-
Cisco IOS Software Configuration GuideRelease 12.2(33)SXH and
Later ReleasesAmericas HeadquartersCisco Systems, Inc.170 West
Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408
526-4000
800 553-NETS (6387)Fax: 408 527-0883
Text Part Number: OL-13013-05
http://www.cisco.com
-
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN
THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE
ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION
OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING
PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU
ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an
adaptation of a program developed by the University of California,
Berkeley (UCB) as part of UCBs public domain version of the UNIX
operating system. All rights reserved. Copyright 1981, Regents of
the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES
AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR
TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING
OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco
Ironport, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse
Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence,
Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels,
Flip for Good, Flip Mino, Flip Video, Flip Video (Design),
Flipshare (Design), Flip Ultra, and Welcome to the Human Network
are trademarks; Changing the Way We Work, Live, Play, and Learn,
Cisco Store, and Flip Gift Card are service marks; and Access
Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst,
CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco
Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco
Unity, Collaboration Without Limitation, EtherFast, EtherSwitch,
Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive,
HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort,
the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace,
MeetingPlace Chime Sound, MGX, Networkers, Networking Academy,
Network Registrar, PCNow, PIX, PowerPanels, ProConnect,
ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The
Fastest Way to Increase Your Internet Quotient, TransPath, WebEx,
and the WebEx logo are registered trademarks of Cisco Systems, Inc.
and/or its affiliates in the United States and certain other
countries.
All other trademarks mentioned in this document or website are
the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and
any other company. (0907R)
Cisco IOS Software Configuration Guide, Release 12.2(33)SXH and
Later Releases 20072009, Cisco Systems, Inc. All rights
reserved.
-
COL-13013-05C O N T E N T SPreface xxxvii
Audience xxxvii
Related Documentation xxxvii
Conventions xxxviii
Obtaining Documentation, Obtaining Support, and Security
Guidelines xxxix
C H A P T E R 1 Product Overview 1-1
Supported Hardware and Software 1-1Understanding Supervisor
Engine 720-10GE Memory Devices and Ports 1-1Understanding
Supervisor Engine 720 Memory Devices and Ports 1-2Understanding
Supervisor Engine 32 Memory Devices and Ports 1-4Understanding
ME6500 Flash Memory Devices and Ports 1-5
User Interfaces 1-5
Software Features Supported in Hardware by the PFC and DFC
1-6
P A R T 1 Configuration Fundamentals
C H A P T E R 2 Command-Line Interfaces 2-1
Accessing the CLI 2-1Accessing the CLI through the EIA/TIA-232
Console Interface 2-2Accessing the CLI through Telnet 2-2
Performing Command Line Processing 2-3
Performing History Substitution 2-3
Cisco IOS Command Modes 2-4
Displaying a List of Cisco IOS Commands and Syntax 2-5
Securing the CLI 2-6
ROM-Monitor Command-Line Interface 2-7
C H A P T E R 3 Configuring Smart Port Macros 3-1
Understanding Smart Port Macros 3-1Understanding Cisco-Provided
Smart Port Macros 3-1Understanding User-Created Smart Port Macros
3-2
Configuring Smart Port Macros 3-2iiiisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
-
ContentsSmart Port Macro Default Configuration 3-2Smart Port
Macro Configuration Guidelines 3-3Applying the Cisco-Provided Smart
Port Macros 3-4Configuring User-Created Smart Port Macros 3-13
Displaying Smart Port Macros 3-15
C H A P T E R 4 Configuring Virtual Switching Systems 4-1
Understanding Virtual Switching Systems 4-1VSS Overview 4-2VSS
Redundancy 4-9Multichassis EtherChannels 4-11Packet Handling
4-14System Monitoring 4-17Dual-Active Detection 4-19VSS
Initialization 4-21
VSS Configuration Guidelines and Restrictions 4-24General VSS
Restrictions and Guidelines 4-24VSL Restrictions and Guidelines
4-24Multichassis EtherChannel Restrictions and Guidelines
4-24Dual-Active Detection Restrictions and Guidelines 4-25Service
Module Restrictions and Guidelines 4-25
Configuring a VSS 4-25Converting to a VSS 4-26Displaying VSS
Information 4-33Converting a VSS to Standalone Chassis
4-33Configuring VSS Parameters 4-35Configuring Multichassis
EtherChannels 4-41Configuring Dual-Active Detection 4-43Configuring
Service Modules in a VSS 4-49Viewing Chassis Status and Module
Information in a VSS 4-51
Upgrading a VSS 4-52Performing a Fast Software Upgrade of a VSS
4-52Performing an Enhanced Fast Software Upgrade of a VSS 4-53
P A R T 2 High Availability
C H A P T E R 5 Performing an Enhanced Fast Software Upgrade
5-1
eFSU Overview 5-1eFSU Operation 5-2ivCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsOutage Time and Support Considerations 5-3Reserving
Module Memory 5-3Error Handling for eFSU Preload 5-3
eFSU Guidelines and Limitations 5-4
Performing an Enhanced Fast Software Upgrade 5-4Software Upgrade
Process Summary 5-5Preparing for the Upgrade 5-6Copying the New
Software Image 5-8Loading the New Software onto the Standby
Supervisor Engine 5-8Displaying the Maximum Outage Time for
Installed Modules (Optional) 5-10Forcing a Switchover from Active
to Standby 5-10Accepting the New Software Version and Stopping the
Rollback Process (Optional) 5-12Committing the New Software to the
Standby 5-12Verifying the Software Installation 5-12Aborting the
Upgrade Process 5-14
Upgrading a Non-eFSU Image to an eFSU Image 5-14
C H A P T E R 6 Configuring NSF with SSO Supervisor Engine
Redundancy 6-1
Understanding NSF with SSO Supervisor Engine Redundancy 6-1NSF
with SSO Supervisor Engine Redundancy Overview 6-2SSO Operation
6-2NSF Operation 6-2Cisco Express Forwarding 6-3Multicast MLS NSF
with SSO 6-3Routing Protocols 6-4NSF Benefits and Restrictions
6-8
Supervisor Engine Configuration Synchronization 6-9Supervisor
Engine Redundancy Guidelines and Restrictions 6-9Redundancy
Configuration Guidelines and Restrictions 6-9Hardware Configuration
Guidelines and Restrictions 6-10Configuration Mode Restrictions
6-11
NSF Configuration Tasks 6-11Configuring SSO 6-11Verifying the
Redundancy States 6-12Configuring Multicast MLS NSF with SSO
6-13Verifying Multicast NSF with SSO 6-13Configuring CEF NSF
6-13Verifying CEF NSF 6-14Configuring BGP NSF 6-14vCisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
ContentsVerifying BGP NSF 6-14Configuring OSPF NSF 6-15Verifying
OSPF NSF 6-16Configuring IS-IS NSF 6-17Verifying IS-IS NSF
6-17Configuring EIGRP NSF 6-19Verifying EIGRP NSF 6-19Synchronizing
the Supervisor Engine Configurations 6-20
Copying Files to the Redundant Supervisor Engine 6-20
C H A P T E R 7 Configuring RPR Supervisor Engine Redundancy
7-1
Understanding RPR 7-1Supervisor Engine Redundancy Overview
7-2RPR Operation 7-2Supervisor Engine Configuration Synchronization
7-2
Supervisor Engine Redundancy Guidelines and Restrictions
7-3Redundancy Guidelines and Restrictions 7-3Hardware Configuration
Guidelines and Restrictions 7-3Configuration Mode Restrictions
7-4
Configuring Supervisor Engine Redundancy 7-4Configuring
Redundancy 7-4Synchronizing the Supervisor Engine Configurations
7-5Displaying the Redundancy States 7-5
Performing a Fast Software Upgrade 7-6
Copying Files to the RP 7-7
P A R T 3 Interface and Hardware Components
C H A P T E R 8 Configuring and Monitoring the Switch Fabric
Functionality 8-1Understanding the Switch Fabric Functionality
8-1Configuring the Switch Fabric Functionality 8-3Monitoring the
Switch Fabric Functionality 8-3
C H A P T E R 9 Configuring Interfaces 9-1
Understanding Interface Configuration 9-2
Using the Interface Command 9-2
Configuring a Range of Interfaces 9-4
Defining and Using Interface-Range Macros 9-6viCisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
ContentsConfiguring Optional Interface Features 9-6Configuring
Ethernet Interface Speed and Duplex Mode 9-7Configuring Jumbo Frame
Support 9-10Configuring IEEE 802.3x Flow Control 9-13Configuring
the Port Debounce Timer 9-14Adding a Description for an Interface
9-15
Understanding Online Insertion and Removal 9-16
Monitoring and Maintaining Interfaces 9-16Monitoring Interface
Status 9-16Clearing Counters on an Interface 9-17Resetting an
Interface 9-18Shutting Down and Restarting an Interface 9-18
Checking the Cable Status Using the TDR 9-19
C H A P T E R 10 Configuring UDLD 10-1
Understanding UDLD 10-1UDLD Overview 10-1UDLD Aggressive Mode
10-2
Default UDLD Configuration 10-3
Configuring UDLD 10-3Enabling UDLD Globally 10-3Enabling UDLD on
Individual LAN Interfaces 10-4Disabling UDLD on Fiber-Optic LAN
Interfaces 10-4Configuring the UDLD Probe Message Interval
10-4Resetting Disabled LAN Interfaces 10-5
C H A P T E R 11 Power Management and Environmental Monitoring
11-1
Understanding Power Management 11-1Enabling or Disabling Power
Redundancy 11-2Powering Modules Off and On 11-3Viewing System Power
Status 11-4Power Cycling Modules 11-5Determining System Power
Requirements 11-5Determining System Hardware Capacity
11-5Determining Sensor Temperature Threshold 11-9
Understanding Environmental Monitoring 11-10Monitoring System
Environmental Status 11-10Understanding LED Environmental
Indications 11-12viiCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsC H A P T E R 12 Configuring Online Diagnostics 12-1
Understanding Online Diagnostics 12-1
Configuring Online Diagnostics 12-2Setting Bootup Online
Diagnostics Level 12-2Configuring On-Demand Online Diagnostics
12-2Scheduling Online Diagnostics 12-4Configuring Health-Monitoring
Diagnostics 12-5
Running Online Diagnostic Tests 12-5Starting and Stopping Online
Diagnostic Tests 12-6Running All Online Diagnostic Tests
12-7Displaying Online Diagnostic Tests and Test Results 12-7
Performing Memory Tests 12-12
Diagnostic Sanity Check 12-12
C H A P T E R 13 Configuring Cisco IP Phone Support 13-1
Understanding Cisco IP Phone Support 13-1Cisco IP Phone
Connections 13-2Cisco IP Phone Voice Traffic 13-2Cisco IP Phone
Data Traffic 13-3IP Phone Power Configurations 13-3Other Cisco IP
Phone Features 13-6
Default Cisco IP Phone Support Configuration 13-6
Cisco IP Phone Support Configuration Guidelines and Restrictions
13-7
Configuring Cisco IP Phone Support 13-7Configuring Voice Traffic
Support 13-8Configuring Data Traffic Support 13-9Configuring Inline
Power Support 13-10
P A R T 4 LAN Switching
C H A P T E R 14 Configuring LAN Ports for Layer 2 Switching
14-1
Understanding Layer 2 Switching 14-1Understanding Layer 2
Ethernet Switching 14-1Understanding VLAN Trunks 14-3Layer 2 LAN
Port Modes 14-4
Default Layer 2 LAN Interface Configuration 14-5
Layer 2 LAN Interface Configuration Guidelines and Restrictions
14-5
Configuring LAN Interfaces for Layer 2 Switching 14-6viiiCisco
IOS Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
ContentsConfiguring a LAN Port for Layer 2 Switching
14-7Configuring MAC Address Table Notification 14-8Configuring a
Layer 2 Switching Port as a Trunk 14-9Configuring a LAN Interface
as a Layer 2 Access Port 14-15Configuring a Custom IEEE 802.1Q
EtherType Field Value 14-17
C H A P T E R 15 Configuring Flex Links 15-1
Understanding Flex Links 15-1
Configuring Flex Links 15-2Flex Links Default Configuration
15-2Flex Links Configuration Guidelines and Restrictions
15-2Configuring Flex Links 15-3
Monitoring Flex Links 15-3
C H A P T E R 16 Configuring EtherChannels 16-1
Understanding EtherChannels 16-1EtherChannel Feature Overview
16-1Understanding EtherChannel Configuration 16-2Understanding LACP
1:1 Redundancy 16-4Understanding Port Channel Interfaces
16-4Understanding Load Balancing 16-5
EtherChannel Feature Configuration Guidelines and Restrictions
16-5
Configuring EtherChannels 16-6Configuring Port Channel Logical
Interfaces for Layer 3 EtherChannels 16-7Configuring Channel Groups
16-7Configuring the LACP System Priority and System ID
16-10Configuring EtherChannel Load Balancing 16-10Configuring
EtherChannel Hash-Distribution Algorithm 16-11Configuring the
EtherChannel Min-Links Feature 16-12Configuring LACP 1:1 Redundancy
16-13
C H A P T E R 17 Configuring VTP 17-1
Understanding VTP 17-1Understanding the VTP Domain
17-2Understanding VTP Modes 17-3Understanding VTP Advertisements
17-3Understanding VTP Authentication 17-4Understanding VTP Version
2 17-4Understanding VTP Version 3 17-5ixCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsUnderstanding VTP Pruning 17-6
VLAN Interaction 17-8Interaction Between VTP Version 3 and VTP
Version 2 Devices 17-8Interaction Between VTP Version 3 and VTP
Version 1 Devices 17-8
VTP Default Configuration 17-8
VTP Configuration Guidelines and Restrictions 17-9
Configuring VTP 17-10Configuring VTP Global Parameters
17-10Configuring the VTP Mode 17-15Configuring VTP Mode on a
Per-Port Basis 17-17Displaying VTP Statistics 17-18
C H A P T E R 18 Configuring VLANs 18-1
Understanding VLANs 18-1VLAN Overview 18-1VLAN Ranges
18-2Configurable VLAN Parameters 18-2Understanding Token Ring VLANs
18-3
VLAN Default Configuration 18-6
VLAN Configuration Guidelines and Restrictions 18-7
Configuring VLANs 18-8VLAN Configuration Options 18-9Creating or
Modifying an Ethernet VLAN 18-10Assigning a Layer 2 LAN Interface
to a VLAN 18-11Configuring the Internal VLAN Allocation Policy
18-12Configuring VLAN Translation 18-12Mapping 802.1Q VLANs to ISL
VLANs 18-16Saving VLAN Information 18-17
C H A P T E R 19 Configuring Private VLANs 19-1
Understanding Private VLANs 19-1Private VLAN Domains 19-2Private
VLAN Ports 19-3Primary, Isolated, and Community VLANs 19-3Private
VLAN Port Isolation 19-4IP Addressing Scheme with Private VLANs
19-4Private VLANs Across Multiple Switches 19-5Private VLAN
Interaction with Other Features 19-5xCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsPrivate VLAN Configuration Guidelines and Restrictions
19-6Secondary and Primary VLAN Configuration 19-7Private VLAN Port
Configuration 19-9Limitations with Other Features 19-9
Configuring Private VLANs 19-11Configuring a VLAN as a Private
VLAN 19-11Associating Secondary VLANs with a Primary VLAN
19-12Mapping Secondary VLANs to the Layer 3 VLAN Interface of a
Primary VLAN 19-13Configuring a Layer 2 Interface as a Private VLAN
Host Port 19-15Configuring a Layer 2 Interface as a Private VLAN
Promiscuous Port 19-16
Monitoring Private VLANs 19-17
C H A P T E R 20 Configuring Private Hosts 20-1
Understanding Private Hosts 20-1Isolating Hosts in a VLAN
20-2Restricting Traffic Flow (Using Private Hosts Port Mode and
PACLs) 20-3Port ACLs 20-5
Configuration Guidelines and Limitations 20-5ACL Guidelines
20-6VLANs on the Trunk Port 20-6Interaction with Other Features
20-6Spoofing Protection 20-7Multicast Operation 20-7
Configuring Private Hosts 20-7Configuration Summary 20-8Detailed
Configuration Steps 20-8Configuration Examples 20-10
C H A P T E R 21 Configuring IEEE 802.1Q Tunneling 21-1
Understanding 802.1Q Tunneling 21-1
802.1Q Tunneling Configuration Guidelines and Restrictions
21-3
Configuring 802.1Q Tunneling 21-6Configuring 802.1Q Tunnel Ports
21-6Configuring the Switch to Tag Native VLAN Traffic 21-7
C H A P T E R 22 Configuring Layer 2 Protocol Tunneling 22-1
Understanding Layer 2 Protocol Tunneling 22-1
Configuring Support for Layer 2 Protocol Tunneling 22-2xiCisco
IOS Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
ContentsC H A P T E R 23 Configuring STP and MST 23-1
Understanding STP 23-1STP Overview 23-2Understanding the Bridge
ID 23-2Understanding Bridge Protocol Data Units 23-3Election of the
Root Bridge 23-4STP Protocol Timers 23-4Creating the Spanning Tree
Topology 23-5STP Port States 23-5STP and IEEE 802.1Q Trunks
23-11
Understanding IEEE 802.1w RSTP 23-12Port Roles and the Active
Topology 23-12Rapid Convergence 23-13Synchronization of Port Roles
23-14Bridge Protocol Data Unit Format and Processing 23-15Topology
Changes 23-16Rapid-PVST 23-17
Understanding MST 23-17MST Overview 23-18MST Regions 23-18IST,
CIST, and CST 23-19Hop Count 23-22Boundary Ports
23-22Standard-Compliant MST Implementation 23-23Interoperability
with IEEE 802.1D-1998 STP 23-25
Configuring STP 23-25Default STP Configuration 23-26Enabling STP
23-26Enabling the Extended System ID 23-28Configuring the Root
Bridge 23-29Configuring a Secondary Root Bridge 23-30Configuring
STP Port Priority 23-30Configuring STP Port Cost 23-32Configuring
the Bridge Priority of a VLAN 23-34Configuring the Hello Time
23-34Configuring the Forward-Delay Time for a VLAN 23-35Configuring
the Maximum Aging Time for a VLAN 23-36Enabling Rapid-PVST
23-36
Configuring MST 23-37xiiCisco IOS Software Configuration Guide,
Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsDefault MST Configuration 23-38MST Configuration
Guidelines and Restrictions 23-38Specifying the MST Region
Configuration and Enabling MST 23-39Configuring the Root Bridge
23-40Configuring a Secondary Root Bridge 23-42Configuring Port
Priority 23-42Configuring Path Cost 23-43Configuring the Switch
Priority 23-44Configuring the Hello Time 23-45Configuring the
Forwarding-Delay Time 23-46Configuring the Transmit Hold Count
23-46Configuring the Maximum-Aging Time 23-47Configuring the
Maximum-Hop Count 23-47Specifying the Link Type to Ensure Rapid
Transitions 23-47Designating the Neighbor Type 23-48Restarting the
Protocol Migration Process 23-49
Displaying the MST Configuration and Status 23-49
C H A P T E R 24 Configuring Optional STP Features 24-1
Understanding the Optional STP Features 24-1Understanding STP
Port Types 24-2Understanding PortFast 24-2Understanding Bridge
Assurance 24-3Understanding BPDU Guard 24-5Understanding PortFast
BPDU Filtering 24-5Understanding UplinkFast 24-6Understanding
BackboneFast 24-7Understanding EtherChannel Guard 24-9Understanding
Root Guard 24-9Understanding Loop Guard 24-9Understanding PVST
Simulation 24-11
Configuring the Optional STP Features 24-11Enabling PortFast
24-12Enabling Bridge Assurance 24-13Enabling PortFast BPDU
Filtering 24-14Enabling BPDU Guard 24-15Enabling UplinkFast
24-16Enabling BackboneFast 24-17Enabling EtherChannel Guard
24-17xiiiCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsEnabling Root Guard 24-18Enabling Loop Guard
24-18Configuring PVST Simulation 24-19
Verifying the Optional STP Features 24-20Using the show
spanning-tree Commands 24-20Examples in Release 12.2(33)SXI and
Later Releases 24-21Examples in Releases Earlier Than Release
12.2(33)SXI 24-24
P A R T 5 IP Routing Protocols
C H A P T E R 25 Configuring Layer 3 Interfaces 25-1
Layer 3 Interface Configuration Guidelines and Restrictions
25-1
Configuring Subinterfaces on Layer 3 Interfaces 25-2
Configuring IPv4 Routing and Addresses 25-3
Configuring IPX Routing and Network Numbers 25-7
Configuring AppleTalk Routing, Cable Ranges, and Zones 25-8
Configuring Other Protocols on Layer 3 Interfaces 25-9
C H A P T E R 26 Configuring UDE and UDLR 26-1
Understanding UDE and UDLR 26-1UDE and UDLR Overview
26-1Supported Hardware 26-2Understanding UDE 26-2Understanding UDLR
26-3
Configuring UDE and UDLR 26-3Configuring UDE 26-3Configuring
UDLR 26-6
P A R T 6 Multiprotocol Label Switching
C H A P T E R 27 Configuring Multiprotocol Label Switching
27-1
MPLS 27-1Understanding MPLS 27-2Understanding MPLS 27-2Supported
Hardware Features 27-4Supported Cisco IOS Features 27-5MPLS
Guidelines and Restrictions 27-7MPLS Supported Commands
27-7xivCisco IOS Software Configuration Guide, Release 12.2(33)SXH
and Later Releases
OL-13013-05
-
ContentsConfiguring MPLS 27-7MPLS Per-Label Load Balancing
27-7MPLS Configuration Examples 27-8
VPN Switching 27-9VPN Switching Operation 27-9MPLS VPN
Guidelines and Restrictions 27-11MPLS VPN Supported Commands
27-11Configuring MPLS VPN 27-11MPLS VPN Sample Configuration
27-11
Any Transport over MPLS 27-13AToM Load Balancing
27-13Understanding EoMPLS 27-14EoMPLS Guidelines and Restrictions
27-14Configuring EoMPLS 27-15Configuring MUX-UNI Support on LAN
Cards 27-22
P A R T 7 IP Switching
C H A P T E R 28 Configuring IP Unicast Layer 3 Switching
28-1
Understanding Layer 3 Switching 28-1Understanding Hardware Layer
3 Switching 28-2Understanding Layer 3-Switched Packet Rewrite
28-2
Default Hardware Layer 3 Switching Configuration 28-4
Configuration Guidelines and Restrictions 28-4
Configuring Hardware Layer 3 Switching 28-4
Displaying Hardware Layer 3 Switching Statistics 28-5
P A R T 8 IP Application Services
C H A P T E R 29 Configuring Web Cache Services Using WCCP
29-1
Understanding WCCP 29-2WCCP Overview 29-2Hardware Acceleration
29-2Understanding WCCPv1 Configuration 29-3Understanding WCCPv2
Configuration 29-4WCCPv2 Features 29-5
Restrictions for WCCPv2 29-7
Configuring WCCP 29-7xvCisco IOS Software Configuration Guide,
Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsSpecifying a Version of WCCP 29-8Configuring a Service
Group Using WCCPv2 29-8Excluding Traffic on a Specific Interface
from Redirection 29-9Registering a Router to a Multicast Address
29-10Using Access Lists for a WCCP Service Group 29-10Setting a
Password for a Router and Cache Engines 29-11
Verifying and Monitoring WCCP Configuration Settings 29-11
WCCP Configuration Examples 29-12Changing the Version of WCCP on
a Router Example 29-12Performing a General WCCPv2 Configuration
Example 29-13Running a Web Cache Service Example 29-13Running a
Reverse Proxy Service Example 29-13Registering a Router to a
Multicast Address Example 29-13Using Access Lists Example
29-14Setting a Password for a Router and Cache Engines Example
29-14Verifying WCCP Settings Example 29-14
P A R T 9 IPv6
C H A P T E R 30 Configuring IPv6 Multicast PFC3 and DFC3 Layer
3 Switching 30-1
Features that Support IPv6 Multicast 30-1
IPv6 Multicast Guidelines and Restrictions 30-2
New or Changed IPv6 Multicast Commands 30-3
Configuring IPv6 Multicast Layer 3 Switching 30-3
Using show Commands to Verify IPv6 Multicast Layer 3 Switching
30-3Verifying MFIB Clients 30-4Displaying the Switching Capability
30-4Verifying the (S,G) Forwarding Capability 30-4Verifying the
(*,G) Forwarding Capability 30-5Verifying the Subnet Entry Support
Status 30-5Verifying the Current Replication Mode 30-5Displaying
the Replication Mode Auto-Detection Status 30-5Displaying the
Replication Mode Capabilities 30-5Displaying Subnet Entries
30-5Displaying the IPv6 Multicast Summary 30-6Displaying the
NetFlow Hardware Forwarding Count 30-6Displaying the FIB Hardware
Bridging and Drop Counts 30-7Displaying the Shared and Well-Known
Hardware Adjacency Counters 30-7xviCisco IOS Software Configuration
Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsC H A P T E R 31 Configuring MLD Snooping for IPv6
Multicast Traffic 31-1
Understanding MLD Snooping 31-2MLD Snooping Overview 31-2MLD
Messages 31-3Source-Based Filtering 31-3Explicit Host Tracking
31-3MLD Snooping Proxy Reporting 31-4Joining an IPv6 Multicast
Group 31-4Leaving a Multicast Group 31-6Understanding the MLD
Snooping Querier 31-7
Default MLD Snooping Configuration 31-8
MLD Snooping Configuration Guidelines and Restrictions 31-8
MLD Snooping Querier Configuration Guidelines and Restrictions
31-9
Enabling the MLD Snooping Querier 31-9
Configuring MLD Snooping 31-10Enabling MLD Snooping
31-10Configuring a Static Connection to a Multicast Receiver
31-11Configuring a Multicast Router Port Statically
31-11Configuring the MLD Snooping Query Interval 31-12Enabling
Fast-Leave Processing 31-12Enabling SSM Safe Reporting
31-13Configuring Explicit Host Tracking 31-13Configuring Report
Suppression 31-14Displaying MLD Snooping Information 31-14
P A R T 10 IP Multicast
C H A P T E R 32 Configuring IPv4 Multicast Layer 3 Switching
32-1
Understanding IPv4 Multicast Layer 3 Switching 32-1IPv4
Multicast Layer 3 Switching Overview 32-2Multicast Layer 3
Switching Cache 32-2Layer 3-Switched Multicast Packet Rewrite
32-3Partially and Completely Switched Flows 32-3Non-RPF Traffic
Processing 32-5Multicast Boundary 32-7
Understanding IPv4 Bidirectional PIM 32-8
Default IPv4 Multicast Layer 3 Switching Configuration 32-8
IPv4 Multicast Layer 3 Switching Configuration Guidelines and
Restrictions 32-9xviiCisco IOS Software Configuration Guide,
Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsRestrictions 32-9Unsupported Features 32-9
Configuring IPv4 Multicast Layer 3 Switching
32-10Source-Specific Multicast with IGMPv3, IGMP v3lite, and URD
32-10Enabling IPv4 Multicast Routing Globally 32-10Enabling IPv4
PIM on Layer 3 Interfaces 32-11Enabling IP Multicast Layer 3
Switching Globally 32-11Enabling IP Multicast Layer 3 Switching on
Layer 3 Interfaces 32-12Configuring the Replication Mode
32-12Enabling Local Egress Replication 32-14Configuring the Layer 3
Switching Global Threshold 32-15Enabling Installation of Directly
Connected Subnets 32-16Specifying the Flow Statistics Message
Interval 32-16Enabling Shortcut-Consistency Checking
32-16Configuring ACL-Based Filtering of RPF Failures
32-17Displaying RPF Failure Rate-Limiting Information
32-17Configuring Multicast Boundary 32-18Displaying IPv4 Multicast
Layer 3 Hardware Switching Summary 32-18Displaying the IPv4
Multicast Routing Table 32-21Displaying IPv4 Multicast Layer 3
Switching Statistics 32-22
Configuring IPv4 Bidirectional PIM 32-23Enabling IPv4
Bidirectional PIM Globally 32-23Configuring the Rendezvous Point
for IPv4 Bidirectional PIM Groups 32-24Setting the IPv4
Bidirectional PIM Scan Interval 32-24Displaying IPv4 Bidirectional
PIM Information 32-25Using IPv4 Debug Commands 32-27Clearing IPv4
Multicast Layer 3 Switching Statistics 32-27Redundancy for
Multicast Traffic 32-28
C H A P T E R 33 Configuring IGMP Snooping and MVR for IPv4
Multicast Traffic 33-1
Understanding IGMP Snooping 33-1IGMP Snooping Overview
33-2Joining a Multicast Group 33-2Leaving a Multicast Group
33-4Understanding the IGMP Snooping Querier 33-5Understanding IGMP
Version 3 Support 33-5
Default IGMP Snooping Configuration 33-7
IGMP Snooping Configuration Guidelines and Restrictions 33-8
IGMP Snooping Querier Configuration Guidelines and Restrictions
33-8xviiiCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsEnabling the IGMP Snooping Querier 33-9
Configuring IGMP Snooping 33-9Enabling IGMP Snooping
33-10Configuring a Static Connection to a Multicast Receiver
33-11Configuring a Multicast Router Port Statically
33-11Configuring the IGMP Snooping Query Interval 33-11Enabling
IGMP Fast-Leave Processing 33-12Configuring Source-Specific
Multicast Mapping 33-12CGMP Automatic Detection 33-13Configuring
IGMPv3 Explicit Host Tracking 33-13Displaying IGMP Snooping
Information 33-14
Understanding MVR 33-16Using MVR in a Multicast Television
Application 33-17
Configuring MVR 33-19Default MVR Configuration 33-19MVR
Configuration Guidelines and Limitations 33-20Configuring MVR
Global Parameters 33-20Configuring MVR Interfaces 33-21
Displaying MVR Information 33-23Clearing MVR Counters 33-24
C H A P T E R 34 Configuring IPv4 IGMP Filtering and Router
Guard 34-1
Understanding IGMP Filtering 34-1IGMP Filtering Overview
34-1IGMP Filters 34-2IGMP Filter Precedence 34-4Filter Hierarchy
Example 34-4Displaying IGMP Filtering 34-5Clearing IGMP Filtering
Statistics 34-7
Understanding Router Guard 34-7Router Guard Overview
34-7Configuring Router Guard 34-8Displaying Router Guard
Configurations 34-9Displaying Router Guard Interfaces 34-10Clearing
Router Guard Statistics 34-11
C H A P T E R 35 Configuring PIM Snooping 35-1
Understanding PIM Snooping 35-1
Default PIM Snooping Configuration 35-3xixCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsPIM Snooping Configuration Guidelines and Restrictions
35-4
Configuring PIM Snooping 35-4Enabling PIM Snooping Globally
35-4Enabling PIM Snooping in a VLAN 35-5Disabling PIM Snooping
Designated-Router Flooding 35-5
C H A P T E R 36 Configuring IPv4 Multicast VPN Support 36-1
Understanding MVPN 36-1MVPN Overview 36-2Multicast Routing and
Forwarding and Multicast Domains 36-2Multicast Distribution Trees
36-2Multicast Tunnel Interfaces 36-5PE Router Routing Table Support
for MVPN 36-6Multicast Distributed Switching Support
36-6Hardware-Assisted IPv4 Multicast 36-6
MVPN Configuration Guidelines and Restrictions 36-7
Configuring MVPN 36-8Forcing Ingress Multicast Replication Mode
(Optional) 36-8Configuring a Multicast VPN Routing and Forwarding
Instance 36-9Configuring Multicast VRF Routing 36-15Configuring
Interfaces for Multicast Routing to Support MVPN 36-19
Sample Configurations for MVPN 36-21MVPN Configuration with
Default MDTs Only 36-21MVPN Configuration with Default and Data
MDTs 36-23
P A R T 11 Quality of Service
C H A P T E R 37 Configuring PFC QoS 37-1
Understanding PFC QoS 37-1Port Types Supported by PFC QoS
37-2Overview 37-2Component Overview 37-5Understanding
Classification and Marking 37-14Policers 37-17Understanding
Port-Based Queue Types 37-20
PFC QoS Default Configuration 37-27PFC QoS Global Settings
37-27Default Values with PFC QoS Enabled 37-28Default Values with
PFC QoS Disabled 37-50xxCisco IOS Software Configuration Guide,
Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsPFC QoS Configuration Guidelines and Restrictions
37-50General Guidelines 37-51PFC3 Guidelines 37-52Class Map Command
Restrictions 37-53Policy Map Command Restrictions 37-54Policy Map
Class Command Restrictions 37-54Supported Granularity for CIR and
PIR Rate Values 37-54Supported Granularity for CIR and PIR Token
Bucket Sizes 37-55IP Precedence and DSCP Values 37-56
Configuring PFC QoS 37-56Enabling PFC QoS Globally 37-57Enabling
Ignore Port Trust 37-58Configuring DSCP Transparency 37-58Enabling
Queueing-Only Mode 37-59Enabling Microflow Policing of Bridged
Traffic 37-60Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports
37-60Enabling Egress ACL Support for Remarked DSCP 37-61Creating
Named Aggregate Policers 37-62Configuring a PFC QoS Policy
37-64Configuring Egress DSCP Mutation 37-82Configuring Ingress CoS
Mutation on IEEE 802.1Q Tunnel Ports 37-84Configuring DSCP Value
Maps 37-86Configuring the Trust State of Ethernet LAN Ports
37-90Configuring Trusted Boundary with Cisco Device Verification
37-91Configuring the Ingress LAN Port CoS Value 37-92Configuring
Standard-Queue Drop Threshold Percentages 37-93Mapping QoS Labels
to Queues and Drop Thresholds 37-98Allocating Bandwidth Between
Standard Transmit Queues 37-107Setting the Receive-Queue Size Ratio
37-109Configuring the Transmit-Queue Size Ratio 37-110
Common QoS Scenarios 37-111Sample Network Design Overview
37-111Classifying Traffic from PCs and IP Phones in the Access
Layer 37-112Accepting the Traffic Priority Value on Interswitch
Links 37-115Prioritizing Traffic on Interswitch Links 37-116Using
Policers to Limit the Amount of Traffic from a PC 37-119
PFC QoS Glossary 37-120xxiCisco IOS Software Configuration
Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsC H A P T E R 38 Using AutoQoS 38-1
Understanding AutoQoS 38-1AutoQoS Support for a Cisco IP Phone
38-1AutoQoS Support for Cisco IP Communicator 38-2AutoQoS Support
for Marked Traffic 38-2
Using AutoQoS 38-3AutoQoS Configuration Guidelines and
Restrictions 38-3Configuring AutoQoS 38-4
C H A P T E R 39 Configuring MPLS QoS 39-1
Terminology 39-2
MPLS QoS Features 39-3MPLS Experimental Field 39-3Trust
39-3Classification 39-3Policing and Marking 39-4Preserving IP ToS
39-4EXP Mutation 39-4MPLS DiffServ Tunneling Modes 39-4
MPLS QoS Overview 39-4Specifying the QoS in the IP Precedence
Field 39-5
MPLS QoS 39-5LERs at the Input Edge of an MPLS Network 39-6LSRs
in the Core of an MPLS Network 39-6LERs at the Output Edge of an
MPLS Network 39-7
Understanding MPLS QoS 39-7LERs at the EoMPLS Edge 39-8LERs at
the IP Edge (MPLS, MPLS VPN) 39-9LSRs at the MPLS Core 39-13
MPLS QoS Default Configuration 39-15
MPLS QoS Commands 39-16
MPLS QoS Restrictions and Guidelines 39-17
Configuring MPLS QoS 39-17Enabling QoS Globally 39-18Enabling
Queueing-Only Mode 39-19Configuring a Class Map to Classify MPLS
Packets 39-20Configuring the MPLS Packet Trust State on Ingress
Ports 39-22Configuring a Policy Map 39-22xxiiCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsDisplaying a Policy Map 39-27Configuring MPLS QoS Egress
EXP Mutation 39-28Configuring EXP Value Maps 39-29
MPLS DiffServ Tunneling Modes 39-30Short Pipe Mode 39-31Uniform
Mode 39-32MPLS DiffServ Tunneling Restrictions and Usage Guidelines
39-34
Configuring Short Pipe Mode 39-34Ingress PE RouterCustomer
Facing Interface 39-34Configuring Ingress PE RouterP Facing
Interface 39-35Configuring the P RouterOutput Interface
39-37Configuring the Egress PE RouterCustomer Facing Interface
39-38
Configuring Uniform Mode 39-39Configuring the Ingress PE
RouterCustomer Facing Interface 39-39Configuring the Ingress PE
RouterP Facing Interface 39-40Configuring the Egress PE
RouterCustomer Facing Interface 39-41
C H A P T E R 40 Configuring PFC QoS Statistics Data Export
40-1
Understanding PFC QoS Statistics Data Export 40-1
PFC QoS Statistics Data Export Default Configuration 40-2
Configuring PFC QoS Statistics Data Export 40-2
P A R T 12 Security
C H A P T E R 41 Configuring Network Security 41-1
Configuring MAC Address-Based Traffic Blocking 41-1
Configuring TCP Intercept 41-2
Configuring Unicast Reverse Path Forwarding Check
41-2Understanding PFC3 Unicast RPF Check Support 41-2Unicast RPF
Check Guidelines and Restrictions 41-3Configuring Unicast RPF Check
41-3
C H A P T E R 42 Using AutoSecure 42-1
Understanding AutoSecure 42-1Benefits of AutoSecure 42-2Securing
the Management Plane 42-2Securing the Forwarding Plane
42-5AutoSecure Guidelines and Restrictions 42-6xxiiiCisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
ContentsConfiguring AutoSecure 42-6Using the AutoSecure Command
42-6Configuring Additional Security 42-8Verifying AutoSecure
42-8
AutoSecure Configuration Example 42-9
C H A P T E R 43 Understanding Cisco IOS ACL Support 43-1
ACL Support in Hardware and Software 43-1
Cisco IOS ACL Configuration Guidelines and Restrictions 43-2
Policy-Based ACLs 43-3Understanding PBACLs 43-3PBACL Guidelines
and Restrictions 43-4Configuring PBACL 43-4
Configuring IPv6 Address Compression 43-6
Optimized ACL Logging 43-7Understanding OAL 43-7OAL Guidelines
and Restrictions 43-8Configuring OAL 43-8
Guidelines and Restrictions for Using Layer 4 Operators in ACLs
43-10Determining Layer 4 Operation Usage 43-10Determining Logical
Operation Unit Usage 43-11
C H A P T E R 44 Configuring Port ACLs and VLAN ACLs 44-1
Understanding ACLs 44-1Understanding ACLs 44-2Understanding
VACLs 44-2Understanding Port ACLs 44-3PACL and VACL Interactions
44-4
Configuring PACLs 44-7PACL Configuration Guidelines
44-8Configuring IP and MAC ACLs on a Layer 2 Interface
44-8Configuring Access-group Mode on Layer 2 Interface 44-9Applying
ACLs to a Layer 2 Interface 44-9Applying ACLs to a Port Channel
44-10Displaying an ACL Configuration on a Layer 2 Interface
44-10
Configuring VACLs 44-11VACL Configuration Guidelines
44-11Defining a VLAN Access Map 44-12xxivCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsConfiguring a Match Clause in a VLAN Access Map Sequence
44-13Configuring an Action Clause in a VLAN Access Map Sequence
44-13Applying a VLAN Access Map 44-14Verifying VLAN Access Map
Configuration 44-15VLAN Access Map Configuration and Verification
Examples 44-15Configuring a Capture Port 44-16Configuring MAC PBF
44-17
Configuring VACL Logging 44-19
C H A P T E R 45 Configuring Denial of Service Protection
45-1
Understanding DoS Protection 45-2
DoS Protection Default Configuration 45-13
DoS Protection Configuration Guidelines and Restrictions
45-13Monitoring Packet Drop Statistics 45-14Displaying Rate-Limiter
Information 45-17
Configuring Sticky ARP 45-18
C H A P T E R 46 Configuring Control Plane Policing 46-1
Understanding Control Plane Policing 46-1
CoPP Default Configuration 46-2
CoPP Configuration Guidelines and Restrictions 46-2
Configuring CoPP 46-3
Monitoring CoPP 46-4
Defining Traffic Classification 46-5Traffic Classification
Overview 46-5Traffic Classification Guidelines 46-6Sample Basic
ACLs for CoPP Traffic Classification 46-7
C H A P T E R 47 Configuring DHCP Snooping 47-1
Understanding DHCP Snooping 47-1Overview of DHCP Snooping
47-2Trusted and Untrusted Sources 47-2DHCP Snooping Binding
Database 47-2Packet Validation 47-3DHCP Snooping Option-82 Data
Insertion 47-3Overview of the DHCP Snooping Database Agent 47-5
Default Configuration for DHCP Snooping 47-6
DHCP Snooping Configuration Restrictions and Guidelines
47-7xxvCisco IOS Software Configuration Guide, Release 12.2(33)SXH
and Later Releases
OL-13013-05
-
ContentsDHCP Snooping Configuration Restrictions 47-7DHCP
Snooping Configuration Guidelines 47-7Minimum DHCP Snooping
Configuration 47-8
Configuring DHCP Snooping 47-8Enabling DHCP Snooping Globally
47-9Enabling DHCP Option-82 Data Insertion 47-9Enabling the DHCP
Option-82 on Untrusted Port Feature 47-10Enabling DHCP Snooping MAC
Address Verification 47-11Enabling DHCP Snooping on VLANs
47-11Configuring the DHCP Trust State on Layer 2 LAN Interfaces
47-12Configuring DHCP Snooping Rate Limiting on Layer 2 LAN
Interfaces 47-13Configuring the DHCP Snooping Database Agent
47-14Configuration Examples for the Database Agent 47-14Displaying
a Binding Table 47-17
C H A P T E R 48 Configuring IP Source Guard 48-1
Overview of IP Source Guard 48-1IP Source Guard Interaction with
VLAN-Based Features 48-2Channel Ports 48-2Trunk Ports 48-2Layer 2
and Layer 3 Port Conversion 48-2IP Source Guard and Voice VLAN
48-2IP Source Guard and Web-Based Authentication 48-2IP Source
Guard Restrictions 48-3
Configuring IP Source Guard on the Switch 48-3
Displaying IP Source Guard Information 48-4
Displaying IP Source Binding Information 48-6
C H A P T E R 49 Configuring Dynamic ARP Inspection 49-1
Understanding DAI 49-1Understanding ARP 49-1Understanding ARP
Spoofing Attacks 49-2Understanding DAI and ARP Spoofing Attacks
49-2Interface Trust States and Network Security 49-3Rate Limiting
of ARP Packets 49-4Relative Priority of ARP ACLs and DHCP Snooping
Entries 49-4Logging of Dropped Packets 49-4
Default DAI Configuration 49-5
DAI Configuration Guidelines and Restrictions 49-5xxviCisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
ContentsConfiguring DAI 49-6Enabling DAI on VLANs
49-7Configuring the DAI Interface Trust State 49-7Applying ARP ACLs
for DAI Filtering 49-8Configuring ARP Packet Rate Limiting
49-9Enabling DAI Error-Disabled Recovery 49-10Enabling Additional
Validation 49-10Configuring DAI Logging 49-12Displaying DAI
Information 49-14
DAI Configuration Samples 49-15Sample One: Two Switches Support
DAI 49-16Sample Two: One Switch Supports DAI 49-20
C H A P T E R 50 Configuring Traffic Storm Control 50-1
Understanding Traffic Storm Control 50-1
Default Traffic Storm Control Configuration 50-2
Configuration Guidelines and Restrictions 50-3
Enabling Traffic Storm Control 50-4
Displaying Traffic Storm Control Settings 50-5
C H A P T E R 51 Configuring Unknown Unicast and Multicast Flood
Control 51-1
Understanding Unknown Traffic Flood Control 51-1
Configuring UUFB or UMFB 51-2
Configuring UUFRL 51-2
C H A P T E R 52 Configuring Network Admission Control 52-1
Understanding NAC 52-1NAC Overview 52-2NAC Device Roles 52-3AAA
Down Policy 52-4NAC IP Validation 52-4NAC and Switchover 52-12
Configuring NAC 52-12Default NAC Configuration 52-12NAC IP
Guidelines, Limitations, and Restrictions 52-12Configuring NAC IP
Validation 52-14Configuring EAPoUDP 52-18Configuring Identity
Profiles and Policies 52-18xxviiCisco IOS Software Configuration
Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsConfiguring NAC High Availability 52-19Configuring a NAC
AAA Down Policy 52-20
Monitoring and Maintaining NAC 52-23Clearing Table Entries
52-23Displaying NAC Information 52-23
C H A P T E R 53 Configuring IEEE 802.1X Port-Based
Authentication 53-1
Understanding 802.1X Port-Based Authentication 53-1Understanding
802.1X Device Roles 53-2Understanding the Port-based Authentication
Process 53-3Authentication Initiation and Message Exchange
53-5Ports in Authorized and Unauthorized States 53-7802.1X Host
Modes 53-8Using 802.1X Authentication with DHCP Snooping
53-10Understanding 802.1X Accounting 53-11Using 802.1X
Authentication with VLAN Assignment 53-12Using Multiple VLANs and
VLAN User Distribution with VLAN Assignment 53-13Using 802.1X
Authentication with Guest VLAN 53-14Using 802.1X Authentication
with Restricted VLAN 53-14Using 802.1X Authentication with
Inaccessible Authentication Bypass 53-15Using 802.1X Authentication
with Voice VLAN Ports 53-17Using 802.1X Authentication with Port
Security 53-17Using 802.1X Authentication with ACL Assignments and
Redirect URLs 53-18Using 802.1X Authentication with Port
Descriptors 53-21Using 802.1X Authentication with MAC
Authentication Bypass 53-21Using Network Admission Control Layer 2
IEEE 802.1X Validation 53-22Using 802.1X Authentication with
Wake-on-LAN 53-23
Configuring 802.1X Port-Based Authentication 53-23Default 802.1X
Port-Based Authentication Configuration 53-24802.1X Authentication
Feature Configuration Guidelines 53-25Enabling 802.1X
Authentication 53-29Configuring Switch-to-RADIUS-Server
Communication 53-31Configuring 802.1X Authenticator Host Mode
53-32Enabling Fallback Authentication 53-34Enabling Periodic
Reauthentication 53-36Manually Reauthenticating the Client
Connected to a Port 53-37Initializing Authentication for the Client
Connected to a Port 53-37Removing 802.1X Client Information
53-38Clearing Authentication Sessions 53-38xxviiiCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsChanging 802.1X Timeouts 53-38Setting the
Switch-to-Client Frame Retransmission Number 53-40Setting the
Reauthentication Number 53-41Configuring IEEE 802.1X Accounting
53-41Configuring VLAN User Distribution 53-42Configuring a Guest
VLAN 53-43Configuring a Restricted VLAN 53-44Configuring the
Inaccessible Authentication Bypass Feature 53-46Configuring MAC
Authentication Bypass 53-49Configuring NAC Layer 2 IEEE 802.1X
Validation 53-50Configuring NAC Agentless Audit Support
53-51Configuring the Switch for DACLs or Redirect URLs
53-52Configuring 802.1X Authentication with WoL 53-53Disabling
802.1X Authentication on the Port 53-53Resetting the 802.1X
Configuration to the Default Values 53-54
Displaying Authentication Status and Information 53-54Displaying
802.1X Status 53-55Displaying Authentication Methods and Status
53-56Displaying MAC Authentication Bypass Status 53-59
C H A P T E R 54 Configuring Web-Based Authentication 54-1
Understanding Web-Based Authentication 54-1Device Roles 54-2Host
Detection 54-2Session Creation 54-3Authentication Process 54-3AAA
Fail Policy 54-4Customization of the Authentication Proxy Web Pages
54-4Web-based Authentication Interactions with Other Features
54-4
Configuring Web-Based Authentication 54-6Default Web-Based
Authentication Configuration 54-7Web-based Authentication
Configuration Guidelines and Restrictions 54-7Web-based
Authentication Configuration Task List 54-8Configuring the
Authentication Rule and Interfaces 54-8Configuring AAA
Authentication 54-9Configuring Switch-to-RADIUS-Server
Communication 54-9Configuring the HTTP Server 54-11Configuring an
AAA Fail Policy 54-13Configuring the Web-based Authentication
Parameters 54-14xxixCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsRemoving Web-based Authentication Cache Entries
54-15
Displaying Web-Based Authentication Status 54-15
C H A P T E R 55 Configuring Port Security 55-1
Understanding Port Security 55-1Port Security with Dynamically
Learned and Static MAC Addresses 55-1Port Security with Sticky MAC
Addresses 55-2Port Security with IP Phones 55-3
Default Port Security Configuration 55-3
Port Security Guidelines and Restrictions 55-3
Configuring Port Security 55-5Enabling Port Security
55-5Configuring the Port Security Violation Mode on a Port
55-6Configuring the Port Security Rate Limiter 55-7Configuring the
Maximum Number of Secure MAC Addresses on a Port 55-9Enabling Port
Security with Sticky MAC Addresses on a Port 55-9Configuring a
Static Secure MAC Address on a Port 55-10Configuring Secure MAC
Address Aging on a Port 55-11
Displaying Port Security Settings 55-12
P A R T 13 NetFlow
C H A P T E R 56 Configuring NetFlow 56-1
Understanding NetFlow 56-1NetFlow Overview 56-2NetFlow on the
PFC 56-2NetFlow on the RP 56-4NetFlow Features 56-5
Default NetFlow Configuration 56-6
NetFlow Configuration Guidelines and Restrictions 56-6
Configuring NetFlow 56-7Configuring NetFlow on the PFC
56-7Configuring NetFlow Features 56-10
C H A P T E R 57 Configuring NDE 57-1
Understanding NDE 57-1NDE Overview 57-1NDE on the RP
57-2xxxCisco IOS Software Configuration Guide, Release 12.2(33)SXH
and Later Releases
OL-13013-05
-
ContentsNDE on the PFC 57-2
Default NDE Configuration 57-10
NDE Configuration Guidelines and Restrictions 57-10
Configuring NDE 57-10Configuring NDE on the PFC 57-11Configuring
NDE on the RP 57-13Enabling NDE for Ingress-Bridged IP Traffic
57-14Displaying the NDE Address and Port Configuration
57-15Configuring NDE Flow Filters 57-16Displaying the NDE
Configuration 57-17
P A R T 14 Network Management
C H A P T E R 58 Configuring Local SPAN, RSPAN, and ERSPAN
58-1
Understanding Local SPAN, RSPAN, and ERSPAN 58-1Local SPAN,
RSPAN, and ERSPAN Overview 58-1Local SPAN, RSPAN, and ERSPAN
Sources 58-5Local SPAN, RSPAN, and ERSPAN Destinations 58-7
Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and
Restrictions 58-7Feature Incompatibilities 58-7Local SPAN, RSPAN,
and ERSPAN Session Limits 58-8Local SPAN, RSPAN, and ERSPAN
Interface Limits 58-9Local SPAN, RSPAN, and ERSPAN Guidelines and
Restrictions 58-9VSPAN Guidelines and Restrictions 58-10RSPAN
Guidelines and Restrictions 58-11ERSPAN Guidelines and Restrictions
58-11Distributed Egress SPAN Mode Guidelines and Restrictions
58-12
Configuring Local SPAN, RSPAN, and ERSPAN 58-13Local SPAN,
RSPAN, and ERSPAN Default Configuration 58-13Configuring a
Destination as an Unconditional Trunk (Optional) 58-14Configuring
Destination Trunk VLAN Filtering (Optional) 58-15Configuring
Destination Port Permit Lists (Optional) 58-16Configuring the
Egress SPAN Mode (Optional) 58-17Configuring Local SPAN
58-18Configuring RSPAN 58-22Configuring ERSPAN 58-28Configuring
Source VLAN Filtering in Global Configuration Mode 58-32Verifying
the Configuration 58-33Configuration Examples 58-33xxxiCisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
ContentsC H A P T E R 59 Using the System Event Archive 59-1
Understanding the System Event Archive 59-1
Displaying the SEA Logging System 59-2
Copying the SEA To Another Device 59-3
C H A P T E R 60 Backplane Traffic Monitoring 60-1
Understanding Traffic Monitoring 60-1
Default Configuration 60-2
Configuration Guidelines and Restrictions 60-2
Configuring Backplane Traffic Monitoring 60-2
C H A P T E R 61 Configuring Call Home 61-1
Understanding Call Home 61-1Obtaining Smart Call Home 61-2
Configuring Call Home 61-3Configuring Contact Information
61-4Configuring Destination Profiles 61-5Subscribing to Alert
Groups 61-6Configuring General E-Mail Options 61-9Enabling Call
Home 61-10Testing Call Home Communications 61-10Configuring and
Enabling Smart Call Home 61-12
Displaying Call Home Configuration Information 61-13
Default Settings 61-16
Alert Group Trigger Events and Commands 61-17
Message Contents 61-23Sample Syslog Alert Notification in
Long-Text Format 61-27Sample Syslog Alert Notification in XML
Format 61-27
C H A P T E R 62 Configuring SNMP IfIndex Persistence 62-1
Understanding SNMP IfIndex Persistence 62-1
Configuring SNMP IfIndex Persistence 62-2Enabling SNMP IfIndex
Persistence Globally 62-2Disabling SNMP IfIndex Persistence
Globally 62-2Enabling and Disabling SNMP IfIndex Persistence on
Specific Interfaces 62-2Clearing SNMP IfIndex Persistence
Configuration from a Specific Interface 62-3xxxiiCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsC H A P T E R 63 Using Top-N Reports 63-1
Understanding Top-N Reports 63-1Top-N Reports Overview
63-1Understanding Top-N Reports Operation 63-2
Using Top-N Reports 63-2Enabling Top-N Reports Creation
63-2Displaying Top-N Reports 63-3Clearing Top-N Reports 63-4
C H A P T E R 64 Using the Layer 2 Traceroute Utility 64-1
Understanding the Layer 2 Traceroute Utility 64-1
Usage Guidelines 64-1
Using the Layer 2 Traceroute Utility 64-2
C H A P T E R 65 Using the Mini Protocol Analyzer 65-1
Understanding How the Mini Protocol Analyzer Works 65-1
Configuring the Mini Protocol Analyzer 65-2Filtering the Packets
to be Captured 65-3
Starting and Stopping a Capture 65-4
Displaying and Exporting the Capture Buffer 65-6
Mini Protocol Analyzer Configuration, Operation, and Display
Examples 65-7General Configuration Examples 65-7Filtering
Configuration Examples 65-8Operation Examples 65-9Display Examples
65-9
P A R T 15 Appendixes
A P P E N D I X A Online Diagnostic Tests A-1
Global Health-Monitoring Tests A-2TestEARLInternalTables
A-2TestSPRPInbandPing A-3TestScratchRegister A-3TestMacNotification
A-4TestErrorCounterMonitor A-4
Per-Port Tests A-5TestNonDisruptiveLoopback A-5TestLoopback
A-6xxxiiiCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsTestActiveToStandbyLoopback A-6TestUnusedPortLoopback
A-7TestTransceiverIntegrity A-7TestNetflowInlineRewrite
A-8TestPortTxMonitoring A-9
PFC Layer 2 Forwarding Engine Tests A-9TestNewIndexLearn
A-9TestDontConditionalLearn A-10TestBadBpduTrap
A-10TestMatchCapture A-11TestStaticEntry A-11
DFC Layer 2 Forwarding Engine Tests A-11TestDontLearn
A-12TestNewLearn A-12TestIndexLearn A-13TestConditionalLearn
A-13TestTrap A-14TestBadBpdu A-15TestProtocolMatchChannel
A-15TestCapture A-16TestStaticEntry A-16
PFC Layer 3 Forwarding Engine Tests A-17TestFibDevices
A-17TestIPv4FibShortcut A-18TestIPv6FibShortcut
A-18TestMPLSFibShortcut A-19TestNATFibShortcut A-19TestL3Capture2
A-20TestAclPermit A-20TestAclDeny A-21TestNetflowShortcut
A-21TestQoS A-22
DFC Layer 3 Forwarding Engine Tests A-22TestFibDevices
A-22TestIPv4FibShortcut A-23TestIPv6FibShortcut
A-24TestMPLSFibShortcut A-24TestNATFibShortcut A-25TestL3Capture2
A-25xxxivCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsTestAclPermit A-26TestAclDeny A-26TestQoS
A-27TestNetflowShortcut A-27
Replication Engine Tests A-27TestL3VlanMet A-28TestIngressSpan
A-28TestEgressSpan A-29
Fabric Tests A-29TestFabricSnakeForward
A-29TestFabricSnakeBackward A-30TestSynchedFabChannel
A-30TestFabricCh0Health A-31TestFabricCh1Health A-31
Exhaustive Memory Tests A-32TestFibTcamSSRAM A-32TestAsicMemory
A-32TestAclQosTcam A-33TestNetflowTcam A-33TestQoSTcam A-34
IPSEC Services Modules Tests A-34TestIPSecClearPkt
A-35TestHapiEchoPkt A-35TestIPSecEncryptDecryptPkt A-35
Stress Tests A-36TestTrafficStress A-36TestEobcStressPing
A-37
Critical Recovery Tests A-37TestL3HealthMonitoring
A-37TestTxPathMonitoring A-38TestSynchedFabChannel A-38
General Tests A-39ScheduleSwitchover A-39TestFirmwareDiagStatus
A-39TestCFRW A-40
A P P E N D I X B Acronyms B-1
I N D E XxxxvCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
ContentsxxxviCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
Preface
This preface describes who should read the Cisco IOS Software
Configuration Guide, Release 12.2(33)SXH and later releases, and
its document conventions.
AudienceThis guide is for experienced network administrators who
are responsible for configuring and maintaining the switches
supported in Cisco IOS Release 12.2SX.
Related DocumentationThe following publications are available
for Cisco IOS Release 12.2SX:
Catalyst 6500 Series Switch Installation Guide
Catalyst 6500 Series Switch Module Installation Guide
Cisco IOS Master Command List, Release 12.2SX
Catalyst 6500 Series Switch Cisco IOS System Message Guide,
Release 12.2SX
Release Notes for Cisco IOS Release 12.2(33)SXH and Later
Releases
Cisco IOS Configuration Guides and Command ReferencesUse these
publications to help you configure Cisco IOS software features not
described in the other publications:
Configuration Fundamentals Configuration Guide
Configuration Fundamentals Command Reference
Bridging and IBM Networking Configuration Guide
Bridging and IBM Networking Command Reference
Interface Configuration Guide
Interface Command Reference
Network Protocols Configuration Guide, Part 1, 2, and 3
Network Protocols Command Reference, Part 1, 2, and 3
Security Configuration Guide
Security Command Reference
Switching Services Configuration Guide xxxviiCisco IOS Software
Configuration Guide, Release 12.2(33)SXH and Later Releases
OL-13013-05
-
Preface Switching Services Command Reference
Voice, Video, and Home Applications Configuration Guide
Voice, Video, and Home Applications Command Reference
Software Command Summary
Software System Error Messages
Debug Command Reference
Internetwork Design Guide
Internetwork Troubleshooting Guide
Configuration Builder Getting Started Guide
The Cisco IOS Configuration Guides and Command References are
located at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html
For information about MIBs, go to this URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
ConventionsThis document uses the following conventions:
Convention Description
boldface font Commands, command options, and keywords are in
boldface.
italic font Arguments for which you supply values are in
italics.
[ ] Elements in square brackets are optional.
{ x | y | z } Alternative keywords are grouped in braces and
separated by vertical bars.
[ x | y | z ] Optional alternative keywords are grouped in
brackets and separated by vertical bars.
string A nonquoted set of characters. Do not use quotation marks
around the string or the string will include the quotation
marks.
screen font Terminal sessions and information the system
displays are in screen font.
boldface screen font
Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in
italic screen font.
This pointer highlights an important line of text in an
example.
^ The symbol ^ represents the key labeled Controlfor example,
the key combination ^D in a screen display means hold down the
Control key while you press the D key.
< > Nonprinting characters, such as passwords are in angle
brackets.xxxviiiCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
-
PrefaceNotes use the following conventions:
Note Means reader take note. Notes contain helpful suggestions
or references to material not covered in the publication.
Cautions use the following conventions:
Caution Means reader be careful. In this situation, you might do
something that could result in equipment damage or loss of
data.
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support,
providing documentation feedback, security guidelines, and also
recommended aliases and general Cisco documents, see the monthly
Whats New in Cisco Product Documentation, which also lists all new
and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
xxxixCisco IOS Software Configuration Guide, Release 12.2(33)SXH
and Later Releases
OL-13013-05
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
-
PrefacexlCisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
-
Cisco IOS Software ConfiguraOL-13013-05C H A P T E R1
Product Overview
This chapter consists of these sections:
Supported Hardware and Software, page 1-1
User Interfaces, page 1-5
Software Features Supported in Hardware by the PFC and DFC, page
1-6
Supported Hardware and Software For complete information about
the chassis, modules, and software features supported by Cisco IOS
Release 12.2SX, see the Release Notes for Cisco IOS Release
12.2(33)SXH and Later Releases:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html
These sections describe the ports and flash memory devices on
the supervisor engines:
Understanding Supervisor Engine 720-10GE Memory Devices and
Ports, page 1-1
Understanding Supervisor Engine 720 Memory Devices and Ports,
page 1-2
Understanding Supervisor Engine 32 Memory Devices and Ports,
page 1-4
Understanding ME6500 Flash Memory Devices and Ports, page
1-5
Understanding Supervisor Engine 720-10GE Memory Devices and
PortsThese sections describe the Supervisor Engine 720-10GE memory
devices and ports:
Supervisor Engine 720-10GE Flash Memory Devices, page 1-1
Supervisor Engine 720-10GE Ports, page 1-2
Supervisor Engine 720-10GE Flash Memory Devices
The Supervisor Engine 720-10GE has these flash memory
devices:
disk0: (active) and slavedisk0: (standby):
External CompactFlash Type II slots
For CompactFlash Type II flash PC cards sold by Cisco Systems,
Inc.1-1tion Guide, Release 12.2(33)SXH and Later Releases
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html
-
Chapter 1 Product OverviewSupported Hardware and Software
sup-bootdisk: (active) and slavesup-bootdisk: (standby):
Switch processor (SP) 1-GB internal CompactFlash flash
memory
From SP ROMMON, it is bootdisk:
Not accessible from route processor (RP) ROMMON
bootflash: (active) and slave-bootflash: (standby):
RP 64-MB internal flash memory
Not accessible from SP ROMMON
Supervisor Engine 720-10GE Ports
The Supervisor Engine 720-10GE has these ports:
Console portEIA/TIA-232 (RS-232) port
Ports 1 and 2
Gigabit Ethernet SFP (fiber or 10/100/1000 Mbps RJ-45)
Fast Ethernet SFP
Port 310/100/1000 Mbps RJ-45
Ports 4 and 510-Gigabit Ethernet X2
Note The 1-Gigabit Ethernet ports and the 10-Gigabit Ethernet
ports have the same QoS port architecture (2q4t/1p3q4t) unless you
disable the 1-Gigabit Ethernet ports with the mls qos 10g-only
global configuration command. With the 1-Gigabit Ethernet ports
disabled, the QoS port architecture of the 10-Gigabit Ethernet
ports is 8q4t/1p7q4t.
See the Configuring Optional Interface Features section on page
9-6 for information about configuring the ports.
Understanding Supervisor Engine 720 Memory Devices and
PortsThese sections describe the Supervisor Engine 720 memory
devices and ports:
Supervisor Engine 720 Flash Memory Devices, page 1-2
Configuring Supervisor Engine 720 Ports, page 1-3
Supervisor Engine 720 Flash Memory Devices
The Supervisor Engine 720 has these flash memory devices:
disk0: and disk1: (active) and slavedisk0: and slavedisk1:
(standby):
External CompactFlash Type II slots
For CompactFlash Type II flash PC cards sold by Cisco Systems,
Inc.1-2Cisco IOS Software Configuration Guide, Release 12.2(33)SXH
and Later Releases
OL-13013-05
-
Chapter 1 Product OverviewSupported Hardware and Software
sup-bootflash: (active) and slavesup-bootflash: (standby):
Switch processor (SP) 64-MB internal flash memory
From SP ROMMON, it is bootflash:
Not accessible from route processor (RP) ROMMON
With WS-CF-UPG=, sup-bootdisk: (active) and slavesup-bootflash:
(standby):
SP 512-MB internal CompactFlash flash memory
From SP ROMMON, it is bootdisk:
Not accessible from RP ROMMON
See this publication for more information:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_17277.html
bootflash: (active) and slave-bootflash: (standby):
RP 64-MB internal flash memory
Not accessible from SP ROMMON
Configuring Supervisor Engine 720 Ports
The Supervisor Engine 720 has these ports:
Port 1Small form-factor pluggable (SFP); no unique configuration
options.
Port 2 RJ-45 connector and an SFP connector (default). To use
the RJ-45 connector, you must change the configuration.
To configure port 2 on a Supervisor Engine 720 to use either the
RJ-45 connector or the SFP connector, perform this task:
This example shows how to configure port 2 on a Supervisor
Engine 720 in slot 5 to use the RJ-45 connector:
Router(config)# interface gigabitethernet 5/2Router(config-if)#
media-type rj45
See the Configuring Optional Interface Features section on page
9-6 for more information about configuring the ports.
Command Purpose
Step 1 Router(config)# interface gigabitethernet slot/2 Selects
the Ethernet port to be configured.
Step 2 Router(config-if)# media-type {rj45 | sfp} Selects the
connector to use.1-3Cisco IOS Software Configuration Guide, Release
12.2(33)SXH and Later Releases
OL-13013-05
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_17277.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/78_17277.html
-
Chapter 1 Product OverviewSupported Hardware and
SoftwareUnderstanding Supervisor Engine 32 Memory Devices and Ports
These sections describe the Supervisor Engine 32 memory devices and
ports:
Supervisor Engine 32 Flash Memory Devices, page 1-4
Supervisor Engine 32 Ports, page 1-4
Note Supervisor Engine 32 does not support switch fabric
connectivity.
Supervisor Engine 32 Flash Memory Devices
The Supervisor Engine 32 has these flash memory devices:
disk0: (active) and slavedisk0: (standby):
External CompactFlash Type II slots
For CompactFlash Type II flash PC cards sold by Cisco Systems,
Inc.
sup-bootdisk: (active) and slavesup-bootflash: (standby):
Switch processor (SP) 256-MB internal CompactFlash flash
memory
From SP ROMMON, it is bootdisk:
Not accessible from route processor (RP) ROMMON
bootflash: (active) and slave-bootflash: (standby):
RP 64-MB internal flash memory
Not accessible from SP ROMMON
Supervisor Engine 32 Ports
The Supervisor Engine 32 has these ports:
Console portEIA/TIA-232 (RS-232) port
Two Universal Serial Bus (USB) 2.0 portsNot currently
enabled
WS-SUP32-GE-3B:
Ports 1 through 8Small form-factor pluggable (SFP)
Port 910/100/1000 Mbps RJ-45
WS-SUP32-10GE:
Ports 1 and 210-Gigabit Ethernet XENPAK
Port 310/100/1000 Mbps RJ-45
See the Configuring Optional Interface Features section on page
9-6 for information about configuring the ports.1-4Cisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
Chapter 1 Product OverviewUser InterfacesUnderstanding ME6500
Flash Memory Devices and Ports These sections describe the Cisco
ME6500 series Ethernet switch memory devices and ports:
ME6500 Flash Memory Devices, page 1-5
ME6500 Ports, page 1-5
ME6500 Flash Memory Devices
The ME6500 has these flash memory devices:
disk0:
One external CompactFlash Type II slot
Supports CompactFlash Type II flash PC cards
sup-bootflash:
Switch processor (SP) 128 MB internal CompactFlash flash
memory
From SP ROMMON, it is bootflash:
Not accessible from route processor (RP) ROMMON
bootflash:
RP 64-MB internal flash memory
Not accessible from SP ROMMON
ME6500 Ports
The ME6500 has these ports:
ME-C6524GS-8S and ME-C6524GT-8S
Ports 2532: Gigabit Ethernet SFP
Requires Gigabit Ethernet SFPs
ME-C6524GS-8S
Ports 124: Gigabit Ethernet SFP
Requires Gigabit Ethernet SFPs
ME-C6524GT-8SPorts 124: 10/100/1000 Mbps RJ-45 Ethernet
ports
User InterfacesRelease 12.2SX supports configuration using the
following interfaces:
CLISee Chapter 2, Command-Line Interfaces.
SNMPSee the Release 12.2 IOS Configuration Fundamentals
Configuration Guide and Command Reference at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
1-5Cisco IOS Software Configuration Guide, Release 12.2(33)SXH and
Later Releases
OL-13013-05
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
-
Chapter 1 Product OverviewSoftware Features Supported in
Hardware by the PFC and DFC Cisco IOS web browser interfaceSee
Using the Cisco Web Browser in the IOS Configuration Fundamentals
Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.html
Software Features Supported in Hardware by the PFC and DFC The
PFC3 and DFC3 provide hardware support for these Cisco IOS software
features:
Access Control Lists (ACLs) for Layer 3 ports and VLAN
interfaces:
Permit and deny actions of input and output standard and
extended ACLs
Note Flows that require ACL logging are processed in software on
the route processor (RP).
Except on MPLS interfaces, reflexive ACL flows after the first
packet in a session is processed in software on the RP
Dynamic ACL flows
Note Idle timeout is processed in software on the RP.
For more information about PFC and DFC support for ACLs, see
Chapter 43, Understanding Cisco IOS ACL Support.
For complete information about configuring ACLs, see the Cisco
IOS Security Configuration Guide, Release 12.2, Traffic Filtering
and Firewalls, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html
Bidirectional Protocol Independent Multicast (PIM) in
hardwareSee Understanding IPv4 Bidirectional PIM section on page
32-8.
IPv4 Multicast over point-to-point generic route encapsulation
(GRE) TunnelsSee the publication at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.html
Multiple-path Unicast Reverse Path Forwarding (RPF) CheckTo
configure Unicast RPF Check, see the Configuring Unicast Reverse
Path Forwarding Check section on page 41-2.
Except on MPLS interfaces, Network Address Translation (NAT) for
IPv4 unicast and multicast traffic.
Note the following information about hardware-assisted NAT:
NAT of UDP traffic is not supported in PFC3A mode.
The PFC3 does not support NAT of multicast traffic.
The PFC3 does not support NAT configured with a route-map that
specifies length.
When you configure NAT and NDE on an interface, the PFC3 sends
all traffic in fragmented packets to the RP to be processed in
software. (CSCdz51590)
To configure NAT, see the Cisco IOS IP Configuration Guide,
Release 12.2, IP Addressing and Services, Configuring IP
Addressing, Configuring Network Address Translation, at this
URL:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html
1-6Cisco IOS Software Configuration Guide, Release 12.2(33)SXH and
Later Releases
OL-13013-05
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf005.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfipadr.html
-
Chapter 1 Product OverviewSoftware Features Supported in
Hardware by the PFC and DFCTo prevent a significant volume of NAT
traffic from being sent to the RP, due to either a DoS attack or a
misconfiguration, enter the mls rate-limit unicast acl {ingress |
egress} command described at this URL:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m2.html#mls_rate-limit_unicast_acl
(CSCea23296)
NetFlow AggregationSee this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/nde.html
Policy-based routing (PBR) for route-map sequences that use the
match ip address, set ip next-hop, and ip default next-hop PBR
keywords.
To configure PBR, see the Cisco IOS Quality of Service Solutions
Configuration Guide, Release 12.2, Classification, Configuring
Policy-Based Routing, at this URL:
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.html
Note If the RP address falls within the range of a PBR ACL,
traffic addressed to the RP is policy routed in hardware instead of
being forwarded to the RP. To prevent policy routing of traffic
addressed to the RP, configure PBR ACLs to deny traffic addressed
to the RP.
Except on MPLS interfaces, TCP interceptTo configure TCP
intercept, see the Configuring TCP Intercept section on page
41-2.
Note The PFC3 does not provide hardware acceleration for tunnels
configured with the tunnel key command.
GRE Tunneling and IP in IP TunnelingThe PFC3 and DFC3s support
the following tunnel commands:
tunnel destination
tunnel mode gre
tunnel mode ipip
tunnel source
tunnel ttl
tunnel tos
Other supported types of tunneling run in software on the
RP.
The tunnel ttl command (default 255) sets the TTL of
encapsulated packets.
The tunnel tos command, if present, sets the ToS byte of a
packet when it is encapsulated. If the tunnel tos command is not
present and QoS is not enabled, the ToS byte of a packet sets the
ToS byte of the packet when it is encapsulated. If the tunnel tos
command is not present and QoS is enabled, the ToS byte of a packet
as modified by PFC QoS sets the ToS byte of the packet when it is
encapsulated.
To configure GRE Tunneling and IP in IP Tunneling, see these
publications:
http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.html
http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoip.html
1-7Cisco IOS Software Configuration Guide, Release 12.2(33)SXH and
Later Releases
OL-13013-05
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m2.html#mls_rate-limit_unicast_aclhttp://www.cisco.com/en/US/docs/ios/security/command/reference/sec_m2.html#mls_rate-limit_unicast_aclhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/nde.htmlhttp://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/nde.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflogin.htmlhttp://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfshoip.html
-
Chapter 1 Product OverviewSoftware Features Supported in
Hardware by the PFC and DFCTo configure the tunnel tos and tunnel
ttl commands, see this publication for more information:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html
Note the following information about tunnels:
Each hardware-assisted tunnel must have a unique source.
Hardware-assisted tunnels cannot share a source even if the
destinations are different. Use secondary addresses on loopback
interfaces or create multiple loopback interfaces. (CSCdy72539)
Each tunnel interface uses one internal VLAN.
Each tunnel interface uses one additional router MAC address
entry per router MAC address.
The PFC3A does not support any PFC QoS features on tunnel
interfaces.
Other PFC versions support PFC QoS features on tunnel
interfaces.
The RP supports tunnels configured with egress features on the
tunnel interface. Examples of egress features are output Cisco IOS
ACLs, NAT (for inside to outside translation), TCP intercept, CBAC,
and encryption.
VLAN ACLs (VACLs)To configure VACLs, see Chapter 44, Configuring
Port ACLs and VLAN ACLs.1-8Cisco IOS Software Configuration Guide,
Release 12.2(33)SXH and Later Releases
OL-13013-05
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_tos.html
-
P A R T 1
Configuration Fundamentals
-
Cisco IOS Software ConfiguraOL-13013-05C H A P T E R2
Command-Line Interfaces
This chapter describes the command-line interfaces (CLIs) you
use to configure the switches supported by Cisco IOS Release
12.2SX.
Note For complete syntax and usage information for the commands
used in this chapter, see these publications:
The Cisco IOS Master Command List, Release 12.2SX, at this
URL:
http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html
The Release 12.2 publications at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html
This chapter consists of these sections:
Accessing the CLI, page 2-1
Performing Command Line Processing, page 2-3
Performing History Substitution, page 2-3
Cisco IOS Command Modes, page 2-4
Displaying a List of Cisco IOS Commands and Syntax, page 2-5
Securing the CLI, page 2-6
ROM-Monitor Command-Line Interface, page 2-7
Accessing the CLIThese sections describe accessing the CLI:
Accessing the CLI through the EIA/TIA-232 Console Interface,
page 2-2
Accessing the CLI through Telnet, page 2-22-1tion Guide, Release
12.2(33)SXH and Later Releases
http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.htmlhttp://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuration_guides_list.html
-
Chapter 2 Command-Line InterfacesAccessing the CLIAccessing the
CLI through the EIA/TIA-232 Console Interface
Note EIA/TIA-232 was known as recommended standard 232 (RS-232)
before its acceptance as a standard by the Electronic Industries
Alliance (EIA) and Telecommunications Industry Association
(TIA).
Perform initial configuration over a connection to the
EIA/TIA-232 console interface. See the Catalyst 6500 Series Switch
Module Installation Guide for console interface cable connection
procedures.
To make a console connection, perform this task:
After making a console connection, you see this display:
Press Return for Console prompt
Router> enable Password:Router#
Accessing the CLI through Telnet
Note Before you can make a Telnet connection to the switch, you
must configure an IP address (see the Configuring IPv4 Routing and
Addresses section on page 25-3).
The switch supports up to eight simultaneous Telnet sessions.
Telnet sessions disconnect automatically after remaining idle for
the period specified with the exec-timeout command.
To make a Telnet connection to the switch, perform this
task:
Command Purpose
Step 1 Press Return. Brings up the prompt.
Step 2 Router> enable Initiates enable mode enable.
Step 3 Password: password Router#
Completes enable mode enable.
Step 4 Router# quit Exits the session when finished.
Command Purpose
Step 1 telnet {hostname | ip_addr} Makes a Telnet connection
from the remote host to the switch you want to access.
Step 2 Password: password
Router#
Initiates authentication.
Note If no password has been configured, press Return.
Step 3 Router> enable Initiates enable mode enable.
Step 4 Password: password Router#
Completes enable mode enable.
Step 5 Router# quit Exits the session when finished.2-2Cisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
Chapter 2 Command-Line InterfacesPerforming Command Line
ProcessingThis example shows how to open a Telnet session to the
switch:
unix_host% telnet Router_1 Trying 172.20.52.40...Connected to
172.20.52.40.Escape character is '^]'.
User Access Verification
Password:Router_1> enable Password:Router_1#
Performing Command Line ProcessingCommands are not case
sensitive. You can abbreviate commands and parameters if the
abbreviations contain enough letters to be different from any other
currently available commands or parameters. You can scroll through
the last 20 commands stored in the history buffer, and enter or
edit the command at the prompt. Table 2-1 lists the keyboard
shortcuts for entering and editing commands.
Performing History SubstitutionThe history buffer stores the
last 20 commands you entered. History substitution allows you to
access these commands without retyping them, by using special
abbreviated commands. Table 2-2 lists the history substitution
commands.
Table 2-1 Keyboard Shortcuts
Keystrokes Purpose
Press Ctrl-B or press the left arrow key1
1. The arrow keys function only on ANSI-compatible terminals
such as VT100s.
Moves the cursor back one character.
Press Ctrl-F or press the right arrow key1
Moves the cursor forward one character.
Press Ctrl-A Moves the cursor to the beginning of the command
line.
Press Ctrl-E Moves the cursor to the end of the command
line.
Press Esc B Moves the cursor back one word.
Press Esc F Moves the cursor forward one word.2-3Cisco IOS
Software Configuration Guide, Release 12.2(33)SXH and Later
Releases
OL-13013-05
-
Chapter 2 Command-Line InterfacesCisco IOS Command ModesCisco
IOS Command Modes
Note For complete information about Cisco IOS command modes, see
the Cisco IOS Configuration Fundamentals Configuration Guide at
this URL:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html
The Cisco IOS user interface is divided into many different
modes. The commands available to you depend on which mode you are
currently in. To get a list of the commands in a given mode, type a
question mark (?) at the system prompt. See the Displaying a List
of Cisco IOS Commands and Syntax section on page 2-5.
When you start a session on the switch, you begin in user mode,
often called user EXEC mode. Only a limited subset of the commands
are available in EXEC mode. To have access to all commands, you
must enter privileged EXEC mode. Normally, you must type in a
password to access privileged EXEC mode. From privileged EXEC mode,
you can type in any EXEC command or acce