-
Cisco 7600 Series Router Cisco IOS Software Configuration
GuideRelease 12.2(18)SXF and Rebuilds and Earlier ReleasesCorporate
HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA
95134-1706 USAhttp://www.cisco.comTel: 408 526-4000
800 553-NETS (6387)Fax: 408 526-4100
Text Part Number: OL-4266-08
http://www.cisco.com
-
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN
THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE
ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION
OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING
PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU
ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an
adaptation of a program developed by the University of California,
Berkeley (UCB) as part of UCBs public domain version of the UNIX
operating system. All rights reserved. Copyright 1981, Regents of
the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES
AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR
TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING
OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc.
and/or its affiliates in the U.S. and other countries. A listing of
Cisco's trademarks can be found at www.cisco.com/go/trademarks.
Third party trademarks mentioned are the property of their
respective owners. The use of the word partner does not imply a
partnership relationship between Cisco and any other company.
(1005R)
Cisco 7600 Series Router Cisco IOS Software Configuration Guide,
Release 12.2SX and Rebuilds and Erarlier Releases 20012009, Cisco
Systems, Inc. All rights reserved.
http://www.cisco.com/go/trademarks
-
Cisco 7600 Series Router COL-4266-08C O N T E N T SPreface
30
Audience 30
Related Documentation 30
Conventions 31
Product Overview 1
Supported Hardware and Software 1
User Interfaces 1
Configuring Embedded CiscoView Support 2Understanding Embedded
CiscoView 2Installing and Configuring Embedded CiscoView
2Displaying Embedded CiscoView Information 3
Software Features Supported in Hardware by the PFC and DFC 3
Command-Line Interfaces 1
Accessing the CLI 2Accessing the CLI through the EIA/TIA-232
Console Interface 2Accessing the CLI through Telnet 2
Performing Command Line Processing 3
Performing History Substitution 4
Cisco IOS Command Modes 4
Displaying a List of Cisco IOS Commands and Syntax 5
Securing the CLI 6
ROM-Monitor Command-Line Interface 7
Configuring the Router for the First Time 1
Default Configuration 2
Configuring the Router 2Using the Setup Facility or the setup
Command 2Using Configuration Mode 10Checking the Running
Configuration Before Saving 10Saving the Running Configuration
Settings 111isco IOS Software Configuration Guide, Release
12.2SX
-
ContentsReviewing the Configuration 11Configuring a Default
Gateway 12Configuring a Static Route 12Configuring a BOOTP Server
14
Protecting Access to Privileged EXEC Commands 15Setting or
Changing a Static Enable Password 15Using the enable password and
enable secret Commands 15Setting or Changing a Line Password
16Setting TACACS+ Password Protection for Privileged EXEC Mode
16Encrypting Passwords 17Configuring Multiple Privilege Levels
17
Recovering a Lost Enable Password 19
Modifying the Supervisor Engine Startup Configuration
20Understanding the Supervisor Engine Boot Configuration
20Configuring the Software Configuration Register 21Specifying the
Startup System Image 24Understanding Flash Memory 24CONFIG_FILE
Environment Variable 25Controlling Environment Variables 26
Configuring a Supervisor Engine 720 1
Using the Bootflash or Bootdisk on a Supervisor Engine 720 2
Using the Slots on a Supervisor Engine 720 2
Configuring Supervisor Engine 720 Ports 2
Configuring and Monitoring the Switch Fabric Functionality
2Understanding How the Switch Fabric Functionality Works
3Configuring the Switch Fabric Functionality 4Monitoring the Switch
Fabric Functionality 4
Configuring a Supervisor Engine 32 1
Flash Memory on a Supervisor Engine 32 2
Supervisor Engine 32 Ports 2
Configuring the Supervisor Engine 2 and the Switch Fabric Module
1
Using the Slots on a Supervisor Engine 2 1
Understanding How the Switch Fabric Module Works 22Cisco 7600
Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
ContentsSwitch Fabric Module Overview 2Switch Fabric Module
Slots 2Switch Fabric Redundancy 2Forwarding Decisions for Layer
3-Switched Traffic 2Switching Modes 3
Configuring the Switch Fabric Module 3Configuring the Switching
Mode 4Configuring Fabric-Required Mode 4Configuring an LCD Message
5
Monitoring the Switch Fabric Module 5Displaying the Module
Information 7Displaying the Switch Fabric Module Redundancy Status
7Displaying Fabric Channel Switching Modes 7Displaying the Fabric
Status 8Displaying the Fabric Utilization 8Displaying Fabric Errors
8
Configuring NSF with SSO Supervisor Engine Redundancy 1
Understanding NSF with SSO Supervisor Engine Redundancy 1NSF
with SSO Supervisor Engine Redundancy Overview 2SSO Operation 2NSF
Operation 3Cisco Express Forwarding 3Multicast MLS NSF with SSO
4Routing Protocols 4NSF Benefits and Restrictions 8
Supervisor Engine Configuration Synchronization 9Supervisor
Engine Redundancy Guidelines and Restrictions 9Redundancy
Configuration Guidelines and Restrictions 10Hardware Configuration
Guidelines and Restrictions 10Configuration Mode Restrictions
11
NSF Configuration Tasks 11Configuring SSO 12Configuring
Multicast MLS NSF with SSO 12Verifying Multicast NSF with SSO
13Configuring CEF NSF 13Verifying CEF NSF 13Configuring BGP NSF
143Cisco 7600 Series Router Cisco IOS Software Configuration Guide,
Release 12.2SX
OL-4266-08
-
ContentsVerifying BGP NSF 14Configuring OSPF NSF 15Verifying
OSPF NSF 15Configuring IS-IS NSF 16Verifying IS-IS NSF
17Configuring EIGRP NSF 19Verifying EIGRP NSF 19Synchronizing the
Supervisor Engine Configurations 20
Copying Files to the Redundant Supervisor Engine 20
Configuring RPR and RPR+ Supervisor Engine Redundancy 1
Understanding RPR and RPR+ 2Supervisor Engine Redundancy
Overview 2RPR Operation 2RPR+ Operation 3Supervisor Engine
Configuration Synchronization 3
Supervisor Engine Redundancy Guidelines and Restrictions
4Redundancy Guidelines and Restrictions 4RPR+ Guidelines and
Restrictions 5Hardware Configuration Guidelines and Restrictions
5Configuration Mode Restrictions 6
Configuring Supervisor Engine Redundancy 6Configuring Redundancy
6Synchronizing the Supervisor Engine Configurations 7Displaying the
Redundancy States 7
Performing a Fast Software Upgrade 8
Copying Files to an MSFC 9
Configuring Interfaces 1
Understanding Interface Configuration 2
Using the Interface Command 2
Configuring a Range of Interfaces 4
Defining and Using Interface-Range Macros 6
Configuring Optional Interface Features 6Configuring Ethernet
Interface Speed and Duplex Mode 7Configuring Jumbo Frame Support
104Cisco 7600 Series Router Cisco IOS Software Configuration Guide,
Release 12.2SX
OL-4266-08
-
ContentsConfiguring IEEE 802.3x Flow Control 13Configuring the
Port Debounce Timer 14Adding a Description for an Interface 16
Understanding Online Insertion and Removal 16
Monitoring and Maintaining Interfaces 17Monitoring Interface
Status 17Clearing Counters on an Interface 17Resetting an Interface
18Shutting Down and Restarting an Interface 18
Checking the Cable Status Using the TDR 19
Configuring LAN Ports for Layer 2 Switching 1
Understanding How Layer 2 Switching Works 1Understanding Layer 2
Ethernet Switching 2Understanding VLAN Trunks 3Layer 2 LAN Port
Modes 4
Default Layer 2 LAN Interface Configuration 5
Layer 2 LAN Interface Configuration Guidelines and Restrictions
5
Configuring LAN Interfaces for Layer 2 Switching 6Configuring a
LAN Port for Layer 2 Switching 7Configuring a Layer 2 Switching
Port as a Trunk 8Configuring a LAN Interface as a Layer 2 Access
Port 14Configuring a Custom IEEE 802.1Q EtherType Field Value
15
Configuring Flex Links 1
Understanding Flex Links 1
Configuring Flex Links 2Flex Links Default Configuration 2Flex
Links Configuration Guidelines and Restrictions 2Configuring Flex
Links 3
Monitoring Flex Links 4
Configuring EtherChannels 1
Understanding How EtherChannels Work 1EtherChannel Feature
Overview 2Understanding How EtherChannels Are Configured 25Cisco
7600 Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
ContentsUnderstanding Port Channel Interfaces 5Understanding
Load Balancing 5
EtherChannel Feature Configuration Guidelines and Restrictions
5
Configuring EtherChannels 7Configuring Port Channel Logical
Interfaces for Layer 3 EtherChannels 7Configuring Channel Groups
8Configuring the LACP System Priority and System ID 10Configuring
EtherChannel Load Balancing 11Configuring the EtherChannel
Min-Links Feature 12
Configuring VTP 1
Understanding How VTP Works 1Understanding the VTP Domain
2Understanding VTP Modes 2Understanding VTP Advertisements
3Understanding VTP Version 2 3Understanding VTP Pruning 4
VTP Default Configuration 5
VTP Configuration Guidelines and Restrictions 5
Configuring VTP 6Configuring VTP Global Parameters 6Configuring
the VTP Mode 9Displaying VTP Statistics 10
Configuring VLANs 1
Understanding How VLANs Work 1VLAN Overview 2VLAN Ranges
2Configurable VLAN Parameters 3Understanding Token Ring VLANs 3
VLAN Default Configuration 6
VLAN Configuration Guidelines and Restrictions 8
Configuring VLANs 9VLAN Configuration Options 9Creating or
Modifying an Ethernet VLAN 10Assigning a Layer 2 LAN Interface to a
VLAN 126Cisco 7600 Series Router Cisco IOS Software Configuration
Guide, Release 12.2SX
OL-4266-08
-
ContentsConfiguring the Internal VLAN Allocation Policy
12Configuring VLAN Translation 13Mapping 802.1Q VLANs to ISL VLANs
16Saving VLAN Information 17
Configuring Private VLANs 1
Understanding How Private VLANs Work 1Private VLAN Domains
2Private VLAN Ports 3Primary, Isolated, and Community VLANs
3Private VLAN Port Isolation 4IP Addressing Scheme with Private
VLANs 4Private VLANs Across Multiple Routers 5Private VLAN
Interaction with Other Features 5
Private VLAN Configuration Guidelines and Restrictions
6Secondary and Primary VLAN Configuration 7Private VLAN Port
Configuration 9Limitations with Other Features 9
Configuring Private VLANs 11Configuring a VLAN as a Private VLAN
11Associating Secondary VLANs with a Primary VLAN 12Mapping
Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN
13Configuring a Layer 2 Interface as a Private VLAN Host Port
14Configuring a Layer 2 Interface as a Private VLAN Promiscuous
Port 15
Monitoring Private VLANs 17
Configuring Cisco IP Phone Support 1
Understanding Cisco IP Phone Support 1Cisco IP Phone Connections
2Cisco IP Phone Voice Traffic 2Cisco IP Phone Data Traffic 3Cisco
IP Phone Power Configurations 3Other Cisco IP Phone Features 4
Default Cisco IP Phone Support Configuration 5
Cisco IP Phone Support Configuration Guidelines and Restrictions
5
Configuring Cisco IP Phone Support 67Cisco 7600 Series Router
Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsConfiguring Voice Traffic Support 6Configuring Data
Traffic Support 7Configuring Inline Power Support 8
Configuring IEEE 802.1Q Tunneling 1
Understanding How 802.1Q Tunneling Works 1
802.1Q Tunneling Configuration Guidelines and Restrictions 3
Configuring 802.1Q Tunneling 6Configuring 802.1Q Tunnel Ports
6Configuring the Router to Tag Native VLAN Traffic 6
Configuring Layer 2 Protocol Tunneling 1
Understanding How Layer 2 Protocol Tunneling Works 1
Configuring Support for Layer 2 Protocol Tunneling 2
Configuring Standard-Compliant IEEE MST 1
Understanding MST 1MST Overview 2MST Regions 2IST, CIST, and CST
3Hop Count 6Boundary Ports 6Standard-Compliant MST Implementation
7Interoperability with IEEE 802.1D-1998 STP 9
Understanding RSTP 9Port Roles and the Active Topology 10Rapid
Convergence 11Synchronization of Port Roles 12Bridge Protocol Data
Unit Format and Processing 13Topology Changes 15
Configuring MST 15Default MST Configuration 16MST Configuration
Guidelines and Restrictions 16Specifying the MST Region
Configuration and Enabling MST 17Configuring the Root Bridge
19Configuring a Secondary Root Bridge 20Configuring Port Priority
21Configuring Path Cost 228Cisco 7600 Series Router Cisco IOS
Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsConfiguring the Switch Priority 23Configuring the Hello
Time 24Configuring the Forwarding-Delay Time 25Configuring the
Transmit Hold Count 25Configuring the Maximum-Aging Time
26Configuring the Maximum-Hop Count 26Specifying the Link Type to
Ensure Rapid Transitions 26Designating the Neighbor Type
27Restarting the Protocol Migration Process 28
Displaying the MST Configuration and Status 28
Configuring STP and Prestandard IEEE 802.1s MST 1
Understanding How STP Works 2STP Overview 2Understanding the
Bridge ID 2Understanding Bridge Protocol Data Units 4Election of
the Root Bridge 4STP Protocol Timers 5Creating the Spanning Tree
Topology 5STP Port States 6STP and IEEE 802.1Q Trunks 12
Understanding How IEEE 802.1w RSTP Works 13IEEE 802.1w RSTP
Overview 13RSTP Port Roles 13RSTP Port States 14Rapid-PVST 14
Understanding How Prestandard IEEE 802.1s MST Works 14IEEE
802.1s MST Overview 15MST-to-PVST Interoperability 16Common
Spanning Tree 18MST Instances 18MST Configuration Parameters 18MST
Regions 19Message Age and Hop Count 20
Default STP Configuration 21
STP and MST Configuration Guidelines and Restrictions 21
Configuring STP 22Enabling STP 229Cisco 7600 Series Router Cisco
IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsEnabling the Extended System ID 24Configuring the Root
Bridge 24Configuring a Secondary Root Bridge 26Configuring STP Port
Priority 27Configuring STP Port Cost 28Configuring the Bridge
Priority of a VLAN 30Configuring the Hello Time 31Configuring the
Forward-Delay Time for a VLAN 32Configuring the Maximum Aging Time
for a VLAN 32Enabling Rapid-PVST 33
Configuring Prestandard IEEE 802.1s MST 33Enabling MST
34Displaying MST Configurations 35Configuring MST Instance
Parameters 39Configuring MST Instance Port Parameters 40Restarting
Protocol Migration 40
Configuring Optional STP Features 1
Understanding How PortFast Works 2
Understanding How BPDU Guard Works 2
Understanding How PortFast BPDU Filtering Works 2
Understanding How UplinkFast Works 3
Understanding How BackboneFast Works 4
Understanding How EtherChannel Guard Works 6
Understanding How Root Guard Works 7
Understanding How Loop Guard Works 7
Enabling PortFast 8
Enabling PortFast BPDU Filtering 10
Enabling BPDU Guard 12
Enabling UplinkFast 12
Enabling BackboneFast 13
Enabling EtherChannel Guard 14
Enabling Root Guard 14
Enabling Loop Guard 1510Cisco 7600 Series Router Cisco IOS
Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsConfiguring Layer 3 Interfaces 1
Layer 3 Interface Configuration Guidelines and Restrictions
2
Configuring Subinterfaces on Layer 3 Interfaces 2
Configuring IPv4 Routing and Addresses 4
Configuring IPX Routing and Network Numbers 8
Configuring AppleTalk Routing, Cable Ranges, and Zones 9
Configuring Other Protocols on Layer 3 Interfaces 10
Configuring UDE and UDLR 1
Understanding UDE and UDLR 1UDE and UDLR Overview 1Supported
Hardware 2Understanding UDE 2Understanding UDLR 3
Configuring UDE and UDLR 3Configuring UDE 3Configuring UDLR
6
Configuring PFC3BXL and PFC3B Mode Multiprotocol Label Switching
1
PFC3BXL and PFC3B Mode MPLS Label Switching 1Understanding MPLS
2Understanding PFC3BXL and PFC3B Mode MPLS Label Switching
2Supported Hardware Features 5Supported Cisco IOS Features 5MPLS
Guidelines and Restrictions 7PFC3BXL and PFC3B Mode MPLS Supported
Commands 7Configuring MPLS 8MPLS Per-Label Load Balancing 8MPLS
Configuration Examples 8
PFC3BXL or PFC3B Mode VPN Switching 10PFC3BXL or PFC3B Mode VPN
Switching Operation 10MPLS VPN Guidelines and Restrictions
11PFC3BXL or PFC3B Mode MPLS VPN Supported Commands 11Configuring
MPLS VPN 11MPLS VPN Sample Configuration 12
Any Transport over MPLS 13AToM Load Balancing 1411Cisco 7600
Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
ContentsUnderstanding EoMPLS 14EoMPLS Guidelines and
Restrictions 14Configuring EoMPLS 16
Configuring IPv4 Multicast VPN Support 1
Understanding How MVPN Works 1MVPN Overview 2Multicast Routing
and Forwarding and Multicast Domains 2Multicast Distribution Trees
2Multicast Tunnel Interfaces 5PE Router Routing Table Support for
MVPN 6Multicast Distributed Switching Support 6Hardware-Assisted
IPv4 Multicast 6
MVPN Configuration Guidelines and Restrictions 7
Configuring MVPN 8Forcing Ingress Multicast Replication Mode
(Optional) 8Configuring a Multicast VPN Routing and Forwarding
Instance 9Configuring Multicast VRF Routing 15Configuring
Interfaces for Multicast Routing to Support MVPN 20
Sample Configurations for MVPN 22MVPN Configuration with Default
MDTs Only 22MVPN Configuration with Default and Data MDTs 24
Configuring IP Unicast Layer 3 Switching 1
Understanding How Layer 3 Switching Works 2Understanding
Hardware Layer 3 Switching 2Understanding Layer 3-Switched Packet
Rewrite 2
Default Hardware Layer 3 Switching Configuration 4
Configuration Guidelines and Restrictions 4
Configuring Hardware Layer 3 Switching 5
Displaying Hardware Layer 3 Switching Statistics 6
Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching 1
Features that Support IPv6 Multicast 2
IPv6 Multicast Guidelines and Restrictions 2
New or Changed IPv6 Multicast Commands 3
Configuring IPv6 Multicast Layer 3 Switching 312Cisco 7600
Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
ContentsUsing show Commands to Verify IPv6 Multicast Layer 3
Switching 3Verifying MFIB Clients 4Displaying the Switching
Capability 5Verifying the (S,G) Forwarding Capability 5Verifying
the (*,G) Forwarding Capability 5Verifying the Subnet Entry Support
Status 5Verifying the Current Replication Mode 5Displaying the
Replication Mode Auto Detection Status 6Displaying the Replication
Mode Capabilities 6Displaying Subnet Entries 6Displaying the IPv6
Multicast Summary 6Displaying the NetFlow Hardware Forwarding Count
7Displaying the FIB Hardware Bridging and Drop Counts 7Displaying
the Shared and Well-Known Hardware Adjacency Counters 8
Configuring IPv4 Multicast Layer 3 Switching 1
Understanding How IPv4 Multicast Layer 3 Switching Works 1IPv4
Multicast Layer 3 Switching Overview 2Multicast Layer 3 Switching
Cache 2Layer 3-Switched Multicast Packet Rewrite 3Partially and
Completely Switched Flows 4Non-RPF Traffic Processing 5Multicast
Boundary 7
Understanding How IPv4 Bidirectional PIM Works 7
Default IPv4 Multicast Layer 3 Switching Configuration 7
IPv4 Multicast Layer 3 Switching Configuration Guidelines and
Restrictions 8Restrictions 8Unsupported Features 9
Configuring IPv4 Multicast Layer 3 Switching 9Source-Specific
Multicast with IGMPv3, IGMP v3lite, and URD 10Enabling IPv4
Multicast Routing Globally 10Enabling IPv4 PIM on Layer 3
Interfaces 10Enabling IP Multicast Layer 3 Switching Globally
11Enabling IP Multicast Layer 3 Switching on Layer 3 Interfaces
11Configuring the Replication Mode 12Enabling Local Egress
Replication 14Configuring the Layer 3 Switching Global Threshold
15Enabling Installation of Directly Connected Subnets 1513Cisco
7600 Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
ContentsSpecifying the Flow Statistics Message Interval
16Enabling Shortcut-Consistency Checking 16Configuring ACL-Based
Filtering of RPF Failures 17Displaying RPF Failure Rate-Limiting
Information 17Configuring Multicast Boundary 18Displaying IPv4
Multicast Layer 3 Hardware Switching Summary 18Displaying the IPv4
Multicast Routing Table 21Displaying IPv4 Multicast Layer 3
Switching Statistics 22
Configuring IPv4 Bidirectional PIM 23Enabling IPv4 Bidirectional
PIM Globally 23Configuring the Rendezvous Point for IPv4
Bidirectional PIM Groups 24Setting the IPv4 Bidirectional PIM Scan
Interval 24Displaying IPv4 Bidirectional PIM Information 25Using
IPv4 Debug Commands 27Clearing IPv4 Multicast Layer 3 Switching
Statistics 27Redundancy for Multicast Traffic 28
Configuring MLDv2 Snooping for IPv6 Multicast Traffic 1
Understanding How MLDv2 Snooping Works 2MLDv2 Snooping Overview
2MLDv2 Messages 3Source-Based Filtering 3Explicit Host Tracking
3MLDv2 Snooping Proxy Reporting 4Joining an IPv6 Multicast Group
4Leaving a Multicast Group 6Understanding the MLDv2 Snooping
Querier 7
Default MLDv2 Snooping Configuration 8
MLDv2 Snooping Configuration Guidelines and Restrictions 8
MLDv2 Snooping Querier Configuration Guidelines and Restrictions
8
Enabling the MLDv2 Snooping Querier 9
Configuring MLDv2 Snooping 10Enabling MLDv2 Snooping
10Configuring a Static Connection to a Multicast Receiver
11Configuring a Multicast Router Port Statically 11Configuring the
MLD Snooping Query Interval 12Enabling Fast-Leave Processing
1314Cisco 7600 Series Router Cisco IOS Software Configuration
Guide, Release 12.2SX
OL-4266-08
-
ContentsEnabling SSM Safe Reporting 13Configuring Explicit Host
Tracking 14Configuring Report Suppression 14Displaying MLDv2
Snooping Information 15
Configuring IGMP Snooping for IPv4 Multicast Traffic 1
Understanding How IGMP Snooping Works 1IGMP Snooping Overview
2Joining a Multicast Group 2Leaving a Multicast Group
4Understanding the IGMP Snooping Querier 5Understanding IGMP
Version 3 Support 5
Default IGMP Snooping Configuration 7
IGMP Snooping Configuration Guidelines and Restrictions 8
IGMP Snooping Querier Configuration Guidelines and Restrictions
8
Enabling the IGMP Snooping Querier 9
Configuring IGMP Snooping 9Enabling IGMP Snooping 10Configuring
a Static Connection to a Multicast Receiver 11Configuring a
Multicast Router Port Statically 11Configuring the IGMP Snooping
Query Interval 11Enabling IGMP Fast-Leave Processing 12Configuring
Source Specific Multicast (SSM) Mapping 12Enabling SSM Safe
Reporting 13Configuring IGMPv3 Explicit Host Tracking 13Displaying
IGMP Snooping Information 14
Configuring PIM Snooping 1
Understanding How PIM Snooping Works 1
Default PIM Snooping Configuration 4
PIM Snooping Configuration Guidelines and Restrictions 4
Configuring PIM Snooping 5Enabling PIM Snooping Globally
5Enabling PIM Snooping in a VLAN 5Disabling PIM Snooping
Designated-Router Flooding 615Cisco 7600 Series Router Cisco IOS
Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsConfiguring RGMP 1
Understanding How RGMP Works 1
Default RGMP Configuration 2
RGMP Configuration Guidelines and Restrictions 2
Enabling RGMP on Layer 3 Interfaces 3
Configuring Network Security 1
Configuring MAC Address-Based Traffic Blocking 2
Configuring TCP Intercept 2
Configuring Unicast Reverse Path Forwarding Check 2Understanding
PFC3 Unicast RPF Check Support 2Understanding PFC2 Unicast RPF
Check Support 3Unicast RPF Check Guidelines and Restrictions
3Configuring Unicast RPF Check 3
Understanding Cisco IOS ACL Support 1
Cisco IOS ACL Configuration Guidelines and Restrictions 1
Hardware and Software ACL Support 2
Configuring IPv6 Address Compression 3
Optimized ACL Logging with a PFC3 5Understanding OAL 5OAL
Guidelines and Restrictions 5Configuring OAL 6
Guidelines and Restrictions for Using Layer 4 Operators in ACLs
7Determining Layer 4 Operation Usage 8Determining Logical Operation
Unit Usage 8
Configuring VLAN ACLs 1
Understanding VACLs 1VACL Overview 2Bridged Packets 2Routed
Packets 3Multicast Packets 4
Configuring VACLs 4VACL Configuration Overview 5Defining a VLAN
Access Map 5Configuring a Match Clause in a VLAN Access Map
Sequence 6Configuring an Action Clause in a VLAN Access Map
Sequence 716Cisco 7600 Series Router Cisco IOS Software
Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsApplying a VLAN Access Map 8Verifying VLAN Access Map
Configuration 8VLAN Access Map Configuration and Verification
Examples 9Configuring a Capture Port 9
Configuring VACL Logging 11
Configuring Denial of Service Protection 1
Understanding How DoS Protection Works 2DoS Protection with a
PFC2 2DoS Protection with a PFC3 10
DoS Protection Default Configuration 21
DoS Protection Configuration Guidelines and Restrictions 22PFC2
22PFC3 23Monitoring Packet Drop Statistics 24Displaying
Rate-Limiter Information 26
Understanding How Control Plane Policing Works 28
CoPP Default Configuration 28
CoPP Configuration Guidelines and Restrictions 28
Configuring CoPP 29
Monitoring CoPP 31
Defining Traffic Classification 32Traffic Classification
Overview 32Traffic Classification Guidelines 33Sample Basic ACLs
for CoPP Traffic Classification 33
Configuring Sticky ARP 34
Configuring DHCP Snooping 1
Understanding DHCP Snooping 1Overview of DHCP Snooping 2Trusted
and Untrusted Sources 2DHCP Snooping Binding Database 2Packet
Validation 3DHCP Snooping Option-82 Data Insertion 3Overview of the
DHCP Snooping Database Agent 5
Default Configuration for DHCP Snooping 617Cisco 7600 Series
Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsDHCP Snooping Configuration Restrictions and Guidelines
7DHCP Snooping Configuration Restrictions 7DHCP Snooping
Configuration Guidelines 7Minimum DHCP Snooping Configuration 8
Configuring DHCP Snooping 9Enabling DHCP Snooping Globally
9Enabling DHCP Option-82 Data Insertion 10Enabling the DHCP
Option-82 on Untrusted Port Feature 10Enabling DHCP Snooping MAC
Address Verification 11Enabling DHCP Snooping on VLANs
12Configuring the DHCP Trust State on Layer 2 LAN Interfaces
13Configuring DHCP Snooping Rate Limiting on Layer 2 LAN Interfaces
14Configuring the DHCP Snooping Database Agent 14Configuration
Examples for the Database Agent 15Displaying a Binding Table 18
Configuring Dynamic ARP Inspection 1
Understanding DAI 1Understanding ARP 2Understanding ARP Spoofing
Attacks 2Understanding DAI and ARP Spoofing Attacks 2Interface
Trust States and Network Security 3Rate Limiting of ARP Packets
4Relative Priority of ARP ACLs and DHCP Snooping Entries 4Logging
of Dropped Packets 5
Default DAI Configuration 5
DAI Configuration Guidelines and Restrictions 6
Configuring DAI 6Enabling DAI on VLANs 7Configuring the DAI
Interface Trust State 8Applying ARP ACLs for DAI Filtering
8Configuring ARP Packet Rate Limiting 9Enabling DAI Error-Disabled
Recovery 11Enabling Additional Validation 11Configuring DAI Logging
13Displaying DAI Information 15
DAI Configuration Samples 1618Cisco 7600 Series Router Cisco IOS
Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsSample One: Two Switches Support DAI 16Sample Two: One
Switch Supports DAI 21
Configuring Traffic Storm Control 1
Understanding Traffic Storm Control 1
Default Traffic Storm Control Configuration 3
Traffic Storm Control Guidelines and Restrictions 3
Enabling Traffic Storm Control 4
Displaying Traffic Storm Control Settings 5
Unknown Unicast and Multicast Flood Blocking 1
Understanding UUFB or UMFB 1
Configuring UUFB 2
Configuring PFC QoS 1
Understanding How PFC QoS Works 2Port Types Supported by PFC QoS
2Overview 2Component Overview 6Understanding Classification and
Marking 17Policers 20Understanding Port-Based Queue Types 23
PFC QoS Default Configuration 30PFC QoS Global Settings
30Default Values With PFC QoS Enabled 31Default Values With PFC QoS
Disabled 50
PFC QoS Configuration Guidelines and Restrictions 50General
Guidelines 51PFC3 Guidelines 53PFC2 Guidelines 53Class Map Command
Restrictions 54Policy Map Command Restrictions 54Policy Map Class
Command Restrictions 54Supported Granularity for CIR and PIR Rate
Values 55Supported Granularity for CIR and PIR Token Bucket Sizes
55IP Precedence and DSCP Values 56
Configuring PFC QoS 5619Cisco 7600 Series Router Cisco IOS
Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsEnabling PFC QoS Globally 57Enabling Ignore Port Trust
58Configuring DSCP Transparency 59Enabling Queueing-Only Mode
60Enabling Microflow Policing of Bridged Traffic 60Enabling
VLAN-Based PFC QoS on Layer 2 LAN Ports 61Enabling Egress ACL
Support for Remarked DSCP 62Creating Named Aggregate Policers
63Configuring a PFC QoS Policy 65Configuring Egress DSCP Mutation
on a PFC3 83Configuring Ingress CoS Mutation on IEEE 802.1Q Tunnel
Ports 85Configuring DSCP Value Maps 87Configuring the Trust State
of Ethernet LAN and OSM Ports 91Configuring the Ingress LAN Port
CoS Value 93Configuring Standard-Queue Drop Threshold Percentages
93Mapping QoS Labels to Queues and Drop Thresholds 99Allocating
Bandwidth Between Standard Transmit Queues 109Setting the
Receive-Queue Size Ratio 111Configuring the Transmit-Queue Size
Ratio 112
Common QoS Scenarios 113Sample Network Design Overview
113Classifying Traffic from PCs and IP Phones in the Access Layer
114Accepting the Traffic Priority Value on Interswitch Links
117Prioritizing Traffic on Interswitch Links 118Using Policers to
Limit the Amount of Traffic from a PC 121
PFC QoS Glossary 123
Configuring PFC3BXL or PFC3B Mode MPLS QoS 1
Terminology 2
PFC3BXL or PFC3B Mode MPLS QoS Features 3MPLS Experimental Field
3Trust 3Classification 3Policing and Marking 4Preserving IP ToS
4EXP Mutation 4MPLS DiffServ Tunneling Modes 420Cisco 7600 Series
Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsPFC3BXL or PFC3B Mode MPLS QoS Overview 5Specifying the
QoS in the IP Precedence Field 5
PFC3BXL or PFC3B Mode MPLS QoS 5LERs at the Input Edge of an
MPLS Network 6LSRs in the Core of an MPLS Network 7LERs at the
Output Edge of an MPLS Network 7
Understanding PFC3BXL or PFC3B Mode MPLS QoS 8LERs at the EoMPLS
Edge 8LERs at the IP Edge (MPLS, MPLS VPN) 9LSRs at the MPLS Core
13
PFC3BXL or PFC3B MPLS QoS Default Configuration 15
MPLS QoS Commands 16
PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines
17
Configuring PFC3BXL or PFC3B Mode MPLS QoS 18Enabling QoS
Globally 18Enabling Queueing-Only Mode 19Configuring a Class Map to
Classify MPLS Packets 20Configuring the MPLS Packet Trust State on
Ingress Ports 22Configuring a Policy Map 23Displaying a Policy Map
28Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation
29Configuring EXP Value Maps 31
MPLS DiffServ Tunneling Modes 32Short Pipe Mode 32Uniform Mode
33MPLS DiffServ Tunneling Restrictions and Usage Guidelines 35
Configuring Short Pipe Mode 35Ingress PE RouterCustomer Facing
Interface 35Configuring Ingress PE RouterP Facing Interface
36Configuring the P RouterOutput Interface 38Configuring the Egress
PE RouterCustomer Facing Interface 39
Configuring Uniform Mode 40Configuring the Ingress PE
RouterCustomer Facing Interface 40Configuring the Ingress PE
RouterP Facing Interface 41Configuring the Egress PE RouterCustomer
Facing Interface 4221Cisco 7600 Series Router Cisco IOS Software
Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsConfiguring PFC QoS Statistics Data Export 1
Understanding PFC QoS Statistics Data Export 1
PFC QoS Statistics Data Export Default Configuration 2
Configuring PFC QoS Statistics Data Export 2
Configuring the Cisco IOS Firewall Feature Set 1
Cisco IOS Firewall Feature Set Support Overview 1
Cisco IOS Firewall Guidelines and Restrictions 2
Additional CBAC Configuration 3
Configuring Network Admission Control 1
Understanding NAC 1NAC Overview 2NAC Device Roles 3AAA Down
Policy 4NAC Layer 2 IP Validation 4
Configuring NAC 12Default NAC Configuration 12NAC Layer 2 IP
Guidelines, Limitations, and Restrictions 12Configuring NAC Layer 2
IP Validation 13Configuring EAPoUDP 17Configuring Identity Profiles
and Policies 17Configuring a NAC AAA Down Policy 18
Monitoring and Maintaining NAC 22Clearing Table Entries
22Displaying NAC Information 22
Configuring IEEE 802.1X Port-Based Authentication 1
Understanding 802.1X Port-Based Authentication 1Device Roles
2Authentication Initiation and Message Exchange 3Ports in
Authorized and Unauthorized States 4Supported Topologies 5
Default 802.1X Port-Based Authentication Configuration 6
802.1X Port-Based Authentication Guidelines and Restrictions
6
Configuring 802.1X Port-Based Authentication 722Cisco 7600
Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
ContentsEnabling 802.1X Port-Based Authentication 7Configuring
Router-to-RADIUS-Server Communication 9Enabling Periodic
Reauthentication 10Manually Reauthenticating the Client Connected
to a Port 11Initializing Authentication for the Client Connected to
a Port 11Changing the Quiet Period 12Changing the Router-to-Client
Retransmission Time 12Setting the Router-to-Client Retransmission
Time for EAP-Request Frames 13Setting the
Router-to-Authentication-Server Retransmission Time for Layer 4
Packets 14Setting the Router-to-Client Frame Retransmission Number
14Enabling Multiple Hosts 15Resetting the 802.1X Configuration to
the Default Values 15
Displaying 802.1X Status 16
Configuring Port Security 1
Understanding Port Security 1Port Security with Dynamically
Learned and Static MAC Addresses 2Port Security with Sticky MAC
Addresses 3
Default Port Security Configuration 3
Port Security Guidelines and Restrictions 3
Configuring Port Security 4Enabling Port Security 5Configuring
the Port Security Violation Mode on a Port 6Configuring the Port
Security Rate Limiter 7Configuring the Maximum Number of Secure MAC
Addresses on a Port 9Enabling Port Security with Sticky MAC
Addresses on a Port 10Configuring a Static Secure MAC Address on a
Port 11Configuring Secure MAC Address Aging on a Port 12
Displaying Port Security Settings 13
Configuring CDP 1
Understanding How CDP Works 1
Configuring CDP 2Enabling CDP Globally 2Displaying the CDP
Global Configuration 2Enabling CDP on a Port 323Cisco 7600 Series
Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsDisplaying the CDP Interface Configuration 3Monitoring
and Maintaining CDP 3
Configuring UDLD 1
Understanding How UDLD Works 1UDLD Overview 1UDLD Aggressive
Mode 2
Default UDLD Configuration 3
Configuring UDLD 3Enabling UDLD Globally 3Enabling UDLD on
Individual LAN Interfaces 4Disabling UDLD on Fiber-Optic LAN
Interfaces 4Configuring the UDLD Probe Message Interval 5Displaying
Disabled LAN Interfaces 5Displaying UDLD Neighbor Interfaces
5Resetting Disabled LAN Interfaces 5
Configuring NetFlow 1
Understanding NetFlow 1NetFlow Overview 2NetFlow on the MSFC
2NetFlow on the PFC 3
Default NetFlow Configuration 5
NetFlow Configuration Guidelines and Restrictions 5
Configuring NetFlow 6Configuring NetFlow on the PFC 6Configuring
NetFlow on the MSFC 10
Configuring NDE 1
Understanding NDE 2NDE Overview 2NDE on the MSFC 2NDE on the PFC
3
Default NDE Configuration 10
NDE Configuration Guidelines and Restrictions 10
Configuring NDE 10Configuring NDE on the PFC 11Configuring NDE
on the MSFC 1324Cisco 7600 Series Router Cisco IOS Software
Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsEnabling NDE for Ingress-Bridged IP Traffic 15Displaying
the NDE Address and Port Configuration 15Configuring NDE Flow
Filters 16Displaying the NDE Configuration 18
Configuring Local SPAN, RSPAN, and ERSPAN 1
Understanding How Local SPAN, RSPAN, and ERSPAN Work 1Local
SPAN, RSPAN, and ERSPAN Overview 2Local SPAN, RSPAN, and ERSPAN
Sources 5Local SPAN, RSPAN, and ERSPAN Destination Ports 6
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and
Restrictions 6General Guidelines and Restrictions 6Feature
Incompatiblities 7Local SPAN, RSPAN, and ERSPAN Session Limits
8Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions 10VSPAN
Guidelines and Restrictions 11RSPAN Guidelines and Restrictions
11ERSPAN Guidelines and Restrictions 12
Configuring Local SPAN, RSPAN, and ERSPAN 14Configuring
Destination Port Permit Lists (Optional) 14Configuring Local SPAN
15Configuring RSPAN 16Configuring ERSPAN 19Configuring Source VLAN
Filtering for Local SPAN and RSPAN 24Configuring a Destination Port
as an Unconditional Trunk 24Configuring Destination Trunk Port VLAN
Filtering 25Verifying the Configuration 26Configuration Examples
27
Configuring SNMP IfIndex Persistence 1
Understanding SNMP IfIndex Persistence 1
Configuring SNMP IfIndex Persistence 2Enabling SNMP IfIndex
Persistence Globally 2Disabling SNMP IfIndex Persistence Globally
2Enabling and Disabling SNMP IfIndex Persistence on Specific
Interfaces 3Clearing SNMP IfIndex Persistence Configuration from a
Specific Interface 325Cisco 7600 Series Router Cisco IOS Software
Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsPower Management and Environmental Monitoring 1
Understanding How Power Management Works 1Enabling or Disabling
Power Redundancy 2Powering Modules Off and On 3Viewing System Power
Status 4Power Cycling Modules 5Determining System Power
Requirements 5Determining System Hardware Capacity 5Determining
Sensor Temperature Threshold 8
Understanding How Environmental Monitoring Works 10Monitoring
System Environmental Status 10Understanding LED Environmental
Indications 11
Configuring Generic Online Diagnostics 1
Understanding How Online Diagnostics Work 1
Configuring Online Diagnostics 2Setting Bootup Online
Diagnostics Level 2Configuring On-Demand Online Diagnostics
3Scheduling Online Diagnostics 4Configuring Health-Monitoring
Diagnostics 5
Running Online Diagnostic Tests 5Starting and Stopping Online
Diagnostic Tests 6Displaying Online Diagnostic Tests and Test
Results 7
Performing Memory Tests 10
Using the Top N Utility 1
Understanding the Top N Utility 1Top N Utility Overview
1Understanding Top N Utility Operation 2
Using the Top N Utility 2Enabling Top N Utility Report Creation
3Displaying the Top N Utility Reports 3Clearing Top N Utility
Reports 4
Using the Layer 2 Traceroute Utility 1
Understanding the Layer 2 Traceroute Utility 1
Usage Guidelines 2
Using the Layer 2 Traceroute Utility 326Cisco 7600 Series Router
Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsA P P E N D I X A Online Diagnostic Tests 1
Global Health-Monitoring Tests 2TestSPRPInbandPing
2TestScratchRegister 2TestMacNotification 3
Per-Port Tests 3TestNonDisruptiveLoopback 4TestLoopback
4TestActiveToStandbyLoopback 5TestTransceiverIntegrity
5TestNetflowInlineRewrite 5
PFC Layer 2 Forwarding Engine Tests 7TestNewIndexLearn
7TestDontConditionalLearn 7TestBadBpduTrap 8TestMatchCapture
8TestStaticEntry 9
DFC Layer 2 Forwarding Engine Tests 9TestDontLearn 9TestNewLearn
10TestIndexLearn 10TestConditionalLearn 11TestTrap 11TestBadBpdu
12TestProtocolMatchChannel 13TestCapture 13TestStaticEntry 14
PFC Layer 3 Forwarding Engine Tests 14TestFibDevices
14TestIPv4FibShortcut 15TestIPv6FibShortcut 15TestMPLSFibShortcut
16TestNATFibShortcut 16TestL3Capture2 17TestAclPermit 17TestAclDeny
18TestNetflowShortcut 18TestQoS 18
DFC Layer 3 Forwarding Engine Tests 1927Cisco 7600 Series Router
Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsTestFibDevices 19TestIPv4FibShortcut
20TestIPv6FibShortcut 20TestMPLSFibShortcut 21TestNATFibShortcut
21TestL3Capture2 22TestAclPermit 22TestAclDeny 23TestQoS
23TestNetflowShortcut 24
Replication Engine Tests 24TestL3VlanMet 24TestIngressSpan
25TestEgressSpan 25
Fabric Tests 26TestFabricSnakeForward 26TestFabricSnakeBackward
27TestSynchedFabChannel 27TestFabricCh0Health 28TestFabricCh1Health
28
Exhaustive Memory Tests 28TestFibTcamSSRAM 29TestAsicMemory
29TestAclQosTcam 30TestNetflowTcam 30TestQoSTcam 30
IPSEC Services Modules Tests 32TestIPSecClearPkt
32TestHapiEchoPkt 32TestIPSecEncryptDecryptPkt 33
Stress Tests 33TestTrafficStress 33TestEobcStressPing 34
Critical Recovery Tests 34TestL3HealthMonitoring
34TestTxPathMonitoring 35TestSynchedFabChannel 35
General Tests 36ScheduleSwitchover 3628Cisco 7600 Series Router
Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
-
ContentsTestFirmwareDiagStatus 36
A P P E N D I X A Acronyms 1
IN D E X29Cisco 7600 Series Router Cisco IOS Software
Configuration Guide, Release 12.2SX
OL-4266-08
-
Preface
This preface describes who should read the Cisco 7600 Series
Router Cisco IOS Software Configuration Guide, Release 12.2SX, how
it is organized, and its document conventions.
Tip For additional information (including configuration examples
and troubleshooting information), see the documents listed on this
page:
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
AudienceThis guide is for experienced network administrators who
are responsible for configuring and maintaining Cisco 7600 series
routers.
Related DocumentationThe following publications are available
for the Cisco 7600 series routers:
Cisco 7600 Series Router Installation Guide
Cisco 7600 Series Router Module Installation Guide
Cisco IOS Master Command List, Release 12.2SX
Cisco 7600 Series Router Cisco IOS System Message Guide
Release Notes for Cisco IOS Release 12.2SX on the Supervisor
Engine 720, Supervisor Engine 32, and Supervisor Engine 2
Cisco IOS Configuration Guides and Command ReferencesUse these
publications to help you configure Cisco IOS software features not
described in the Cisco 7600 series router publications:
Configuration Fundamentals Configuration Guide
Configuration Fundamentals Command Reference
Bridging and IBM Networking Configuration Guide
Bridging and IBM Networking Command Reference
Interface Configuration Guide 30Cisco 7600 Series Router Cisco
IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
-
PrefaceConventions Interface Command Reference
Network Protocols Configuration Guide, Part 1, 2, and 3
Network Protocols Command Reference, Part 1, 2, and 3
Security Configuration Guide
Security Command Reference
Switching Services Configuration Guide
Switching Services Command Reference
Voice, Video, and Home Applications Configuration Guide
Voice, Video, and Home Applications Command Reference
Software Command Summary
Software System Error Messages
Debug Command Reference
Internetwork Design Guide
Internetwork Troubleshooting Guide
Configuration Builder Getting Started Guide
The Cisco IOS Configuration Guides and Command References are
located at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html
For information about MIBs, go to this URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
ConventionsThis document uses the following conventions:
Convention Description
boldface font Commands, command options, and keywords are in
boldface.
italic font Arguments for which you supply values are in
italics.
[ ] Elements in square brackets are optional.
{ x | y | z } Alternative keywords are grouped in braces and
separated by vertical bars.
[ x | y | z ] Optional alternative keywords are grouped in
brackets and separated by vertical bars.
string A nonquoted set of characters. Do not use quotation marks
around the string or the string will include the quotation
marks.
screen font Terminal sessions and information the system
displays are in screen font.
boldface screen font
Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in
italic screen font.
This pointer highlights an important line of text in an
example.31Cisco 7600 Series Router Cisco IOS Software Configuration
Guide, Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
-
PrefaceConventionsNotes use the following conventions:
Note Means reader take note. Notes contain helpful suggestions
or references to material not covered in the publication.
Cautions use the following conventions:
Caution Means reader be careful. In this situation, you might do
something that could result in equipment damage or loss of
data.
Obtaining Documentation and Submitting a Service RequestFor
information on obtaining documentation, submitting a service
request, and gathering additional information, see the monthly
Whats New in Cisco Product Documentation, which also lists all new
and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the Whats New in Cisco Product Documentation as a
Really Simple Syndication (RSS) feed and set content to be
delivered directly to your desktop using a reader application. The
RSS feeds are a free service and Cisco currently supports RSS
Version 2.0.
Tip For additional information (including configuration examples
and troubleshooting information), see the documents listed on this
page:
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
^ The symbol ^ represents the key labeled Controlfor example,
the key combination ^D in a screen display means hold down the
Control key while you press the D key.
< > Nonprinting characters, such as passwords are in angle
brackets.
Convention Description32Cisco 7600 Series Router Cisco IOS
Software Configuration Guide, Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.htmlhttp://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
-
Cisco 7600 Series Router Cisco IOS SoftwaOL-4266-08C H A P T E R
1
Product Overview
This chapter consists of these sections:
Supported Hardware and Software, page 1-1
User Interfaces, page 1-1
Configuring Embedded CiscoView Support, page 1-2
Software Features Supported in Hardware by the PFC and DFC, page
1-3
Tip For additional information (including configuration examples
and troubleshooting information), see the documents listed on this
page:
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
Supported Hardware and Software For complete information about
the chassis, modules, and software features supported by the Cisco
7600 series routers, refer to the Release Notes for Cisco IOS
Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32,
and Supervisor Engine 2.
User InterfacesRelease 12.2SX supports configuration using the
following interfaces:
CLISee Chapter 2, Command-Line Interfaces.
SNMPRefer to the Release 12.2 IOS Configuration Fundamentals
Configuration Guide and Command Reference at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
Cisco IOS web browser interfaceRefer to Using the Cisco Web
Browser in the IOS Configuration Fundamentals Configuration Guide
at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html
Embedded CiscoViewSee the Configuring Embedded CiscoView Support
section on page 1-2.1-1re Configuration Guide, Release 12.2SX
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/OL_4164.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/OL_4164.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html
-
Chapter 1 Product OverviewConfiguring Embedded CiscoView
SupportConfiguring Embedded CiscoView SupportThese sections
describe configuring Embedded CiscoView support:
Understanding Embedded CiscoView, page 1-2
Installing and Configuring Embedded CiscoView, page 1-2
Displaying Embedded CiscoView Information, page 1-3
Understanding Embedded CiscoViewThe Embedded CiscoView network
management system is a web-based interface that uses HTTP and SNMP
to provide a graphical representation of the router and to provide
a GUI-based management and configuration interface. You can
download the Java Archive (JAR) files for Embedded CiscoView at
this URL:
http://www.cisco.com/cgi-bin/Software/CiscoView/cvplanner.cgi
Installing and Configuring Embedded CiscoViewTo install and
configure Embedded CiscoView, perform this task:
Note The default password for accessing the router web page is
the enable-level password of the router.
Command Purpose
Step 1 Router# dir device_name Displays the contents of the
device.
If you are installing Embedded CiscoView for the first time, or
if the CiscoView directory is empty, skip to Step 4.
Step 2 Router# delete device_name:cv/* Removes existing files
from the CiscoView directory.
Step 3 Router# squeeze device_name: Recovers the space in the
file system.
Step 4 Router# archive tar /xtract tftp://
ip_address_of_tftp_server/ciscoview.tar device_name:cv
Extracts the CiscoView files from the tar file on the TFTP
server to the CiscoView directory.
Step 5 Router# dir device_name: Displays the contents of the
device.
In a redundant configuration, repeat Step 1 through Step 5 for
the file system on the redundant supervisor engine.
Step 6 Router# configure terminal Enters global configuration
mode.
Step 7 Router(config)# ip http server Enables the HTTP web
server.
Step 8 Router(config)# snmp-server community string ro
Configures the SNMP password for read-only operation.
Step 9 Router(config)# snmp-server community string rw
Configures the SNMP password for read/write operation.1-2Cisco 7600
Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
http://www.cisco.com/cgi-bin/Software/CiscoView/cvplanner.cgi
-
Chapter 1 Product OverviewSoftware Features Supported in
Hardware by the PFC and DFCFor more information about web access to
the router, refer to Using the Cisco Web Browser in the IOS
Configuration Fundamentals Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html
Displaying Embedded CiscoView InformationTo display the Embedded
CiscoView information, enter the following EXEC commands:
Software Features Supported in Hardware by the PFC and DFC These
sections describe the hardware support provided by Policy Feature
Card 3 (PFC3), Policy Feature Card 2 (PFC2), Distributed Forwarding
Card 3 (DFC3) and Distributed Forwarding Card (DFC):
Software Features Supported in Hardware by the PFC3, PFC2, DFC3,
and DFC, page 1-3
Software Features Supported in Hardware by the PFC3 and DFC3,
page 1-4
Software Features Supported in Hardware by the PFC3, PFC2, DFC3,
and DFC
The PFC3, PFC2, DFC3, and DFC provide hardware support for these
Cisco IOS software features:
Access Control Lists (ACLs) for Layer 3 ports and VLAN
interfaces
Permit and deny actions of input and output standard and
extended ACLs
Note Flows that require ACL logging are processed in software on
the MSFC.
Except on MPLS interfaces, reflexive ACL flows after the first
packet in a session is processed in software on the MSFC
Dynamic ACL flows
Note Idle timeout is processed in software on the MSFC.
For more information about PFC and DFC support for ACLs, see
Chapter 34, Understanding Cisco IOS ACL Support.
For complete information about configuring ACLs, refer to the
Cisco IOS Security Configuration Guide, Release 12.2, Traffic
Filtering and Firewalls, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html
VLAN ACLs (VACLs)To configure VACLs, see Chapter 35, Configuring
VLAN ACLs.
Command Purpose
Router# show ciscoview package Displays information about the
Embedded CiscoView files.
Router# show ciscoview version Displays the Embedded CiscoView
version.1-3Cisco 7600 Series Router Cisco IOS Software
Configuration Guide, Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html
-
Chapter 1 Product OverviewSoftware Features Supported in
Hardware by the PFC and DFC Policy-based routing (PBR) for
route-map sequences that use the match ip address, set ip next-hop,
and ip default next-hop PBR keywords.
To configure PBR, refer to the Cisco IOS Quality of Service
Solutions Configuration Guide, Release 12.2, Classification,
Configuring Policy-Based Routing, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.html
Note If the MSFC3 address falls within the range of a PBR ACL,
traffic addressed to the MSFC3 is policy routed in hardware instead
of being forwarded to the MSFC3. To prevent policy routing of
traffic addressed to the MSFC3, configure PBR ACLs to deny traffic
addressed to the MSFC3.
Except on MPLS interfaces, TCP interceptTo configure TCP
intercept, see the Configuring TCP Intercept section on page
33-2.
Firewall feature set images provide these features:
Context-Based Access Control (CBAC) The PFC installs entries in
the NetFlow table to direct flows that require CBAC to the MSFC
where the CBAC is applied in software on the MSFC.
Authentication ProxyAfter authentication on the MSFC, the PFC
provides TCAM support for the authentication policy.
Port-to-Application Mapping (PAM)PAM is done in software on the
MSFC.
To configure firewall features, see Chapter 44, Configuring the
Cisco IOS Firewall Feature Set.
Hardware-assisted NetFlow AggregationSee Understanding NDE
section on page 51-2.
Software Features Supported in Hardware by the PFC3 and DFC3
The PFC3 and DFC3 provide hardware support for these Cisco IOS
software features:
Bidirectional Protocol Independent Multicast (PIM) in
hardwareSee Understanding How IPv4 Bidirectional PIM Works section
on page 28-7.
Multiple-path Unicast Reverse Path Forwarding (RPF) CheckTo
configure Unicast RPF Check, see the Configuring Unicast Reverse
Path Forwarding Check section on page 33-2.
Except on MPLS interfaces, Network Address Translation (NAT) for
IPv4 unicast and multicast traffic.
Note the following information about hardware-assisted NAT:
NAT of UDP traffic is supported only in PFC3BXL or PFC3B
mode.
The PFC3 does not support NAT of multicast traffic.
The PFC3 does not support NAT configured with a route-map that
specifies length.
When you configure NAT and NDE on an interface, the PFC3 sends
all traffic in fragmented packets to the MSFC3 to be processed in
software. (CSCdz51590)
To configure NAT, refer to the Cisco IOS IP Configuration Guide,
Release 12.2, IP Addressing and Services, Configuring IP
Addressing, Configuring Network Address Translation, at this
URL:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html
1-4Cisco 7600 Series Router Cisco IOS Software Configuration Guide,
Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html
-
Chapter 1 Product OverviewSoftware Features Supported in
Hardware by the PFC and DFCTo prevent a significant volume of NAT
traffic from being sent to the MSFC3, due to either a DoS attack or
a misconfiguration, enter the mls rate-limit unicast acl {ingress |
egress} command described at this URL:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m2.html#mls_rate-limit_unicast_acl
(CSCea23296)
With Release 12.2(18)SXE and later releases, IPv4 Multicast over
point-to-point generic route encapsulation (GRE) TunnelsRefer to
the publication at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.html
Releases earlier than Release 12.2(18)SXE support IPv4 multicast
over point-to-point GRE tunnels in software on the MSFC.
Note The PFC3 does not provide hardware acceleration for tunnels
configured with the tunnel key command.
GRE Tunneling and IP in IP TunnelingThe PFC3 and DFC3s support
the following tunnel commands:
tunnel destination
tunnel mode gre
tunnel mode ipip
tunnel source
tunnel ttl
tunnel tos
Other supported types of tunneling run in software on the
MSFC3.
The tunnel ttl command (default 255) sets the TTL of
encapsulated packets.
The tunnel tos command, if present, sets the ToS byte of a
packet when it is encapsulated. If the tunnel tos command is not
present and QoS is not enabled, the ToS byte of a packet sets the
ToS byte of the packet when it is encapsulated. If the tunnel tos
command is not present and QoS is enabled, the ToS byte of a packet
as modified by PFC QoS sets the ToS byte of the packet when it is
encapsulated.
To configure GRE Tunneling and IP in IP Tunneling, refer to
these publications:
http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.html
http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoip.html
To configure the tunnel tos and tunnel ttl commands, refer to
this publication:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html
1-5Cisco 7600 Series Router Cisco IOS Software Configuration Guide,
Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m2.html#mls_rate-limit_unicast_aclhttp://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m2.html#mls_rate-limit_unicast_aclhttp://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoip.htmlhttp://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html
-
Chapter 1 Product OverviewSoftware Features Supported in
Hardware by the PFC and DFCNote the following information about
tunnels:
Each hardware-assisted tunnel must have a unique source.
Hardware-assisted tunnels cannot share a source even if the
destinations are different. Use secondary addresses on loopback
interfaces or create multiple loopback interfaces. (CSCdy72539)
Each tunnel interface uses one internal VLAN.
Each tunnel interface uses one additional router MAC address
entry per router MAC address.
The PFC3A does not support any PFC QoS features on tunnel
interfaces.
The PFC3B and PFC3BXL support PFC QoS features on tunnel
interfaces.
The MSFC3 supports tunnels configured with egress features on
the tunnel interface. Examples of egress features are output Cisco
IOS ACLs, NAT (for inside to outside translation), TCP intercept,
CBAC, and encryption.
Tip For additional information (including configuration examples
and troubleshooting information), see the documents listed on this
page:
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
1-6Cisco 7600 Series Router Cisco IOS Software Configuration Guide,
Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
-
Cisco 7600 Series Router Cisco IOS SoftwaOL-4266-08C H A P T E R
2
Command-Line Interfaces
This chapter describes the command-line interfaces (CLIs) you
use to configure the routers supported by Cisco IOS Release
12.2SX.
Note For complete syntax and usage information for the commands
used in this chapter, see these publications:
The Cisco IOS Master Command List, Release 12.2SX at this
URL:
http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html
The Release 12.2 publications at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html
This chapter consists of these sections:
Accessing the CLI, page 2-2
Performing Command Line Processing, page 2-3
Performing History Substitution, page 2-4
Cisco IOS Command Modes, page 2-4
Displaying a List of Cisco IOS Commands and Syntax, page 2-5
Securing the CLI, page 2-6
ROM-Monitor Command-Line Interface, page 2-7
Tip For additional information (including configuration examples
and troubleshooting information), see the documents listed on this
page:
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
2-1re Configuration Guide, Release 12.2SX
http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
-
Chapter 2 Command-Line InterfacesAccessing the CLIAccessing the
CLIThese sections describe accessing the CLI:
Accessing the CLI through the EIA/TIA-232 Console Interface,
page 2-2
Accessing the CLI through Telnet, page 2-2
Accessing the CLI through the EIA/TIA-232 Console Interface
Note EIA/TIA-232 was known as recommended standard 232 (RS-232)
before its acceptance as a standard by the Electronic Industries
Alliance (EIA) and Telecommunications Industry Association
(TIA).
Perform initial configuration over a connection to the
EIA/TIA-232 console interface. See the Cisco 7600 Series Router
Module Installation Guide for console interface cable connection
procedures.
To make a console connection, perform this task:
After making a console connection, you see this display:
Press Return for Console prompt
Router> enable Password:Router#
Accessing the CLI through Telnet
Note Before you can make a Telnet connection to the router, you
must configure an IP address (see the Configuring IPv4 Routing and
Addresses section on page 22-4).
The router supports up to eight simultaneous Telnet sessions.
Telnet sessions disconnect automatically after remaining idle for
the period specified with the exec-timeout command.
To make a Telnet connection to the router, perform this
task:
Command Purpose
Step 1 Press Return. Brings up the prompt.
Step 2 Router> enable Initiates enable mode enable.
Step 3 Password: password Router#
Completes enable mode enable.
Step 4 Router# quit Exits the session when finished.2-2Cisco
7600 Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
Chapter 2 Command-Line InterfacesPerforming Command Line
ProcessingThis example shows how to open a Telnet session to the
router:
unix_host% telnet Router_1 Trying 172.20.52.40...Connected to
172.20.52.40.Escape character is '^]'.
User Access Verification
Password:Router_1> enable Password:Router_1#
Performing Command Line ProcessingCommands are not case
sensitive. You can abbreviate commands and parameters if the
abbreviations contain enough letters to be different from any other
currently available commands or parameters. You can scroll through
the last 20 commands stored in the history buffer, and enter or
edit the command at the prompt. Table 2-1 lists the keyboard
shortcuts for entering and editing commands.
Command Purpose
Step 1 telnet {hostname | ip_addr} Makes a Telnet connection
from the remote host to the router you want to access.
Step 2 Password: password
Router#
Initiates authentication.
Note If no password has been configured, press Return.
Step 3 Router> enable Initiates enable mode enable.
Step 4 Password: password Router#
Completes enable mode enable.
Step 5 Router# quit Exits the session when finished.
Table 2-1 Keyboard Shortcuts
Keystrokes Purpose
Press Ctrl-B or press the left arrow key1
1. The arrow keys function only on ANSI-compatible terminals
such as VT100s.
Moves the cursor back one character.
Press Ctrl-F or press the right arrow key1
Moves the cursor forward one character.
Press Ctrl-A Moves the cursor to the beginning of the command
line.
Press Ctrl-E Moves the cursor to the end of the command
line.
Press Esc B Moves the cursor back one word.
Press Esc F Moves the cursor forward one word.2-3Cisco 7600
Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
-
Chapter 2 Command-Line InterfacesPerforming History
SubstitutionPerforming History SubstitutionThe history buffer
stores the last 20 commands you entered. History substitution
allows you to access these commands without retyping them, by using
special abbreviated commands. Table 2-2 lists the history
substitution commands.
Cisco IOS Command Modes
Note For complete information about Cisco IOS command modes, see
the Cisco IOS Configuration Fundamentals Configuration Guide at
this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
The Cisco IOS user interface is divided into many different
modes. The commands available to you depend on which mode you are
currently in. To get a list of the commands in a given mode, type a
question mark (?) at the system prompt. See the Displaying a List
of Cisco IOS Commands and Syntax section on page 2-5.
When you start a session on the router, you begin in user mode,
often called user EXEC mode. Only a limited subset of the commands
are available in EXEC mode. To have access to all commands, you
must enter privileged EXEC mode. Normally, you must type in a
password to access privileged EXEC mode. From privileged EXEC mode,
you can type in any EXEC command or access global configuration
mode.
The configuration modes allow you to make changes to the running
configuration. If you later save the configuration, these commands
are stored across reboots. You must start at global configuration
mode. From global configuration mode, you can enter interface
configuration mode, subinterface configuration mode, and a variety
of protocol-specific modes.
Note With Release 12.1(11b)E and later, when you are in
configuration mode you can enter EXEC mode-level commands by
entering the do keyword before the EXEC mode-level command.
Table 2-2 History Substitution Commands
Command Purpose
Ctrl-P or the up arrow key.1
1. The arrow keys function only on ANSI-compatible terminals
such as VT100s.
Recalls commands in the history buffer, beginning with the most
recent command. Repeat the key sequence to recall successively
older commands.
Ctrl-N or the down arrow key.1 Returns to more recent commands
in the history buffer after recalling commands with Ctrl-P or the
up arrow key. Repeat the key sequence to recall successively more
recent commands.
Router# show history While in EXEC mode, lists the last several
commands you have just entered. 2-4Cisco 7600 Series Router Cisco
IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
-
Chapter 2 Command-Line InterfacesDisplaying a List of Cisco IOS
Commands and SyntaxROM-monitor mode is a separate mode used when
the router cannot boot properly. For example, the router might
enter ROM-monitor mode if it does not find a valid system image
when it is booting, or if its configuration file is corrupted at
startup. See the ROM-Monitor Command-Line Interface section on page
2-7.
Table 2-3 lists and describes frequently used Cisco IOS
modes.
The Cisco IOS command interpreter, called the EXEC, interprets
and executes the commands you enter. You can abbreviate commands
and keywords by entering just enough characters to make the command
unique from other commands. For example, you can abbreviate the
show command to sh and the configure terminal command to config
t.
When you type exit, the router backs out one level. To exit
configuration mode completely and return to privileged EXEC mode,
press Ctrl-Z.
Displaying a List of Cisco IOS Commands and SyntaxIn any command
mode, you can display a list of available commands by entering a
question mark (?).
Router> ?
To display a list of commands that begin with a particular
character sequence, type in those characters followed by the
question mark (?). Do not include a space. This form of help is
called word help because it completes a word for you.
Router# co? collect configure connect copy
Table 2-3 Frequently Used Cisco IOS Command Modes
Mode Description of Use How to Access Prompt
User EXEC Connect to remote devices, change terminal settings on
a temporary basis, perform basic tests, and display system
information.
Log in. Router>
Privileged EXEC (enable) Set operating parameters. The
privileged command set includes the commands in user EXEC mode, as
well as the configure command. Use this command to access the other
command modes.
From the user EXEC mode, enter the enable command and the enable
password.
Router#
Global configuration Configure features that affect the system
as a whole.
From the privileged EXEC mode, enter the configure terminal
command.
Router(config)#
Interface configuration Many features are enabled for a
particular interface. Interface commands enable or modify the
operation of an interface.
From global configuration mode, enter the interface type
slot/port command.
Router(config-if)#
Console configuration From the directly connected console or the
virtual terminal used with Telnet, use this configuration mode to
configure the console interface.
From global configuration mode, enter the line console 0
command.
Router(config-line)#2-5Cisco 7600 Series Router Cisco IOS
Software Configuration Guide, Release 12.2SX
OL-4266-08
-
Chapter 2 Command-Line InterfacesSecuring the CLITo display
keywords or arguments, enter a question mark in place of a keyword
or argument. Include a space before the question mark. This form of
help is called command syntax help because it reminds you which
keywords or arguments are applicable based on the command,
keywords, and arguments you have already entered.
For example:
Router# configure ? memory Configure from NV memory network
Configure from a TFTP network host overwrite-network Overwrite NV
memory from TFTP network host terminal Configure from the
terminal
To redisplay a command you previously entered, press the up
arrow key or Ctrl-P. You can continue to press the up arrow key to
see the last 20 commands you entered.
Tip If you are having trouble entering a command, check the
system prompt, and enter the question mark (?) for a list of
available commands. You might be in the wrong command mode or using
incorrect syntax.
Enter exit to return to the previous mode. Press Ctrl-Z or enter
the end command in any mode to immediately return to privileged
EXEC mode.
Securing the CLISecuring access to the CLI prevents unauthorized
users from viewing configuration settings or making configuration
changes that can disrupt the stability of your network or
compromise your network security. You can create a strong and
flexible security scheme for your router by configuring one or more
of these security features:
Protecting access to privileged EXEC commands
At a minimum, you should configure separate passwords for the
user EXEC and privileged EXEC (enable) IOS command modes. You can
further increase the level of security by configuring username and
password pairs to limit access to CLI sessions to specific users.
For more information, see Configuring Security with Passwords,
Privilege Levels, and Login Usernames for CLI Sessions on
Networking Devices at this URL:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli.html
Controlling switch access with RADIUS, TACACS+, or Kerberos
For a centralized and scalable security scheme, you can require
users to be authenticated and authorized by an external security
server running either Remote Authentication Dial-In User Service
(RADIUS), Terminal Access Controller Access-Control System Plus
(TACACS+), or Kerberos.
For more information about RADIUS, see Configuring RADIUS at
this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html
For more information about TACACS+, see Configuring TACACS+ at
this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scftplus.html
For more information about Kerberos, see Configuring Kerberos at
this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfkerb.html
Configuring a secure connection with SSH or HTTPS2-6Cisco 7600
Series Router Cisco IOS Software Configuration Guide, Release
12.2SX
OL-4266-08
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scftplus.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfkerb.html
-
Chapter 2 Command-Line InterfacesROM-Monitor Command-Line
InterfaceTo prevent eavesdropping of your configuration session,
you can use a Secure Shell (SSH) client or a browser that supports
HTTP over Secure Socket Layer (HTTPS) to make an encrypted
connection to the router.
For more information about SSH, see Configuring Secure Shell at
this URL:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_secure_shell_ps6017_TSD_Products_Configuration_Guide_Chapter.html
For more information about HTTPS, see HTTPS - HTTP Server and
Client with SSL 3.0 at this URL:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsslsht.html
Copying configuration files securely with SCP
To prevent eavesdropping when copying configuration files or
image files to or from the router, you can use the Secure Copy
Protocol (SCP) to perform an encrypted file transfer. For more
information about SCP, see Secure Copy at this URL:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_copy_ps6017_TSD_Products_Configuration_Guide_Chapter.html
For additional information about securing the CLI, see Cisco IOS
Security Configuration Guide: Securing User Services, Release
12.2SX at this URL:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/12_2sx/sec_securing_user_services_12.2sx_book.html
ROM-Monitor Command-Line InterfaceThe ROM-monitor is a ROM-based
program that executes upon platform power-up, reset, or when a
fatal exception occurs. The router enters ROM-monitor mode if it
does not find a valid software image, if the NVRAM configuration is
corrupted, or if the configuration register is set to enter
ROM-monitor mode. From the ROM-monitor mode, you can load a
software image manually from flash memory, from a network server
file, or from bootflash.
You can also enter ROM-monitor mode by restarting and pressing
the Break key during the first 60 seconds of startup.
Note The Break key is always enabled for 60 seconds after
rebooting, regardless of whether the Break key is configured to be
off by configuration register settings.
To access the ROM-monitor mode through a terminal server, you
can escape to the Telnet prompt and enter the send break command
for your terminal emulation program to break into ROM-monitor
mode.
Once you are in ROM-monitor mode, the prompt changes to rommon
1>. Enter a question mark (?) to see the available ROM-monitor
commands.
For more information about the ROM-monitor commands, see the
Cisco IOS Master Command List, Release 12.2SX. 2-7Cisco 7600 Series
Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_secure_shell_ps6017_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsslsht.htmlhttp://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_copy_ps6017_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/12_2sx/sec_securing_user_services_12.2sx_book.html
-
Chapter 2 Command-Line InterfacesROM-Monitor Command-Line
InterfaceTip For additional information (including configuration
examples and troubleshooting information), see the documents listed
on this page:
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
2-8Cisco 7600 Series Router Cisco IOS Software Configuration Guide,
Release 12.2SX
OL-4266-08
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
-
Cisco 7600 Series Router Cisco IOS SoftwaOL-4266-08C H A P T E R
3
Configuring the Router for the First Time
This chapter contains information about how to initially
configure the Cisco 7600 series router, which supplements the
administration information and procedures in these
publications:
Cisco IOS Configuration Fundamentals Configuration Guide,
Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
Cisco IOS Configuration Fundamentals Configuration Command
Reference, Release 12.2, at this URL:
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_book.html
Note For complete syntax and usage information for the commands
used in this chapter, refer to these publications:
The Cisco IOS Master Command List, Release 12.2SX at this
URL:
http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html
The Release 12.2 publications at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html
This chapter consists of these sections:
Default Configuration, page 3-2
Configuring the Router, page 3-2
Protecting Access to Privileged EXEC Commands, page 3-15
Recovering a Lost Enable Password, page 3-19
Modifying the Supervisor Engine Startup Configuration, page
3-20
Tip For additional information (including configuration examples
and troubleshooting information), see the documents listed on this
page:
http://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
3-1re Configuration Guide, Release 12.2SX
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.htmlhttp://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_book.htmlhttp://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/en/US/products/hw/routers/ps368/tsd_products_support_series_home.html
-
Chapter 3 Configuring the Router for the First TimeDefault
ConfigurationDefault ConfigurationTable 3-1 shows the default
configuration.
Configuring the Router These sections describe how to configure
the router:
Using the Setup Facility or the setup Command, page 3-2
Using Configuration Mode, page 3-10
Checking the Running Configuration Before Saving, page 3-10
Saving the Running Configuration Settings, page 3-11
Reviewing the Configuration, page 3-11
Configuring a Default Gateway, page 3-12
Configuring a Static Route, page 3-12
Configuring a BOOTP Server, page 3-14
Using the Setup Facility or the setup CommandThese sections
describe the setup facility and the setup command:
Setup Overview, page 3-2
Configuring the Global Parameters, page 3-3
Configuring Interfaces, page 3-8
Setup Overview
At initial startup, the router automatically defaults to the
setup facility. (The setup command facility functions exactly the
same as a completely unconfigured system functions when you first
boot it up.) You can run the setup facility by entering the setup
command at the enable prompt (#).
Table 3-1 Default Configuration
Feature Default Value
Administrative connection Normal mode
Global information No value for the following:
System name
System contact
Location
System clock No value for system clock time
Passwords No passwords configured for normal mode or enable mode
(press the Return key)
Prompt Router> 3-2Cisco 7600 Series Router Cisco IOS Software
Configuration Guide, Release 12.2SX
OL-4266-08
-
Chapter 3 Configuring the Router for the First TimeConfiguring
the RouterWhen you enter the setup command, current system
configuration defaults are displayed in square brackets [ ] as you
move through the setup command process and are queried by the
system to make