending Pending MST configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1-1999,2500,3001-4094 2000-2499,2501-3000 ------------------------------------------------------------------------------- Switch(config-mst)# end Switch(config)# no spanning-tree mst configuration...
Page 670: Configuring Mst Instance Port Parameters
Chapter 22 Configuring STP and MST Configuring MST Switch# show spanning-tree mst ###### MST00 vlans mapped: 11-4094 Bridge address 00d0.00b8.1400 priority 24576 (24576 sysid 0) Root this switch for CST and IST Configured hello time 2, forward delay 15, max age 20, max hops 20 Interface Role Sts Cost Prio.Nbr Status...
Page 671: Restarting Protocol Migration
Similarly, an MST port still assumes that it is a boundary port when the bridge(s) to which it is connected have joined the same region. To force a Catalyst 4500 series switch to renegotiate with the neighbors (that is, to restart protocol migration), you must enter the clear...
Page 672 Configuring STP and MST Configuring MST The following examples show how to display spanning tree VLAN configurations in MST mode: Switch(config)# spanning-tree mst configuration Switch(config-mst)# instance 1 vlan 1-10 Switch(config-mst)# name cisco Switch(config-mst)# revision 1 Switch(config-mst)# Ctrl-D Switch# show spanning-tree mst configuration Name...
Page 673 Chapter 22 Configuring STP and MST Configuring MST Switch# show spanning-tree mst interface fastethernet 4/4 FastEthernet4/4 of MST00 is backup blocking Edge port:no (default) port guard :none (default) Link type:point-to-point (auto) bpdu filter:disable (default) Boundary :internal bpdu guard :disable (default) Bpdus sent 2, received 368 Instance Role Sts Cost Prio.Nbr Vlans mapped...
Page 674 Chapter 22 Configuring STP and MST Configuring MST Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00d0.00b8.1400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- Fa4/4 Back BLK 1000 240.196...
Page 675: Configuring Flex Links And Mac Address-Table Move Update
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 676: Flex Links
Flex Links are typically configured in service provider or enterprise networks where customers do not want to run STP on some interfaces. The Catalyst 4500 series switch supports a maximum of 16 Flex Links. Note You configure Flex Links on one Layer 2 interface (the active link) by assigning another Layer 2 interface as the Flex Link or backup link.
Page 677: Flex Links Failover Actions
Chapter 23 Configuring Flex Links and MAC Address-Table Move Update About Flex Links rest on the other port. If one of the ports fail, the other active port forwards all the traffic. When the failed port reactivates, it resumes forwarding traffic in the preferred VLANs. In addition to providing the redundancy, this Flex Links pair can be used for load balancing.
Page 678: Mac Address-Table Move Update
Chapter 23 Configuring Flex Links and MAC Address-Table Move Update MAC Address-Table Move Update MAC Address-Table Move Update Figure 23-3, ports 1 and 2 on switch A are connected to uplink switches B and D through a Flex Links pair. Port 1 is forwarding traffic, and port 2 is in the blocking state. Traffic from the PC to the server is forwarded from port 1 to port 3.
Page 679: Configuring Flex Links
Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links Figure 23-3 MAC Address-Table Move Update Example Server Switch C Port 3 Port 4 Switch B Switch D Port 1 Port 2 Switch A Configuring Flex Links These sections contain this configuration information: Default Configuration, page 23-5 •...
Page 680: Configuration Guidelines
Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links Configuration Guidelines Follow these guidelines to configure Flex Links and associated features: You can configure only one Flex Link backup link for any active link, and it must be a different •...
Page 681 Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links To disable a Flex Links backup interface, enter the no switchport backup interface interface-id interface configuration command. This example shows how to configure an interface with a backup interface and to verify the configuration: Switch# configure terminal Switch(conf)# interface fastethernet1/1...
Page 682: Configuring Vlan Load Balancing On Flex Links
Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links To remove a preemption scheme, enter the no switchport backup interface interface-id preemption mode interface configuration command. To reset the delay time to the default, enter the no switchport backup interface interface-id preemption delay interface configuration command.
Page 683 Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Configuring Flex Links When both interfaces are up, Fast Ethernet port 1/0/8 forwards traffic for VLANs 60 and 100 to 120 and Fast Ethernet port 1/0/6 forwards traffic for VLANs 1 to 50. Switch# show interfaces switchport backup Switch Backup Interface Pairs: Active Interface...
Page 684: Configuring Mac Address-Table Move Update
Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Configuring MAC Address-Table Move Update Configuring MAC Address-Table Move Update These sections contain this configuration information: Default Configuration, page 23-5 • Configuration Guidelines, page 23-6 • Configuring MAC Address-Table Move Update, page 23-10 •...
Page 685 Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Configuring MAC Address-Table Move Update Command Purpose Step 3 Configures a physical Layer 2 interface (or port channel), Switch(conf-if)# switchport backup interface interface-id as part of a Flex Links pair with the interface. The MAC address-table move update VLAN is the lowest VLAN ID on the interface.
Page 686: Configuring A Switch To Receive Mac Address-Table Move Updates
Chapter 23 Configuring Flex Links and MAC Address-Table Move Update Monitoring Flex Links and the MAC Address-Table Move Update Configuring a Switch to Receive MAC Address-Table Move Updates To configure a switch to receive and process MAC address-table move update messages, perform this task: Command Purpose...
Page 687: Configuring Resilient Ethernet Protocol
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 688 Chapter 24 Configuring Resilient Ethernet Protocol About REP Figure 24-1 REP Open Segments Edge port Blocked port Link failure The segment shown in Figure 24-1 is an open segment; there is no connectivity between the two edge ports. The REP segment cannot cause a bridging loop and it is safe to connect the segment edges to any network.
Page 689 Figure 24-3. Starting with Cisco IOS Release 15.0(2)SG, you can configure the non-REP facing ports (E1 and E2) as edge no-neighbor ports. These ports inherit all properties of edge ports, and you can configure them the same as any edge port, including configuring them to send STP or REP topology change notices to the aggregation switch.
Page 690: Link Integrity
By default, REP packets are sent to a BPDU class MAC address. The packets can also be sent to the Cisco multicast address, which at present is used only to send blocked port advertisement (BPA) messages when there is a failure in the segment. The packets are dropped by devices not running REP.
Page 691 Chapter 24 Configuring Resilient Ethernet Protocol About REP The neighbor offset number range is –256 to +256; a value of 0 is invalid. The primary edge port has an offset number of 1; positive numbers above 1 identify downstream neighbors of the primary edge port.
Page 692: Spanning Tree Interaction
Chapter 24 Configuring Resilient Ethernet Protocol About REP When VLAN load balancing is triggered, the primary edge port then sends out a message to alert all interfaces in the segment about the preemption. When the message is received by the secondary edge port, it is reflected into the network to notify the alternate port to block the set of VLANs specified in the message and to notify the primary edge port to block the remaining VLANs.
Page 693: Configuring Rep
Chapter 24 Configuring Resilient Ethernet Protocol Configuring REP Configuring REP A segment is a collection of ports connected one to the other in a chain and configured with a segment ID. To configure REP segments, you should configure the REP administrative VLAN (or use the default VLAN 1) and then add the ports to the segment using interface configuration mode.
Page 694: Configuring The Rep Administrative Vlan
• REP sends all LSL PDUs in untagged frames on the native VLAN. The BPA message sent to the Cisco multicast address is sent on the administration VLAN, which is VLAN 1 by default. • REP ports can not be configured as one of these port types: –...
Page 695: Configuring Rep Interfaces
Chapter 24 Configuring Resilient Ethernet Protocol Configuring REP To configure the REP administrative VLAN, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Specifies the administrative VLAN. The range is 2 to Switch(config)# rep admin vlan vlan-id 4094.
Page 696 Chapter 24 Configuring Resilient Ethernet Protocol Configuring REP To enable and configure REP on an interface, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Specifies the interface, and enter interface configuration mode. The Switch(config)# interface interface-id interface can be a physical Layer 2 interface or a port channel (logical interface).
Page 697 Chapter 24 Configuring Resilient Ethernet Protocol Configuring REP Command Purpose Step 4 Enables REP on the interface, and identifies a segment number. The Switch(config-if)# rep segment segment-id edge no-neighbor primary segment ID range is from 1 to 1024. These optional keywords are preferred available.
Page 698 Chapter 24 Configuring Resilient Ethernet Protocol Configuring REP Command Purpose Step 6 (Optional) Configures VLAN load balancing on the primary edge Switch(config-if)# rep block port {id port-id neighbor_offset | preferred port, identify the REP alternate port in one of three ways, and vlan vlan-list configure the VLANs to be blocked on the alternate port.
Page 699: Setting Manual Preemption For Vlan Load Balancing
Chapter 24 Configuring Resilient Ethernet Protocol Configuring REP This example shows how to configure the same configuration when the interface has no external REP neighbor: Switch# configure terminal Switch (config)# interface gigabitethernet1/1 Switch (config-if)# rep segment 1 edge no-neighbor primary Switch (config-if)# rep stcn segment 2-5 Switch (config-if)# rep block port 0009001818D68700 vlan all Switch (config-if)# rep preempt delay 60...
Page 700: Configuring Snmp Traps For Rep
Chapter 24 Configuring Resilient Ethernet Protocol Monitoring REP Command Purpose Step 3 Manually triggers VLAN load balancing on the segment. Switch(config-if)# rep preempt segment segment-id You must confirm the command before it is executed. Step 4 Returns to privileged EXEC mode. Switch(config-if)# end Step 5 Displays REP topology information.
Page 701: Configuring Optional Stp Features
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 702: About Root Guard
Chapter 25 Configuring Optional STP Features About Root Guard Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html About Root Guard Spanning Tree root guard forces an interface to become a designated port, to protect the current root status and prevent surrounding switches from becoming the root switch.
Page 703: About Loop Guard
Chapter 25 Configuring Optional STP Features About Loop Guard This example shows how to determine whether any ports are in root inconsistent state: Switch# show spanning-tree inconsistentports Name Interface Inconsistency -------------------- ---------------------- ------------------ VLAN0001 FastEthernet3/1 Root Inconsistent VLAN0001 FastEthernet3/2 Root Inconsistent VLAN1002 FastEthernet3/1 Root Inconsistent...
Page 704: Enabling Loop Guard
Chapter 25 Configuring Optional STP Features Enabling Loop Guard Figure 25-1 illustrates the following configuration: Switches A and B are distribution switches. • Switch C is an access switch. • Loop guard is enabled on ports 3/1 and 3/2 on Switches A, B, and C. •...
Page 705 Chapter 25 Configuring Optional STP Features Enabling Loop Guard Command Purpose Step 2 Exits configuration mode. Switch(config)# end Step 3 Verifies the configuration impact on a port. Switch# show spanning tree interface 4/4 detail This example shows how to enable loop guard globally: Switch(config)# spanning-tree loopguard default Switch(config)# Ctrl-Z This example shows how to verify the previous configuration of port 4/4:...
Page 706: About Etherchannel Guard
Chapter 25 Configuring Optional STP Features About EtherChannel Guard About EtherChannel Guard EtherChannel guard allows you to detect an EtherChannel misconfiguration between the switch and a connected device. A misconfiguration can occur if the interfaces of a switch are manually configured in an EtherChannel, and one or more interfaces on the other device are not.
Page 707: Enabling Portfast
Chapter 25 Configuring Optional STP Features Enabling PortFast unit (BPDU), spanning tree does not place the port into the blocking state. Spanning tree sets the port’s operating state to non-port fast even if the configured state remains port fast and starts participating in the topology change.
Page 708: About Bpdu Guard
Chapter 25 Configuring Optional STP Features About BPDU Guard About BPDU Guard Spanning Tree BPDU guard shuts down PortFast-configured interfaces that receive BPDUs, rather than putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. Reception of a BPDU by a PortFast-configured interface signals an invalid configuration, such as connection of an unauthorized device.
Page 709: About Portfast Bpdu Filtering
About PortFast BPDU Filtering About PortFast BPDU Filtering Cisco IOS Release 12.2(25)EW and later support PortFast BPDU filtering, which allows the administrator to prevent the system from sending or even receiving BPDUs on specified ports. When configured globally, PortFast BPDU filtering applies to all operational PortFast ports. Ports in an operational PortFast state are supposed to be connected to hosts that typically drop BPDUs.
Page 710 Chapter 25 Configuring Optional STP Features Enabling PortFast BPDU Filtering Switch(config)# Ctrl-Z This example shows how to verify the BPDU configuration in PVST+ mode: Switch# show spanning-tree summary totals Root bridge for:VLAN0010 EtherChannel misconfiguration guard is enabled Extended system ID is disabled Portfast is enabled by default...
Page 711: About Uplinkfast
Chapter 25 Configuring Optional STP Features About UplinkFast Switch# About UplinkFast UplinkFast is most useful in wiring-closet switches. This feature might not be useful for other types of Note applications. Spanning Tree UplinkFast provides fast convergence after a direct link failure and uses uplink groups to achieve load balancing between redundant Layer 2 links.
Page 712: Enabling Uplinkfast
Chapter 25 Configuring Optional STP Features Enabling UplinkFast Figure 25-3 UplinkFast After Direct Link Failure Switch A Switch B (Root) Link failure UplinkFast transitions port directly to forwarding state Switch C Enabling UplinkFast UplinkFast increases the bridge priority to 49,152 and adds 3000 to the spanning tree port cost of all interfaces on the switch, making it unlikely that the switch becomes the root switch.
Page 713: About Backbonefast
Chapter 25 Configuring Optional STP Features About BackboneFast Station update rate set to 150 packets/sec. UplinkFast statistics ----------------------- Number of transitions via uplinkFast (all VLANs) Number of proxy multicast addresses transmitted (all VLANs) :5308 Name Interface List -------------------- ------------------------------------ VLAN1 Fa6/9(fwd), Gi5/7 VLAN2 Gi5/7(fwd)
Page 714 Chapter 25 Configuring Optional STP Features About BackboneFast If the switch finds an alternate path to the root bridge, it uses this new alternate path. This new path, and any other alternate paths, are used to send a Root Link Query (RLQ) BPDU. When BackboneFast is enabled, the RLQ BPDUs are sent out as soon as an inferior BPDU is received.
Page 715: Enabling Backbonefast
Chapter 25 Configuring Optional STP Features Enabling BackboneFast Figure 25-5 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Figure 25-5 BackboneFast after Indirect Link Failure Switch A Switch B (Root) Blocked port Switch C If a new switch is introduced into a shared-medium topology as shown in Figure 25-6, BackboneFast is...
Page 716 Chapter 25 Configuring Optional STP Features Enabling BackboneFast Command Purpose Step 1 Enables BackboneFast. Switch(config)# [no] spanning-tree backbonefast Use You can use the no keyword to disable BackboneFast. Step 2 Exits configuration mode. Switch(config)# end Step 3 Verifies that BackboneFast is enabled. Switch# show spanning-tree backbonefast This example shows how to enable BackboneFast: Switch(config)# spanning-tree backbonefast...
Page 717 Chapter 25 Configuring Optional STP Features Enabling BackboneFast Number of RLQ response PDUs sent (all VLANs) Switch# This example shows how to display the total lines of the spanning tree state section: Switch# show spanning-tree summary totals Root bridge for:VLAN0001, VLAN1002-VLAN1005 Extended system ID is disabled Portfast...
Page 718 Chapter 25 Configuring Optional STP Features Enabling BackboneFast Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 25-18 OL_28731-01...
Page 719: Configuring Etherchannel And Link State Tracking
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 720: About Etherchannel
All interfaces in each EtherChannel must be the same speed and must be configured as either Layer 2 or Layer 3 interfaces. The network device to which a Catalyst 4500 series switch is connected may impose its own limits on Note the number of interfaces in an EtherChannel.
Page 721: Configuring Etherchannels
You can configure EtherChannels manually or use the Port Aggregation Control Protocol (PAgP) or the Link Aggregation Control Protocol (LACP) (Cisco IOS Release 12.2(25)EWA and later), to form EtherChannels. The EtherChannel protocols allow ports with similar characteristics to form an EtherChannel through dynamic negotiation with connected network devices.
Page 722: Pagp Etherchannel Configuration
IEEE 802.3ad LACP EtherChannel Configuration Cisco IOS Release 12.2(25)EWA and later releases support IEEE 802.3ad LACP EtherChannels. LACP supports the automatic creation of EtherChannels by exchanging LACP packets between LAN ports. LACP packets are exchanged only between ports in passive and active modes.
Page 723: Load Balancing
Chapter 26 Configuring EtherChannel and Link State Tracking EtherChannel Configuration Guidelines and Restrictions LACP port priority—You must configure an LACP port priority on each port configured to use • LACP. The port priority can be configured automatically or through the CLI. See the “Configuring Layer 2 EtherChannels”...
Page 724: Configuring Etherchannel
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel For Layer 3 EtherChannels: • Assign Layer 3 addresses to the port channel logical interface, not to the physical interfaces in – the channel. For Layer 2 EtherChannels: • Assign all interfaces in the EtherChannel to the same VLAN, or configure them as trunks. –...
Page 725: Configuring Layer 3 Etherchannels
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Configuring Layer 3 EtherChannels To configure Layer 3 EtherChannels, create the port channel logical interface and then put the Ethernet interfaces into the port channel. These sections describe Layer 3 EtherChannel configuration: •...
Page 726 Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Command Purpose Step 1 Selects a physical interface to configure. Switch(config)# interface {fastethernet | gigabitethernet | tengigabitethernet} slot/port Step 2 Makes this a Layer 3 routed port. Switch(config-if)# no switchport Step 3 Ensures that no IP address is assigned to the physical Switch(config-if)# no ip address...
Page 727 Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Channel group = 1 Mode = Desirable Gcchange = 0 Port-channel = Po1 = 0x00010001 Pseudo-port-channel = Po1 Port indx Load = 0x55 Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
Page 728: Configuring Layer 2 Etherchannels
To configure Layer 2 EtherChannels, configure the Ethernet interfaces with the channel-group command. This operation creates the port channel logical interface. Cisco IOS software creates port channel interfaces for Layer 2 EtherChannels when you configure Note Layer 2 Ethernet interfaces with the channel-group command.
Page 729 Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel This example shows how to verify the configuration of port channel interface 2: Switch# show running-config interface port-channel 2 Building configuration... Current configuration: interface Port-channel2 switchport access vlan 10 switchport mode access Switch# The following two examples show how to verify the configuration of Fast Ethernet interface 5/6: Switch# show running-config interface fastethernet 5/6...
Page 730: Configuring Lacp Standalone Or Independent Mode
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Port state = Port-channel Ag-Inuse Ports in the Port-channel: Index Load Port ------------------- Fa5/6 Fa5/7 Time since last port bundled: 00h:23m:33s Fa5/6 Switch# Configuring LACP Standalone or Independent Mode This feature is particularly relevant when a port (A) in a Layer 2 LACP EtherChannel is connected to an unresponsive port (B) on the peer.
Page 731: Configuring The Lacp System Priority And System Id
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel Building configuration... Current configuration: interface Port-channel1 switchport no port-channel standalone-disable Switch# This example shows how to verify the state of port channel interface 1: Switch# show etherchannel 1 port-channel Port-channels in the group: --------------------------- Port-channel: Po13 (Primary Aggregator)
Page 732: Configuring Etherchannel Load Balancing
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel 1 0005.9a39.7a80 to 0005.9a39.7a81 2.1 12.1(12r)EW 12.1(13)EW(0.26) Ok 2 0002.fd80.f530 to 0002.fd80.f55f 0.1 3 0009.7c45.67c0 to 0009.7c45.67ef 1.6 4 0009.7c45.4a80 to 0009.7c45.4aaf 1.6 This example shows how to verify the configuration: Switch# show lacp sys-id 23456,0050.3e8d.6400 Switch#...
Page 733: Removing An Interface From An Etherchannel
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring EtherChannel src-dst-ip EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Source XOR Destination MAC address IPv4: Source XOR Destination IP address IPv6: Source XOR Destination IP address Switch# Removing an Interface from an EtherChannel To remove an Ethernet interface from an EtherChannel, perform this task: Command Purpose...
Page 734: Displaying Etherchannel To A Virtual Switch System
Switch(config)# end Displaying EtherChannel to a Virtual Switch System Catalyst 4500 series switches support enhanced PAgP. If a Catalyst 4500 series switch is connected to a Catalyst 6500 series Virtual Switch System (VSS) by using a PAgP EtherChannel, the Catalyst 4500 series switch automatically serve as a VSS client, using enhanced PAgP on this EtherChannel for dual-active detection.
Page 735 (Catalyst 4500 series switch) Active_ID = B’s MAC As a remote switch, the Catalyst 4500 series switch supports stateful VSS client. In particular, the ID of the current active virtual switch is synchronized from the active supervisor engine to the redundant supervisor engine of the Catalyst 4500 series switch.
Page 736: Displaying Etherchannel Links To Vss
Chapter 26 Configuring EtherChannel and Link State Tracking Understanding Link-State Tracking Displaying EtherChannel Links to VSS To display the dual-active detection capability of a configured PAgP port channel, enter the show pagp port_channel_number dual-active command. The command provides the following information: •...
Page 737 Chapter 26 Configuring EtherChannel and Link State Tracking Understanding Link-State Tracking Figure 26-3 on page 26-20 shows a network configured with link-state tracking. To enable link-state tracking, create a link-state group, and specify the interfaces that are assigned to the link-state group. An interface can be an aggregation of ports (an EtherChannel), a single physical port in access or trunk mode, or a routed port.
Page 738 Chapter 26 Configuring EtherChannel and Link State Tracking Understanding Link-State Tracking As an example of a connectivity change from link-state group 1 to link-state group 2 on switch A, Figure 26-3 on page 26-20. If the upstream link for port 6 is lost, the link states of downstream ports 1 and 2 do not change.
Page 739: Configuring Link-State Tracking
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring Link-State Tracking Configuring Link-State Tracking These sections describe how to configure link-state tracking ports: Default Link-State Tracking Configuration, page 26-21 • Link-State Tracking Configuration Guidelines, page 26-21 • Configuring Link-State Tracking, page 26-21 •...
Page 740: Displaying Link-State Tracking Status
Chapter 26 Configuring EtherChannel and Link State Tracking Configuring Link-State Tracking Command Purpose Step 4 Specifies a link-state group, and configure the interface as either Switch(config-if)# link state group number ] {upstream | downstream} an upstream or downstream interface in the group.The group number can be 1 to 10;...
Page 741: Configuring Igmp Snooping And Filtering And Mvr
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 742: About Igmp Snooping
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR About IGMP Snooping About IGMP Snooping This section includes the following subsections: Immediate-Leave Processing, page 27-3 • IGMP Configurable-Leave Timer, page 27-4 • IGMP Snooping Querier, page 27-4 • Explicit Host Tracking, page 27-4 •...
Page 743: Immediate-Leave Processing
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR About IGMP Snooping For a Layer 2 IGMPv2 host interface to join an IP multicast group, a host sends an IGMP membership report for the IP multicast group. For a host to leave a multicast group, it can either ignore the periodic IGMP general queries or it can send an IGMP leave message.
Page 744: Igmp Configurable-Leave Timer
In Cisco IOS Release 12.2(31)SG and later, you can configure the length of time that the switch waits after sending a group-specific query to determine if hosts are still interested in a specific multicast group.
Page 745: Configuring Igmp Snooping
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Snooping Configuring IGMP Snooping When configuring IGMP, configure the VLAN in the VLAN database mode. See Chapter 16, Note “Configuring VLANs, VTP, and VMPS.” IGMP snooping allows switches to examine IGMP packets and make forwarding decisions based on their content.
Page 746: Enabling Igmp Snooping Globally
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Snooping Enabling IGMP Snooping Globally To enable IGMP snooping globally, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Enables IGMP snooping. Switch(config)# [no] ip igmp snooping Use the no keyword to disable IGMP snooping.
Page 747: Configuring Learning Methods
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Snooping This example shows how to enable IGMP snooping on VLAN 2 and verify the configuration: Switch# configure terminal Switch(config)# ip igmp snooping vlan 2 Switch(config)# end Switch# show ip igmp snooping vlan 2 Global IGMP Snooping configuration: ----------------------------------- IGMP snooping...
Page 748: Configuring A Static Connection To A Multicast Router
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Snooping This example shows how to configure IP IGMP snooping to learn from CGMP self-join packets: Switch# configure terminal Switch(config)# ip igmp snooping vlan 1 mrouter learn cgmp Switch(config)# end Switch# Configuring a Static Connection to a Multicast Router To configure a static connection to a multicast router, enter the ip igmp snooping vlan mrouter...
Page 749: Configuring The Igmp Leave Timer
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Snooping This example shows how to enable IGMP immediate-leave processing on interface VLAN 200 and to verify the configuration: Switch# configure terminal Switch(config)# ip igmp snooping vlan 200 immediate-leave Configuring immediate leave on vlan 200 Switch(config)# end Switch# show ip igmp interface vlan 200 | include immediate leave...
Page 750: Configuring Igmp Snooping Querier
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Snooping Switch# show ip igmp snooping show ip igmp snooping Global IGMP Snooping configuration: ----------------------------------- IGMP snooping : Enabled IGMPv3 snooping : Enabled Report suppression : Enabled TCN solicit query : Disabled TCN flood query count Last Member Query Interval : 200...
Page 751: Configuring Explicit Host Tracking
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Snooping Command Purpose Step 8 Configures IGMP Snooping Querier tcn query count. Switch(config)# ip igmp snooping [vlan vlan_id] querier tcn query count value Step 9 Configures IGMP Snooping Querier tcn query interval. Switch(config)# ip igmp snooping [vlan vlan_id] querier tcn query interval value...
Page 752: Suppressing Multicast Flooding
When the topology changes, the Catalyst 4500 series switch takes special actions to ensure that multicast traffic is delivered to all multicast receivers in that VLAN.
Page 753: Igmp Snooping Switch Configuration
When the spanning tree protocol is running in a VLAN, a spanning tree topology change notification (TCN) is issued by the root switch in the VLAN. A Catalyst 4500 series switch that receives a TCN in a VLAN for which IGMP snooping has been enabled immediately enters into multicast flooding mode for a period of time until the topology restabilizes and the new locations of all multicast receivers are learned.
Page 754: Displaying Igmp Snooping Information
When a spanning tree root switch receives a topology change in an IGMP snooping-enabled VLAN, the switch issues a query solicitation that causes an Cisco IOS router to send out one or more general queries. The new command ip igmp snooping tcn query solicit causes the switch to send the query solicitation whenever it notices a topology change, even if that switch is not the spanning tree root.
Page 755: Displaying Querier Information
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Displaying IGMP Snooping Information Displaying MAC Address Multicast Entries, page 27-18 • Displaying IGMP Snooping Information on a VLAN Interface, page 27-18 • Configuring IGMP Filtering, page 27-30 • Displaying Querier Information To display querier information, perform this task: Command Purpose...
Page 756: Displaying Group Information
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Displaying IGMP Snooping Information 40.40.40.2/224.10.10.10 Gi4/1 20.20.20.20 00:23:37 00:06:50 00:20:30 40.40.40.3/224.10.10.10 Gi4/2 20.20.2020 00:23:37 00:06:50 00:20:30 40.40.40.4/224.10.10.10Gi4/1 20.20.20.20 00:39:42 00:09:17 - 40.40.40.5/224.10.10.10Fa2/1 20.20.20.20 00:39:42 00:09:17 - 40.40.40.6/224.10.10.10 Fa2/1 20.20.20.20 00:09:47 00:09:17 - Switch# clear ip igmp snooping membership vlan 20 This example shows how to display host membership for interface gi4/1: Switch# show ip igmp snooping membership interface gi4/1...
Page 757: Displaying Multicast Router Interfaces
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Displaying IGMP Snooping Information This example shows how to display the host types and ports of a group in VLAN 1: Switch# show ip igmp snooping groups vlan 10 226.6.6.7 Vlan Group Version Ports...
Page 758: Displaying Mac Address Multicast Entries
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Displaying IGMP Snooping Information To display multicast router interfaces, perform this task: Command Purpose Displays multicast router interfaces. Switch# show ip igmp snooping mrouter vlan vlan_ID This example shows how to display the multicast router interfaces in VLAN 1: Switch# show ip igmp snooping mrouter vlan 1 vlan ports...
Page 759: Displaying Igmp Snooping Querier Information
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Displaying IGMP Snooping Information This example shows how to display IGMP snooping information on VLAN 5: Switch# show ip igmp snooping vlan 5 Global IGMP Snooping configuration: ----------------------------------- IGMP snooping :Enabled IGMPv3 snooping support :Full Report suppression...
Page 760: Understanding Multicast Vlan Registration
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Understanding Multicast VLAN Registration Vlan 2: IGMP switch querier status ------------------------------------------------ admin state : Enabled admin version source IP address : 1.2.3.4 query-interval (sec) : 55 max-response-time (sec) : 12 querier-timeout (sec) : 70 tcn query count : 10...
Page 761: Using Mvr In A Multicast Television Application
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Understanding Multicast VLAN Registration In dynamic mode, the interface on which the multicast router is learned or configured will receive • MVR traffic. The receiver ports from where the MVR hosts have explicitly joined either by IGMP reports or by MVR static configuration will receive the MVR data traffic.
Page 762 Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Understanding Multicast VLAN Registration Figure 27-1 Multicast VLAN Registration Example Multicast VLAN Cisco router Multicast server Switch B Multicast Multicast data data Switch A RP1 RP2 RP3 RP4 RP5 RP6 RP7...
Page 763: Configuring Mvr
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring MVR Because MVR multicast traffic is sent only on mVLANs, duplicating television-channel multicast traffic for subscribers on different VLANs is unnecessary. The IGMP leave and join messages are in the VLAN to which the subscriber port is assigned.
Page 764: Configuring Mvr Global Parameters
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring MVR Router ports or ports that are connected to another MVR switch are configured as source ports. – Compatible mode • A source port configuration is required for those ports that must receive MVR traffic, even when there is no JOIN request from that port.
Page 765 Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring MVR To configure MVR parameters, perform these steps: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Enables MVR on the switch. Switch(config)# mvr Step 3 Configures an IP multicast address on the switch or uses the count parameter Switch(config)# mvr group ip-address [count]...
Page 766: Configuring Mvr On Access Ports
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring MVR RetWordIndex: 522220 Link: 1048575(0xFFFFF) FieldsCnt: 1 SuppressRxVlanBridging: true Vlan: 100 BridgeOnly: N Fa2/1(8) Fa2/1 is an mrouter port. Note Configuring MVR on Access Ports To configure the access port, perform these steps: Command Purpose Step 1...
Page 767: Configuring Mvr On A Trunk Port
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring MVR Switch(config-if)# exit Switch(config)# interface fastEthernet 2/3 Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan 100 Switch(config-if)# mvr type source To verify the configuration, enter the show mvr command: Switch# show mvr interface Port Type Mode...
Page 768 Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring MVR Switch(config)# interface fastEthernet 2/4 Switch(config-if)# switchport mode trunk Switch(config-if)# mvr type receiver Switch(config-if)# mvr vlan 100 receiver vlan 300 Switch# show mvr interface Port Type Mode VLAN Status Immediate Leave ------------------------------------------------------------------------------ Fa2/1 SOURCE...
Page 769: Displaying Mvr Information
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Displaying MVR Information Displaying MVR Information You can display MVR information for the switch or a specified interface. Use the following commands in privileged EXEC mode: Table 27-3 Commands for Displaying MVR Information Displays MVR status: show mvr whether MVR is enabled or disabled...
Page 770: Configuring Igmp Filtering
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Filtering Switch# show mvr interface fastEthernet 2/2 members MVR Group IP VLAN Membership Status ---------------------------------------------------- 225.1.1.1 vlan 200 DYNAMIC ACTIVE/UP Switch# show mvr interface fastEthernet 2/2 members vlan 200 MVR Group IP VLAN Membership...
Page 771: Configuring Igmp Profiles
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Filtering Table 27-4 Default IGMP Filtering Settings Feature Default Setting IGMP filters No filtering IGMP maximum number of IGMP groups No limit IGMP profiles None defined Configuring IGMP Profiles To configure an IGMP profile and to enter IGMP profile configuration mode, use the ip igmp profile global configuration command.
Page 772: Applying Igmp Profiles
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Filtering To delete a profile, use the no ip igmp profile profile-number global configuration command. To delete an IP multicast address or range of IP multicast addresses, use the no range ip multicast address IGMP profile configuration command.
Page 773: Setting The Maximum Number Of Igmp Groups
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Configuring IGMP Filtering Switch# show running-config interface fastethernet2/12 Building configuration... Current configuration : 123 bytes interface FastEthernet2/12 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 Setting the Maximum Number of IGMP Groups You can set the maximum number of IGMP groups that a Layer 2 interface can join by using the ip igmp max-groups interface configuration command.
Page 774: Displaying Igmp Filtering Configuration
Chapter 27 Configuring IGMP Snooping and Filtering, and MVR Displaying IGMP Filtering Configuration interface FastEthernet2/12 no ip address shutdown snmp trap link-status ip igmp max-groups 25 ip igmp filter 4 Displaying IGMP Filtering Configuration You can display IGMP profile and maximum group configuration for all interfaces on the switch or for a specified interface.
Page 775: Configuring Ipv6 Multicast Listener Discovery Snooping
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 776: Mld Messages
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping About MLD Snooping MLD is a protocol used by IPv6 multicast routers to discover the presence of multicast listeners (nodes that want to receive IPv6 multicast packets) on its directly attached links and to discover which multicast packets are of interest to neighboring nodes.
Page 777: Mld Queries
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping About MLD Snooping MLD Queries The switch sends out MLD queries, constructs an IPv6 multicast address database, and generates MLD group-specific and MLD group-and-source-specific queries in response to MLD Done messages. The switch also supports report suppression, report proxying, Immediate-Leave functionality, and static IPv6 multicast MAC-address configuration.
Page 778: Mld Reports
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping About MLD Snooping MLD Reports The processing of MLDv1 join messages is essentially the same as with IGMPv2. When no IPv6 multicast routers are detected in a VLAN, reports are not processed or forwarded from the switch. When IPv6 multicast routers are detected and an MLDv1 report is received, an IPv6 multicast group address and an IPv6 multicast MAC address are entered in the VLAN MLD database.
Page 779: Configuring Ipv6 Mld Snooping
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping Configuring IPv6 MLD Snooping configuration command. The default is to send two queries. The switch also generates MLDv1 global Done messages with valid link-local IPv6 source addresses when the switch becomes the STP root in the VLAN or when it is configured by the user.
Page 780: Mld Snooping Configuration Guidelines
The total number of IPv4 and IPv6 multicast groups entries that can coexist on the Catalyst 4500 series switch is limited to 16384. The supervisor engine with 512 MB of memory supports about 11000 MLD Snooping multicast •...
Page 781: Configuring A Static Multicast Group
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping Configuring IPv6 MLD Snooping To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number. Configuring a Static Multicast Group Hosts or Layer 2 ports normally join multicast groups dynamically, but you can also statically configure an IPv6 multicast address and member ports for a VLAN.
Page 782: Enabling Mld Immediate Leave
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping Configuring IPv6 MLD Snooping Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Specifies the multicast router VLAN ID, and specify the Switch(config)# ipv6 mld snooping vlan vlan-id mrouter interface interface-id interface to the multicast router.
Page 783: Configuring Mld Snooping Queries
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping Configuring IPv6 MLD Snooping Configuring MLD Snooping Queries When Immediate Leave is not enabled and a port receives an MLD Done message, the switch generates MASQs on the port and sends them to the IPv6 multicast address for which the Done message was sent. You can optionally configure the number of MASQs that are sent and the length of time the switch waits for a response before deleting the port from the multicast group.
Page 784: Disabling Mld Listener Message Suppression
Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping Displaying MLD Snooping Information Switch# configure terminal Switch(config)# ipv6 mld snooping robustness-variable 3 Switch(config)# exit This example shows how to set the MLD snooping last-listener query count for a VLAN to 3: Switch# configure terminal Switch(config)# ipv6 mld snooping vlan 200 last-listener-query-count 3 Switch(config)# exit...
Page 785 Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping Displaying MLD Snooping Information Table 28-2 Commands for Displaying MLD Snooping Information Command Purpose Displays the MLD snooping configuration information for all VLANs show ipv6 mld snooping [vlan vlan-id] on the switch or for a specified VLAN. (Optional) Enter vlan vlan-id to display information for a single VLAN.
Page 786 Chapter 28 Configuring IPv6 Multicast Listener Discovery Snooping Displaying MLD Snooping Information Software Configuration Guide—elease IOS XE 3.6.0E and IOS 15.2(2)E 28-12 OL_28731-01...
Page 787: Configuring 802.1Q Tunneling, Vlan Mapping, And Layer 2 Protocol Tunneling
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 788: About 802.1Q Tunneling
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling About 802.1Q Tunneling About 802.1Q Tunneling The VLAN ranges required by different customers in the same service provider network might overlap, and customer traffic through the infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer restricts customer configurations and could easily exceed the VLAN limit (4096) of the 802.1Q specification.
Page 789: Configuring 802.1Q Tunneling
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring 802.1Q Tunneling Figure 29-2 Original (Normal), 802.1Q, and Double-Tagged Ethernet Packet Formats (IA, MA) (IB, MB) (IC, MC) When the packet enters the trunk port of the service provider egress switch, the metro tag is again stripped as the switch processes the packet.
Page 790: Native Vlans
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring 802.1Q Tunneling Native VLANs When configuring 802.1Q tunneling on an edge switch, you must use 802.1Q trunk ports for sending packets into the service provider network. However, packets going through the core of the service provider network can be carried through 802.1Q trunks, ISL trunks, or nontrunking links.
Page 791: System Mtu
Q = 802.1Q trunk ports System MTU The default system MTU for traffic on the Catalyst 4500 series switch is 1500 bytes. You can configure the switch to support larger frames by using the system mtu global configuration command. Because the 802.1Q tunneling feature increases the frame size by 4 bytes when the metro tag is added, you must...
Page 792: Configuring An 802.1Q Tunneling Port
• When a port is configured as an 802.1Q tunnel port, spanning-tree bridge protocol data unit (BPDU) • filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) is automatically disabled on the interface. Configuring an 802.1Q Tunneling Port To configure a port as an 802.1Q tunnel port, perform this task:...
Page 793: About Vlan Mapping
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling About VLAN Mapping Switch(config-if)# exit Switch(config)# vlan dot1q tag native Switch(config)# end Switch# show dot1q-tunnel interface gigabitethernet2/7 Port ----- LAN Port(s) ----- Gi2/7 Switch# show vlan dot1q tag native dot1q native vlan tagging is enabled globally About VLAN Mapping WS-C4948-10GE does not support VLAN mapping.
Page 794 Customer B edge switch All forwarding operations on the Catalyst 4500 series switch are performed using S-VLAN and not C-VLAN information because the VLAN ID is mapped to the S-VLAN on ingress. When you configure features on a port configured for VLAN mapping, you always use the S-VLAN Note rather than the customer VLAN-ID (C-VLAN).
Page 795: Mapping Customer Vlans To Service-Provider Vlans
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping Mapping Customer VLANs to Service-Provider VLANs Figure 29-5 shows a topology where a customer uses the same VLANs in multiple sites on different sides of a service-provider network. You map the customer VLAN IDs to service-provider VLAN IDs for packet travel across the service-provider backbone.
Page 796: Vlan Mapping Configuration Guidelines
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping VLAN Mapping Configuration Guidelines Guidelines include the following: Traditional QinQ uses 802.1Q tunnel ports; you configure one-to-one VLAN mapping and selective • QinQ on 802.1Q trunk ports. •...
Page 797: Configuring Vlan Mapping
“Monitoring and Maintaining Tunneling Status” section on page 29-18 for the syntax of these commands. For more information about all commands in this section, see the Catalyst 4500 Series Switch Software Command Reference for this release. The following VLAN mapping types are discussed: One-to-One Mapping, page 29-11 •...
Page 798: Traditional Q-In-Q On A Trunk Port
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping Switch(config-if)# switchport vlan mapping 4 104 Switch(config-if)# switchport vlan mapping 4 105 Switch(config-if)# exit In the previous example, at the ingress of the service-provider network, VLAN IDs 1 to 5 in the customer network are mapped to VLANs 101 to 105, in the service provider network.
Page 799: About Layer 2 Protocol Tunneling
VLAN should build a proper spanning tree that includes the local site and all remote sites across the service provider network. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.
Page 800 • spanning tree, based on parameters from all sites and not just from the local site. • CDP discovers and shows information about the other Cisco devices connected through the service provider network. • VTP provides consistent VLAN configuration throughout the customer network, propagating to all switches through the service provider.
Page 801: Configuring Layer 2 Protocol Tunneling
PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0). If 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the customer metro tag, and the inner tag is the customer’s VLAN tag.
Page 802: Default Layer 2 Protocol Tunneling Configuration
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Layer 2 Protocol Tunneling Configuration Guidelines, page 29-16 • Configuring Layer 2 Tunneling, page 29-17 • Default Layer 2 Protocol Tunneling Configuration Table 29-1 shows the default configuration for Layer 2 protocol tunneling.
Page 803: Configuring Layer 2 Tunneling
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring Layer 2 Protocol Tunneling Because tunneled PDUs (especially STP BPDUs) must be delivered to all remote sites so that the • customer virtual network operates properly, you can give PDUs higher priority within the service provider network than data packets received from the same tunnel port.
Page 804: Monitoring And Maintaining Tunneling Status
Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Monitoring and Maintaining Tunneling Status Command Purpose Step 8 (Optional) Configures the recovery method from a Layer 2 maximum-rate Switch(config)# errdisable recovery cause l2ptguard error so that the interface is reenabled and can try again. Errdisable recovery is disabled by default;...
Page 805 Switch# show vlan dot1q native Note With Cisco IOS Release 12.2(20)EW, the BPDU filtering configuration for both dot1q and Layer 2 protocol tunneling is no longer visible in the running configuration as spanning-tree bpdufilter enable. The configuration is visible in the output of the show spanning tree int detail command.
Page 806 Chapter 29 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling Monitoring and Maintaining Tunneling Status Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 29-20 OL_28731-01...
Page 807: Configuring Cdp
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 808: Configuring Cdp
Chapter 30 Configuring CDP Configuring CDP Each CDP-configured device sends periodic messages to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain the time-to-live, or holdtime information, which indicates the length of time a receiving device should hold CDP information before discarding it.
Page 809: Enabling Cdp On An Interface
Chapter 30 Configuring CDP Configuring CDP Enabling CDP on an Interface To enable CDP on an interface, use this command: Command Purpose Enables CDP on an interface. Switch(config-if)# [no] cdp enable Use the no keyword to disable CDP on an interface. This example shows how to enable CDP on Fast Ethernet interface 5/1: Switch(config)# interface fastethernet 5/1 Switch(config-if)# cdp enable...
Page 810 Chapter 30 Configuring CDP Configuring CDP Command Purpose Displays information about a specific neighbor. The Switch# show cdp entry entry_name [protocol | version] display can be limited to protocol or version information. Switch# show cdp interface Displays information about interfaces on which CDP is [type/number] enabled.
Page 811: Configuring Lldp, Lldp-Med, And Location Service
• LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Page 812: Lldp-Med
Configuring LLDP, LLDP-MED, and Location Service About LLDP, LLDP-MED, and Location Service To support non-Cisco devices and to allow for interoperability between other devices, the switch supports the IEEE 802.1AB LLDP. LLDP is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network.
Page 813: Location Service
The location service feature enables the switch to provide location and attachment tracking information for its connected devices to a Cisco Mobility Services Engine (MSE). The tracked device can be a wireless endpoint, a wired endpoint, or a wired switch or controller. The switch informs device link up and link-down events through Network Mobility Services Protocol (NMSP) location and attachment notifications to the MSE.
Page 814: Configuring Lldp And Lldp-Med, And Location Service
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Slot, port, and port-type • Client’s MAC address • Client’s IP address • 802.1X username if applicable • Device category is specified as a wired station •...
Page 815: Default Lldp Configuration
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Default LLDP Configuration Table 31-1 shows the default LLDP configuration. To change the default settings, use the LLDP global configuration and LLDP interface configuration commands. Table 31-1 Default LLDP Configuration Feature...
Page 816: Disabling And Enabling Lldp Globally
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 6 Saves your entries in the configuration file. Switch(config)# copy running-config startup-config Step 7 (Optional) Specifies the LLDP-MED TLVs to send or receive. Switch(config)# lldp med-tlv-select Use the no form of each of the LLDP commands to return to the default setting.
Page 817: Disabling And Enabling Lldp On An Interface
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 2 Enables LLDP. Switch(config)# lldp run Step 3 Returns to privileged EXEC mode. Switch(config)# end This example shows how to globally disable LLDP: Switch# configure terminal Switch(config)# no lldp run Switch(config)# end...
Page 818 Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 5 Returns to privileged EXEC mode. Switch(config)# end Step 6 Saves your entries in the configuration file. Switch# copy running-config startup-config This example shows how to enable LLDP on an interface: Switch# configure terminal Switch(config)# interface GigabitEthernet 1/1 Switch(config-if)# lldp transmit...
Page 819: Configuring Lldp-Med Tlvs
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Configuring LLDP-MED TLVs By default, the switch only sends LLDP packets until it receives LLDP-MED packets from the end device. The switch continues to send LLDP-MED packets until it only receives LLDP packets. By using the lldp interface configuration command, you can configure the interface not to send the TLVs listed in Table...
Page 820: Configuring Network-Policy Profile
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Configuring Network-Policy Profile To create a network-policy profile, configure the policy attributes, and apply it to an interface, perform this task: Command Purpose Step 1 Enters global configuration mode.
Page 821: Configuring Lldp Power Negotiation
Switch(config-network-policy)# voice vlan dot1p cos 4 Switch(config-network-policy)# voice vlan dot1p dscp 34 As of Cisco IOS Release 12.2(54)SG, the Catalyst 4500 series switch supports only 2 applications: voice Note and voice signaling. The default cos/dscp values for a voice application is 5/46 and for voice signaling is 3/24.
Page 822: Configuring Location Tlv And Location Service
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP-MED, and Location Service Command Purpose Step 3 Enables LLDP power negotiation. Switch(config-if)# lldp tlv-select power-management Step 4 Returns to privileged EXEC mode. Switch(config-if)# end Step 5 (Optional) Saves your entries in the configuration file. Switch# copy running-config startup-config This example shows how to enable LLDP power negotiation on interface Gigabit Ethernet 3/1:...
Page 823 Note Your switch must be running the cryptographic (encrypted) software image in order to enable the location service feature. Your Cisco Mobility Service Engine (MSE) must be running Heitz 6.0 or later software image to support wired location service Command...
Page 824: Monitoring And Maintaining Lldp, Lldp-Med, And Location Service
Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Monitoring and Maintaining LLDP, LLDP-MED, and Location Service Command Purpose Step 4 Specifies the NMSP notification interval. Switch(config)# nmsp notification interval {attachment | location} attachment—Specify the attachment notification interval. interval-seconds location—Specify the location notification interval. interval-seconds—Duration in seconds before a switch sends the location or attachment updates to the MSE.
Page 825: Cisco Ios Carries Ethernet Features In Cisco Ios Xe 3.1.0Sg
[detail] Cisco IOS Carries Ethernet Features in Cisco IOS XE 3.1.0SG This section provides a list of High Availability software features that are supported in Cisco IOS XE 3.1.0SG. Links to the feature documentation are included. Feature guides may contain information about more than one feature. To find information about a specific feature within a feature guide, see the Feature Information table at the end of the guide.
Page 826 Chapter 31 Configuring LLDP, LLDP-MED, and Location Service Cisco IOS Carries Ethernet Features in Cisco IOS XE 3.1.0SG Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 31-16 OL_28731-01...
Page 827: Configuring Udld
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 828: Udld Topology
Configuring UDLD About UDLD Starting with Cisco IOS Release 12.2(54)SG, the enhancement Fast UDLD was added, which supports timers in the few-hundred milliseconds range, which enables subsecond unidirectional link detection. With Fast UDLD, the time to detect a unidirectional link can vary from less than one second to a few seconds (the detection time also depends on how the timers are configured).
Page 829: Operation Modes
Chapter 32 Configuring UDLD About UDLD Figure 32-2 Fast UDLD Topology EtherChannel consisting of two interfaces Switch A Switch B For Fast UDLD, Catalyst 4900M, Catalyst 4948E, Supervisor Engine 6-E, Supervisor 6L-E, Supervisor Note 7-E, and Supervisor Engine 7L-E support up to 32 ports. Operation Modes UDLD and Fast UDLD support the following operation modes: Normal—A UDLD-capable port (A) periodically sends a UDLD probe to a second port (B).
Page 830: Default Udld Configuration
Chapter 32 Configuring UDLD Default UDLD Configuration Default UDLD Configuration Table 32-1 shows the UDLD default configuration. Table 32-1 UDLD Default Configuration Feature Default Status UDLD global enable state Globally disabled. UDLD per-interface enable state for fiber-optic media Enabled on all Ethernet fiber-optic interfaces. UDLD per-interface enable state for twisted-pair (copper) media Disabled on all Ethernet 10/100 and 1000BASE-TX interfaces.
Page 831: Enabling Udld Globally
The range is from 1 to 90 seconds. Prior to Cisco IOS Release 12.2(31)SGA, the Note timer range is 7 to 90 seconds. With Cisco IOS Release 12.2(31)SGA, the timer range is 1 to 90 seconds.
Page 832: Enabling Udld On Individual Interfaces
Chapter 32 Configuring UDLD Configuring UDLD on the Switch Enabling UDLD on Individual Interfaces To enable UDLD on individual interfaces, perform this task: Command Purpose Step 1 Enables UDLD in normal mode on a specific interface. Switch(config-if)# udld port On a fiber-optic interface, this command overrides the udld enable global configuration command setting.
Page 833: Disabling Udld On Individual Interfaces
Chapter 32 Configuring UDLD Configuring UDLD on the Switch Disabling UDLD on Individual Interfaces To disable UDLD on individual interfaces, perform this task: Command Purpose Step 1 Disables UDLD on an interface. Switch(config-if)# no udld port The following applies: • On fiber-optic interfaces, the no udld port command reverts the interface configuration to the setting established with the udld enable global...
Page 834: Configuring A Udld Probe Message Interval Globally
1 to 90 seconds. Prior to Cisco IOS Release 12.2(31)SGA, the Note time interval is 7 to 90 seconds. With Cisco IOS Release 12.2(31)SGA, the time interval is 1 to 90 second.
Page 835: Displaying Udld Link Status
Chapter 32 Configuring UDLD Displaying UDLD Link Status Displaying UDLD Link Status To verify link status reported by UDLD, enter the following command: Switch# show udld neighbors Port Device Name Device ID Port ID Neighbor State ---- ----------- --------- ------- -------------- Gi1/33 FOX10430380...
Page 836 Chapter 32 Configuring UDLD Displaying UDLD Link Status To verify status for a particular link as reported by Fast UDLD, enter the following command: Switch# show udld fast-hello g1/33 Interface Gi1/33 Port enable administrative configuration setting: Enabled / in aggressive mode Port enable operational state: Enabled / in aggressive mode Current bidirectional state: Bidirectional Current operational state: Advertisement - Single neighbor detected...
Page 837: Configuring Unidirectional Ethernet
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 838: Configuring Unidirectional Ethernet
Chapter 33 Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet You must configure Unidirectional Ethernet on the non-blocking Gigabit Ethernet Port, which Note automatically disables UDLD on the port. To enable Unidirectional Ethernet, perform this task: Command Purpose Step 1 Selects the interface to configure.
Page 839 Chapter 33 Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet This example shows how to verify the configuration: Switch> show interface gigabitethernet 1/1 unidirectional show interface gigabitethernet 1/1 unidirectional Unidirectional configuration mode: send only CDP neighbor unidirectional configuration mode: receive only This example shows how to disable Unidirectional Ethernet on Gigabit Ethernet interface 1/1: Switch# configure terminal Enter configuration commands, one per line.
Page 840 Chapter 33 Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 33-4 OL_28731-01...
Page 841: Configuring Layer 3 Interfaces
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 842: Logical Layer 3 Vlan Interfaces
Chapter 34 Configuring Layer 3 Interfaces About Layer 3 Interfaces On a Catalyst 4500 Series Switch, a physical Layer 3 interface has MAC address learning enabled. Note This section contains the following subsections: Logical Layer 3 VLAN Interfaces, page 34-2 •...
Page 843: Understanding Svi Autostate Exclude
Chapter 34 Configuring Layer 3 Interfaces About Layer 3 Interfaces Figure 34-2 Physical Layer 3 Interfaces for the Catalyst 4500 Series Switch Router Interface Ethernet Interface Ethernet 1.1.1.1 2.1.1.1 Host 1 Host 2 Physical Inter-VLAN Routing on a Catalyst 4500 series switch...
Page 844 Chapter 34 Configuring Layer 3 Interfaces About Layer 3 Interfaces Input multicast • Output unicast • Output multicast • For each counter type, both the number of packets and the total number of bytes received or transmitted are counted. You can collect these statistics uniquely for IPv4 and IPv6 traffic. Because the total number of supported Layer 3 interfaces exceeds the number of counters supported by hardware, all Layer 3 interfaces might not have counters.
Page 845: Configuration Guidelines
A Catalyst 4500 series switch does not support subinterfaces or the encapsulation keyword on Layer 3 Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet interfaces. As with any Layer 3 interface running Cisco IOS software, the IP address and network assigned to an Note SVI cannot overlap those assigned to any other Layer 3 interface on the switch.
Page 846: Configuring Logical Layer 3 Vlan Interfaces
Chapter 34 Configuring Layer 3 Interfaces Configuring Logical Layer 3 VLAN Interfaces Configuring Logical Layer 3 VLAN Interfaces Before you can configure logical Layer 3 VLAN interfaces, you must create and configure the VLANs Note on the switch, assign VLAN membership to the Layer 2 interfaces, enable IP routing if IP routing is disabled, and specify an IP routing protocol.
Page 847: Configuring Vlans As Layer 3 Interfaces
Chapter 34 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 interface resets 0 output buffer failures, 0 output buffers swapped out...
Page 848 Chapter 34 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces To apply SVI Autostate Exclude, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Enters interface configuration mode. Switch(config)# interface interface-id Step 3 Excludes the access ports and trunks in defining the Switch(config-if)# switchport autostate exclude...
Page 849: Configuring Ip Mtu Sizes
Chapter 34 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces Configuring IP MTU Sizes You can set the protocol-specific maximum transmission unit (MTU) size of IPv4 or IPv6 packets that are sent on an interface. For information on MTU limitations, refer to “Maximum Transmission Units” on page 26. To set the nonprotocol-specific MTU value for an interface, use the mtu interface configuration Note command.
Page 850: Configuring Layer 3 Interface Counters
Chapter 34 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces The following example shows how to configure IPv6 MTU on an interface: Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# interface vlan 1 Switch(config-if)# ipv6 mtu 1280 Switch(config)# end This example shows how to verify the configuration...
Page 851 Chapter 34 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces Command Purpose Step 3 Enables counters. Switch(config-if)# counter {ipv4 | ipv6 | ipv4 ipv6 separate> counter —Enables collection of IPv4 and IPv6 statistics and displays them as a sum counter ipv4 —...
Page 852: Configuring Physical Layer 3 Interfaces
Chapter 34 Configuring Layer 3 Interfaces Configuring Physical Layer 3 Interfaces Configuring Physical Layer 3 Interfaces Before you can configure physical Layer 3 interfaces, you must enable IP routing if IP routing is Note disabled, and specify an IP routing protocol. To configure physical Layer 3 interfaces, perform this task: Command Purpose...
Page 853: Configuring Eigrp Stub Routing
Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing line vty 0 4 Configuring EIGRP Stub Routing This section consists of the following subsections: About EIGRP Stub Routing, page 34-13 • Configuring EIGRP Stub Routing, page 34-14 • Monitoring and Maintaining EIGRP, page 34-19 •...
Page 854: Configuring Eigrp Stub Routing
Host C For more information about EIGRP stub routing, see the “Configuring EIGRP Stub Routing” part of the Cisco IOS IP Configuration Guide, Volume 2 of 3: Routing Protocols, Release 12.2. Configuring EIGRP Stub Routing The EIGRP stub routing feature improves network stability, reduces resource utilization, and simplifies stub switch configuration.
Page 855: Dual-Homed Remote Topology
By default, the ip classless command is enabled in all Cisco IOS images that support the EIGRP stub routing feature. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur.
Page 856 Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Figure 34-5 Simple Dual-Homed Remote Topology Distribution router 1 (hub) Corporate network Remote router (spoke) Distribution router 2 (hub) Figure 34-5 shows a simple dual-homed remote with one remote router and two distribution routers. Both distribution routers maintain routes to the corporate network and stub network 10.1.1.0/24.
Page 857 Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing network. The use of the lower bandwidth route that passes using the remote router might cause WAN EIGRP distribution routers to be dropped. Serial lines on distribution and remote routers could also be dropped, and EIGRP SIA errors on the distribution and core routers could occur.
Page 858: Eigrp Stub Routing Configuration Tasks
Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Multi-access interfaces, such as ATM, Ethernet, Frame Relay, ISDN PRI, and X.25, are supported by the Note EIGRP stub routing feature only when all routers on that interface, except the hub, are configured as stub routers.
Page 859: Monitoring And Maintaining Eigrp
Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing (sec) (ms) Cnt Num 10.1.1.2 Se3/1 11 00:00:59 4500 Version 12.1/1.2, Retrans: 2, Retries: 0 Stub Peer Advertising ( CONNECTED SUMMARY ) Routes Monitoring and Maintaining EIGRP To delete neighbors from the neighbor table, use the following command: Command Purpose Deletes neighbors from the neighbor table.
Page 860: Route Authentication Example
Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing default route learned from the neighbors is displaced by the summary default route, or if the summary route is the only default route present, all traffic destined for the default route does not leave the router. Instead, this traffic is sent to the null 0 interface where it is dropped.
Page 861 Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing static • summary • This section provides configuration examples for all forms of the eigrp stub command. The eigrp stub command can be modified with several options, and these options can be used in any combination except for the receive-only keyword.
Page 862 Chapter 34 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 34-22 OL_28731-01...
Page 863: Configuring Cisco Express Forwarding
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 864: Forwarding Information Base
IP routing table. On the Catalyst 4500 series switches, CEF loads the FIB in to the integrated switching engine hardware to increase the performance of forwarding. The integrated switching engine has a finite number of forwarding slots for storing routing information.
Page 865: Adjacency Types That Require Special Handling
When the Layer 2 information is known, the packet is forwarded to the route processor, and the adjacency is determined through ARP. Catalyst 4500 Series Switch Implementation of CEF Catalyst 4500 series switches support an ASIC-based integrated switching engine that provides these features: •...
Page 866: Hardware And Software Switching
Chapter 35 Configuring Cisco Express Forwarding Catalyst 4500 Series Switch Implementation of CEF Figure 35-1 Logical L2/L3 Switch Components Integrated Switching Engine (ASIC) L3 physical interface Gig 1/1 Logical Router L3 logical interfaces VLAN1 VLAN2 L2 switchports The integrated switching engine performs inter-VLAN routing on logical Layer 3 interfaces with the ASIC hardware.
Page 867: Hardware Switching
Chapter 35 Configuring Cisco Express Forwarding Catalyst 4500 Series Switch Implementation of CEF Figure 35-2 Hardware and Software Switching Components Integrated Switching Engine CPU Subsystem L3 physical interface Gig 1/1 Router L3 interfaces VLAN1 VLAN2 tunnel tunnel L2 switchports The integrated switching engine performs inter-VLAN routing in hardware. The CPU subsystem software supports Layer 3 interfaces to VLANs that use Subnetwork Access Protocol (SNAP) encapsulation.
Page 868: Load Balancing
Software Interfaces Cisco IOS for the Catalyst 4500 series switch supports GRE and IP tunnel interfaces that are not part of the hardware forwarding engine. All packets that flow to or from these interfaces must be processed in software and have a significantly lower forwarding rate than that of hardware-switched interfaces.
Page 869: Configuring Load Balancing For Cef
Switch (config)# [no] ip cef load-sharing algorithm include-ports source and destination ports. destination] Use the no keyword to set the switch to use the default Cisco IOS load-sharing algorithm. Software Configuration Guide—Release IOS XE 3.5.0E and IOS 15.2(1)E 35-7 OL_28731-01...
Page 870: Viewing Cef Information
Chapter 35 Configuring Cisco Express Forwarding Monitoring and Maintaining CEF The include-ports option does not apply to software-switched traffic on the Catalyst 4500 series Note switches. Viewing CEF Information You can view the collected CEF information. To view CEF information, perform this task:...
Page 871 Chapter 35 Configuring Cisco Express Forwarding Monitoring and Maintaining CEF This example shows how to display IP unicast statistics for fastethernet 3/1: Switch# show interface fastethernet 3/1 counters detail Port InBytes InUcastPkts InMcastPkts InBcastPkts Fa3/1 7263539133 5998222 6412307 Port OutBytes...
Page 872 Chapter 35 Configuring Cisco Express Forwarding Monitoring and Maintaining CEF Software Configuration Guide—Release IOS XE 3.5.0E and IOS 15.2(1)E 35-10 OL_28731-01...
Page 873: Configuring Unicast Reverse Path Forwarding
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 874: How Unicast Rpf Works
This ability to look backwards is available only when Cisco Express Forwarding (CEF) is enabled on the switch, because the lookup relies on the presence of the Forwarding Information Base (FIB). CEF generates the FIB as part of its operation.
Page 875 Chapter 36 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding The packet is forwarded. Step 5 This section provides information about Unicast RPF enhancements: Access control lists and logging • Per-interface statistics • Figure 36-1 illustrates how Unicast RPF and CEF work together to validate IP source addresses by verifying packet return paths.
Page 876: Implementing Unicast Rpf
Chapter 36 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding Figure 36-2 Unicast RPF Dropping Packets That Fail Verification Routing table: 192.168.0.0 via 172.19.66.7 172.19.0.0 directly connected, FDDI 2/0/0 CEF table: 192.168.0.0 172.19.66.7 FDDI 2/0/0 172.19.0.0 attached FDDI 2/0/0 Adjacency table: FDDI 2/0/0 172.19.66.7...
Page 877: Security Policy And Unicast Rpf
Chapter 36 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding This section provides information about the implementation of Unicast RPF: Security Policy and Unicast RPF, page 36-5 • Where to Use Unicast RPF, page 36-5 • Routing Table Requirements, page 36-7 •...
Page 878 Chapter 36 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding ACLs work well for many single-homed customers; however, there are trade-offs when ACLs are used as ingress filters, including two commonly referenced limitations: • Packet per second (PPS) performance at very high packet rates This restriction applies only to software packet forwarding.
Page 879: Routing Table Requirements
Chapter 36 Configuring Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding Unicast RPF works with a single default route. No additional routes or routing protocols exist. Network 192.168.10.0/22 is a connected network. Packets arriving from the Internet with a source address in the range 192.168.10.0/22 are dropped by Unicast RPF.
Page 880: Unicast Rpf With Bootp And Dhcp
Related Features and Technologies For more information about Unicast RPF-related features and technologies, review the following: Unicast RPF requires Cisco express forwarding (CEF) to function properly on the switch. For more • information about CEF, refer to the Cisco IOS Switching Services Configuration Guide.
Page 881: Prerequisites To Configuring Unicast Rpf
Internet or to other networks, you can permit only packets with valid source IP addresses to leave your network. For more information on network filtering, refer to RFC 2267 and to the Cisco IOS IP Configuration Guide.
Page 882: Verifying Unicast Rpf
Chapter 36 Configuring Unicast Reverse Path Forwarding Unicast RPF Configuration Tasks To configure Unicast RPF, perform the following task: Command Purpose Step 1 Selects the input interface on which you want to Switch(config-if)# interface type apply Unicast RPF. it is the receiving interface, allowing Unicast RPF to verify the best return path before forwarding the packet on to the next destination.
Page 883: Monitoring And Maintaining Unicast Rpf
Chapter 36 Configuring Unicast Reverse Path Forwarding Monitoring and Maintaining Unicast RPF Monitoring and Maintaining Unicast RPF To monitor and maintain Unicast RFP, perform this task: Command Purpose Displays global switch statistics about Unicast RPF drops Switch# show ip traffic and suppressed drops.
Page 884: Unicast Rpf Configuration Example: Inbound And Outbound Filters
Chapter 36 Configuring Unicast Reverse Path Forwarding Unicast RPF Configuration Example: Inbound and Outbound Filters The show access-lists command displays the number of matches found for a specific entry in a specific access list. Switch> show access-lists Extended IP access list 197 deny ip 192.168.201.0 0.0.0.63 any log-input (1 match) permit ip 192.168.201.64 0.0.0.63 any log-input (1 match) deny ip 192.168.201.128 0.0.0.63 any log-input...
Page 885: Configuring Ip Multicast
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 886: Ip Multicast Protocols
IP multicast group. In the multicasting process on the Catalyst 4500 series switch, a packet is replicated in the Integrated Switching Engine, forwarded to the appropriate output interfaces, and sent to each member of the multicast group.
Page 887: Internet Group Management Protocol
Chapter 37 Configuring IP Multicast About IP Multicast Figure 37-1 IP Multicast Routing Protocols Host A Catalyst 4500 series switch Router Internet IGMP and Host B IGMP Snooping Internet Group Management Protocol IGMP messages are used by IP multicast hosts to send their local Layer 3 switch or router a request to join a specific multicast group and begin receiving multicast traffic.
Page 888: Rendezvous Point (Rp)
(RPs). Senders to a multicast group use RPs to announce their presence. Receivers of multicast packets use RPs to learn about new senders. You can configure Cisco IOS software so that packets for a single multicast group can use one or more RPs.
Page 889: Restrictions On Ip Multicast
Restrictions on IP Multicast include the following: Starting with Release IOS XE 3.3.0SG and IOS 15.1(1)SG, the seven RP restriction was removed. • IPv4 Bidirectional (Bidir) PIM is supported on the Catalyst 4500 series switch. IPv6 Bidir PIM is • not.
Page 890: Cef, Mfib, And Layer 2 Forwarding
FIB and Replica Expansion Table (RET). The Catalyst 4500 series switch performs Layer 3 routing and Layer 2 bridging at the same time. There can be multiple Layer 2 switch ports on any VLAN interface.
Page 891: Ip Multicast Tables
(1/1,1/2, 2/1, 2/2, 3/1, and 3/2). IP Multicast Tables Figure 37-4 shows some key data structures that the Catalyst 4500 series switch uses to forward IP multicast packets in hardware. Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 892 Chapter 37 Configuring IP Multicast About IP Multicast Figure 37-4 IP Multicast Tables and Protocols Integrated Switching Engine CPU Subsystem Hardware Tables Software Tables Routing Protocols Multicast Routing Table L3 Protocols Hardware FIB Table • (S,G), RPF • PIM (S,G), RPF Vlan, MET Index interface, set of •...
Page 893: Hardware And Software Forwarding
Chapter 37 Configuring IP Multicast About IP Multicast Hardware and Software Forwarding The integrated switching engine forwards the majority of packets in hardware at very high rates of speed. The CPU subsystem forwards exception packets in software. Statistical reports should show that the integrated switching engine is forwarding the vast majority of packets in hardware.
Page 894: Non-Reverse Path Forwarding Traffic
Chapter 37 Configuring IP Multicast About IP Multicast The following conditions cause some replicas of a packet for a route to be forwarded by the CPU subsystem: • The switch is configured with the ip igmp join-group command as a member of the IP multicast group on the RPF interface of the multicast source.
Page 895: Multicast Fast Drop
Chapter 37 Configuring IP Multicast About IP Multicast Figure 37-6 Redundant Multicast Router Configuration in a Stub Network Router A Router B Network A Network B Multicast Traffic Non-RPF Traffic In this kind of topology, only Router A, the PIM designated router (PIM DR), forwards data to the common VLAN.
Page 896: Multicast Forwarding Information Base
The Multicast Forwarding Information Base (MFIB) subsystem supports IP multicast routing in the integrated switching engine hardware on the Catalyst 4500 series switch. The MFIB logically resides between the IP multicast routing protocols in the CPU subsystem software (PIM, IGMP, MSDP, MBGP, and DVMRP) and the platform-specific code that manages IP multicast routing in hardware.
Page 897: S/M, 224/4
For more detailed information on IP multicast routing, such as Auto-RP, PIM Version 2, and IP multicast static routes, refer to the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.3. Default Configuration in IP Multicast Routing Table 37-1 shows the IP multicast default configuration.
Page 898: Enabling Ip Multicast Routing
For more information about source-specific multicast with IGMPv3 and IGMP, see the following URL: http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_cfg_ssm.html Enabling IP Multicast Routing Enabling IP multicast routing allows the Catalyst 4500 series switch to forward multicast packets. To enable IP multicast routing on the router, enter this command: Command Purpose Enables IP multicast routing.
Page 899: Enabling Dense Mode
Chapter 37 Configuring IP Multicast Configuring IP Multicast Routing encapsulated and sent toward the RP. When no RP is known, the packet is flooded in a dense-mode fashion. If the multicast traffic from a specific source is sufficient, the receiver’s first-hop router can send join messages toward the source to build a source-based distribution tree.
Page 900: Enabling Bidirectional Mode
Chapter 37 Configuring IP Multicast Configuring IP Multicast Routing When an interface is treated in sparse mode, it is populated in a multicast routing table’s outgoing interface list when either of the following is true: • When members or DVMRP neighbors exist on the interface When an explicit join has been received by a PIM neighbor on the interface •...
Page 901: Enabling Pim-Ssm Mapping
37-29. Enabling PIM-SSM Mapping The Catalyst 4500 series switch supports SSM mapping, enabling an SSM transition in cases either where neither URD nor IGMP v3-lite is available, or when supporting SSM on the end system is impossible or unwanted due to administrative or technical reasons. With SSM mapping, you can leverage SSM for video delivery to legacy set-top boxes (STBs) that do not support IGMPv3 or for applications that do not take advantage of the IGMPv3 host stack.
Page 902 Chapter 37 Configuring IP Multicast Configuring IP Multicast Routing Command or Action Purpose Step 5 Enables PIM sparse or sparse-dense mode on an interface. Switch(config-if)# ip pim [sparse-mode | sparse-dense-mode] When configuring Auto-RP in sparse mode, you must also configure the Auto-RP listener in the next step. Step 6 Switch(config-if)# exit Returns to global configuration mode.
Page 903 Chapter 37 Configuring IP Multicast Configuring IP Multicast Routing Command or Action Purpose Step 10 Configures the router to be an RP mapping agent. Switch(config)# ip pim send-rp-discovery [interface-type interface-number] scope • Perform this step on the RP router only. ttl-value [interval seconds] •...
Page 904: Configuring A Single Static Rp
Chapter 37 Configuring IP Multicast Configuring IP Multicast Routing Command or Action Purpose Step 17 (Optional) Displays the multicast groups having receivers Switch# show ip igmp groups [group-name | group-address | interface-type that are directly connected to the router and that were interface-number] [detail] learned through Internet Group Management Protocol (IGMP).
Page 905 Chapter 37 Configuring IP Multicast Configuring IP Multicast Routing To configure a single static RP, perform this task: Command or Action Purpose Step 1 Enables privileged EXEC mode. Switch> enable Step 2 Enters global configuration mode. Switch# configure terminal Step 3 Enables IP multicast routing.
Page 906: Load Splitting Of Ip Multicast Traffic
Chapter 37 Configuring IP Multicast Configuring IP Multicast Routing This example shows how to configure a single-static RP: Switch> enable Switch# configure terminal Switch(config)# ip multicast-routing Switch(config)# interface ethernet 1 Switch(config-if)# ip pim sparse-mode Switch(config-if)# exit Switch(config)# ip pim rp-address 192.168.0.0 Switch(config)# end Switch# show ip pim rp mapping Switch# show ip igmp groups...
Page 907: Monitoring And Maintaining Ip Multicast Routing
Chapter 37 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing The following example shows how to enable ECMP multicast load splitting on a router based on a source address using the S-hash algorithm: Switch(config)# ip multicast multipath The following example shows how to enable ECMP multicast load splitting on a router based on a source and group address using the basic S-G-hash algorithm: Switch(config)# ip multicast multipath s-g-hash basic The following example shows how to enable ECMP multicast load splitting on a router based on a...
Page 908: Displaying The Multicast Routing Table
Chapter 37 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing Displaying the Multicast Routing Table The following is sample output from the show ip mroute command for a router operating in dense mode. This command displays the contents of the IP multicast FIB table for the multicast group named cbone-audio.
Page 909 The following is sample output from the show ip mroute command with the active keyword: Switch# show ip mroute active Active IP Multicast Sources - sending >= 4 kbps Group: 224.2.127.254, (sdr.cisco.com) Source: 146.137.28.69 (mbone.ipd.anl.gov) Rate: 1 pps/4 kbps(1sec), 4 kbps(last 1 secs), 4 kbps(life avg) Group: 224.2.201.241, ACM 97...
Page 910: Displaying Ip Mfib
Chapter 37 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing Source: 13.242.36.83/32, 99/0/123/0 Source: 36.29.1.3/32, 71/0/110/0 Source: 128.9.160.96/32, 505/1/106/0 Source: 128.32.163.170/32, 661/1/88/0 Source: 128.115.31.26/32, 192/0/118/0 Source: 128.146.111.45/32, 500/0/87/0 Source: 128.183.33.134/32, 248/0/119/0 Source: 128.195.7.62/32, 527/0/118/0 Source: 128.223.32.25/32, 554/0/105/0 Source: 128.223.32.151/32, 551/1/125/0 Source: 128.223.156.117/32, 535/1/114/0 Source: 128.223.225.21/32, 582/0/114/0 Source: 129.89.142.50/32, 78/0/127/0...
Page 911: Displaying Bidirectional Pim Information
Chapter 37 Configuring IP Multicast Monitoring and Maintaining IP Multicast Routing Vlan100 (F NS) Vlan105 (F NS) (*, 224.0.1.60), flags () Packets: 2292/0/0, Bytes: 518803/0/0 Vlan7 (A NS) (*, 224.0.1.75), flags () Vlan7 (A NS) (10.34.2.92, 239.192.128.80), flags () Packets: 24579/100/0, 2113788/15000/0 bytes Vlan7 (F NS) Vlan100 (A) (*, 239.193.100.70), flags ()
Page 912: Clearing Tables And Databases
Chapter 37 Configuring IP Multicast Configuration Examples 171.69.121.35 Serial0.33 8256/67052912 198.92.12.73 Serial0.1719 219444/862191 The following is sample output from the show ip pim interface command with a count when IP multicast is enabled. The example lists the PIM interfaces that are fast-switched and process-switched, and the packet counts for these.
Page 913: Pim Sparse Mode Example
Chapter 37 Configuring IP Multicast Configuration Examples PIM Sparse Mode Example This example is a configuration of sparse-mode PIM. The RP router is the router with the address 10.8.0.20. ip multicast-routing ip pim rp-address 10.8.0.20 1 interface ethernet 1 ip pim sparse-mode Bidirectional PIM Mode Example By default, a bidirectional RP advertises all groups as bidirectional.
Page 914: Sparse Mode With Auto-Rp: Example
Chapter 37 Configuring IP Multicast Configuration Examples The following example sets the PIM RP address to 172.16.1.1 for the multicast group 225.2.2.2 only: access list 1 225.2.2.2 0.0.0.0 ip pim rp-address 172.17.1.1 Sparse Mode with Auto-RP: Example The following example configures sparse mode with Auto-RP: ip multicast-routing ip pim autorp listener ip pim send-rp-announce Loopback0 scope 16 group-list 1...
Page 915: Configuring Ancp Client
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 916: Enabling And Configuring Ancp Client
Identifying a Port with the ANCP Protocol To make the Catalyst 4500 series switch operate as an ANCP client and to build and initialize its relevant data, enter the ancp mode client command. The no version of this command disables ANCP. This command disconnects the ANCP client from the ANCP server and terminates any existing multicast streams that have been enabled with ANCP.
Page 917: Example 1
Chapter 38 Configuring ANCP Client Enabling and Configuring ANCP Client Switch(config)> ancp client port identifier [port-identifier] vlan [number] interface [interface] The no version of this command prompts a warning message if any multicast stream is activated by ANCP using the port-identifier on a port: Switch(config)# no ancp client port identifier bbb vlan 10 interface GigabitEthernet3/5 Warning: Multicast flows seems to exist for this port, remove mapping and delete flows anyway?[confirm]y...
Page 918: Example 2
Hosts”). If you identify the port with DHCP option 82, you need to configure the Catalyst 4500 series switch as a DHCP relay to insert the DHCP option 82. This action adds a tag in the DHCP packet from the DHCP client so that the DHCP server knows the port connected to this specific DHCP client.
Page 919: Ancp Guidelines And Restrictions
Chapter 38 Configuring ANCP Client ANCP Guidelines and Restrictions ANCP Guidelines and Restrictions When using (or configuring) ANCP, consider these guidelines and restrictions: Entering a shut command on a port removes ANCP activated multicast streams from the port. They • must be reactivated by the ANCP server.
Page 920 Chapter 38 Configuring ANCP Client ANCP Guidelines and Restrictions Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 38-6 OL_28731-01...
Page 921: Configuring Bidirection Forwarding Detection
Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4900M, Catalyst 4948E, and Catalyst 4948E-F Ethernet switches. With Cisco IOS XE 3.5.0E and IOS 15.2(1)E, supported was extended to Supervisor Engine 7-E, and Supervisor Engine 7L-E. With Cisco IOS XE 3.6.0E and IOS 15.2(2)E, supported was extended to Supervisor Engine 8-E.
Page 922: Prerequisites For Bidirectional Forwarding Detection
Multihop configurations are not supported. Cisco IOS Release 15.1(1)SG Cisco Catalyst 4500 series switches support up to 128 BFD sessions with a minimum hello interval • of 50 ms and a multiplier of 3. The multiplier specifies the minimum number of consecutive packets that can be missed before a session is declared down.
Page 923: Information About Bidirectional Forwarding Detection
BFD is a detection protocol that you enable at the interface and routing protocol levels. Cisco supports the BFD asynchronous mode, which depends on the sending of BFD control packets between two systems to activate and maintain BFD neighbor sessions between switches.
Page 924: Bfd Detection Of Failures
• must take action to bypass a failed peer. Typically, BFD can be used at any protocol layer. However, the Cisco implementation of BFD • supports only Layer 3 clients, in particular, the BGP, EIGRP, and OSPF routing protocols, and static routing.
Page 925: Bfd Version Interoperability
However, IPv4 and IPv6 clients cannot share a BFD session. BFD Version Interoperability Starting with Cisco IOS Release 15.1(1)SG, the Catalyst 4500 series switch supports BFD Version 1 as well as BFD Version 0. All BFD sessions come up as Version 1 by default and will be interoperable with Version 0.
Page 926: Bfd Support For Stateful Switchover
To ensure a successful switchover to the standby RP, the BFD protocol uses checkpoint messages to send session information from the active RP Cisco IOS instance to the standby RP Cisco IOS instance. The session information includes local and remote discriminators, adjacent router timer information, BFD setup information, and session-specific information such as the type of session and the session version.
Page 927: Benefits Of Using Bfd For Failure Detection
Chapter 39 Configuring Bidirection Forwarding Detection Information About Bidirectional Forwarding Detection If a BFD configuration is removed from the remote peer while the BFD session is in the up state, the Note updated state of the BFD session is not signaled to the static route. This will cause the static route to remain in the RIB.
Page 928: How To Configure Bidirectional Forwarding Detection
You start a BFD process by configuring BFD on the interface. When the BFD process is started, no entries are created in the adjacency database; in other words, no BFD control packets are sent or received. BFD echo mode, which is supported in BFD Version 1, starting with Cisco IOS Release 15.1(1)SG, is enabled by default.
Page 929: Configuring Bfd Support For Dynamic Routing Protocols
Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Configuring BFD Support for Dynamic Routing Protocols You can enable BFD support for dynamic routing protocols at the router level to enable BFD support globally for all interfaces or you can configure BFD on a per-interface basis at the interface level. This section describes the following procedures: •...
Page 930: Configuring Bfd Support For Eigrp
Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection What to Do Next See the “Monitoring and Troubleshooting BFD” section on page 39-17 for more information on monitoring and troubleshooting BFD. If you want to configure BFD support for another routing protocol, see the following sections: Configuring BFD Support for EIGRP, page 39-10 •...
Page 931: Configuring Bfd Support For Ospf
Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Command or Action Purpose Step 6 (Optional) Verifies that the BFD neighbor is active and show bfd neighbors [details] displays the routing protocols that BFD has registered. Switch# show bfd neighbors details Step 7 (Optional) Displays the interfaces for which BFD support show ip eigrp interfaces [type number]...
Page 932 Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection To configure BFD support for OSPF for all interfaces: Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Switch> enable Step 2 Enters global configuration mode.
Page 933: Configuring Bfd Support For Static Routing
Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection To configure BFD supporter for OSPF for one or more interfaces, perform this task: Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Switch>...
Page 934 Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection To configure BFD support for static routing, perform this task: Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Switch> enable Step 2 Enters global configuration mode.
Page 935: Configuring Bfd Echo Mode
Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Command or Action Purpose Step 12 (Optional) Displays information about the static BFD show ip static route bfd configuration from the configured BFD groups and nongroup entries. Example: Switch# show ip static route bfd Step 13 Exits privileged EXEC mode and returns to user EXEC...
Page 936: Configuring The Bfd Slow Timer
Chapter 39 Configuring Bidirection Forwarding Detection How to Configure Bidirectional Forwarding Detection Configuring the BFD Slow Timer The steps in this procedure show how to change the value of the BFD slow timer. Repeat the steps in this procedure for each BFD switch. To configure the BFD slow timer, perform this task: Command or Action Purpose...
Page 937: Monitoring And Troubleshooting Bfd
Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Command or Action Purpose Step 4 Disables BFD echo mode. no bfd echo Example: Switch(config-if)# no bfd echo Step 5 Exits global configuration mode and returns the switch to global configuration mode. Example: Switch(config-if)# end Monitoring and Troubleshooting BFD...
Page 938 Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection In this example, the EIGRP network contains SwitchA, SwitchB, and SwitchC. Gigabit Ethernet interface 6/1 on SwitchA is connected to the same network as Gigabit Ethernet interface 6/1 on SwitchB. Gigabit Ethernet interface 6/1 on SwitchB is connected to the same network as Gigabit Ethernet interface 6/1 on SwitchC.
Page 939 Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection interface GigabitEthernet6/2 no switchport ip address 10.4.9.34 255.255.255.0 interface GigabitEthernet6/1 no switchport ip address 172.16.1.2 255.255.255.0 bfd interval 100 min_rx 50 multiplier 3 router eigrp 11 network 172.16.0.0 bfd all-interfaces auto-summary ip default-gateway 10.4.9.1...
Page 940 Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection MinTxInt: 50000, MinRxInt: 50000, Multiplier: 3 Received MinRxInt: 50000, Received Multiplier: 3 Holdown (hits): 150(0), Hello (hits): 50(1364284) Rx Count: 1351813, Rx Interval (ms) min/max/avg: 28/64/49 last: 4 ms ago Tx Count: 1364289, Tx Interval (ms) min/max/avg: 40/68/49 last: 32 ms ago Registered protocols: EIGRP Uptime: 18:42:45...
Page 941 Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection 172.16.1.2 172.16.1.3 1(RH) (3 ) Gi6/1 Session state is UP and not using echo function. Local Diag: 0, Demand mode: 0, Poll bit: 0 MinTxInt: 50000, MinRxInt: 50000, Multiplier: 3 Received MinRxInt: 50000, Received Multiplier: 3 Holdown (hits): 150(0), Hello (hits): 50(5735) Rx Count: 5731, Rx Interval (ms) min/max/avg: 32/72/49 last: 32 ms ago...
Page 942: Example: Configuring Bfd In An Ospf Network
Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Example: Configuring BFD in an OSPF Network The following example shows how to configure BFD in an OSPF network. In this example, the “simple” OSPF network consists of SwitchA and SwitchB. Gigabit Ethernet interface 6/1 on SwitchA is connected to the same network as Gigabit Ethernet interface 6/1 in SwitchB.
Page 943 Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection I Hear You bit: 1 - Demand bit: 0 Poll bit: 0 - Final bit: 0 Multiplier: 3 - Length: 24 My Discr.: 2 - Your Discr.: 1 Min tx interval: 50000 - Min rx interval: 1000 Min Echo interval: 0...
Page 944 Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 BFD is enabled Area BACKBONE(0)
Page 945: Example: Configuring Bfd Hardware-Offload Support In A Bgp Network Network
Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection show ip ospf interface gigabitethernet 6/1 Gigabitethernet 6/1 is up, line protocol is up Internet Address 172.16.10.1/24, Area 0 Process ID 123, Router ID 172.16.10.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1, BFD enabled Designated Router (ID) 172.18.0.1, Interface address 172.16.10.2 Backup Designated router (ID) 172.16.10.1, Interface address 172.16.10.1...
Page 946 Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Configuration for SwitchB interface GigabitEthernet 6/1 no switchport ip address 1.1.1.2 255.255.255.0 bfd interval 100 min_rx 100 multiplier 3 no bfd echo router bgp 10 neighbor 1.1.1.1 remote-as 10 neighbor 1.1.1.1 fall-over bfd The output from the show bfd neighbors details command from SwitchA verifies that a BFD session has been created and that BGP is registered for BFD support.
Page 947: Example: Configuring Bfd Support For Static Routing
Chapter 39 Configuring Bidirection Forwarding Detection Configuration Examples for Bidirectional Forwarding Detection Local Diag: 0, Demand mode: 0, Poll bit: 0 MinTxInt: 50000, MinRxInt: 50000, Multiplier: 3 Received MinRxInt: 50000, Received Multiplier: 3 Holddown (hits): 0(0), Hello (hits): 50(0) Rx Count: 10138 Tx Count: 10139 Elapsed time watermarks: 0 0 (last: 0) Registered protocols: BGP...
Page 948: Additional References
Additional References Related Documents Related Topic Document Title Cisco IOS commands Cisco IOS Master Commands List, All Releases Configuring and monitoring BGP Cisco BGP Overview” module of the Cisco IOS IP Routing Protocols Configuration Guide Configuring and monitoring EIGRP “Configuring EIGRP”...
Page 949: Mibs
No new or modified MIBs are supported by this To locate and download MIBs for selected platforms, Cisco software feature, and support for existing MIBs has not been releases, and feature sets, use Cisco MIB Locator found at the modified by this feature. following URL: http://www.cisco.com/go/mibs...
Page 950 Chapter 39 Configuring Bidirection Forwarding Detection Additional References Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)SG 39-30 OL_28731-01...
Page 951: Configuring Policy-Based Routing
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 952: About Pbr
Chapter 40 Configuring Policy-Based Routing About Policy-Based Routing PBR allows you to perform the following tasks: Classify traffic based on extended access list criteria. Access lists, and then establish the match • criteria. Route packets to specific traffic-engineered paths. • Policies can be based on IP address, port numbers, or protocols.
Page 953 Chapter 40 Configuring Policy-Based Routing About Policy-Based Routing set ip next-hop 24.4.4.1 route-map rm-test deny 25 match ip address 105 set ip next-hop 25.5.5.1 route-map rm-test permit 26 match ip address 2104 set ip next-hop 26.6.6.1 The numbers 21, 22, ... 26 are the sequence numbers of the route-map statements. The following topics are discussed: PBR Route-Map Processing Logic, page 40-3 •...
Page 954 Chapter 40 Configuring Policy-Based Routing About Policy-Based Routing set default ip next-hop set default interface If both the set ip next-hop and set ip next-hop recursive commands are present in the same route-map statement, the next-hop set command is applied. If the set ip next-hop command is not available then the set ip next-hop recursive command is applied.
Page 955: Using Policy-Based Routing
The route-map deny takes effect, and the packet is routed using the default IP routing table. – The Catalyst 4500 series switch supports matching route-map actions with a packet by installing entries in the TCAM that match the set of packets described by the ACLs in the match criteria of the route map.
Page 956: Policy-Based Routing Configuration Tasks
Chapter 40 Configuring Policy-Based Routing Policy-Based Routing Configuration Tasks PBR configuration is only allowed on interfaces belonging to the global routing table. PBR is not Note supported on interfaces that belong to VRFs. Policy-Based Routing Configuration Tasks To configure PBR, perform the tasks described in the following sections. The task in the first section is required;...
Page 957 Chapter 40 Configuring Policy-Based Routing Policy-Based Routing Configuration Tasks Command Purpose Step 4 Specifies a recursive next-hop IP address. Switch(config-route-map)# set ip next-hop recursive ip-address Note The recursive next-hop can be a subnet that is not directly connected. The set ip next-hop recursive command does not ensure that packets are routed through the recursive-next-hop if there is an intermediate node with a shorter route to the destination such that the route does not pass through the...
Page 958: Enabling Ipv6 Pbr
Chapter 40 Configuring Policy-Based Routing Policy-Based Routing Configuration Tasks Command Purpose Step 7 Specifies the output interface from which the packet will be Switch(config-route-map)# set default interface interface-type interface-number sent if there is no explicit route for this destination. Before [...type ...number] forwarding the packet to the next hop, the switch looks up the packet’s destination address in the unicast routing table.
Page 959 Chapter 40 Configuring Policy-Based Routing Policy-Based Routing Configuration Tasks To enable IPv6 PBR on an interface, perform this task: Command Purpose Step 1 Defines a route map to control where packets are sent. This Switch(config)# route-map map-tag [permit | deny] [sequence-number] command puts the switch into route-map configuration mode.
Page 960 A usable next hop implies an interface. Once the local switch finds a next hop and a usable interface, it routes the packet. Refer to the following document for IPv6 PBR configuration examples. http://www.cisco.com/c/en/us/support/docs/ip/ip-version-6-ipv6/112218-policy-based-routing-ipv6-co nfigex.html Packet and byte counters in the output of the show route-map map-tag command are updated only for Note software switched packets.
Page 961: Ipv4
Policy routing matches: 0 packets, 0 bytes Unsupported Commands The following PBR commands in config-route-map mode are in the CLI but not supported in Cisco IOS for the Catalyst 4500 series switches. If you attempt to use these commands, an error message displays: • match-length •...
Page 962: Policy-Based Routing Configuration Examples
Chapter 40 Configuring Policy-Based Routing Policy-Based Routing Configuration Examples set ip next-hop recursive ip-address • The recursive option is not supported on IPv6. Note Policy-Based Routing Configuration Examples The following sections provide PBR configuration examples: Equal Access, page 40-12 • Differing Next Hops, page 40-12 •...
Page 963: Deny Ace
Chapter 40 Configuring Policy-Based Routing Policy-Based Routing Configuration Examples interface fastethernet 3/1 ip policy route-map Texas route-map Texas permit 10 match ip address 1 set ip next-hop 3.3.3.3 route-map Texas permit 20 match ip address 2 set ip next-hop 3.3.3.5 Deny ACE The following example illustrates how to stop processing a given route map sequence, and to jump to the next sequence.
Page 964 Chapter 40 Configuring Policy-Based Routing Policy-Based Routing Configuration Examples Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E 40-14 OL_28731-01...
Page 965: Configuring Vrf-Lite
Migrating from the Old to New CLI Scheme, page 41-28 • For complete syntax and usage information for the switch commands used in this chapter, see the Cisco Note Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html...
Page 966: About Vrf-Lite
Chapter 41 Configuring VRF-lite About VRF-lite If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 967: Vrf-Lite Configuration Guidelines
Chapter 41 Configuring VRF-lite VRF-lite Configuration Guidelines Figure 41-1 Catalyst 4500 Series Switches Acting as Multiple Virtual CEs VPN 1 VPN 1 Catalyst 4500 Catalyst 4500 MPLS switch switch network MPLS-VRF MPLS-VRF router router VPN 2 VPN 2 CE = Customer edge device...
Page 968 CAM space, use the maximum routes command. • A Catalyst 4500 series switch using VRF can support one global network and up to 64 VRFs. The total number of routes supported is limited by the size of the TCAM. •...
Page 969: Configuring Vrf-Lite For Ipv4
Note For complete syntax and usage information for the following commands, see the switch command reference for this release and see the Cisco IOS Switching Services Command Reference at: http://www.cisco.com/en/US/docs/ios/ipswitch/command/reference/isw_book.html Use the no ip vrf vrf-name global configuration command to delete a VRF and to remove all interfaces from it.
Page 970: Configuring Vrf-Aware Services
VRF-aware service. VRF-aware services are implemented in platform-independent modules. VRF provides multiple routing instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports. VRF-aware services have the following characteristics: The user can ping a host in a user-specified VRF.
Page 971: Configuring Multicast Vrfs
Switch (config)# ip vrf cisco Switch (config-vrf)# rd 100:1 Switch (config-vrf)# exit Switch (config)# interface Loopback0 Switch (config-if)# ip vrf forwarding cisco Switch (config-if)# ip address 10.0.0.2 255.0.0.0 Switch (config-if)# exit Switch (config-sg-tacacs+)# ip vrf forwarding cisco Switch (config-sg-tacacs+)# ip tacacs source-interface Loopback0...
Page 972: Configuring A Vpn Routing Session
Switch(config-if)# ip pim sparse-mode For more information about configuring a multicast within a Multi-VRF CE, see the Cisco IOS IP Multicast Configuration Guide, Release 12.4. Use the no ip vrf vrf-name global configuration command to delete a VRF and to remove all interfaces from it.
Page 973: Configuring Bgp Pe To Ce Routing Sessions
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv4 To configure OSPF in the VPN, perform this task: Command Purpose Step 1 Enters global configuration mode. Switch# configure terminal Step 2 Enables OSPF routing, specifies a VPN forwarding table, Switch(config)# router ospf process-id vrf vrf-name and enters router configuration mode.
Page 974: Vrf-Lite Configuration Example
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv4 Command Purpose Step 6 Defines BGP parameters for PE to CE routing sessions and Switch(config-router-af)# address-family ipv4 vrf vrf-name enters VRF address-family mode. Step 7 Defines a BGP session between PE and CE routers. Switch(config-router-af)# neighbor address remote-as as-number Step 8...
Page 975: Configuring Switch S8
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv4 Configuring Switch S8 On switch S8, enable routing and configure VRF. Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip routing Switch(config)# ip vrf v11 Switch(config-vrf)# rd 800:1 Switch(config-vrf)# route-target export 800:1 Switch(config-vrf)# route-target import 800:1 Switch(config-vrf)# exit...
Page 976: Configuring Switch S20
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv4 Switch(config)# interface Vlan20 Switch(config-if)# ip vrf forwarding v12 Switch(config-if)# ip address 83.0.0.8 255.255.255.0 Switch(config-if)# exit Switch(config)# interface Vlan118 Switch(config-if)# ip vrf forwarding v12 Switch(config-if)# ip address 118.0.0.8 255.255.255.0 Switch(config-if)# exit Switch(config)# interface Vlan208 Switch(config-if)# ip vrf forwarding v11 Switch(config-if)# ip address 208.0.0.8 255.255.255.0 Switch(config-if)# exit...
Page 977: Configuring The Pe Switch S3
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv4 Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# ip routing Switch(config)# interface Gigabit Ethernet 0/3 Switch(config-if)# switchport trunk encapsulation dot1q Switch(config-if)# switchport mode trunk Switch(config-if)# no ip address Switch(config-if)# exit Switch(config)# interface Vlan118 Switch(config-if)# ip address 118.0.0.11 255.255.255.0...
Page 978: Displaying Vrf-Lite Status
Outgoing interface list: Vlan45, Forward/Sparse-Dense, 00:00:02/00:02:57, H Vlan134, Bidir-Upstream/Sparse-Dense, 13:35:54/00:00:00, H Note For more information about the information in the displays, refer to the Cisco IOS Switching Services Command Reference at: http://www.cisco.com/en/US/docs/ios/ipswitch/command/reference/isw_book.html Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 979: Configuring Vrf-Lite For Ipv6
VRF-aware service. VRF-aware services are implemented in platform-independent modules. VRF provides multiple routing instances in Cisco IOS. Each platform has its own limit on the number of VRFs it supports. VRF-aware services have the following characteristics: •...
Page 980: Configuring The User Interface For Urpf
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 Configuring the User Interface for uRPF You can configure uRPF on an interface assigned to a VRF. Source lookup is performed in the VRF table. To configure VRF-aware services for uRPF, perform this task: Command Purpose Step 1...
Page 981: Configuring The User Interface For Telnet And Ssh
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 Command Purpose Step 2 Specifies the source IP address for FTP connections. Switch(config)# ip ftp source-interface interface-type interface-number Step 3 Returns to privileged EXEC mode. Switch(config)# end To specify the IP address of an interface as the source address for TFTP connections, use the ip tftp source-interface show mode command.
Page 982 Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 Figure 41-3 VRF-lite Configuration Example VPN 1 VPN 1 1000:1::0/64 Gi 1/0/1 Gi 1/0/1 Trunk Trunk 2000:1::/64 Gi 1/0/2 VPN 2 VPN 2 Gi 1/0/2 Catalyst Catalyst Catalyst Gi 1/0/3 4500 4500 4500 Gi 1/0/3 5000:1::0/64...
Page 983 Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 router ospfv3 100 router-id 10.10.10.10 address-family ipv6 unicast vrf v1 redistribute connected area 0 normal exit-address-family router ospfv3 200 router-id 20.20.20.20 address-family ipv6 unicast vrf v2 redistribute connected area 0 normal exit-address-family Configuring PE Switch ipv6 unicast-routing vrf definition v1...
Page 984 Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 interface GigabitEthernet 1/0/1 switchport trunk encapsulation dot1q switchport mode trunk no ip address exit interface GigabitEthernet 1/0/2 switchport trunk encapsulation dot1q switchport mode trunk no ip address exit router ospfv3 100 router-id 30.30.30.30 address-family ipv6 unicast vrf v1 redistribute connected area 0 normal...
Page 985: Displaying Vrf-Lite Status
0 normal exit-address-family Displaying VRF-lite Status To display information about VRF-lite configuration and status, perform one of the following tasks: For more information about the information in the displays, refer to the Cisco IOS Switching Services Note Command Reference at: http://www.cisco.com/en/US/docs/ios/ipswitch/command/reference/isw_book.html Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E...
Page 986: Configuring Ipv6 Vrf-Lite
FF00::/8 [0/0] via Null0, receive Switch# For further examples, refer to http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_16.html Configuring IPv6 VRF-lite Beginning with Release IOS XE 3.5.0E and IOS 15.2(1)E, to support IPv6 VRF-lite, we transition from the ip vrf command to the “new” vrf definition command.
Page 987: Configure Vrfs
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 Configure VRFs To configure one or more VRFs, perform this task: Command Purpose Switch# configure terminal Step 1 Enters global configuration mode. Switch(config)# ipv6 routing Step 2 Enables IPv6 routing. Switch(config)# vrf definition Step 3 Names the VRF and enters VRF configuration mode.
Page 988: Associate Interfaces To The Defined Vrfs
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 Associate Interfaces to the Defined VRFs To associate interface to the defined VRFs, perform this task: Command Purpose Switch(config)# vrf configuration Step 1 Enters vrf configuration mode. Switch(config-vrf)# interface Step 1 Enters interface configuration mode and specifies the interface-id Layer 3 interface to be associated with the VRF.
Page 989: Routing Protocols
Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 Routing Protocols OSPFv3 To configure the OSPFv3 router process and the IPv6 address family in OSPFv3, perform the following steps: Command Purpose Switch> enable Step 1 Enters privileged EXEC mode. Enter your password if prompted. Switch# configure terminal Step 2 Enters global configuration mode.
Page 990 Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 Command Purpose Switch(config-if)# ospfv3 process-id Step 4 Enables OSPFv3 on an interface with the IPv4 or IPv6 AF. area area-ID {ipv4 | ipv6} [instance instance-id] Switch(config-if)# ipv6 ospf Enables OSPFv3 on an interface. process-id area area-ID [instance instance-id] Switch(config-if)# end...
Page 991 Chapter 41 Configuring VRF-lite Configuring VRF-lite for IPv6 EBGPv6 To configure EBGPv6, do the following: Command Purpose Switch> enable Step 1 Enters privileged EXEC mode. Enter your password if prompted. Switch# configure terminal Step 2 Enters global configuration mode. Switch(config)# router bgp as-number Step 3 Enters router configuration mode for the specified routing process.
Page 992: Vpn Co-Existence Between Ipv4 And Ipv6
Chapter 41 Configuring VRF-lite VPN Co-existence Between IPv4 and IPv6 Switch(config-router-af)# neighbor 4000::2 activate Switch(config-router-af)# exit-address-family VPN Co-existence Between IPv4 and IPv6 With Release IOS XE 3.5.0E and IOS 15.2(1)E, we provide backward compatibility between the “older” CLI for configuring IPv4 and the “new” CLI for IPv6. This means that a configuration might contain both CLI.
Page 993: Configuring Quality Of Service
Catalyst 4500 Series Switch Command Reference and related publications at this location: http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location: http://www.cisco.com/en/US/products/ps6350/index.html...
Page 994: Prioritization
Chapter 42 Configuring Quality of Service Overview of QoS QoS selects network traffic (both unicast and multicast), prioritizes it according to its relative importance, and uses congestion avoidance to provide priority-indexed treatment; QoS can also limit the bandwidth used by network traffic. QoS can make network performance more predictable and bandwidth utilization more effective.
Page 995: Qos Terminology
Chapter 42 Configuring Quality of Service Overview of QoS Figure 42-1 QoS Classification Layers in Frames and Packets Encapsulated Packet Layer 2 IP header Data header Layer 2 ISL Frame ISL header Encapsulated frame ... (26 bytes) (4 bytes) 3 bits used for CoS Layer 2 802.1Q/P Frame Start frame Preamble...
Page 996 Chapter 42 Configuring Quality of Service Overview of QoS Layer 2 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most significant bits, which are called the User Priority bits. Other frame types cannot carry Layer 2 CoS values. On interfaces configured as Layer 2 ISL trunks, all traffic is in ISL frames.
Page 997: Basic Qos Model
Chapter 42 Configuring Quality of Service Overview of QoS Table 42-1 IP Precedence and DSCP Values (continued) 3-bit IP 6 MSb of ToS 6-bit 3-bit IP 6 MSb of ToS 6-bit Precedence DSCP Precedence DSCP 8 7 6 5 4 3 8 7 6 5 4 3 1.
Page 998: Classification
Chapter 42 Configuring Quality of Service Overview of QoS The QoS model proceeds as follows: The incoming packet is classified (based on different packet fields, receive port and/or VLAN) to belong Step 1 to a traffic class. Depending on the traffic class, the packet is rate-limited/policed and its priority is optionally marked Step 2 (typically at the edge of the network) so that lower priority packets are dropped or marked with lower priority in the packet fields (DSCP and CoS).
Page 999: Classification Based On Class Maps And Policy Maps
Chapter 42 Configuring Quality of Service Overview of QoS or IP extended ACLs or MAC ACLs. For more information, see the “Classification Based on Class Maps and Policy Maps” section on page 42-7. If the class map is configured to match all the match criteria, then a packet must satisfy all the match statements in the class map before the QoS action is taken.
Page 1000: Policing And Marking
Queueing and Scheduling The Catalyst 4500 Series Switch supports 8 transmit queues per port. Once the decision has been made to forward a packet out a port, the output QoS classification determines the transmit queue into which the packet must be enqueued.

Cisco Catalyst 4500 series Administration Manual

Table of Contents

The Following Example Shows How the Forced Option Places the System in Rpr Mode

Quick Links

Chapters

Troubleshooting

Related Manuals for Cisco Catalyst 4500 series

Summary of Contents for Cisco Catalyst 4500 series