Cisco Systems 4500 manuale d’uso

Pagina 1

Americas Headquarters Cisco Systems, In c. 170 West Tasman Drive San Jose, CA 951 34-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553-NETS (638 7) Fax: 408 527-0883 Catal yst 450 0 S eries S witc h Cisco IOS S of tw are Conf iguration Guide Re le ase 15.

Pagina 2

THE SPECIFICATION S AND INFORMAT ION RE GARDIN G TH E PRODU CTS IN THIS MANU AL A RE SUBJ ECT T O CHAN GE W ITHOUT N OTICE. ALL STATEMENTS , INFORMATION, AND RECOMMENDATI ONS IN THI S MANUAL ARE BE LIEVED TO BE A CCURATE BUT ARE PRESENTED WI THOUT WARRANTY OF ANY KIND, EX PRESS OR IMPLIED.

Pagina 3

i Software Configuration Guid e—Release 15.0(2)SG OL-23818-01 CONTENTS Preface li Audience li Organization li Conventi ons liv Related Documentation lv Hardware Documents lv Software Documentation l.

Pagina 4

Contents ii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Resilient Ethernet Protocol 1-7 SmartPort Macros 1-7 Spanning Tree Proto c ol 1-8 Stateful Switchover 1-8 SVI Autostate 1-9 User-Based Rate Limiting 1-9 Unidirectional Ethernet 1-9 Unidirectional Link Detection 1-9 VLANs 1-10 Virtual Switch System Client 1-10 Y.

Pagina 5

Contents iii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Embedded Event Manager 1-20 Ethernet Management Port 1-21 FAT File Management System on Superviso r Engine 6-E and 6L-E 1-21 .

Pagina 6

Contents iv Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Performing Com mand-Line Proce ssing 2-3 Performing History Substitution 2-4 About Cisco IOS Command Modes 2-4 Getting a List .

Pagina 7

Contents v Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Setting the Privilege Leve l for a Command 3-23 Changing the Default Priv ilege Level for Lines 3-23 Logging In t o a Pri v ile.

Pagina 8

Contents vi Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Understanding DNS 4-15 Default DNS Configuration 4-16 Setting Up DNS 4-16 Displaying the DNS Configuration 4-17 Creating a Ban.

Pagina 9

Contents vii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Performing an ISSU Upgrade: 2 Metho ds 5-11 Changeversion Proce ss 5-12 Changeversion: Quick Option 5-12 Scheduled Changevers.

Pagina 10

Contents viii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Deploying 10-Gigabit Etherne t and Gigabit Ethernet SFP Ports on Sup ervisor Engine V-10GE 6-12 Deploying 10-Gigabit Etherne.

Pagina 11

Contents ix Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Checking Interfaces Status 7-2 Displaying MAC Addresses 7-3 Checking Cable Status Using Time Domain Reflectometer 7-3 Overview.

Pagina 12

Contents x Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Manipulating Bootflash on the Redund ant Su pervisor Engine 8-15 CHAPTER 9 Configuring Cisco NSF with SSO Supervisor Engin e Re.

Pagina 13

Contents xi Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Power Management Modes for the Catalyst 450 0 Switch 10-8 Selecting a Power Manageme nt Mode 10-8 Power Management Limitations.

Pagina 14

Contents xii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Network Assistant-Related Parameters and Their Defaults 12-3 Network Assistant CLI Commands 12-3 Configuring Your Switch for .

Pagina 15

Contents xiii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Understanding the VTP Domain 13-8 Understanding VTP Mode s 13-9 Understanding VTP Adv ertisements 13-9 Understanding VTP Ver.

Pagina 16

Contents xiv Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Troubleshooting IP Unnumbered Interface 14-7 Related Documents 14-8 CHAPTER 15 Configuring Layer 2 Ethernet Interfaces 15-1 A.

Pagina 17

Contents xv Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 cisco-global 16-4 cisco-desktop 16-4 cisco-phone 16-5 cisco-router 16-5 cisco-switch 16-5 SmartPort Macro Configuration Guidel.

Pagina 18

Contents xvi Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Configuring STP Port Priority 18-13 Configuring STP Port Cost 18-15 Configuring the Bridge Priority of a VLAN 18-17 Configuri.

Pagina 19

Contents xvii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Flex Links Failover Ac tions 19-3 MAC Address-Table Move Update 19-4 Configuring Flex Links 19-5 Default Configuration 19-5 .

Pagina 20

Contents xviii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Enabling EtherChannel Guard (Optio nal) 21-6 About PortFast 21-7 Enabling PortFast 21-7 About BPDU Guard 21-8 Enabling BPDU.

Pagina 21

Contents xix Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Understanding L ink-State T racking 22-18 Configuring Link-State Tracking 22-21 Default Link-State Tracking Configuration 22-.

Pagina 22

Contents xx Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Configuring IGMP Profiles 23-21 Applying IGMP Profiles 23-22 Setting the Maximum Number of IGMP Groups 23-23 Displayin g IGMP .

Pagina 23

Contents xxi Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Configuring VLAN Mapping 25-11 One-to-One Mapping 25-11 Traditional Q-in-Q on a Trunk Po rt 25 -12 Selective Q-in-Q on a Trun.

Pagina 24

Contents xxii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 UDLD Topology 28-2 Fast UDLD Topology 28-2 Operation Modes 28-3 Default States for UDLD 28-3 Default UDLD Configuration 28-4.

Pagina 25

Contents xxiii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Monitoring and Maintaining EIGRP 30-19 EIGRP Configuration Examples 30-19 Route Summarization Example 30-19 Route Authentic.

Pagina 26

Contents xxiv Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Unicast RPF with BOOTP and DHCP 32-8 Restrictions 32-8 Limitation 32-8 Related Features an d Tech nologies 32-8 Prerequisite.

Pagina 27

Contents xxv Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Load Splitti ng of IP Multic ast Traffic 33-22 Monitoring and Maintaining IP Multicast Routing 33-23 Displaying System and Ne.

Pagina 28

Contents xxvi Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Deny ACE 35-9 CHAPTER 36 Configuring VRF-lite 36-1 About VRF-lite 36-2 Default VRF-lite Configuration 36-3 VRF-lite Configur.

Pagina 29

Contents xxvii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Mapping Tables 37-14 Queueing and Scheduling 37-14 Active Queue Management 37-14 Sharing Link Bandwidth Among Tran smit Que.

Pagina 30

Contents xxviii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Configuring the CoS-to-DSCP Map 37-53 Configuring the Policed-DSCP Map 37-54 Configuring the DSCP-to-CoS Map 37-55 Configu.

Pagina 31

Contents xxix Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Transmit Queue Statistics 37-85 Policy Associations 37-85 Software QoS 37-87 Configuring CoS Mutation 37-88 Configuring Syst.

Pagina 32

Contents xxx Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Configuring a Layer 2 Interface as a PVLAN Host Port 39-18 Configuring a Layer 2 Interface as an Isolate d PVLAN Trunk Port 3.

Pagina 33

Contents xxxi Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Using 802.1X with Authentication Failed VLAN Assignme nt 40-17 Usage Guidelines for Using Authentication Failed VLAN Ass ignment 40-18 Using 802.1X with Port Security 40-19 Using 802.

Pagina 34

Contents xxxii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Cisco ACS Configuration fo r VLAN Assignment 40-72 Enabling Fallback Authentication 40-73 Enabling Periodic Reauthenticatio.

Pagina 35

Contents xxxiii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Displaying Authen tication Details 40-114 Determining the Authentication Methods Registered with the Auth Manage r 40-114 .

Pagina 36

Contents xxxiv Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 LAN Port IP 42-5 Gateway IP 42-5 ACLs 42-5 Context-Based Access Control 42-5 802.

Pagina 37

Contents xxxv Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Example 7: Setting a Rate Limit for Bad Packets 43-13 Example 8: Clearing Dynamic Secure MAC Addresses 43-14 Configuring Por.

Pagina 38

Contents xxxvi Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 About Control Plane Policing 44-2 General Guidelines for Control Plane Policing 44 -3 Default Configuration 44-4 Configurin.

Pagina 39

Contents xxxvii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 CHAPTER 45 Configuring DHCP Snooping , IP Source Guard, and IPSG for Static Hosts 45-1 About DHCP Snooping 45-1 Trusted an.

Pagina 40

Contents xxxviii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Dynamic ACLs 47-5 VLAN Maps 47-5 Hardware and Software ACL Support 47-6 TCAM Programming and ACLs for Supervisor Engine I.

Pagina 41

Contents xxxix Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Removing the Requirement for a Port ACL 47 -36 Configuration Restrictions 47-37 Debugging Considerations 47-37 Webauth Fall.

Pagina 42

Contents xl Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Configuring Port Blocking 49-1 Blocking Flooded Traffic on an Interface 49-2 Resuming Normal Fo rwarding on a Port 49-3 CHAPTE.

Pagina 43

Contents xli Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Ingress Packets 51-12 Access List Filtering 51-13 ACL Configuration Guidelines 51-13 Configuring Access List Filtering 51-14 .

Pagina 44

Contents xlii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Information about Data Collected by OBFL 53-2 OBFL Data Overview 53-2 Temperature 53-3 Operational Uptime 53-4 Interrupts 53.

Pagina 45

Contents xliii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Monitor-level Restrictions 55-2 Configuring NetFlow Packet Sampling 55-2 Configuring Information about the External Co llec.

Pagina 46

Contents xliv Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 NetFlow Statistics Collection Config uration Example 56-13 NetFlow Configuration Examples 56-14 NetFlow Enabling Scheme Exam.

Pagina 47

Contents xlv Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Understanding CFM ITU-T Y.1731 Fault Manag emen t 57-27 Y.1731 Termin ology 57-27 Alarm Indication Sig n al s 57-28 Ethernet Remote Defect Indication 57-28 Multicast Ethernet Lo opback 57-29 Configuring Y.

Pagina 48

Contents xlvi Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Displaying Y.1731 Information 58-6 CHAPTER 59 Configuring Call Home 59-1 About Call Home 59-2 Obtaining Smart Call Home 59-2.

Pagina 49

Contents xlvii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 IP SLA Configuration Guidelines 60-7 Configuring the IP SLAs Responder 60-8 Analyzing IP Service Levels by Using the UDP Ji.

Pagina 50

Contents xlviii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Configuration Register 63-3 Changing th e Configurat ion Register Manua lly 63-3 Changing th e Co nfiguration Register Usi.

Pagina 51

Contents xlix Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Downloading and Compiling MIBs 65-2 Guidelines for Working with MIBs 65-3 Downloading MIBs 65-3 Compiling MIBs 65-4 Enabling.

Pagina 52

Contents l Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01.

Pagina 53

li Software Configuration Guid e—Release 15.0(2)SG OL-23818-01 Preface This preface describes who sh ould read this document, ho w it is organized, and its con ventions. The preface also tells you ho w to obtain Cisco documents, as well as ho w to obtain technical assistance .

Pagina 54

lii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Preface Chapter 9 Conf igu ring Cisco N SF wi th SSO Supervisor Engine Redu ndancy Describes ho w to configure supervisor en gine redundancy using Cisco nonsto p forwarding (NSF) with stateful switchover (SSO).

Pagina 55

liii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Preface Chapter 29 Conf iguring Unidirectio nal Ethernet Describes ho w to configure unidirection al Ethernet . Chapter 30 Conf iguring Layer 3 Interfaces Describes ho w to conf igure interfaces to support Layer 3 features.

Pagina 56

liv Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Preface Conventions This document uses the f ollo wing typographical con ventions: Chapter 51 Conf iguring SP AN and RSP AN Describes ho w to conf igure the Switched Port Analyzer (SP AN).

Pagina 57

lv Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Preface Notes use the follo wing con ventions: Note Means reader take note . Notes contain helpful suggestions or references to material not co vered in the publication. Cautions use the following con ventions: Caution Means reader be car e ful .

Pagina 58

lvi Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Preface • Catalyst 4500 Series Switc hes Installation Guide http://www .cisco.com/en/ US/docs/switches/lan/cat alyst4500/hardware/installati on/guide/78-14409 -08/4500inst .html • Catalyst 4500 E-seri es Switches Inst allation Guide http://www .

Pagina 59

lvii Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Preface Cisco IOS Documentation Platform- indep e ndent Cisco IOS do cumentation may al so apply to the Catalyst 45 00 and 4900 switches. These documents are av ailable a t the following URLs: • Cisco IOS conf iguration guides, Release 12.

Pagina 60

lviii Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Preface Redistrib ution and use in source an d binary forms, with or without modif ication, are permi tted pro vided that the follo wing conditions are met: 1.

Pagina 61

lix Software Co nfiguration Guide—Release 15.0(2)SG OL-23818-01 Preface Obtaining Do cumentatio n and Submitting a Service Request Redistrib ution and use in source an d binary forms, with or without modif ication, are permi tted pro vided that the follo wing conditions are met: 1.

Pagina 62

lx Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Preface Obtaining Documentation an d Submitting a Se rvice Request.

Pagina 63

CH A P T E R 1-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 1 Product Overview This chapter pro vides an ove rvie w of Catalyst 45 00 series switches and includes the follo wing majo.

Pagina 64

1-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Softwar e Features • Link Layer Discovery Protocol, page 1-5 • Link State Tracking, page 1-6 �.

Pagina 65

1-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Software Features Cisco Discovery Protocol The Cisco Discov ery Protocol (CDP) is a de vice-discov ery protocol that is bo th media- and protocol-indep endent.

Pagina 66

1-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Softwar e Features Flex Links and MAC Address-Table Move Update Flex Links are a pair of Layer 2 interfaces (switc h ports or port channels) where one interface is configured to act as a backup to the other .

Pagina 67

1-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Software Features Jumbo Frames The jumbo frames feature allo ws the switch to forwar d packets as lar ge as 9216 bytes (larger than the IEEE Ethernet MTU), rather than declare those frames “ov e rsize” and discard them.

Pagina 68

1-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Softwar e Features Link State Tracking Link-state trac king, also kn own as trunk failover , is a feature that binds th e link state of multiple interfaces.

Pagina 69

1-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Software Features The quality of service (QoS) feature prev ents congestio n by selecting netw ork traf fic and prior itizing it according to its relati ve importance.

Pagina 70

1-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Softwar e Features For info rmation on conf iguring SmartPort macros, see Chapter 16, “Configuring SmartPort Macros.

Pagina 71

1-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Software Features SVI Autostate When an SVI has multiple ports on a V LAN, normally the SVI wil l go do wn when all the ports in the VLAN go do wn.

Pagina 72

1-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 2 Softwar e Features VLANs A VLAN configures switches and routers according to logical, rather than p hysical, topologies.

Pagina 73

1-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 3 Software Features ETH-AIS suppresses alarms follo wing detection of defe ct conditi ons at the server ( sub) layer .

Pagina 74

1-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 3 Softwar e Features EIGRP Stub Routing The EIGRP stub routi ng feature, a vailable in all ima ges, reduces resource utili zation by mo ving routed traf fic clos er to the end u ser .

Pagina 75

1-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 3 Software Features http://www .cisco.co m/en/US/docs/ios/ipapp/co nf iguration/guide/ipapp_ hsrp_ps6350_TSD_Products_ Config uration_Guide_Chapter .

Pagina 76

1-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 3 Softwar e Features EIGRP The Enhanced Interior Ga tew ay Routing Protocol (EIGRP) is a v ersion of IGRP that combines the adv antages of link-state protocols with distance-vector protocols.

Pagina 77

1-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 3 Software Features interfaces and their metrics is used in OSPF LSAs. As routers accumulate link-s tate information, they use the shortest path first (SPF) al gorithm to calculate the shortest path to each node.

Pagina 78

1-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 3 Softwar e Features • ANCP Client —ANCP Mu lticast enables you to con trol multicast traf fic on a Catalyst 4500 switch using either ANCP (rather than IGMP) or direct static conf iguration on the CLI.

Pagina 79

1-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Layer 3 Software Features NSF with SSO Non-Stop F orwar ding with Stateful Swi tcho ver (NSF/ SSO) of fers conti nuous data pack et forwardi ng in a Layer 3 routing en vironment during supervisor engine switcho ver .

Pagina 80

1-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Management Features For info rmation on conf iguring unidirectional l ink routing, refer to th e chap ter “Conf iguring Unidirectional Link Routing” in the Cisco IP and IP Routing Conf iguration Guide .

Pagina 81

1-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Management Features • Secure Shell, page 1-22 • Simple Netw ork Management Protocol, page 1-22 • SP A.

Pagina 82

1-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Management Features Cisco Network Assistant Cisco Network Assistant manages standal one devices, cl usters of de vices, or fe deratio ns of devices fro m anywhere in y our intranet.

Pagina 83

1-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Management Features Ethernet Management Port The Ethernet management port, also referred to as the F a1 or fastethernet1 port , is a Layer 3 host port to which you can connect a PC.

Pagina 84

1-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Management Features NetFlow-lite Note NetFlo w-lite is only supported on Catalyst 4948E Ethernet Switch. The Netflo w-lite feature is based on ingress packet sampl ing at a monitoring point that can be an interface on the switch.

Pagina 85

1-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features Remote SP AN (RSP AN) is an extension of SP AN , where source ports and destination ports are distrib uted across multiple switches, allo wing remote monitoring of multipl e switches across the network.

Pagina 86

1-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features • Hardware- Based Control Plane Policing, page 1- 26 • IP Source Guard for Static Ho.

Pagina 87

1-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features • 802.1X with Inaccessible Authentication Bypass— Applies when the AAA servers are unreachable or nonresponsi ve. In this situation, 802 .

Pagina 88

1-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features http://www .cisco.com/en/US/ docs/switches/lan /tr ustsec/conf iguration/guide/trustsec.

Pagina 89

1-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features Catalyst 45 00 supervi sor engines . It supports vari ous Layer 2 and Layer 3 co ntrol pr.

Pagina 90

1-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features N AC Layer 2 IP is an in tegral part of Cisco Netw ork Admission Control. It of fers the first line of defense for infected hosts (PCs and other devices attached to a LAN p ort) attempting to connect to the corporate network.

Pagina 91

1-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features PPPoE Intermediate Agent PPPoE Intermediate Agent (PPPoE IA) is placed between a subscriber and BRAS to help the service provider BRAS disting uish betw een end ho sts conn ected over Ethernet to an access switch.

Pagina 92

1-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 1 Product Overview Security Features Utilities Supported utilit ies include the follo wing: Layer 2 Traceroute Layer 2 traceroute al lows the switch to ident ify the phy sical path that a packet takes from a source de vice to a destination device.

Pagina 93

CH A P T E R 2-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 2 Command-Line Interfaces This chapter describes the CLIs y ou use to conf igur e the Catalyst 4500 seri es switch.

Pagina 94

2-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Accessing the Switch CLI Accessing the Switch CLI The follo wing sections describe how to access t.

Pagina 95

2-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Performing Command-Line Processing T o make a T elnet connection to the switch, perform this task: This exampl e shows ho w to open a T elnet session to the switch: unix_host% telnet Switch_1 Trying 172.

Pagina 96

2-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Performing History Substitution Performing History Substitution The history b uffer stores the last 20 command lines you entered. Hist ory substitution enabl es you to access these command lines without retypin g them.

Pagina 97

2-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Getting a List of Commands and Syntax Y ou use a separate mode called ROMMON when the switch cannot boot up properly .

Pagina 98

2-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Getting a List of Comman ds and Syntax T o list ke ywords or ar guments, enter a question mark in place of a ke yword or ar gument. Include a space before the question mark.

Pagina 99

2-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces ROMMON Command-Line In te rface T o log in to the standb y supervisor engine using a virtual console,.

Pagina 100

2-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Archiving Crashf iles Information When you enter R O MMON mode , the prompt changes to rommon 1> . Use the ? command to see the av ailable R OMMON commands.

Pagina 101

2-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Displaying a Crash Dump ========= Context ====================== pc=10999E70 lr=10999E34 msr=02029230.

Pagina 102

2-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Displaying a Crash Dump 2421FAF0: 00000000 00000000 00000000 00000000 2421FB00: 00000000 00000000.

Pagina 103

2-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Displaying a Crash Dump 151A3B48: 1586D 760 10C7FE38 10C7F17 C 1586FF98 10C7FE38 10C7F17 C 151A3B30:.

Pagina 104

2-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Displaying a Crash Dump Flags: analyze crashblock on_old_queue Status 0x00000000 Orig_ra 0x000000.

Pagina 105

2-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Displaying a Crash Dump ---- Level 2 Interrupt stack (0x3F8 bytes used, out of 0x2328 available) ---.

Pagina 106

2-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Displaying a Crash Dump 156D8FE0: 20526576 69657700 0 0 0 0 0 0 156D9000: 0 0 1ADBEEF 1896AD90 15.

Pagina 107

2-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Displaying a Crash Dump ---- Level 7 Interrupt stack (0x0 bytes used, out of 0x2328 available) ---- .

Pagina 108

2-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Displaying a Crash Dump 2421F8D0: 0 0 2421F8E8 10C1FD9C 2421F8F8 0 0 0 2421F8F0: 15868B74 15868B7.

Pagina 109

2-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Displaying a Crash Dump 234BBAF0: 0 23056294 23054D90 13597D4C 1 0 0 FD0110DF 234BBB10: AB1234CD FFF.

Pagina 110

2-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Displaying a Crash Dump 13794B6C: 546F6F20 6D616E79 206C696E 6B730000 426C6F63 6B206465 76696365 .

Pagina 111

2-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Interfaces Displaying a Crash Dump L2CAPTECC: 0x0 L2ERRDET: 0x0 L2ERRDIS: 0x0 L2ERRATTR: 0x0 L2ERRADDRH: 0x0L2E.

Pagina 112

2-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 2 Command-Line Inter fa ces Displaying a Crash Dump.

Pagina 113

CH A P T E R 3-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 3 Configuring the Switch for the First Time This chapter describes ho w to initially conf igure a Catalyst 4500 series switch.

Pagina 114

3-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Configuring DHCP-Based Autoconfig uration Configuring DHCP-Based Autoconfigurat.

Pagina 115

3-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Configuring DHCP-Based Autoconfiguration W ith DHCP-based autoconfigurati on, no D.

Pagina 116

3-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Configuring DHCP-Based Autoconfig uration Configuring the DHCP Server A switch can act as both the DHCP client and the DHCP serv er .

Pagina 117

3-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Configuring DHCP-Based Autoconfiguration filename (i f any) and the follo wing fil es: network-confg, cisconet.cfg, hostnam e .confg, or hostname .

Pagina 118

3-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Configuring DHCP-Based Autoconfig uration Figur e 3-2 Relay Device Used in A ut.

Pagina 119

3-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Configuring DHCP-Based Autoconfiguration If the switch cannot read the netw ork-confg, cisconet.cfg, or the hostname f ile, it reads the router -confg fi le.

Pagina 120

3-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Configuring the Switch DNS Server Conf iguration The DNS server maps the TFTP serv er name maritsu to IP address 10.0.0.3. TFTP Server Conf iguration (on UNIX) The TFTP server base direct ory is set to /tftpserver/ work/.

Pagina 121

3-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Configuring the Switch Using Configuration Mode to Configure Your Switch T o conf .

Pagina 122

3-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Configuring the Switch <..

Pagina 123

3-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Configuring the Switch ! line con 0 exec-timeout 0 0 transport input none line vt.

Pagina 124

3-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Configuring the Switch T o conf igure a static route, perform th is task: This example shows ho w to use the ip route command to conf igure a static route to a workstation at IP address 171.

Pagina 125

3-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Controlling Access to Privileged EX EC Command s .

Pagina 126

3-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Controlling Access to Pr ivileged EXEC Commands Using the enable password and .

Pagina 127

3-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Controlling Access to Privileged EX EC Command s For informatio n on ho w to disp.

Pagina 128

3-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Controlling Access to Pr ivileged EXEC Commands Figur e 3-4 T ypical T ACA CS+.

Pagina 129

3-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Controlling Access to Privileged EX EC Command s TACACS+ Operation When a user attempts a simple ASCII login b y auth enticating to a switch using T A CA CS+, this process occurs: 1.

Pagina 130

3-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Controlling Access to Pr ivileged EXEC Commands • Conf iguring T ACA CS+ Aut.

Pagina 131

3-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Controlling Access to Privileged EX EC Command s T o remove the specif ied T A CACS+ serv er name or address, use the no tac acs-server host hostname global conf iguration command.

Pagina 132

3-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Controlling Access to Pr ivileged EXEC Commands Step 3 aaa authentication login { default | list-name } method1 [ method2... ] Creates a login authenticatio n method list.

Pagina 133

3-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Controlling Access to Privileged EX EC Command s T o disable AAA, use the no aaa new-model global conf iguration command.

Pagina 134

3-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Controlling Access to Pr ivileged EXEC Commands T o enable T A CA CS+ accounti.

Pagina 135

3-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Controlling Access to Privileged EX EC Command s For informatio n on ho w to disp.

Pagina 136

3-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Controlling Access to Pr ivileged EXEC Commands Logging In to a Privilege Leve.

Pagina 137

3-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Recovering a Lost Enable Pa ssw ord Recovering a Lost Enable Password Note For mo.

Pagina 138

3-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Modifying the Supervisor En gine Startup Configuration Understanding the ROM Monitor The R OM monitor (R OMMON) i s in vok ed at switch bootup, reset, or when a f atal exception occurs.

Pagina 139

3-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Modifying the Sup erviso r Eng ine Startup Co nfiguration Modifying the Boot Fiel.

Pagina 140

3-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Modifying the Supervisor En gine Startup Configuration When the boot f ield is.

Pagina 141

3-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Modifying the Sup erviso r Eng ine Startup Co nfiguration Step 2 Enter the conf igure terminal command at the EXEC mode pro mpt (#), as follo w s: Switch# configure terminal Enter configuration commands, one per line.

Pagina 142

3-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Modifying the Supervisor En gine Startup Configuration System returned to ROM by reload System image file is "tftp://172.25.

Pagina 143

3-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Modifying the Sup erviso r Eng ine Startup Co nfiguration Flash Memory Features F.

Pagina 144

3-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Resetting a Switch to F actory Default Settings Image in the Conf iguration Fi.

Pagina 145

3-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 3 Configuri ng the Switch for the First Time Resetting a Switch to Factory D efault Settings When the copying is comp leted, y.

Pagina 146

3-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 3 Config uri ng the Switch fo r the First Time Resetting a Switch to F actory Default Settings.

Pagina 147

CH A P T E R 4-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 4 Administering the Switch This chapter describes ho w to perform one-time operations t o administer the Catalyst 450 0 Series switch.

Pagina 148

4-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the System Time and Date • Conf iguring NTP , page 4-3 • Conf iguring T ime and Date Manually , page 4-11 System Clock The core of the time service is the system clock, wh ich monitors the date and time.

Pagina 149

4-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the System Time and Date Cisco’ s implement ation of NTP does not support st ratum 1 service; it is not possible to connect to a radio or atomic clock.

Pagina 150

4-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the System Time and Date • Conf iguring NTP Associations, pa ge 4-6 • Conf iguring NT.

Pagina 151

4-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the System Time and Date T o disable NTP authentication, use the no ntp authenticate global conf iguration command. T o remov e an authentication key , us e th e no ntp authentication-key number global conf iguration command.

Pagina 152

4-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the System Time and Date Configuring NTP Associations An NTP association can be a peer a .

Pagina 153

4-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the System Time and Date Configuring NTP Broadcast Service The communications between devic.

Pagina 154

4-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the System Time and Date T o conf igure the switch to recei ve NTP broadcast pa ck ets fr.

Pagina 155

4-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the System Time and Date Creating an Access Group and Assigning a Ba sic IP Access List T o.

Pagina 156

4-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the System Time and Date T o remove access control to the switch NTP services, use the no ntp access-group { query-only | serv e-only | serve | peer } global con figur ation command.

Pagina 157

4-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the System Time and Date The specif ied interface is used for the source address for al l packets sent to all destinations.

Pagina 158

4-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the System Time and Date Displaying the Time and Date Configuration T o display the time and date conf iguration, use the show clock [ detail ] pri vileged EXEC command.

Pagina 159

4-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the System Time and Date Configuring Summer Time (Daylight Saving Time) T o conf igu re su.

Pagina 160

4-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Configuring a System N ame and Prompt If summer time in your area does not f ollo w a recurring p.

Pagina 161

4-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Configuring a System Name and Prompt For complete syntax and usage information for t he commands used in this section, see the Cisco IOS Confi gurati on Fundamentals Comm and Refer ence, Release 12.

Pagina 162

4-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Configuring a System N ame and Prompt These sections contain this configu ration informatio n: �.

Pagina 163

4-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Creating a Banner If you use the switch IP address as its hostname, th e IP address is used and no DNS query occurs. If you confi gure a hostname that contains no periods (.

Pagina 164

4-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Creating a Banne r Default Banner Configuration The MO TD and login banners are not conf igured.

Pagina 165

4-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table Configuring a Login Banner Y ou can configure a lo gin ba nner t o be di splayed on all connected terminals. This banner appears after the MO TD banner and before the login prompt.

Pagina 166

4-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table These sections contain this configu ration informatio n: • Buil.

Pagina 167

4-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table When PVLANs are conf igured, address learning depends on the ty pe of MA C address: • Dynamic MA C addresses learned in one VLAN of a PVLAN are replicated in the associated VLANs.

Pagina 168

4-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table Removing Dynamic Address Entries T o remov e all dynamic entries, use the cl ear mac address-table dynamic command in EXEC mo de.

Pagina 169

4-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table Step 3 snmp-server enable traps mac-notification change Enables the switch to send MA C change traps to the NMS.

Pagina 170

4-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table This example shows ho w to specify 172.

Pagina 171

4-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table T o conf igure MA C move not ificat ion, perform this task: This examp le sho ws ho w to specify 172.

Pagina 172

4-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table Configuring MAC Threshold Notification Traps When you conf igure .

Pagina 173

4-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table This ex ample sho ws ho w to specify 172.

Pagina 174

4-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table T o add a static address, perform this task: This exampl e show s how to add the static address c2f3.22 0a.12f4 to the MA C address table.

Pagina 175

4-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table • If you add a unicast MA C address as a static addres s an d con.

Pagina 176

4-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table Disabling MAC Address Learning on a VLAN By default, MA C address learning is en abled on all VLANs on the switch.

Pagina 177

4-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table Usage Guidelines Note These guidelines are advisory only . Contact the Cisco solution p rovider team fo r specific solutio n implementa tions.

Pagina 178

4-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table Figur e 4-2 Disabling MAC A ddress Lear ning: Point-t o -P oint Links Network Load Bala ncers In this topology , you ha ve tw o devices, one acti ve and one standb y .

Pagina 179

4-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the MA C Address Table Layer 2 Firewall or Cache In this topolog y , a rewritten Layer 3 pack et is routed back to a Layer 2 f ire wall (or cache) before exiti ng.

Pagina 180

4-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Managing the MAC Addr ess Table Feature Incompatibility The follo wing features are incompati ble with disabling MA C address learning and do not work properly when the feature is enabled: • 802.

Pagina 181

4-35 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Managing the ARP Table Displaying Address Table Entries Y ou can display the MA C address table by usin g one or more of the p rivil eged EXEC commands described in T able 4-4 .

Pagina 182

4-36 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Configuring Embedde d CiscoView Supp ort These sections describe the Embedded CiscoV iew suppor t av ailable with Cisco IOS Release 12.

Pagina 183

4-37 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Configuring Embedd ed CiscoView Support The follo wing example sho ws how to instal l and configur .

Pagina 184

4-38 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Configuring Embedde d CiscoView Supp ort Switch# Switch# archive tar /xtract Cat4000IOS.v5-1.tar /cv extracting Cat4000IOS-5.1.sgz (1956591 bytes) extracting Cat4000IOS-5.

Pagina 185

4-39 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 4 Administering the Switch Configuring Embedd ed CiscoView Support For more information about web access to the swit ch, refer to the “Using the Cisco W eb Bro w ser” chapter in the Cisco IOS Conf iguration Fundam entals Conf iguration Guide at this URL: http://www .

Pagina 186

4-40 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 4 Administerin g the Switch Configuring Embedde d CiscoView Supp ort.

Pagina 187

CH A P T E R 5-1 Software Configuration Guide—Release 15(02)SG OL-23818-01 5 Configuring the Cisco IOS In-Service Software Upgrade Process Note Starting with Cisco IOS 12.2(3 1)SG A, ISSU is supported on the Catalyst 4500. All line cards are supported.

Pagina 188

5-2 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Prerequisites to Perfor ming ISSU Prerequisites to Performing ISSU Before performing ISSU, you need to meet these prerequisites: • Image type of the existi ng and target image must match.

Pagina 189

5-3 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process About ISSU About ISSU Note Do not make an y hardware changes while p erforming ISSU.

Pagina 190

5-4 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process About ISSU Figur e 5-1 Cisco NSF with SSO Networ k Deployment.

Pagina 191

5-5 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process About ISSU Figur e 5-2 Cisco NSF with SSO Networ k Deployment: Ent er prise Netw orks NSF Overview Cisco NSF works with the SSO feature in Cisco IOS so ftware.

Pagina 192

5-6 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process About ISSU ISSU Process Overview The ISSU process allow s you to perform a Cisco IOS software upgr ade or do wngrade while the system continues to forward packets.

Pagina 193

5-7 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process About ISSU An ISSU-capable switch consists of two super visor engines (acti ve and standby) and on e or more line cards.

Pagina 194

5-8 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process About ISSU After you ha ve copied the Cisco I OS software to both f ile systems, load the new v ersion of Cisco IOS software onto t he standby supervisor eng ine (see Figure 5-5 ).

Pagina 195

5-9 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process About ISSU After a switchov er (NSF or SSO, not RPR), the standb y supervisor engine t akes ov er as the new acti ve supervisor engine (see Figur e 5-6 ).

Pagina 196

5-10 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process About ISSU The former activ e supervisor engine is loaded wi.

Pagina 197

5-11 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process About ISSU Figur e 5-8 Steps Dur ing the ISSU Process Performing an ISSU Upgrade: 2 Methods There are two ways to perform an ISSU upgrade: manu ally , with four commands; or automatically , with one command.

Pagina 198

5-12 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process About ISSU Changeversion Process The issu changev ersion command launches a single-step complete ISSU upgrade c ycle.

Pagina 199

5-13 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process About ISSU Changeversion Deploy ment Scenario The typical issu changeversion command usage scenario is for experi enced users with a large installed base.

Pagina 200

5-14 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process About ISSU ISSU requires additional infor mation to deter mine co mpatibility between softwa re versions.

Pagina 201

5-15 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process SNMP Support for ISSU SNMP for SSO.

Pagina 202

5-16 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process Verifying the ISSU Software Installation During the ISSU process, fiv e vali d states exist: disabled, init, load version, r un version, and system reset.

Pagina 203

5-17 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process Maintenance Mode = Disabled Manual.

Pagina 204

5-18 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process ISSU State = Init Boot Variable .

Pagina 205

5-19 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process • Ensure the system (both activ e and standby superv isor engines) is in SSO redundancy mode.

Pagina 206

5-20 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process Slot = 2 RP State = Standby ISSU.

Pagina 207

5-21 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process The follo wing example sho ws the .

Pagina 208

5-22 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process A switchover occurs at this point.

Pagina 209

5-23 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process Hardware Mode = Duplex Configured .

Pagina 210

5-24 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process This exampl e displays the timer before you stop it.

Pagina 211

5-25 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process This example shows how to reset and re load the cur rent standby supervis or engine (slot 1) wi th the new Cisco IOS software v ersion.

Pagina 212

5-26 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICES-M), Version 12.

Pagina 213

5-27 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process Perform the follo wing steps at th.

Pagina 214

5-28 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process Slot = 6 RP State = Standby ISSU State = Init Operating Mode = Stateful Switchover Current Image = bootflash:x.

Pagina 215

5-29 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process *Feb 25 20:41:03.639: %INSTALLER-7-ISSU_OP_SUCC: iss u changeversion successfully executed 'issu runversion' Note Switchov er occurs.

Pagina 216

5-30 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process Current Software state = ACTIVE .

Pagina 217

5-31 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process Current Software state = ACTIVE Up.

Pagina 218

5-32 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process If you abort the process after you enter the issu loadv ersion command, the standb y supervisor engine is reset and reloaded with the orig inal software.

Pagina 219

5-33 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process Entering th e issu commitversion comman d at this stage is equal to entering both the issu acceptversion and the issu c om m itversion commands.

Pagina 220

5-34 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z.

Pagina 221

5-35 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process 2010 1 262171 32 1 COMPATIBLE 2012.

Pagina 222

5-36 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process 2059 1 1 262179 30 1 Y 2067 1 1 .

Pagina 223

5-37 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Performing the ISSU Process 2084 ISSU IGMP Snooping clientNon-.

Pagina 224

5-38 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Performing the ISSU Process This exampl e show s how to disp.

Pagina 225

5-39 Software Configuration Guide—Release 15(02)SG OL-23818-01 Chapter 5 Configuring the Cisco IOS In-Service Software Up grade Process Related Documents This exampl e show s how to disp lay stored .

Pagina 226

5-40 Software Configuration Guide—Rele ase 15(02)SG OL-23818-01 Chapter 5 Configur ing the Cisco IOS In-Service Softw are Upgrade Process Related Documents.

Pagina 227

CH A P T E R 6-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 6 Configuring Interfaces This chapter describes ho w to configure i nterfaces for the Catalyst 4500 series sw itches. It also provides guidelines, proced ures, and configu ration examp les.

Pagina 228

6-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces About Interface Configuration About Interface Configuration By default, all interfaces are enabled. The 10/100-Mbps Ethernet interf aces autonegotiate connection speed and duplex .

Pagina 229

6-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Using the interface Command Last clearing of "show interface" counters never Input queue: 0/.

Pagina 230

6-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Configuring a Ra nge of Interfaces Step 4 T o begi n conf iguring F ast Ethernet interf ace 5/5, as.

Pagina 231

6-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring a Range of Interfaces Note The interface range co mmand wor ks only wi th VLAN interfaces that have been configured with the interface vlan command (the show running-conf iguration command displays the conf igured VLAN interfaces).

Pagina 232

6-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Using the Etherne t Management Port Using the Ethernet Management Port This section has this in for.

Pagina 233

6-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Using the Ethernet Mana gemen t Port Figure 6-2 Networ k with Routi ng Prot ocols Enable d The specific implementation of Ethernet manageme nt port depend s on the redundancy mod el you are applying.

Pagina 234

6-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Using the Etherne t Management Port • T elnet, pa ge 6-8 • TFTP , page 6-8 • FTP , page 6-9 • SSH, page 6-9 Note Command usage specifi c to the mgmtVrf are mentioned belo w .

Pagina 235

6-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Using the Ethernet Mana gemen t Port FTP If you want t o use an Fa1 port for an FTP op eration, conf i.

Pagina 236

6-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Defining and U sing Interface-Ran ge Macros • Secure Shell (SSH) • DHCP-based autoconf igurati.

Pagina 237

6-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Deploying SFP+ in X2 Ports T o define an in terface-rang e macro, en ter this command: This exampl e .

Pagina 238

6-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Deploying 10-Gigabit E thernet and Gigabit Ethernet SFP Ports on Supe rvisor Engine V-10GE T o use an SFP+ in an X2 port to obtain 10-Gigabit Et hernet bandwi dth, the Cata lyst 4500 series switch supports OneX Con vertor modules.

Pagina 239

6-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Deploying 10-Gigabit Ethernet o r Gigab it Etherne t Po rts on Supervisor Engine 6-E , Supervisor Eng.

Pagina 240

6-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Deploying 10-Gigabit E thernet or Gigabit Ethe rnet Ports on Su pervisor Engine 6-E, Sup ervisor Engine 6L-E and In Cisco IOS, ports 1 th rough 18 alw ays exist.

Pagina 241

6-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Deploying 10-Gigabit Ethernet o r Gigab it Etherne t Po rts on Supervisor Engine 6-E , Supervisor Eng.

Pagina 242

6-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Invoking Shared-Bac kplane Uplink Mode on Supervisor Engine 6- E Gi1/13 inactive 1 full 1000 No Gb.

Pagina 243

6-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring Optional Interface Feature s Note This featur e is only av ai lable when a DOM ca pable transceiv er is present and configured for monito ring.

Pagina 244

6-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Configuring Optio na l Interfa ce Featu res • If the interface speed is set to 10 or 100 , the duple x mode is set to half duplex b y d ef aul t unless you expli citly conf igure it.

Pagina 245

6-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring Optional Interface Feature s T o restore autone gotiation, enter the no speed nonegotiate command in the int erface conf iguration mode. Note For the blockin g ports on the WS-X4416 modul e, do not set the speed to autone gotiate.

Pagina 246

6-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Configuring Optio na l Interfa ce Featu res 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0.

Pagina 247

6-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring Optional Interface Feature s T o conf igure flo w control, perform this task: This exampl.

Pagina 248

6-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Configuring Optio na l Interfa ce Featu res Duplex: full Trunk encap.

Pagina 249

6-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring Optional Interface Feature s Configuring Jumbo Frame Support These sections describe jumb.

Pagina 250

6-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Configuring Optio na l Interfa ce Featu res If the maximum limit of 32 is reached and an attempt i.

Pagina 251

6-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring Optional Interface Feature s Layer 3 and Layer 2 EtherChannels Starting with Release Cisco IOS Release 12.2(25) EW, you can configure all the interfaces in an EtherChannel pro vided that the y hav e the same MTU.

Pagina 252

6-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Configuring Optio na l Interfa ce Featu res This exampl e shows ho w to conf igure the MTU size on.

Pagina 253

6-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring Optional Interface Feature s Note The default time i s 10ms for E-series supervisor engi nes and line cards (incl uding Catalyst 4900M, Catalyst 4948-E, Superv isor Engine 6-E, and Supe rvior Engine 6L-E).

Pagina 254

6-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Configuring Optio na l Interfa ce Featu res Note The follo wing line cards support Auto -MDIX by def ault, when port auto -negotiatio n is enabled: WS-X4424-GB-RJ45, WS-X4448- GB-RJ45,WS-X4548- GB-RJ45 and WS-X4412-2GB-T .

Pagina 255

6-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Configuring Optional Interface Feature s Switch(config-if)# end Displaying the Interface Auto-MDIX Co.

Pagina 256

6-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Understanding Online Insertion and Removal 0 input packets with dribble condition detected 3552 pa.

Pagina 257

6-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Monitoring and Main taining the In terface T o display informat ion about the interf ace, enter one o.

Pagina 258

6-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Monitoring and Main taining the Interface T o shut down an interface and then restart it, perform .

Pagina 259

6-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Monitoring and Main taining the In terface Configuring Link Status Event Notification for an Interfac.

Pagina 260

6-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Monitoring and Main taining the Interface The follo wing exampl e displays the conf iguration and logging message output for link status and trunk status loggin g ev ents: // // The global link status and trunk status logging events are enabled.

Pagina 261

6-35 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 6 Configuring Interfaces Monitoring and Main taining the In terface This command clears all the configurat i ons and shut do wn the interface: Switch# show run interface fastethernet 3/5 Building configuration.

Pagina 262

6-36 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 6 Config uring Inter faces Monitoring and Main taining the Interface.

Pagina 263

CH A P T E R 7-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 7 Checking Port Stat us and Connectivity This chapter describes how to check switch port stat us and connecti vity on the Catalyst 4500 series switch.

Pagina 264

7-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 7 Check in g Port Status and Connectivity Checking Interfaces Status This exampl e show s how to ch eck module status for all modules on your switch: Switch# show module all Mod Ports Card Type Model Serial No.

Pagina 265

7-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 7 Checking Port Status and Connec tivity Displaying MAC Addresses Displaying MAC Addresses In addition to displaying the MA C a.

Pagina 266

7-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 7 Check in g Port Status and Connectivity Checking Cable Status U si ng Time Domain Reflectometer Note Four pair s of standard cate gory 5 cable exist. Each pair can assume one of the follo wing states: open (not connected), brok en, shorted, or terminated.

Pagina 267

7-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 7 Checking Port Status and Connec tivity Using Telnet Note After this command is deprecated, use the diagnostic star t and the show diagnostic re sult commands to run the TDR test an d display the test results.

Pagina 268

7-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 7 Check in g Port Status and Connectivity Changing the Logout Timer This example sh ows ho w to establish a T elnet connection from the switch to t he remote host named labsparc: Switch# telnet labsparc Trying 172.

Pagina 269

7-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 7 Checking Port Status and Connec tivity Using Ping 2 vty 1 00:00:00 3 vty 2 00:00:00 4 vty 3 00:00:00 5 vty 4 00:00:00 Interfa.

Pagina 270

7-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 7 Check in g Port Status and Connectivity Using IP Traceroute Running Ping T o ping another de vice on the network from the sw.

Pagina 271

7-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 7 Checking Port Status and Connec tivity Using Layer 2 Traceroute drops the datagram and sends b ack an Internet Control Messag e Protocol (ICMP) Time-Exceeded message to the sender .

Pagina 272

7-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 7 Check in g Port Status and Connectivity Using Layer 2 Traceroute These sections describe ho w to us e the Layer 2 tracerout.

Pagina 273

7-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 7 Checking Port Status and Connec tivity Configuring ICMP Running Layer 2 Traceroute T o display the physical path that a pack.

Pagina 274

7-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 7 Check in g Port Status and Connectivity Configuring ICMP Enabling ICMP Protocol Unreachable Messages If the Cisco IOS softwa re receiv es a nonbroadcast packet that uses an unkno wn protocol, it sends an ICMP Protocol Unreachable message back to t he source.

Pagina 275

7-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 7 Checking Port Status and Connec tivity Configuring ICMP T o enable the sending of ICMP Redirect messages if the Cisco IOS so.

Pagina 276

7-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 7 Check in g Port Status and Connectivity Configuring ICMP.

Pagina 277

CH A P T E R 8-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 8 Configuring Supervisor Engine Redundancy Using RPR and SSO Catalyst 4500 series switche s allow a redundant superviso r engine to take over if the activ e supervisor engine fails.

Pagina 278

8-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO About Supervisor Engine Re du ndancy About Supervisor Engine Red.

Pagina 279

8-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 8 Configuring Superv isor Engine Redunda ncy Using RPR and SSO About Supervisor Engine Red und ancy RPR Operation RPR is supported in Cisco IO S Release 12.2(12c)EW and l ater releases.

Pagina 280

8-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO About Supervisor Engine Re dundancy Synchronizatio n • 802.

Pagina 281

8-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 8 Configuring Superv isor Engine Redunda ncy Using RPR and SSO Supervisor Engine Redun dan cy Guidelines and Restrictions Note Y ou cannot enter CLI co mmands on the redundant su pervisor engine console.

Pagina 282

8-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO Supervisor Engine Redun dancy Guideline s and Restric tions C4K_REDUND ANCY -2-IOS_ VERSION_CHECK_F AIL and ISSU-3-PEER_IMA GE_INCOMP A TIBLE messages to app ear because the peer image is listed as incompatible.

Pagina 283

8-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 8 Configuring Superv isor Engine Redunda ncy Using RPR and SSO Supervisor Engine Redun dan cy Guidelines and Restrictions • In Cisco IOS Release 12.

Pagina 284

8-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO Configuring Supe rvisor Engine Redunda ncy • Conf iguration ch.

Pagina 285

8-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 8 Configuring Superv isor Engine Redunda ncy Using RPR and SSO Configuring Supervisor En gine Red undancy This exampl e shows h.

Pagina 286

8-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO Configuring Supe rvisor Engine Redunda ncy Manual Swact = enabl.

Pagina 287

8-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 8 Configuring Superv isor Engine Redunda ncy Using RPR and SSO Configuring Supervisor En gine Red undancy Y ou exit the virtual console wi th the exit or quit commands.

Pagina 288

8-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO Configuring Supe rvisor Engine Redunda ncy Note Configurati on changes made to the acti ve supervisor engine through SNMP are n ot syn c hron ized to the redundant superviso r engine.

Pagina 289

8-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 8 Configuring Superv isor Engine Redunda ncy Using RPR and SSO Performing a Manual Switchover Performing a Manual Switchover T.

Pagina 290

8-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO Performing a So ftwa re Upgrade The follo wing scenario is not supported: An acti ve supervisor engine running Cisco IOS Release 12.

Pagina 291

8-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 8 Configuring Superv isor Engine Redunda ncy Using RPR and SSO Manipula ting Bootflash on the Redun dan t Supervisor Engine Sw.

Pagina 292

8-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 8 Configuring Supervi sor Engine Redundancy Using RPR and SSO Manipulating Bootflash on the Redundant Supe rvisor Engine Switch# format slaveslot0: or Switch# format slavebootflash: Form at s th e slot0: device on the redundant supervisor engine.

Pagina 293

CH A P T E R 9-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 9 Configuring Cisco NSF with SSO Supervisor Engine Redundancy This chapter describes h ow to confi gure supervisor engin e redundancy using Cisco nonst op forwarding (NSF) with stateful switchover (SSO).

Pagina 294

9-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy About NSF with SSO Supe rvisor Engine Redu ndancy • Routing.

Pagina 295

9-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy About NSF with SSO Supervisor En gine Red undancy T able 9-1 lists t he supervisor engines and Catalyst 4 500 seri es switches that support NSF- awar eness: Starting with Cisco IOS Rel ease 12.

Pagina 296

9-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy About NSF with SSO Supe rvisor Engine Redu ndancy NSF with SS.

Pagina 297

9-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy About NSF with SSO Supervisor En gine Red undancy NSF Operation NSF always runs with SSO and pro v ides redundancy for Layer 3 traf fi c.

Pagina 298

9-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy About NSF with SSO Supe rvisor Engine Redu ndancy help reb uild the routing tables.

Pagina 299

9-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy About NSF with SSO Supervisor En gine Red undancy OSPF Operation.

Pagina 300

9-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy About NSF with SSO Supe rvisor Engine Redu ndancy IETF IS-IS .

Pagina 301

9-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy About NSF with SSO Supervisor En gine Red undancy quickly notif ied of the NSF restart.

Pagina 302

9-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy Configuring NSF with SSO Supervisor Engin e Re dundancy • All OSPF networking de vices on the same network segment must be NSF-aw are (running an NSF software image).

Pagina 303

9-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redund ancy Switch(c.

Pagina 304

9-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy Configuring NSF with SSO Supervisor Engin e Re dundancy Configuring BGP NSF Note Y ou m ust configure BGP graceful restart on all peer devi ces participating in BGP NSF .

Pagina 305

9-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redund ancy Step 3 O.

Pagina 306

9-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy Configuring NSF with SSO Supervisor Engin e Re dundancy nsf network 192.168.20.0 0.0.0.255 area 0 network 192.168.

Pagina 307

9-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redund ancy Verifying IS-IS NSF T o verif y IS-IS NSF , you must check that the NSF function is conf igured on the SSO- e nabled netw orking device.

Pagina 308

9-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy Configuring NSF with SSO Supervisor Engin e Re dundancy Step 3 If the NSF conf i gurat ion is set to ietf , enter the show isis nsf command to v erify that NSF is enabled o n the de vice.

Pagina 309

9-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 9 Configuring Cisco NS F with SSO Supervisor Engine Redundancy Configuring NSF with SSO Supervisor Engine Redund ancy Configur.

Pagina 310

9-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 9 Configurin g Cisco NS F with SSO Supervisor Engine Redu ndancy Configuring NSF with SSO Supervisor Engin e Re dundancy.

Pagina 311

CH A P T E R 10-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 10 Environmental Monitoring and Power Management Note Before reading this chapter , read the “Preparing for In stallation” section of the Catalyst 4500 Series Installati on Guide .

Pagina 312

10-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment About Environmental Monito rin g En vironmental monitoring of chassis components pro vides early warning indications of possible component failure.

Pagina 313

10-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement About Environmental Monitoring Conditions on Supervisor Engi ne 6-E and Supervisor Engine 6L-E Supervisor Engine 6-E, Supervisor Engine 6L-E, and its associated line cards suppor t multiple temperature sensors per c ard.

Pagina 314

10-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment About Environmental Monito rin g In Case 4, the stan dby supervisor eng ine takes ov e r wh en the active engine resets itsel f.

Pagina 315

10-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement About Environmental Monitoring When the system issues a major alarm, it starts a timer whose duration depends on the alarm.

Pagina 316

10-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management Power Management This section describes the po wer management feature in the Catalyst 4500 series swi tches.

Pagina 317

10-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management Supported Power Supplies Y ou can select from sev eral different po wer supplies to ensure that you hav e enough power for the modules installed in your switch.

Pagina 318

10-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management The follo wing example sho ws the output for the show po.

Pagina 319

10-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management Y our swi tch hardware configuratio n dictates wh ich power supply or supplies yo u should use .

Pagina 320

10-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management (for lack of po wer) into reset mode. The supervisor engine and modules for which there is adequate po wer always remain enabled, with no disrup tion of network connecti vity .

Pagina 321

10-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management • Dual supervisor engines: WS-X45-Sup 6-E and WS-X45-Sup.

Pagina 322

10-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management The follo wing example sho ws how to set the po wer man.

Pagina 323

10-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management The follo wing example sho ws how to set the po wer manage.

Pagina 324

10-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management Special Considerations for the 4200 W AC and 6000 W AC Power Supplies The 4200 W A C and 6000 W A C power sup ply has two input s: each can be pow ered at 110 or 220 V .

Pagina 325

10-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management Note When the system is po wered with a 4200 W or 6000 W p.

Pagina 326

10-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management In combined mode, all t he inputs to the chassis must be at the same v oltage. T able 10-10 illu strates how t he 6000 W A C power supply is e valuated in comb ined mode.

Pagina 327

10-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management If you have max input s 3 configured with four “go od”.

Pagina 328

10-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management PS1-2 110V good PS2 PWR-C45-4200ACV AC 4200W good good .

Pagina 329

10-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management The same conf iguration is applied to both po wer slots. For e xample, if you set the dc power input to 1000 W , the switch e xpects 1000 W as the external DC source fo r both slot 1and slot 2 (if present).

Pagina 330

10-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment Power Management The output of the show po wer detail and show power mod.

Pagina 331

10-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement Power Management Switch# show power module sh power module Watts Used of Sy.

Pagina 332

10-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment IEEE 802.3az Energy Efficient Ethernet Note After you enter no hw-mod mod x power command and OIR the linecard, the configuration persists and is v alid for an y slot in the chassi s it is applied to.

Pagina 333

10-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 10 Environmental Monitoring and Power Man agement IEEE 802.3az Energy Efficient Ethernet Determining EEE Capability T o deter.

Pagina 334

10-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 10 Environmental M onitoring a nd Power Manage ment IEEE 802.3az Energy Efficient Ethernet.

Pagina 335

CH A P T E R 11-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 11 Configuring Power over Ethernet Note Before reading this chapter , read the “Preparing for In stallation” section of the Catalyst 4500 Series Installati on Guide .

Pagina 336

11-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet About Power over Etherne t the PoE capabilities of in divid ual power suppl ies.

Pagina 337

11-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 11 Configuring Power over Ethernet Power Management Mode s Power Management Modes If your switch has a module capabl e of providing PoE to end statio ns, you can set each interface on the module to automati cally detect and apply PoE i f the end station requires po wer .

Pagina 338

11-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet Power Management Modes Note If you set a non-PoE-capable interface to automatically detect and apply power , an error message indicates that th e confi guration is not v alid.

Pagina 339

11-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 11 Configuring Power over Ethernet Configuring Power Co ns umption fo r Powered Devices on an Interface Configuring Power Cons.

Pagina 340

11-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet Displaying the Operationa l Status for an Interface Interface AdminPowerMax AdminConsumption (Watts) (Watts) ---------- --------------- -------------------- Gi7/1 15.

Pagina 341

11-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 11 Configuring Power over Ethernet Displaying all PoE Detection and Removal Events Fa3/1 auto on 17.3 15.4 Ieee PD 0 Fa3/2 auto on 4.5 4.0 Ieee PD 1 Fa3/3 auto on 7.1 6.3 Cisco IP Phone 7960 0 Fa3/4 auto on 7.

Pagina 342

11-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet Displaying the PoE Consumed by a Module Displaying the PoE Consumed by a Module A Catalyst 4500 series switch can measure the act ual PoE consumption for an 802.

Pagina 343

11-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 11 Configuring Power over Ethernet Displaying the PoE Co nsumed by a M odule The follo wing example uses the show power detai l and show power inline commands to di splay the PoE consumption for an 80 2.

Pagina 344

11-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet Displaying the PoE Consumed by a Module Switch# show power inline g1/1 Module 1 Inline .

Pagina 345

11-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 11 Configuring Power over Ethernet Displaying the PoE Co nsumed by a M odule switch# show power inline module 2 Chassis Inlin.

Pagina 346

11-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet PoE Policing and Monitoring Gi2/45 auto off 0.0 0.0 n/a n/a Gi2/46 auto off 0.0 0.0 n/a n/a Gi2/47 auto off 0.0 0.0 n/a n/a Gi2/48 auto off 0.

Pagina 347

11-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 11 Configuring Power over Ethernet PoE Policing and M onitoring Configuring Power Policing on an Interface The default polici.

Pagina 348

11-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet PoE Policing and Monitoring Interface Admin Oper Admin Oper Cutoff Oper State State Police Police Power Power --------- ------ ---------- ---------- ---------- ------ ----- Gi2/1 auto errdisable errdisable overdrawn 0.

Pagina 349

11-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 11 Configuring Power over Ethernet Enhanced Power PoE Supp ort on the E-Series Chassis The errdisable autorecov ery mechanism.

Pagina 350

11-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 11 Config uring Power ov er Ethernet Enhanced Power PoE Support on th e E-Series Chassis The default po wer inline conf igur.

Pagina 351

CH A P T E R 12-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant This chapter describes ho w to install Network Assistant on the w orkstation and conf igure the Catalyst 4500 (or 4900) series switch to communi cate with Network Assistant.

Pagina 352

12-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant About Netw ork Assistan t Note For information on.

Pagina 353

12-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Network Assistant-R elated Parameters and Their .

Pagina 354

12-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Your Sw itch for Network Assista nt C.

Pagina 355

12-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Configuring Your Switch for N etwor k Assistant Note If you ha ve enabled clusterin g, disable clustering before conf iguring a community (see Ta b l e 1 2 - 2 ).

Pagina 356

12-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Managing a Networ k Using Community Managing a Ne.

Pagina 357

12-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Managing a Network Using Co mmunity This section descri bes the guidelines and requiremen ts you should understand before yo u create a community .

Pagina 358

12-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Managing a Networ k Using Community Note Do not disable CDP on cand idates, members, or on an y network dev ices that you might w ant Network Assistant to discover .

Pagina 359

12-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Managing a Network Using Co mmunity Access Modes.

Pagina 360

12-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Converting a Cluster into a Community Note If yo.

Pagina 361

12-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Managing a Netwo rk Using Cluster Note If you ha ve enabled clus tering, you should disable clusteri ng before conf iguring a community ( see T able 12-2 ).

Pagina 362

12-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Managing a Network U sing Cluster • Has 16 VTY lines. Note On a Catalyst 4500 series switch, the default is 4 li nes.

Pagina 363

12-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Configuring Network Assistant in Community or C.

Pagina 364

12-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cluster Mo de Step 6 Switch(config-if)# switchport access vlan vlan_id Enables the selected interface to be in the specif ied VLAN.

Pagina 365

12-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Configuring Network Assistant in Community or C.

Pagina 366

12-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cl.

Pagina 367

12-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Configuring Network Assistant in Community or C.

Pagina 368

12-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cl.

Pagina 369

12-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Ci sco Network Ass istant Configuring Network Assistant in Community or C.

Pagina 370

12-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 12 Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant Configuring Network Assistant in Community or Cl.

Pagina 371

CH A P T E R 13-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 13 Configuring VLANs, VTP, and VMPS This chapter describes VLANs on Catalyst 4500 se ri es switches. It a lso describes h ow to enable the VLAN T runking Protocol (VTP) and to conf igure th e Catalyst 4500 series switch as a VMPS client.

Pagina 372

13-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLANs Note VTP version 3 upd ates do not pass through promiscuous tru nk ports.

Pagina 373

13-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLANs • VLAN state (activ e or suspended) • Maximum transmission unit (MTU) for the V.

Pagina 374

13-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLANs T able 13-1 describes the uses f or VLAN ranges. Configurable Normal-R ange VLAN Parameters Note Ethernet VLANs 1 and 1006 through 4094 use onl y default v alues.

Pagina 375

13-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLANs Note Catalyst 4500 series switches do n ot support T oken Ring or FDDI med ia. The switch does not forw ard FDDI, FDDI-NET , T rCRF , or T rBRF traf fic, b ut it does propagate the VLAN co nfigu ration by using VTP .

Pagina 376

13-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLANs Configuring VLANs in Gl obal Configuration Mode If the switch is in VTP serv er or transparent mode (see the “VLA N T runking Protocol” section on page 13-7 ), you can conf igure VLANs in global and VLAN confi guration modes.

Pagina 377

13-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Trunking Protocol • Because Layer 3 ports and some software features require internal VLANs allocated from 1006 and up, conf igure extended- range VLANs starting with 4094 and w ork downward.

Pagina 378

13-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Trunkin g Protocol About VTP VTP is a Layer 2 messaging protocol that maintains VLAN conf iguration consistency by managing the addition, delet i on , and renaming of V LANs within a VTP domain.

Pagina 379

13-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Trunking Protocol Understanding VTP Modes Y ou can configure a Cat alyst 4500 series.

Pagina 380

13-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Trunkin g Protocol Note Catalyst 4500 series switches do not su pport T oken Ring or FDDI med ia.

Pagina 381

13-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Trunking Protocol database information.

Pagina 382

13-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Trunkin g Protocol Figur e 13-3 Flooding T raffic wi th VTP Pr uning Enabling VTP pruning o n a VTP server enable s pruning for the enti re management domain.

Pagina 383

13-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Trunking Protocol • In a T ok en Ring en vironment, you must enable VTP v ersion 2 or v ersion 3 for T oken Ring VLAN switching to functio n properly .

Pagina 384

13-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Trunkin g Protocol Configuring VTP These sections describe ho w to configure VTP: �.

Pagina 385

13-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Trunking Protocol This exampl e show s how to co nfigu re a VTP password in EXEC mode: Switch# vtp password WATER Setting device VLAN database password to WATER.

Pagina 386

13-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Trunkin g Protocol Caution VTP versi on 1 and VTP v ersion 2 are not i nteropera ble on net work de vices in the same VTP domain. Every netw ork de vice in the VTP domai n must use th e same VTP v e rsion.

Pagina 387

13-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Trunking Protocol Note When VTP is disabled, you can enter VLAN conf iguration command s in config urati on mode instead of the VLAN database mode and the VLAN configuratio n is stored in the startup conf iguration f ile.

Pagina 388

13-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Trunkin g Protocol This exampl e show s an example of th e VTP configurati on param.

Pagina 389

13-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Trunking Protocol Starting a Takeover This process applies to VTP v e rsion 3 only .

Pagina 390

13-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Request advertisements transmitted : 3 Number of config re.

Pagina 391

13-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Membership Policy Server About VMPS These subsections describe what a VMPS server d.

Pagina 392

13-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Security Modes fo r VMPS Server VMPS operates in three dif ferent modes.

Pagina 393

13-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Membership Policy Server Fallback VLAN Y ou can configure a f allback VLAN name on a VMPS server .

Pagina 394

13-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Multiple hosts (MA C addresses) can be acti v e on a dy namic po rt if all are in the same VLAN.

Pagina 395

13-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Membership Policy Server T o defi ne the primary and second ary VMPS on a Ca talyst.

Pagina 396

13-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server This example sho ws how to conf igure a dy namic access port and to verify the entry: Switch# configure terminal Enter configuration commands, one per line.

Pagina 397

13-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Membership Policy Server This exampl e show s how to ch ange the reconf irmation interv al to 60 minutes and v erify the change: Switch# configure terminal Enter configuration commands, one per line.

Pagina 398

13-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Administering and Monitoring the VMPS Y ou can display the.

Pagina 399

13-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Membership Policy Server Troubleshooting Dynamic Po rt VLAN Membership VMPS errdisables a dynamic port under the foll owin g conditions: • The VMPS is in secure mode, and it does not al low the host to co nnect to the port.

Pagina 400

13-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server Figur e 13-4 Dynamic P ort VLAN Me mbership Configur ation T wo topologies are possible.

Pagina 401

13-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Membership Policy Server Figur e 13-6 T opolog y with an End Station At tached to a.

Pagina 402

13-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server d. Assign the port dynamic VLAN membersh ip: switch(config-if)# switchport access vlan dynamic e. Return to pri vileged EXEC mode: switch(config-if)# exit switch# Step 3 Connect End Station 2 o n port Fa2 /1.

Pagina 403

13-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 13 Config uring VLANs, VTP, and VMPS VLAN Membership Policy Server !MAC Addresses ! vmps-mac-addrs ! ! address <addr> vlan-name <vlan_name> ! address 0012.2233.4455 vlan-name hardware address 0000.

Pagina 404

13-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 13 Configuring VLANs, VTP, and VMPS VLAN Membership Policy Server.

Pagina 405

CH A P T E R 14-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 14 Configuring IP Unnumbered Interface This chapter discusses the IP Unnum bered In terface feature, whi ch allows you to enable IP p rocessing on an interface with out assigning an e xplicit IP address.

Pagina 406

14-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 14 Configurin g IP Unnumbered Interface About IP Unnumbered Inte rfac e Supp ort IP Unnumbered Interface Support w ith DHCP S.

Pagina 407

14-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 14 Configuring IP Unnumbered Interface IP Unnumbered Configura tion Guide lines and Restrictions Figur e 14-2 F orm at of the Ag ent Remote ID Suboption T able 14-1 describes the agent remote ID su boption fields displaye d in Figure 14-2 .

Pagina 408

14-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 14 Configurin g IP Unnumbered Interface Configuring IP Unnu mb ered Interface Suppor t with DHCP Server • The option to add dhcp host r o utes as connecte d routes is available in Cisco IOS.

Pagina 409

14-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 14 Configuring IP Unnumbered Interface Configuring IP Unnumbered Interfac e Support with Conne cted H ost Polling Configuring .

Pagina 410

14-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 14 Configurin g IP Unnumbered Interface Displaying IP Unnumb ered Interface Settings The follo wing example sho ws how to enable IP proce ssing and connected host po lling on F ast Ethernet interface 6/2.

Pagina 411

14-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 14 Configuring IP Unnumbered Interface Troubleshooting IP Unnumbered In te rface T o display status of an unnumber ed interfac.

Pagina 412

14-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 14 Configurin g IP Unnumbered Interface Related Documents When an IP unnumbered interfac e shares the IP a ddress of a loopback interface whose pref ix is advertised in an OSPF netw ork, you must modify the loop back interface as a po int-to-point interface.

Pagina 413

CH A P T E R 15-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 15 Configuring Layer 2 Ethernet Interfaces This chapter describes how to use the command-lin e interface (CLI) to configure Fast Ethernet and Gigabit Ethernet interf aces for Laye r 2 switching on Catalyst 4500 se ries switches.

Pagina 414

15-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ethernet Interfaces About Layer 2 E thernet Switching Layer 2 Ethernet Switching Catalyst 4500 series switches su pport simultaneous, parallel conn ections between Layer 2 Et hernet segments.

Pagina 415

15-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ether net Interfaces About Layer 2 Ethernet Switching VLAN Trunks A trunk is a point-to-poi nt link between on e or more Et hernet switch interfaces and another netwo rking device such as a router or a switch.

Pagina 416

15-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ethernet Interfaces Default Layer 2 E thernet Interface Configuration Layer 2 Interface Modes T able 15-2 list s the Layer 2 interface modes and describe s ho w they function o n Ethernet interfaces.

Pagina 417

15-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ether net Interfaces La ye r 2 Interface Configuratio n Guidelines an d Restrictions Layer 2 Interface .

Pagina 418

15-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ethernet Interfaces Configuring Ethe rnet Interfaces for Laye r 2 Switching Configuring an Ethernet Interface as a Layer 2 Trunk Note The default for Lay er 2 interfaces is switchport mode dynamic auto .

Pagina 419

15-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ether net Interfaces Configuring Ethernet Interfaces for Laye r 2 Switching This example sho ws ho w to conf igure the Fast Ethern et interface 5/8 as a n 802.

Pagina 420

15-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ethernet Interfaces Configuring Ethe rnet Interfaces for Laye r 2 Switching This exampl e show s how to v erify the trunk configu ration: Switch# show interfaces fastethernet 5/8 trunk Port Mode Encapsulation Status Native vlan Fa5/8 desirable n-802.

Pagina 421

15-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ether net Interfaces Configuring Ethernet Interfaces for Laye r 2 Switching This example sho ws how to conf igure the Fast Ethe rnet interface 5/6 as an access port in VLAN 200: Switch# configure terminal Enter configuration commands, one per line.

Pagina 422

15-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 15 Configuring Layer 2 Ethernet Interfaces Configuring Ethe rnet Interfaces for Laye r 2 Switching This e xample sho ws how to cl ear the Layer 2 co n figuration on the Fast Ethernet interface 5/6: Switch# configure terminal Enter configuration commands, one per line.

Pagina 423

CH A P T E R 17-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 17 Configuring Auto SmartPort Macros This chapter describes ho w to configur e and apply Auto SmartPor t macros on the Catalyst 4500 series switch.

Pagina 424

17-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 17 Configurin g Auto SmartPort Mac ros Configuring Auto SmartPor ts System b uilt-in e vent triggers exist for vario us devi ces based mostly on CDP and LLDP messages ( T able 17-1 ) and some MA C address.

Pagina 425

17-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 17 Configuring Auto SmartPor t Macros Configuring Auto SmartPorts Enabling Auto SmartPorts Note By default, Aut o SmartPort is disab led globally .

Pagina 426

17-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 17 Configurin g Auto SmartPort Mac ros Configuring Auto SmartPor ts T able 17-2 sho ws the Auto SmartPorts built- in macros that are embedded in the switch soft ware. Note By default, the b uilt-in ev ent triggers are mapped to the built-in macro s.

Pagina 427

17-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 17 Configuring Auto SmartPor t Macros Configuring Auto SmartPorts • If the macro conflicts wit h the original conf iguration, some macro commands might not be applied , or some antimacro co mmands might not be applied.

Pagina 428

17-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 17 Configurin g Auto SmartPort Mac ros Configuring Auto SmartPor ts Configuring Auto SmartPorts Built-in Macro Parameters The switch automatically maps from b uilt-in ev en t triggers to bu ilt-in macros.

Pagina 429

17-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 17 Configuring Auto SmartPor t Macros Configuring Auto SmartPorts The no macro auto execute e vent trigger {[ buil t in built-in macr o name [ parameter=valu e ]] | [[ par ameter = value ] { function contents } ]} command deletes th e mapping.

Pagina 430

17-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 17 Configurin g Auto SmartPort Mac ros Configuring Auto SmartPor ts T o conf igure an even t trigger , perform this task: Use the no shell trigger identif ier global conf iguration command to delete the e vent trigger .

Pagina 431

17-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 17 Configuring Auto SmartPor t Macros Configuring Auto SmartPorts Configuring Mapping Between User-Defined Triggers and Built-in Macros Y ou need to map the user -defined trigger to either a b uilt-in macro or user- defined macro.

Pagina 432

17-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 17 Configurin g Auto SmartPort Mac ros Configuring Auto SmartPor ts Inside a user-def ined mac ro, besides parameters specified through macro auto execute trigger parameter -name=value .

Pagina 433

17-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 17 Configuring Auto SmartPor t Macros Configuring Auto SmartPorts This example sho ws how to map a user-def ined even t trigger called Cisco Digital Media Player (DMP) to a user -defined macro .

Pagina 434

17-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 17 Configurin g Auto SmartPort Mac ros Configuring Auto SmartPor ts T able 17-4 lists the supported shell keywords your can app ly in your mac ros and anti macro statem ents. T able 17-5 list s the shell ke ywords that are not suppor ted in macros and antimacros.

Pagina 435

17-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 17 Configuring Auto SmartPor t Macros Displaying Auto SmartPorts Displaying Auto SmartPorts T o display the Auto SmartPorts and static SmartPorts macros, use on e or more of the pri vileged EXEC commands in Ta b l e 1 7 - 6 .

Pagina 436

17-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 17 Configurin g Auto SmartPort Mac ros Displaying Auto SmartPorts function CISCO_AP_AUTO_SMARTPORT () { if [[ $LINKUP -eq YE.

Pagina 437

CH A P T E R 16-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 16 Configuring SmartPort Macros This chapter describes ho w to configu re and apply SmartPort and Stati c SmartPort macros on your switch.

Pagina 438

16-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Configuring SmartPort Macr os Cisco-default Smart Port macr os are embedded in the switch softw a re (see T able 16- 1 ). Y ou can display these macros and the commands they contain b y using the show parser ma cro user EXEC command.

Pagina 439

16-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 16 Configuring SmartPort Macros Configuring SmartPort Macros Passing Parameters Through the Macro Some commands might not be suff iciently generic for all the interf aces; for example, VLAN ID for Layer 2 interfaces and the IP address for Layer 3 inte rface.

Pagina 440

16-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Configuring SmartPort Macr os Default SmartPort Macro Configuration This section illustrates th e de fa ult con f igurations for the four supported macros.

Pagina 441

16-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 16 Configuring SmartPort Macros Configuring SmartPort Macros cisco-phone This is the e xample for the cisco-phone macro: # VoI.

Pagina 442

16-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Configuring SmartPort Macr os # Recommended value for native vlan (NVID) should not be 1 swi.

Pagina 443

16-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 16 Configuring SmartPort Macros Configuring SmartPort Macros • Use the macro global trace macr o-name global configur ation command or th e macro trace macr o-name interface configuration command to apply and debug a macro to find any syntax or configuration errors.

Pagina 444

16-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Configuring SmartPort Macr os Creating SmartPort Macros T o create a SmartPort macro, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global conf iguration mode.

Pagina 445

16-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 16 Configuring SmartPort Macros Configuring SmartPort Macros Applying SmartPort Macros T o apply a SmartPort macro, perform t his task: Command Purpose Step 1 Switch# configure terminal Enters global conf iguration mode.

Pagina 446

16-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Configuring SmartPort Macr os Y ou can delete a global macro-applied conf iguration on a switch onl y by entering th e no v ersion of each command that is in the macro.

Pagina 447

16-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 16 Configuring SmartPort Macros Configuring SmartPort Macros cisco-desktop This exampl e show s how to us e the system-defined macro cisco-desktop to assign a v alue of 35 to the access VLAN of the Fast Ethernet interface 2/9.

Pagina 448

16-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Configuring SmartPort Macr os Macro type : customizable # VoIP enabled interface - Enable d.

Pagina 449

16-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 16 Configuring SmartPort Macros Configuring SmartPort Macros # speed up convergence switchport mode trunk switchport nonegotiate # Configure qos to trust this interface auto qos voip trust # 802.

Pagina 450

16-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Displaying SmartPort Macros Displaying SmartPort Macros T o display the SmartPort macros, use one o r more of the pri vileged EXEC commands in Ta b l e 1 6 - 2 .

Pagina 451

16-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 16 Configuring SmartPort Macros Configuring Static SmartPort Macros Static SmartPort Configuration Guidelines • When a macro is applied globally to a switch or to a swit ch interface, all existing con figur ation on the interface is retained.

Pagina 452

16-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 16 Con figuring SmartPort Macros Configuring Sta tic SmartPort Macros Y ou can only delete a global macro-applied conf iguration on a switch b y enter ing the no version of each command in the macro.

Pagina 453

CH A P T E R 18-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 18 Configuring STP and MST This chapter descri bes how to configure the Spanning Tree Protocol (STP) on a Cata lyst 4500 se ries switch. This chapter also describes ho w to config ure the IEEE 802.

Pagina 454

18-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T About STP A Catalyst 4500 series switch us e STP (the IEEE 802 .1D bridge protocol) on all VLANs. By default, a single spanning t ree runs on each conf igured VLAN (pro vided you do not manually d isable the spanning tree).

Pagina 455

18-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST About STP Extended System ID Extended system IDs are VLAN IDs between 1025 and 4096. Cisco IOS Releases 12.1(1 2c)EW and later releases support a 12-bit e xtended system ID f ield as part of the bridge ID (see Ta b l e 1 8 - 2 ).

Pagina 456

18-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T About STP • The identif ier of the transmitting port • V alues for the hello , forward dela.

Pagina 457

18-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST About STP Creating the STP Topology The goal of the spanning tree algo rithm is to mak e th e most direct link the roo t port.

Pagina 458

18-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T About STP • Disabled—In this state, th e Layer 2 interface does not participate i n spanning tree and does not forward frames.

Pagina 459

18-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Default STP Co nfiguration For enabling informat ion, see “Enabling Per -VLAN Rapid Spanning T ree” on page 20. Default STP Configuration T able 18-4 sho ws the default spannin g tree conf iguration.

Pagina 460

18-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring STP • Disabling Sp anning T ree Protocol, page 18-20 • Enabling Per-VLAN Rapid .

Pagina 461

18-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Configuring STP Designated bridge has priority 32768, address 00e0.

Pagina 462

18-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring STP Configuring the Root Bridge A Catalyst 4000 family switch main tains an instan ce of spanni ng tree for each acti ve VLAN conf ig ured on the switch.

Pagina 463

18-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Configuring STP VLAN1 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, address 0030.94fc.0a00 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32768, address 0001.

Pagina 464

18-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring STP Port 324 (FastEthernet6/4) of VLAN1 is listening Port path cost 19, Port priority 128, Port Identifier 129.68. Designated root has priority 8192, address 0030.

Pagina 465

18-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Configuring STP Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 0003.6b10.e800 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.

Pagina 466

18-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring STP Switch(config-if)# spanning-tree port-priority 100 Switch(config-if)# end Swit.

Pagina 467

18-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Configuring STP Designated root has priority 32768, address 0003.6b10.ebec Designated bridge has priority 32768, address 0003.6b10.ebec Designated port id is 128.

Pagina 468

18-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring STP This e xample sho ws how to ch ange the spannin g tree port cos t of a Fast Et.

Pagina 469

18-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Configuring STP Number of transitions to forwarding state: 1 BPDU: sent 0, received 13513 <...output truncated...> Switch# Note The show spanning-tr ee command displays only information f or ports with an acti ve link (green li ght is on).

Pagina 470

18-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring STP T o conf igure the spanning tr ee hello time of a VLAN, perform this task: Thi.

Pagina 471

18-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Configuring STP This exampl e shows ho w to verify the conf iguration: Switch# show spanning-tree .

Pagina 472

18-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring STP Disabling Spanning Tree Protocol T o disable spanning t ree on a per-VLAN basi.

Pagina 473

18-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Configuring STP Switch# clear spanning-tree detected-protocols The follo wing example sho ws how t.

Pagina 474

18-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T About MST About MST The follo wing sections describe how MST w orks on a Catalyst 4000 fami ly switch: • IEEE 802.1s MST , page 18-22 • IEEE 802.

Pagina 475

18-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST About MST • MST establishes and mai ntains additional spanning trees within each MST region. These spanni ng trees are termed MST instances (MSTIs).

Pagina 476

18-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T About MST RSTP Port Roles In RSTP , the port roles are defined as follo ws: • Root—A forw arding port elected for the spanning tree topolog y .

Pagina 477

18-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST About MST Figur e 18-2 Networ k with Inter connected S ST and M ST Region s T o STP running in t h.

Pagina 478

18-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T About MST MST Instances W e support 65 instances including i nst ance 0. Each spanning tree instance is identified by an instance ID that ranges from 0 to 40 94.

Pagina 479

18-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST About MST T o form an MST region, bridges can be either of the follo wing: • An MST bridge that is the only member of the MST re gion. • An MST bridge interconnected by a LAN.

Pagina 480

18-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T About MST T o pre v ent a misconf iguration, the PortFast operatio n is turned of f if the port receiv es a BPDU. Y ou can display the conf igured and operational status of PortFast b y using the show spanning-tr ee mst interface command.

Pagina 481

18-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST MST Configu ration Restrict ions and Guid elines • Do not locate the roo t for some or all of th.

Pagina 482

18-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring MST This example sho w how to enable MST : Switch# configure terminal Enter configuration commands, one per line.

Pagina 483

18-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Co nfig uring MST Switch(config-mst)# instance 1 vlan 2000-3000 Switch(config-mst)# no instance 1 .

Pagina 484

18-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring MST Switch# show spanning-tree mst ###### MST00 vlans mapped: 11-4094 Bridge address 00d0.

Pagina 485

18-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Co nfig uring MST Switch# show spanning-tree mst 1 interface fastethernet 4/4 FastEthernet4/4 of M.

Pagina 486

18-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring MST The follo wing examples sho w how to display spann ing tree VLAN conf iguratio.

Pagina 487

18-35 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP and MST Co nfig uring MST Switch# show spanning-tree mst interface fastethernet 4/4 FastEthernet4/4 of MST.

Pagina 488

18-36 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 18 Configuring STP an d M S T Configuring MST Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 00d0.00b8.1400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.

Pagina 489

CH A P T E R 19-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 19 Configuring Flex Links and MAC Address-Table Move Update Flex Links pr ovide a f ast and simplifi ed Layer 2 Link redundanc y mechanism. This chapter describes ho w to confi gure Flex Links o n the Catalyst 4500 series switch.

Pagina 490

19-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 19 Configu rin g Flex Links and MAC Address-Table Mo ve Update About Flex Li n ks Flex Links Flex Links are a pair of Layer 2 interfaces (switc h ports or port channels) where one interface is confi gured to act as a backup to the ot her .

Pagina 491

19-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 19 Configuring Flex Links and MAC Ad dress-Table Move U pdate About Flex Links port reactiv ates, it resumes forwarding traff ic in the preferred VLANs. In addit ion to providin g the redundanc y , this Flex Links pair can be used for load balancing.

Pagina 492

19-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 19 Configu rin g Flex Links and MAC Address-Table Mo ve Update MAC Address -Table Move Update MAC Address-Table Move Update In Figure 19-3 , ports 1 and 2 on switch A are con nected to uplink switches B and D through a Fle x Links pair .

Pagina 493

19-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 19 Configuring Flex Links and MAC Ad dress-Table Move U pdate Configuring Flex Links Figure 1 9-3 MAC Addr ess-T ab le Mov e U.

Pagina 494

19-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 19 Configu rin g Flex Links and MAC Address-Table Mo ve Update Configuring Flex Lin ks Configuration Guidelines Follo w these.

Pagina 495

19-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 19 Configuring Flex Links and MAC Ad dress-Table Move U pdate Configuring Flex Links T o disable a Flex Links backup interface, enter the no switchport backup interface interface-id interface configuration command.

Pagina 496

19-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 19 Configu rin g Flex Links and MAC Address-Table Mo ve Update Configuring Flex Lin ks T o remov e a preemption scheme, ente r the no switchport backup interface interface-id preemption mode interface conf iguration command.

Pagina 497

19-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 19 Configuring Flex Links and MAC Ad dress-Table Move U pdate Configuring Flex Links When both interf aces are up, Fast Ethernet port 1/0/8 forward s traf f i c for VLANs 60 and 100 to 120 and Fast Ethern et port 1/0/6 forw ards traff ic for VLANs 1 to 50.

Pagina 498

19-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 19 Configu rin g Flex Links and MAC Address-Table Mo ve Update Configuring MAC Addres s- Table Move Update Configuring MAC A.

Pagina 499

19-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 19 Configuring Flex Links and MAC Ad dress-Table Move U pdate Con figuring MAC Address-Table Move Update T o disable the MA C address-table move updat e feature on the access switch, enter the no mac address-t able move update transmit interface conf iguration command.

Pagina 500

19-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 19 Configu rin g Flex Links and MAC Address-Table Mo ve Update Monitoring Flex Links and the MAC Address-Ta ble Move Update .

Pagina 501

CH A P T E R 20-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 20 Configuring Resilient Ethernet Protocol This chapter descri bes how to use Resilient Ethernet Protocol (REP) on the Ca talyst 4500 series sw itch.

Pagina 502

20-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilie nt Ethern et Protoc ol About REP Figur e 20-1 REP Open Segments The segment sho wn in Figure 20-1 is an open segment; there is no connecti vity between the two edge ports.

Pagina 503

20-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilient Ethern et Protocol About REP Y ou can construct almost any type of network ba sed on REP segments. REP also supports VLAN load balancing, co ntrolled b y the primary edge port b ut occurring at any port in the seg ment.

Pagina 504

20-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilie nt Ethern et Protoc ol About REP Link Integrity REP does not use an end-to-end pollin g mechanism between edge ports to v erify link integrity . It implements local link failure detecti on.

Pagina 505

20-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilient Ethern et Protocol About REP The neighbor of fset number range is –256 to +256; a val ue of 0 is in valid. The primary edge p ort has an of fset number of 1; positiv e numbers above 1 identify do wnstream neighbors of the primary edge port.

Pagina 506

20-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilie nt Ethern et Protoc ol About REP When VLAN load balancing is triggered, t he primar y edge port then sends out a message to alert all interfaces in th e segment about t he preemption.

Pagina 507

20-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilient Ethern et Protocol Configuring REP Configuring REP A segment is a collection of ports connected one to the other in a ch ain and configured with a segment ID.

Pagina 508

20-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilie nt Ethern et Protoc ol Configuring REP • Y ou cannot ru n REP and ST P on the sam e segment or interface. • If you conn ect an STP network to the REP se gment, be sure that the connection is at the se gment edge.

Pagina 509

20-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilient Ethern et Protocol Configuring REP T o conf igure the REP administrati ve VLAN, perform this task: T.

Pagina 510

20-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilie nt Ethern et Protoc ol Configuring REP T o enable and conf igure REP on an interface, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global conf iguration mode.

Pagina 511

20-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilient Ethern et Protocol Configuring REP Step 4 Switch(config-if)# rep segment segment-id [ edge [ no-neighbor ] [ primary ]] [ preferred ] Enables REP on the interface, and identifies a se gment number .

Pagina 512

20-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilie nt Ethern et Protoc ol Configuring REP Enter the no form of each command to retu rn to the defaul t confi gu r at io n. Enter the show r ep topology pri vileged EXEC co mmand to see which port in the se gment is the primary edge port.

Pagina 513

20-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilient Ethern et Protocol Configuring REP This exampl e shows ho w to configu re the same conf iguration w.

Pagina 514

20-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 20 Configuri ng Resilie nt Ethern et Protoc ol Monitoring REP Configuring SNMP Traps for REP T o conf igure the switch to se.

Pagina 515

CH A P T E R 21-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 21 Configuring Optional STP Features This chapter describes the Spannin g T ree Protocol (S TP) features supported on the Catalyst 4500 series switch. It also pro vides guidelines, procedur es, and conf iguration ex amples.

Pagina 516

21-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About Root Guard Note For complete syntax and usage info rmation for the switch commands used in this chapte r, look at the Cisco Catalyst 4500 Series Switc h Command Refer ence and related publications at thi s location: http://www .

Pagina 517

21-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About Loop Guard interface FastEthernet5/8 switchport mode access spanning-tree guard roo.

Pagina 518

21-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About Loop Guard Figur e 21 -1 T riang ular S witch Conf iguratio n with Loop Guar d Figure 21-1 ill ustrates the follo wing configuration: • Switches A and B are distribution switches.

Pagina 519

21-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features En abling Lo op Guard – If a channel is block ed by loo p guard and the channel breaks, spanning tree loses all the state information.

Pagina 520

21-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About EtherChannel Gua rd This exampl e show s how to enable loop guard on port 4/4: Swi.

Pagina 521

21-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About PortFast T o disable the EtherChannel gu ard feature, use the no spanning-tree ether channel guard misconf ig global conf iguration command.

Pagina 522

21-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About BPDU Gu ar d This exa mple sho ws how to enab le PortFas t on Fast Ethernet interf.

Pagina 523

21-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features Enabling BPDU Guard Enabling BPDU Guard T o enable BPDU guard to shut down PortFast-confi.

Pagina 524

21-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features Enabling PortFast BPDU Filtering When you enable PortFast BPDU f iltering globally and .

Pagina 525

21-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About UplinkFast Note For PVST+ information, see Chap ter 18, “Conf iguring STP and MST .

Pagina 526

21-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features Enabling UplinkFast Figure 21-2 sh ows an example of a topolog y with no link fa ilures. Switch A, the root switch , is connected directly t o Switch B ov er link L1 and to Switch C ov er link L2.

Pagina 527

21-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features Enabling UplinkFast Note When you enable UplinkFa st, it affects all VLANs on the swit ch . Y ou cannot configure Upli nkFast on an indi vidual VLAN.

Pagina 528

21-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About BackboneFast About BackboneFast BackboneFast is a complementary tech nology to UplinkF ast.

Pagina 529

21-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features About BackboneFast Next, assume t hat L1 fails. Swit ch A and Switch B, the switches directly co nnecte d to this s egment, instantly kno w that the li nk is do wn.

Pagina 530

21-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features Enabling Backbo neFast Figure 21 -6 Adding a Switch in a Shar ed-M edium T opology Enabling BackboneFast Note For BackboneF ast to work, you must enable it on all sw itch es in the network.

Pagina 531

21-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features Enabling BackboneFast Number of RLQ request PDUs received (all VLANs) : 0 Number of RLQ .

Pagina 532

21-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 21 Configuring Optional STP Features Enabling Backbo neFast Number of RLQ request PDUs received (all VLANs) :0 Number of RLQ.

Pagina 533

CH A P T E R 22-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 22 Configuring EtherChannel and Link State Tracking This chapter describes how to use the command-lin e interface (CLI) to configure EtherChannel on the Catalyst 45 00 series switc h Layer 2 o r Layer 3 int e rfaces.

Pagina 534

22-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking About EtherChannel About EtherChannel EtherChannel b u ndles up to eigh.

Pagina 535

22-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking About EtherChannel Configuring EtherChannels These subsections describe h.

Pagina 536

22-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking About EtherChannel The protocol learn s the capabilities of LAN port groups dynamical ly and informs the other LAN ports.

Pagina 537

22-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking EtherChannel Configuration Guide lines and Restrictions • LA CP admi ni.

Pagina 538

22-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Configuring EtherCh ann el • F or Layer 2 EtherChannels: – Assign all interfaces in the EtherChannel to the same VLAN, or configur e them as trunks.

Pagina 539

22-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Configuring EtherChannel These sections describe Layer 3 EtherChannel con.

Pagina 540

22-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Configuring EtherCh ann el This exampl e show s how to confi gure Fast .

Pagina 541

22-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Configuring EtherChannel Timers: H - Hello timer is running. Q - Quit timer is running. S - Switching timer is running. I - Interface timer is running.

Pagina 542

22-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Configuring EtherCh ann el Number of aggregators: 2 Group Port-channel.

Pagina 543

22-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Configuring EtherChannel interface Port-channel2 switchport access vlan .

Pagina 544

22-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Configuring EtherCh ann el 0 00 Fa5/7 Time since last port bundled: 00.

Pagina 545

22-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Configuring EtherChannel end Switch# This example show s how to v erify .

Pagina 546

22-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Configuring EtherCh ann el This exampl e shows ho w to verify the conf iguration: Switch# show lacp sys-id 23456,0050.3e8d.

Pagina 547

22-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Configuring EtherChannel IPv6: Source XOR Destination IP address Switch#.

Pagina 548

22-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Displaying EtherChann el to a Virtual Switch Syste m Displaying EtherChannel to a Virtual Switch System Catalyst 4500 series switches support enhanced P AgP .

Pagina 549

22-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Displaying Et herChannel to a Virtual Switch System remote switch stores the ne w activ e ID and immedi ately transmits asynchrono us P AgP messages with TL Vs containing the new acti ve ID.

Pagina 550

22-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Understanding Link-State Trac king Displaying EtherChannel Links to VS.

Pagina 551

22-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Understanding Link-State Tracking Figure 22-3 on p age 22-20 sho ws a network configu red with link-state tracking.

Pagina 552

22-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Understanding Link-State Trac king As an example of a connectivity change from link-s tate g roup 1 to link-state group 2 on switch A, see Figure 22-3 on page 22-20 .

Pagina 553

22-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State Tracking Configuring Link -State Tracking Configuring Link-State Tracking These s.

Pagina 554

22-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 22 Configuring Et herChannel and Link State T racking Configuring Link-S tate Tr ack ing This exampl e show s how to create .

Pagina 555

CH A P T E R 23-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 23 Configuring IGMP Snooping and Filtering This chapter describes ho w to configure Internet Group Management Protocol (IGMP) snooping on th e Catalyst 4500 series switch. It provides guidelines, procedures, an d config uration examples.

Pagina 556

23-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering About IGMP Snooping • IGMP Snoopin g Querier , page 23-4 • Explicit Host T racking, page 23-4 Note Quality of service does not apply to IG MP packets.

Pagina 557

23-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering About IGMP Snooping In contrast, IGMPv3 hosts send IG MPv3 membership reports (with the allow group record mode) to join a specif ic multicast group.

Pagina 558

23-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering About IGMP Snooping IGMP Configurable-Leave Timer Immediate-leav e processing cannot be used on VL ANs where multipl e hosts may be connected to a single interface.

Pagina 559

23-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Configuring IGMP Snooping Configuring IGMP Snooping Note When configuring IGMP , configure the VL AN in the VLAN database mode. See Chapter 13, “Configuring VLANs, VTP , and VMPS.

Pagina 560

23-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Configuring IGMP Snooping Enabling IGMP Snooping Globally T o enable IGMP sno.

Pagina 561

23-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Configuring IGMP Snooping This exampl e show s how to enable IGMP snooping on VLAN.

Pagina 562

23-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Configuring IGMP Snooping This exampl e show s how to configu re IP IGMP snoo.

Pagina 563

23-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Configuring IGMP Snooping This exampl e show s how to en able IGMP immediate-lea v.

Pagina 564

23-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Configuring IGMP Snooping Switch# show ip igmp snooping show ip igmp snoopin.

Pagina 565

23-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Configuring IGMP Snooping For an e xample of how to display Sn ooping Querier information , refer to the “Displaying IGMP Snooping Quer ier Information” section on page 23 -19 .

Pagina 566

23-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Configuring IGMP Snooping This exampl e show s how to configu re a host statically in V LAN 200 on interface F ast Ethernet 2/11: Switch# configure terminal Switch(config)# ip igmp snooping vlan 200 static 0100.

Pagina 567

23-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Configuring IGMP Snooping When the spanni ng tree protocol is runnin g in a VLAN, a spanning tree t opology change notif ication (TCN) is issued by the root switch in the VLAN.

Pagina 568

23-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Displaying IGMP Sn ooping Information T o establ ish an I GMP query thresho .

Pagina 569

23-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Displaying IGMP Snooping Information • Displaying MA C Address Multic ast Entri.

Pagina 570

23-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Displaying IGMP Sn ooping Information 40.40.40.2/224.10.10.10 Gi4/1 20.20.20.20 00:23:37 00:06:50 00:20:30 40.40.40.3/224.10.10.

Pagina 571

23-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Displaying IGMP Snooping Information This exampl e show s how to display the host types and ports of a group in VLAN 1: Switch# show ip igmp snooping groups vlan 10 226.

Pagina 572

23-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Displaying IGMP Sn ooping Information T o display multicast router interface.

Pagina 573

23-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Displaying IGMP Snooping Information This exampl e show s how to display IGMP sno.

Pagina 574

23-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Configuring IGMP Filtering Vlan 2: IGMP switch querier status ------------------------------------------------ admin state : Enabled admin version : 2 source IP address : 1.

Pagina 575

23-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Configuring IGMP Filtering Configuring IGMP Profiles T o conf igure an IGMP prof ile and to enter IGMP prof ile configuration mode, use th e ip igmp pro fil e global configuration com mand.

Pagina 576

23-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Configuring IGMP Filtering T o delete a profile, use the no ip ig mp prof ile pr ofile number global conf iguration command.

Pagina 577

23-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 23 Configuri ng IGMP Snooping and Filtering Configuring IGMP Filtering Switch# show running-config interface fastethernet2/12 Building configuration.

Pagina 578

23-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 23 Configu r in g IGMP Snoopin g an d Filtering Displaying IGMP Filte ring Configuration interface FastEthernet2/12 no ip ad.

Pagina 579

CH A P T E R 24-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 24 Configuring IPv6 MLD Snooping Note IPv6 MLD Snooping i s only suppo rted on Cata lyst 49 00M, Cataly st 4948E, Supe rvisor Engine 6-E, and Supervisor Engin e 6L-E.

Pagina 580

24-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 24 Config uring IPv6 M LD Sn ooping About MLD Snooping MLD is a protocol used b y IPv6 multicast routers to disco ver the pr .

Pagina 581

24-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 24 Configuring IPv6 MLD Sn ooping About MLD Snooping MLD Queries The switch sends out MLD queries, const ructs an IPv6 multicast ad dress database, and generates MLD group-specif ic and MLD group-and-source-specif ic queri es in response to MLD Done messages.

Pagina 582

24-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 24 Config uring IPv6 M LD Sn ooping About MLD Snooping MLD Reports The processing of MLDv1 join messages is e ssent ially the same as with IGMPv2. When no IPv6 multicast routers are detected in a VLAN, reports are not processed or forwarded from the switch.

Pagina 583

24-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 24 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping confi guration command.

Pagina 584

24-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 24 Config uring IPv6 M LD Sn ooping Configuring IPv6 MLD Snooping MLD Snooping Configuration Guidelines When config uring MLD.

Pagina 585

24-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 24 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping T o disable MLD snooping on a VLAN inte rface, use the no ipv6 mld snooping vlan vlan-id global confi guration command for t he specifi ed VLAN number .

Pagina 586

24-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 24 Config uring IPv6 M LD Sn ooping Configuring IPv6 MLD Snooping Note Static connections t o multicast routers are supported on ly on switch ports.

Pagina 587

24-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 24 Configuring IPv6 MLD Sn ooping Configuring IPv6 MLD Snooping T o disable MLD Immediate Leave on a VLAN, use the no ipv6 mld snooping vlan vlan-id immediat e-leave global config uration command.

Pagina 588

24-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 24 Config uring IPv6 M LD Sn ooping Configuring IPv6 MLD Snooping This example sho ws how to set the MLD sn ooping glo bal r.

Pagina 589

24-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 24 Configuring IPv6 MLD Sn ooping Displaying MLD Snooping Information Displaying MLD Snooping Information Y ou can display MLD snooping i nformation for dynami cally lear ned and statically conf igured router ports and VLAN interfaces.

Pagina 590

24-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 24 Config uring IPv6 M LD Sn ooping Displayi n g MLD Sn ooping Information.

Pagina 591

CH A P T E R 25-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling V irtual priv ate networks (VPNs) provide e.

Pagina 592

25-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling About 802.

Pagina 593

25-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Configuring 802.

Pagina 594

25-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring 802.1Q Tunn eling Native VLANs When config uring 802.1Q tunneling o n an edge switch, you must use 802.

Pagina 595

25-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Configuring 802.

Pagina 596

25-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring 802.1Q Tunn eling • EtherChannel port grou ps are compatible with tunnel ports as long as the 802.

Pagina 597

25-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g About VLAN Mapping Switch(config-if)# exit Swit.

Pagina 598

25-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling About VLAN Mapping Figure 25-4 La yer 2 VPN D.

Pagina 599

25-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Configuring VLAN Ma pping Mapping Customer VLAN.

Pagina 600

25-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping VLAN Mapping Configuration Guidelines Guidelines include t he follo wing: • T radi tional QinQ uses 802.

Pagina 601

25-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Configuring VLAN Ma pping Configuring VLAN Mapping The follo wing procedures sh o w ho w to config ure each type o f VLAN mapping on trunk port s.

Pagina 602

25-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring VLAN Mapping Switch(config-if)# .

Pagina 603

25-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Abou t Layer 2 Protocol Tunneling Use the no switchport vlan mapping vlan-id dot1q-tunnel ou ter vlan-id comm and to remov e the VLAN mapping conf iguration.

Pagina 604

25-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling About Layer 2 Proto col Tunneling • VTP pro vides consistent VLAN conf iguration thro ughout the customer netw ork, propagating to all switches through the service provider .

Pagina 605

25-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Configuring Layer 2 Protocol Tu nneling Figur .

Pagina 606

25-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling • .

Pagina 607

25-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Configuring Layer 2 Protocol Tu nneling • Be.

Pagina 608

25-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling Configuring La yer 2 Protocol Tunneling Use .

Pagina 609

25-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunnelin g Monitoring a nd Maintaining Tunneling Status Monitoring and Maintaining Tunneling Status T able 25-2 sho ws the comman ds for monitoring and mainta in ing 802.

Pagina 610

25-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 25 Configuring 802.1Q Tu nne ling, VLAN Mapping, and Layer 2 Protocol Tunneling Monitoring and Main ta ining Tunneling Statu.

Pagina 611

CH A P T E R 26-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 26 Configuring CDP This chapter describe s how to configure Cisco Disc overy Protocol (CDP) on the Catalyst 450 0 series switch. It also pro vides guidelines, procedur es, and conf iguration ex amples.

Pagina 612

26-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 26 Configur ing CDP Configuring CDP Each CDP-conf igured de vice sends periodic messages to a multicast address. Each de vice advertises at least one address at which it can receive SNMP messages.

Pagina 613

26-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 26 Configuring CDP Configuring CDP Enabling CDP on an Interface T o enable CDP on an interf ace, use this command: This exampl.

Pagina 614

26-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 26 Configur ing CDP Configuring CDP This exampl e show s how to clear the CDP counter conf iguration on your switch : Switch#.

Pagina 615

CH A P T E R 27-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 27 Configuring LLDP, LLDP-MED, and Location Service This chapter describe s how to configure the Link Layer Discovery Protocol (LLDP), LLDP Media Endpoint Discov ery (LLDP-MED) , and Location Service on the Catalyst 45 00 series switch.

Pagina 616

27-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Service About LLDP, LLDP-MED, and Loca tion Ser vice LLDP supports a set of attrib utes that it uses to discov er neighbor dev ices.

Pagina 617

27-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Ser vic e About LLDP, LLDP-MED, and Location Service • In ventory man agement TL.

Pagina 618

27-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP -ME D, and Location Service • De vice categor.

Pagina 619

27-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Ser vic e Configuring LLDP and LLDP-M ED , and Location Service Configuring LLDP C.

Pagina 620

27-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP -ME D, and Location Service This exampl e shows.

Pagina 621

27-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Ser vic e Configuring LLDP and LLDP-M ED , and Location Service This example sho w.

Pagina 622

27-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP -ME D, and Location Service Configuring LLDP-MED TLVs By default, the sw itch only sends LLDP packets un til it recei ves LLDP-MED packets fr om the end device.

Pagina 623

27-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Ser vic e Configuring LLDP and LLDP-M ED , and Location Service Configuring Networ.

Pagina 624

27-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP -ME D, and Location Service This exampl e show.

Pagina 625

27-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Ser vic e Configuring LLDP and LLDP-M ED , and Location Service This exampl e show s how to enable LLDP po wer negotiation on interf ace Gigabit Ethernet 3 /1: Switch# config t Enter configuration commands, one per line.

Pagina 626

27-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Service Configuring LLDP and LLDP -ME D, and Location Service Use the no form of each command to return to the default settin g.

Pagina 627

27-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Ser vic e Monitoring and Maintaining LLDP, LLDP-MED, and Location Service This e .

Pagina 628

27-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 27 Configuring LLDP, LLDP-MED, and Location Service Monitoring and Maintaining LLDP, LLDP-MED, and Location Service show lldp entry entry-name Displays information ab out a specific neighbor .

Pagina 629

CH A P T E R 28-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 28 Configuring UDLD This chapter describes ho w to configure UniDirecti onal Link Detection (UDLD) Eth er net on a Cataly st switch.

Pagina 630

28-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD About UDLD Starting with Cisco IOS Release 12.2(54)SG, the en hancement Fast UDLD was added, which sup ports timers in the fe w-hundred milliseconds range, whic h enables subsecond unid irectional link detection.

Pagina 631

28-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD About UDLD Figur e 28-2 F ast UDLD T opology Note For F ast UDLD, Catalyst 4900 M, Catalyst 4948E, Catalyst 4948E-F , Superv isor Engine 6-E, and Supervisor 6L-E support up t o 32 ports.

Pagina 632

28-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD Default UDLD Configuration Default UDLD Configuration T able 28-1 sho ws the UDLD default conf iguration.

Pagina 633

28-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD Configuring UDLD on the Switch Enabling UDLD Globally T o enable UDLD in aggressi ve or normal mode and to.

Pagina 634

28-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD Configuring UDLD on the Switch Enabling UDLD on Individual Interfaces T o enable UDLD on indi vidual inte.

Pagina 635

28-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD Configuring UDLD on the Switch Disabling UDLD on Individual Interfaces T o disable UDLD on individual inte.

Pagina 636

28-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD Configuring UDLD on the Switch Configuring a UDLD Probe Message Interval Globally T o conf igure the time.

Pagina 637

28-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD Displaying UDLD Link Status Displaying UDLD Link Status T o verify link status reported b y UDLD, enter th.

Pagina 638

28-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 28 Configuring UDLD Displaying UDLD Link Status T o verify st atus for a particular link as repo rted b y Fast UDLD, enter t.

Pagina 639

CH A P T E R 29-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 29 Configuring Unidirectional Ethernet Note Unidirectional Ethernet is not supported o n Catalyst 4900M, Catalyst 4948 E, Su pervisor En gine 6-E, or Supervisor Engin e 6L-E.

Pagina 640

29-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 29 Configur ing Unidirectional Ethernet Configuring Unidirectional Ethernet Configuring Unidirectional Ethernet Note Y ou must configure Uni directional Ethernet on the non-blocki ng Gigabit Ethernet Port, which automatically disables UDLD on the port.

Pagina 641

29-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 29 Configuring Unidirectional Ethernet Configuring Unidirectional Eth erne t This exampl e shows ho w to verify the conf igura.

Pagina 642

29-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 29 Configur ing Unidirectional Ethernet Configuring Unidirectional Ethernet.

Pagina 643

CH A P T E R 30-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 30 Configuring Layer 3 Interfaces This chapter describes the Layer 3 interfaces on a Cataly st 4500 series switch. It also pr ovides guidelines, proced ures, and configu ration examp les.

Pagina 644

30-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces About Layer 3 In terfaces Note On a Catalyst 4500 Series Switch, a p hysical Layer 3 interf ace has MAC address learni ng enabled.

Pagina 645

30-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces About Layer 3 Interfaces Figure 30-2 Physical La yer 3 Interf aces for the Catalyst 450 0 S.

Pagina 646

30-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces About Layer 3 In terfaces • Output unicast • Output multicast For each count er type, bo th the numb er of pack et s and the total number of b ytes receiv ed or transmit ted are counted.

Pagina 647

30-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuratio n G uidelines Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute i.

Pagina 648

30-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring Logical Layer 3 VLAN Interfac es Configuring Logical Layer 3 VLAN Interfaces No.

Pagina 649

30-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring VLANs as Laye r 3 Interface s 5 minute output rate 0 bits/sec, 0 packets/sec 0 .

Pagina 650

30-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces T o apply SVI Autostate Excl ude, perform this task: This exampl e show s how to apply SVI Autostate Exclude on interface g3/1: Switch# conf terminal Enter configuration commands, one per line.

Pagina 651

30-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring VLANs as Laye r 3 Interface s Configuring IP MTU Sizes Y ou can set the protocol-specific maximu m transmission unit (MTU) size of IPv4 or IPv6 packets that are sent on an interface.

Pagina 652

30-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring VLANs as Layer 3 Interfaces The follo wing example sho ws how to co nf igure IPv6 MTU on an interface: Switch# configure terminal Enter configuration commands, one per line.

Pagina 653

30-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring VLANs as Laye r 3 Interface s This exampl e show s how to enable counters on interf ace VLAN 1: Switch# configure terminal Enter configuration commands, one per line.

Pagina 654

30-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring Physical Layer 3 Interface s Configuring Physical Layer 3 Interfaces Note Before you can conf igure physical Layer 3 interfaces, you must enable IP r outing if IP routing i s disabled, and specify an IP rou ting protocol.

Pagina 655

30-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring EIGRP Stub Routing line vty 0 4 ! end Configuring EIGRP Stub Routing This sect.

Pagina 656

30-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Figure 30-3 EIGRP Stub Switch Configuration For more inform.

Pagina 657

30-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring EIGRP Stub Routing Figure 30-4 Simpl e Hu b-and-Spoke Netw o rk The stub routing feature do es not pre vent routes fro m being advertis ed to the remote router .

Pagina 658

30-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Figure 30-5 Simpl e Dual-Homed Rem ote T opology Figure 30-5 sh ows a si mple dual-homed remote with one remote ro uter and two distrib ution routers.

Pagina 659

30-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring EIGRP Stub Routing network. The use of t he lower band width route that passes using the remote ro uter might cause W AN EIGRP distrib ution routers t o be dropped.

Pagina 660

30-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing Note Multi-access interfaces, such as A TM, Ethernet, Frame Relay , ISDN PRI, and X.

Pagina 661

30-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring EIGRP Stub Routing (sec) (ms) Cnt Num 0 10.

Pagina 662

30-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing default route learned f rom the neighbors is displaced b y .

Pagina 663

30-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 30 Con figuring Layer 3 Interfaces Configuring EIGRP Stub Routing • static • summary This section prov id es config urati on examples for all forms of t he eigrp stub command.

Pagina 664

30-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 30 Configuring Layer 3 Interfaces Configuring EIGRP Stub Routing.

Pagina 665

CH A P T E R 31-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 31 Configuring Cisco Express Forwarding This chapter describes Cisco Express Forwarding (C EF) on the Catalyst 450 0 series switch. It also provides guidelines, procedu res, and ex amples to configure this feature.

Pagina 666

31-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 31 Configurin g Cisco Express Forwardin g About CEF CEF provides th e follo wing features: • Impro ves performance ov er the caching schemes of multilayer switches, which oft e n flush the entire cache when information chan ges in the routing tables.

Pagina 667

31-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 31 Configuring Cisco Express Forwardin g Catalyst 4500 Series Switch Implementation of CEF Adjacency Types That Require Specia.

Pagina 668

31-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 31 Configurin g Cisco Express Forwardin g Catalyst 4500 Series Switch Implementation of CEF Figur e 31 -1 Logical L2/L3 Switch Components The integrated swi tching engine performs inter -VLAN routing on logical Layer 3 interf aces with the ASIC hardware.

Pagina 669

31-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 31 Configuring Cisco Express Forwardin g Catalyst 4500 Series Switch Implementation of CEF Figur e 31 -2 Hardwar e and Softw ar e Switching Components The integr ated switching engine performs i nter-VLAN ro uting in hardware.

Pagina 670

31-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 31 Configurin g Cisco Express Forwardin g CEF Configuration Restrictions Load Balancing The Catalyst 4500 series switch supports load balancing fo r routing packets in the inte grated switching engine hardware.

Pagina 671

31-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 31 Configuring Cisco Express Forwardin g Config uring CE F Configuring Load Balancing for CEF CEF load balancing is based on a.

Pagina 672

31-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 31 Configurin g Cisco Express Forwardin g Monitoring and Maintaining CEF Note The include-ports optio n does not apply to software-switched tr aff ic on the Catalyst 4500 series switches.

Pagina 673

31-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 31 Configuring Cisco Express Forwardin g Monitoring and Maintaining CEF This exampl e shows ho w to display IP unicast statist.

Pagina 674

31-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 31 Configurin g Cisco Express Forwardin g Monitoring and Maintaining CEF.

Pagina 675

CH A P T E R 32-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 32 Configuring Unicast Reverse Path Forwarding Note The feature is only supported o n Catalyst 4900M, Catalyst 49 48E, Supervisor Engine 6-E, and Supervisor Engin e 6L-E . This chapter de scribes the Unic ast Re verse Path F orwarding (Unica st RPF) feature.

Pagina 676

32-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 32 Configurin g Unicast Reve rse Path Fo rwarding About Unicast Reverse Path Forwarding About Unicast Reverse Path Forwarding.

Pagina 677

32-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 32 Configuring Unicast Reverse Path Forward ing About Unicast Reverse Path Forwarding Step 2 Unicast RPF chec ks to see if the p acket has arri ved on th e best return path to the source, w hich it does by doing a re verse lookup in the FIB table.

Pagina 678

32-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 32 Configurin g Unicast Reve rse Path Fo rwarding About Unicast Reverse Path Forwarding 1/1. If there is a matching path, the pack et is forwarded. There is no re verse entry in t he routing table that routes the customer packet b ack to source addres s 209.

Pagina 679

32-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 32 Configuring Unicast Reverse Path Forward ing About Unicast Reverse Path Forwarding Caution Using optional BGP attrib utes such as weight and lo cal preference, you can modify the best path back to the source address.

Pagina 680

32-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 32 Configurin g Unicast Reve rse Path Fo rwarding About Unicast Reverse Path Forwarding A CLs work well for man y single-home.

Pagina 681

32-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 32 Configuring Unicast Reverse Path Forward ing About Unicast Reverse Path Forwarding Unicast RPF works wi th a si ngle def a ult ro ute. No ad diti onal routes o r rou ting pro tocols e xist.

Pagina 682

32-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 32 Configurin g Unicast Reve rse Path Fo rwarding About Unicast Reverse Path Forwarding Figure 32-4 Unicast RPF Bloc king T raffic in an Asymmetr ical Routing Envir onment Unicast RPF with BOOTP and DHCP Unicast RPF will allo w packets with 0.

Pagina 683

32-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 32 Configuring Unicast Reverse Path Forward ing Unicast RPF Configuration Tasks – Ingress filtering applies f ilters to traffi c receiv ed at a network interface fro m e ither int ernal or external netw orks.

Pagina 684

32-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 32 Configurin g Unicast Reve rse Path Fo rwarding Unicast RPF Configuration Tasks T o conf igure Unicast RPF , perform the followi ng task: Verifying Unicast RPF T o verify that Uni cast RPF is o perational, use the sho w cef interface command.

Pagina 685

32-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 32 Configuring Unicast Reverse Path Forward ing Monitoring and Maintaining Unicast RPF Monitoring and Maintaining Unicast RPF.

Pagina 686

32-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 32 Configurin g Unicast Reve rse Path Fo rwarding Unicast RPF Configuration Exam ple: Inbou nd and Outb ound Filters The sho w access-lists command displays the number of matches found for a specific entry in a specif ic access list.

Pagina 687

CH A P T E R 33-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 33 Configuring IP Multicast This chapter describes I P multicast routing on the Cataly st 4500 series switch. It also pr ovides procedures and exampl es to config ure IP multicast routing.

Pagina 688

33-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast About IP Multicast to the destination host b y routers. At each point on th e path between source and destination, a r outer uses a unicast routing table to mak e unicast forwarding decisions, based on the IP destination address in the packet.

Pagina 689

33-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast About IP Multicast Figure 33-1 IP Mu lt icast Routing Protocols Internet Group Management Protocol.

Pagina 690

33-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast About IP Multicast PIM Sparse Mode PIM Sparse Mode (PIM-SM) uses a pull model to deli ver multicast tra f fic. Only netw orks with acti ve recei vers that ha ve explicitly r equested the data are forwa rded the traf fic.

Pagina 691

33-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast About IP Multicast IP Multicast Implementation on the Catalyst 4500 Series Switch The Catalyst 4500 series switch supports an ASIC-b ased integ r ated switching engine that provides Ethernet brid ging at Layer 2 and IP routing a t Layer 3.

Pagina 692

33-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast About IP Multicast upper -layer routing table, only one route needs to be changed in the hardw a re ro uting state.

Pagina 693

33-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast About IP Multicast The route (*,224.1.2.3) i s loaded in the hardw are FIB table and the list of output interf aces is loaded into the MET .

Pagina 694

33-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast About IP Multicast Figure 33-4 IP Mu lt icast T a bles and Protocols The integrated swi tching engine maintains the hardw are FIB table to identify indi vidual IP multicast routes.

Pagina 695

33-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast About IP Multicast Hardware and Software Forwarding The integrated swi tching engine forwards the majority of packets in hardware at very high rates of speed.

Pagina 696

33-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast About IP Multicast The follo wing conditions cause some rep licas of a packet for a route to be.

Pagina 697

33-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast About IP Multicast Figur e 33-6 Redundant Mult icast Router Configuration in a Stub Networ k In this kind of to pology , only Router A, the PIM designated router (PIM DR), forw ards data to the common VLAN.

Pagina 698

33-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast About IP Multicast Multicast Forwarding Information Base The Multicast Fo rwarding Informatio n Base (MFIB) subsystem supports I P multicast routing in the integrated switch ing engi ne hard ware on th e Cataly st 4500 series switch.

Pagina 699

33-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Configuring IP Multicast Routing S/M, 224/4 An (S/M, 224/4) entr y is created in the MFIB for e very multicast-enabled interface.

Pagina 700

33-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Configuring IP Multicast Routing Note Source-specific multicast and IGMP v3 are supported. For more i nformation about source-specif ic multi cast with IGM Pv3 and IGMP , see the follo wing URL: http://www .

Pagina 701

33-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Configuring IP Multicast Routing encapsulated and sent tow ard the RP .

Pagina 702

33-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Configuring IP Multicast Routing When an interface is treat ed in sparse mode, it is popul ated.

Pagina 703

33-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Configuring IP Multicast Routing For an e xample of how to conf igure bidir-PIM, see the “Bidirectio nal PIM Mode Example” section on page 33-29 .

Pagina 704

33-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Configuring IP Multicast Routing Step 5 Switch(config-if)# ip pim [ sparse-mode | sparse-dense-mode ] Enables PIM sparse or sparse-dense mode on an interface.

Pagina 705

33-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Configuring IP Multicast Routing Step 10 Switch(config)# ip pim send-rp-discovery [ interface-type interface-number ] scope ttl-value [ interval seconds ] Conf igures the router to be an RP mapping ag ent.

Pagina 706

33-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Configuring IP Multicast Routing This example illustr ates how to configure Auto-RP: Switch>.

Pagina 707

33-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Configuring IP Multicast Routing T o conf igure a single static RP , perform this task: Command or Action Purpose Step 1 Switch> enable Enables privile ged EXEC mode.

Pagina 708

33-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Configuring IP Multicast Routing This exampl e show s how to configu re a single-static RP: Swi.

Pagina 709

33-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Monitoring and Maintainin g IP Multicast Routing The follo wing example sho ws ho w to enable ECM.

Pagina 710

33-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Monitoring and Maintain ing IP Multicast Routing Switch# show ip mroute cbone-audio IP Multicas.

Pagina 711

33-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Monitoring and Maintainin g IP Multicast Routing (130.207.8.33/32, 224.2.127.254), 00:00:25/00:02:32, flags: CLJT (131.243.2.62/32, 224.2.127.254), 00:00:51/00:02:03, flags: CLJT (140.

Pagina 712

33-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Monitoring and Maintain ing IP Multicast Routing Source: 128.195.7.62/32, 527/0/118/0 Source: 128.223.32.25/32, 554/0/105/0 Source: 128.223.32.151/32, 551/1/125/0 Source: 128.

Pagina 713

33-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Monitoring and Maintainin g IP Multicast Routing (10.34.2.92, 239.192.128.80), flags () Packets: 24579/100/0, 2113788/15000/0 bytes Vlan7 (F NS) Vlan100 (A) (*, 239.

Pagina 714

33-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Configuration Examples Switch# show ip pim interface count States: FS - Fast Switched, H - Hardware Switched Address Interface FS Mpackets In/Out 192.

Pagina 715

33-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Multicast Configuration Example s ip multicast-routing ip pim rp-address 10.8.0.20 1 interface ethernet 1 ip pim sparse-mode Bidirectional PIM Mode Example By default, a bidirectio nal RP advertises all groups as bidirectional.

Pagina 716

33-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 33 Configuring IP Mu lticast Configuration Examples Sparse Mode with Auto-RP: Example The follo wing example conf igures spa.

Pagina 717

CH A P T E R 34-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 34 Configuring ANCP Client This chapter describes Access-Netw ork Control Protocol (ANCP) Cli ent on Catalyst 4500 series switches.

Pagina 718

34-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 34 Configuring ANCP Client Enabling and Configuring ANCP Client Note IGMP snooping must be enabled o n an ANCP client (Cataly.

Pagina 719

34-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 34 Configuring ANCP Clie nt Enabling and Configuring ANCP Client Step 3 (Optional) Enable the ANCP multicast client to identif.

Pagina 720

34-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 34 Configuring ANCP Client Enabling and Configuring ANCP Client Example 2 ANCP_Client# show ancp multicast interface Fa2/3 vlan 19 ANCP Multicast Streams Interface FastEthernet2/3 VLAN 19: client ID 0x0106000700130203 Group Source Joined on 239.

Pagina 721

34-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 34 Configuring ANCP Clie nt ANCP Guidelin es and Restrictio ns ANCP Guidelines and Restrictions When using (or conf iguring) ANCP , consider these guidelines and restrictions: • Entering a shut co mmand on a port remo v es ANCP acti vated mult icast streams from the por t.

Pagina 722

34-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 34 Configuring ANCP Client ANCP Guidelines and Restrict io ns.

Pagina 723

CH A P T E R 35-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 35 Configuring Policy-Based Routing This chapter describes the tasks fo r configu ring polic y-based routing (PBR) on a C.

Pagina 724

35-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 35 Confi guring Polic y-Based Routing About Policy-Based Ro uting Y ou c an set up PBR as a way t o route packets bas ed on configured polici es.

Pagina 725

35-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 35 Configuring Policy-Based Routing About Policy-Based Routing route-map rm-test permit 23 match ip address 101 2102 set interface vlan23 ! route-map rm-test deny 24 match ip address 104 set ip next-hop 24.

Pagina 726

35-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 35 Confi guring Polic y-Based Routing About Policy-Based Ro uting PBR Route-Map Processing Logic Example Consider a route-map called rm-test defined as follo ws: access-list 101 permit tcp host 61.

Pagina 727

35-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 35 Configuring Policy-Based Routing About Policy-Based Routing • TCP packet from 6 1.1.1.1 to 133.3.3.1 with desti nation port 105 – Processing mov es from sequence #21 to #24, b ecause all ACLs in these sequence numbers ha ve a deny action for po rt 105.

Pagina 728

35-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 35 Confi guring Polic y-Based Routing Policy-Based Routing Configuration Tasks • Routing based on dedi cated links Some app.

Pagina 729

35-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 35 Configuring Policy-Based Routing Policy-Bas ed Routing Co nfiguratio n Tasks Step 4 Swit ch(config-route-map)# set interface interface-type interface-number [... type number ] Or Specif ies the output interf ace from which the pack et will be sent.

Pagina 730

35-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 35 Confi guring Polic y-Based Routing Policy-Based Routing Co nfiguration Examples Use the set commands with each other . These commands are ev aluated in the order shown in Step 3 in the pre vious task table.

Pagina 731

35-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 35 Configuring Policy-Based Routing Policy-Based Routing Configuration E xamp les Switch (config)# access-list 1 permit ip 1.

Pagina 732

35-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 35 Confi guring Polic y-Based Routing Policy-Based Routing Co nfiguration Examples route-map Texas permit 10 match ip address 1 set ip next-hop 3.3.3.3 ! route-map Texas permit 20 match ip address 2 set ip next-hop 3.

Pagina 733

CH A P T E R 36-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 36 Configuring VRF-lite V irtual Priv ate Networks (VPNs) provide a secure way for customers to share bandwidth ov er an ISP backbone network . A VPN is a collection of sit es sharing a common rout ing table.

Pagina 734

36-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite About VRF-lite • VRF-lite Conf iguration Guidelines, page 36-4 • Conf iguring VRFs, page 36-5 •.

Pagina 735

36-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Default VRF-lite Configuration Figur e 36-1 Ca t al yst 4500 Ser ies Switc h es Acting as Multipl e Virtual CEs Figure 36-1 ill ustrates the packet-f orwarding proc ess in a VRF-lite CE-enabled network.

Pagina 736

36-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite VRF-lite Configuration Guidelines VRF-lite Configuration Guidelines Consider these points when conf iguring VRF in your netw ork: • A switch with VRF-l ite is shared b y multiple customers, an d all customers ha ve thei r own r outing tables.

Pagina 737

36-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring VRFs • Multicast VRF is suppor ted on Supervisor Engine 6- E, Supervisor 6L-E, Catalyst 4900M, and Catalyst 49 48E.

Pagina 738

36-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring VRF-Aw ar e Se rvices Configuring VRF-Aware Services IP services can be conf igured on gl obal interfaces and withi n the global routing instance.

Pagina 739

36-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring VRF-Aware Services Configuring the User Interface for SNMP T o configure VRF-a ware services for SNMP , perform this task: Configuring the User Interface for uRPF Y ou can configure uRPF on an interface assigned to a VRF .

Pagina 740

36-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring VRF-Aw ar e Se rvices Configuring the User Interface for Syslog T o configure VRF-a ware .

Pagina 741

36-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring Per-VRF for TACACS+ Servers T o specify the IP address of an interface as th e source address for TFTP connec tions, use the ip tftp source-interface sho w mode command.

Pagina 742

36-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring Per-VRF for TACACS+ Servers . The follo wing example lists all the st eps to configure p.

Pagina 743

36-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring Multicast VRFs Configuring Multicast VRFs T o conf igure multicast within a VRF table, pe.

Pagina 744

36-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Configuring a VPN Routing Session Configuring a VPN Routing Session Routing within the VPN can be conf i gured with an y supported rou ting pr otocol (RIP , OSPF , or BGP) or with static routing.

Pagina 745

36-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite VRF-lite Configuration Example Use the no router bgp autonomous-syste m-number global conf iguration command to delete the BGP routing process. Use the command with keyw or ds to delete routing characteristics.

Pagina 746

36-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite VRF-lite Configuration Example Configuring Switch S8 On switch S8, enable rou ting and conf igure VRF . Switch# configure terminal Enter configuration commands, one per line.

Pagina 747

36-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite VRF-lite Configuration Example Switch(config)# interface Vlan20 Switch(config-if)# ip vrf forwarding v12 Switch(config-if)# ip address 83.0.0.8 255.255.

Pagina 748

36-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite VRF-lite Configuration Example Configuring Switch S11 Config ure S11 to connect to CE: Switch# configure terminal Enter configuration commands, one per line.

Pagina 749

36-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Displaying VRF-lite Stat us Router(config)# router bgp 100 Router(config-router)# address-family ipv4 vrf v2 Router(config-router-af)# neighbor 83.0.0.8 remote-as 800 Router(config-router-af)# neighbor 83.

Pagina 750

36-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 36 Configuring VRF-lite Displaying VRF-lite Status Note For more informati on about the information in the displays, refer to the Cisco IOS Switching Servic es Command Refer ence at: http://www .

Pagina 751

CH A P T E R 37-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 37 Configuring Quality of Service Note QoS functionality on Supervisor Eng ine 6-E, Superv isor Engine 6L-E, Catalyst 4 900M, and Catalyst 4948E are equivalent.

Pagina 752

37-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Note For complete syntax and usag e infor mation for the swi tch command s used in thi s chapter , see the Cisco Catalyst 4500 Series Switc h Command Refer ence and related p ublicat ions at t his locat ion: http://www .

Pagina 753

37-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service About QoS – Layer 2 Inter -Switch Link (ISL) frame headers ha ve a 1-byte User field that carries an IEEE 802.1p class of service (CoS) value in the three least-signif icant bits.

Pagina 754

37-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Switches and routers along th e path can use the class information to limi t the amount of resources allocated per traf fic class.

Pagina 755

37-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service About QoS • Classifi cation is the se lection o f traffi c to be m arked.

Pagina 756

37-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Basic QoS Model Figure 37-2 sh ows the b asic QoS model (also referred to as Switch QoS mo del; it is not MQC compliant).

Pagina 757

37-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service About QoS For non- IP traff ic, you hav e the follo wing classif ication options: • Use the port def ault. If the packet is a non-IP packet, assign the def ault port DSCP va lue to the incoming packet.

Pagina 758

37-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Figur e 37 -3 Classification Flowc hart Ye s Ye s Ye s No No No No No No No No No Ye s Ye s Ye s Ye s Ye s Ye s Read interface configuration for classification.

Pagina 759

37-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service About QoS Classification Based on QoS ACLs A packet can be classified for Qo S using mu lti.

Pagina 760

37-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Y ou create a cla ss map by us ing the class-map global conf iguration command. When you enter the class-map command, the switch enters the class map confi guration mode.

Pagina 761

37-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service About QoS When config uring policing and po li cers, observ e these gui delines: • On Su.

Pagina 762

37-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Figur e 37 -4 P olicing and Mar king Flowc hart Star t Use QoS policy on the V.

Pagina 763

37-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service About QoS Internal DSCP Values The follo wing sections describe the internal DSCP values: .

Pagina 764

37-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Mapping Tables During QoS proc essing, the switch repr esents the priority of .

Pagina 765

37-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service About QoS The follo wing table provides the def a ult DSCP-to-transmit qu eue mapping: For e xample, if you are sending two streams, one wi th a DSCP of 16 and other w ith a valu e of 0, they will transmit from dif ferent queues.

Pagina 766

37-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e About QoS Traffic Shaping T raff ic shaping prov ides the ability to control th e rate of outgoing traf fic in ord er to make sure that the traff ic conforms to the maxim um rate of transmissi on contracted for it .

Pagina 767

37-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 768

37-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 769

37-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 770

37-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 771

37-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 772

37-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and 4948-10GE Note On a gi ven port, the Cisco IP phone disco very information is not maintained on th e standby supervi sor engine.

Pagina 773

37-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 774

37-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 775

37-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 776

37-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 777

37-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 778

37-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 779

37-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 780

37-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 781

37-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 782

37-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 783

37-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 784

37-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 785

37-35 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 786

37-36 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 787

37-37 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 788

37-38 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 789

37-39 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4948-10GE Example 3 Assume there are two activ e flows on the F ast Et hernet interface 6/1 wi th source addresses 192.

Pagina 790

37-40 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 791

37-41 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 792

37-42 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 793

37-43 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 794

37-44 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 795

37-45 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 796

37-46 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 797

37-47 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 798

37-48 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and 4948-10GE Configuring the Trust State of Interfaces This command configures the trust state of interf aces.

Pagina 799

37-49 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 800

37-50 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 801

37-51 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 802

37-52 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 803

37-53 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4.

Pagina 804

37-54 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Engines II- Plus , II+10GE, IV, V, V-10GE, 4924, 4948, and.

Pagina 805

37-55 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Supervisor Engi nes II-Plus, II+10GE, IV, V, V-1 0GE, 4924, 4948, and 4948-10GE T o return to the default map, u se the no qos dscp policed global confi guration command.

Pagina 806

37-56 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring Auto-QoS on Supervisor Engines II- Pl us, II+10GE, IV, V, V-10GE, 4924, 4948.

Pagina 807

37-57 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring Auto-QoS on Supervisor Engines II-Plus, II+10GE, IV, V, V-10GE, 4924, 4948, and 4948-10GE When you enable auto-QoS, it automa tically classifies traf fic based on ingress packet label.

Pagina 808

37-58 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring Auto-QoS on Supervisor Engines II- Pl us, II+10GE, IV, V, V-10GE, 4924, 4948.

Pagina 809

37-59 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring Auto-QoS on Supervisor Engines II-Plus, II+10GE, IV, V, V-10GE, 4924, 4948, an.

Pagina 810

37-60 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring Auto-QoS on Supervisor Engines II- Pl us, II+10GE, IV, V, V-10GE, 4924, 4948.

Pagina 811

37-61 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring Auto-QoS on Supervisor Engines II-Plus, II+10GE, IV, V, V-10GE, 4924, 4948, an.

Pagina 812

37-62 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring Auto-QoS on Supervisor Engines II- Pl us, II+10GE, IV, V, V-10GE, 4924, 4948.

Pagina 813

37-63 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 814

37-64 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and Cataly st 4948E by def ault. Only when t he trusted boundary feature is enabled on an interface can the port enter untrusted mode.

Pagina 815

37-65 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 816

37-66 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 817

37-67 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 818

37-68 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 819

37-69 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 820

37-70 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 821

37-71 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd Catalyst 4948E For info rmation on conf iguring a polic y map, see th e “Creating a Polic y Map” section on page 37-31.

Pagina 822

37-72 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and Cataly st 4948E Traffic Marking Procedure Flowchart Figure 37-8 illustrat es the order of the pr ocedures for configuring traf fic marking.

Pagina 823

37-73 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 824

37-74 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 825

37-75 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 826

37-76 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and Cataly st 4948E Dynamic resizing of queues (q ueue limit class- map action) is supp orted using the use of the queue-limit command.

Pagina 827

37-77 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd Catalyst 4948E T o delete an existing p olicy map, use the no policy-map policy-map-name global conf iguration command.

Pagina 828

37-78 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 829

37-79 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd Catalyst 4948E T o delete an existing p olicy map, use the no policy-map policy-map-name global conf iguration command.

Pagina 830

37-80 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 831

37-81 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 832

37-82 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and Cataly st 4948E Queue-limiting When a class-based queue is instanti ated on a physical port, it is se t up with a default size.

Pagina 833

37-83 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 834

37-84 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and Cataly st 4948E This exampl e show s how to configu re a class-based queue with an explicit queue-limi t command.

Pagina 835

37-85 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd Catalyst 4948E T o delete an existing p olicy map, use the no policy-map policy-map-name global conf iguration command.

Pagina 836

37-86 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 837

37-87 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd Catalyst 4948E Classification criteria for the poli c y map on the physical member ports cannot be based on a combination of fi elds.

Pagina 838

37-88 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring QoS on Supervisor Eng ine 6- E, Supervisor Engine 6L-E, Catalyst 4900M, and .

Pagina 839

37-89 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configuring QoS on Super visor Engine 6-E, Su pervisor Engine 6L-E, Ca talyst 4900M, a nd .

Pagina 840

37-90 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring Auto-QoS on Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4900M, a.

Pagina 841

37-91 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Service Configu rin g Auto-QoS on Super visor Engine 6-E, Supervi sor E ngine 6L-E, Catalyst 4900M.

Pagina 842

37-92 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 37 Config uring Quality of Servic e Configuring Auto-QoS on Supervisor Engine 6-E, Supervisor Engine 6L-E, Catalyst 4900M, and Catalyst 4948E It establishes a trusted boundar y that recognizes Cisc o IP phones and trusts the CoS setting of the packets from the phone.

Pagina 843

CH A P T E R 38-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 38 Configuring Voice Interfaces This chapter descri bes how to configure voice in terfaces for the Catalyst 4500 series switches.

Pagina 844

38-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 38 Configuring Voice Interfaces About Voice Interfaces The Cisco 7960 IP Phone contai ns an integrated three-port 10/100 switch .

Pagina 845

38-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 38 Con figuring Voice Interfaces Configur ing a Port to Conn ect to a Cisco 7960 IP Phone Configuring a Port to Conne ct to a .

Pagina 846

38-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 38 Configuring Voice Interfaces Configuring Voice Ports fo r Voice and Data Traffic In the follo w ing example, VLAN 1 car ries data tra ff ic, and VL AN 2 carries voice traf fic.

Pagina 847

38-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 38 Con figuring Voice Interfaces Overriding the CoS Prior ity of Incomin g Frames Overriding the CoS Priority of Incoming Frames A PC or another data de vice can connect to a Cisc o 7960 IP Phone port.

Pagina 848

38-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 38 Configuring Voice Interfaces Configuring Power.

Pagina 849

CH A P T E R 39-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 39 Configuring Private VLANs This chapter de scribes ho w to implement pri vate VLANs (PV LANs) on Catalyst 4500 series switches. It also pro vides restrictions, proc edures, and conf iguration e xamples.

Pagina 850

39-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs Purpose of a PVLAN Using PVLA Ns provides scalab ilit y and IP address management benefits fo r service providers and Layer 2 security for customers.

Pagina 851

39-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs In a switched e n vironment, yo u can assign an i ndivi dual PVLAN and associated IP subnet to each indi vidual or common group of end stations.

Pagina 852

39-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs Isolated Port An isolated port is a ho st port that belongs to an isolated secondary VLAN. It has complete Layer 2 separatio n from other ports within the same PVLAN, ex cept for the promiscuous ports.

Pagina 853

39-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs PVLANs across Multiple Switches This section discusses the fo llowi ng topics.

Pagina 854

39-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs Because VTP does not support PVLANs, you must manually configu re PVLANs on all switches in the Layer 2 network.

Pagina 855

39-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs T raff ic in the upstream direction is sent b y host1 to the non-PVLAN switch , arri ving in VLAN 11 . The packets are then transmitted to the switch tagg ed with that VLA N’ s tag (VLAN 11) over the trunk port.

Pagina 856

39-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs PVLAN Modes Over Gigabit Etherchannel Beginni ng with Cisco IOS Release 15.0(2)SG you can configu re PVLAN modes ov er Etherchannel.

Pagina 857

39-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs About Private VLANs • A packet r eceiv ed on a PVLAN trunk port belongs to the secon dary VLAN if the packet i s tagged with a secondary VLAN or if the pa cket is untagge d and the nati ve V LAN on the port i s a secondary VLAN.

Pagina 858

39-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs PVLAN Commands PVLANs and SVIs In a Layer 3 switch, a switch virtua l interface (SVI) represents the Layer 3 interface of a VLAN. Layer 3 devices communicate wi th a PVLAN only us ing the prim ary VLAN and not through second ary VLANs.

Pagina 859

39-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Configuring PVLANs These sections describe ho w to configure PVLANs: • Basi.

Pagina 860

39-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs • Conf iguring a Layer 2 Interf ace as an Isolated PVLAN T runk Port, page.

Pagina 861

39-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs • Do not include VLAN 1 or VLANs 10 02 through 10 05 in PVLANs. • Use only PVLAN commands to assign ports to primary , isolated, community VLANs, or two way-community VLANs.

Pagina 862

39-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs • W ith port A CLS functionality av ailable, you can apply Cisco IOS A CLS to secondary VLAN ports and Cisco IOS A CLS to PVLANS (V A CLs).

Pagina 863

39-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Configuring a VLAN as a PVLAN T o configure a VLAN as a PVLAN, perform this t.

Pagina 864

39-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs This exampl e sho ws how to conf igure VLAN 550 as a tw ow ay-community VLAN.

Pagina 865

39-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Switch# configure terminal Switch(config)# vlan 202 Switch(config-vlan)# priv.

Pagina 866

39-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs • Use the remove keyw ord with a secondary_vlan_list to clear the mapping between se condary VLANs and the PVLAN promis cuous port.

Pagina 867

39-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs This example sho ws how to conf igure inte rface FastEt hernet 5/1 as a PVLAN.

Pagina 868

39-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs This example sho ws how to conf igure inte rface FastEt hernet 5/2 as a seco.

Pagina 869

39-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: en.

Pagina 870

39-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs The [ no ] switchport priv ate-vlan mapping comman d provides the f ollowing three levels of removal: • Remov e one or more secondary VLANs from the list.

Pagina 871

39-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Capture Mode Disabled Capture VLANs Allowed: ALL Unknown unicast blocked: dis.

Pagina 872

39-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs vlan202 309 community vlan202 440 isolated Switch# Configuring PVLAN over Et.

Pagina 873

39-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Note The maximum number of unique PVLAN pairs supported b y the switchport private-vlan mapping command is 1000.

Pagina 874

39-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Configuring a Layer 2 EtherCh annel as a PVLAN Host Port T o conf igure a La.

Pagina 875

39-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Configuring a Layer 2 EtherChannel as an Isol ated PVLAN Trunk Port T o conf .

Pagina 876

39-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs This example shows ho w to configure interface port chan nel 63 as a seconda.

Pagina 877

39-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Note The maximum number of unique PVLAN pairs supported by th e switchpo rt pri vate-vlan mapping tru nk command is 500.

Pagina 878

39-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 39 Configuring Private VLANs Configuring PVLANs Switch(config-if)# switchport private-vlan trunk native vlan 10 Switch(confi.

Pagina 879

CH A P T E R 40-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 40 Configuring 802.1X Port-Based Authentication This chapter describe s how to configure IEEE 802.1X po rt-based authent ication on the Catalyst 450 0 series switch to pre vent unauthorized client de vices from gaining access t o the network.

Pagina 880

40-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Until a client is authen ticated, only Extensible Authenti cation Protocol o ver LAN (EAPOL) traf fic is allowed using the port to which the client is connected.

Pagina 881

40-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Figure 40-1 802.1X Device Roles • Client—The wor kstation that requests access to th e LAN, and responds to requests from the switch.

Pagina 882

40-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Authentication Initiation and Message Exchange The switch or the client can in itiate authentication.

Pagina 883

40-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Ports in Authorized and Unauthorized States The switch port state determines wh ether the client is granted access to the network.

Pagina 884

40-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Figur e 40-3 A uthentication Flo wch art 802.

Pagina 885

40-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication • Pre-authentication Open Access, page 40-8 Single-Host Mode Y ou can configur e an 802.

Pagina 886

40-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Figur e 40-5 Multidomain A uth entication Mode Example Figure 40-5 sho ws a typical M D A application w ith a singl e host behin d an IP phone co nnected to t he 802.

Pagina 887

40-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication In single-host mode, a security violation is trig gered when more than one device are detected on the data vlan.

Pagina 888

40-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Using 802.1X with VLAN Assignment Y ou can use the VLAN assignment to limit network a ccess for certain users.

Pagina 889

40-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication • Enable AAA authoriz ation by usin g the network ke yword to allo w interf ace conf iguration from the RADIUS server .

Pagina 890

40-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Usage Guidelines for Using 802.1X Authen tication with Guest VLANs on Windows-XP Hosts When using 802.

Pagina 891

40-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Feature Interaction This section lists feature interactions and restrictio ns when MAB is enabled.

Pagina 892

40-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication • When both MAB and gues t VLAN are co nfigu red and no EAPOL pa ckets ar e recei ve d on a port, t he 802.

Pagina 893

40-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Note Inaccessible Authentication Bypa ss allows a v o ice client to a ccess configured voice VLAN when RADIUS becomes unav ailable.

Pagina 894

40-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication For detai ls on ho w to config ure 802.1X with Unidirectional Con trolled Port, see the “Conf iguring 802.

Pagina 895

40-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Deployment Example In a lar ge campus LAN design, you might want to design the VLAN infrastructure wit hout large Layer 2 domain.

Pagina 896

40-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Y ou can set the maximum number of aut hentication a ttempt s that the authent icator sends before mo ving a port into the authentication-fai led VLAN.

Pagina 897

40-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication • Internal VLANs that are used for Layer 3 ports cannot be conf igured as authentication-fail ed VLANs.

Pagina 898

40-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication • Whene v er port security ag es out a 802.1X client’ s MA C address, 802.1X attempts to reau thenticate the client.

Pagina 899

40-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication – url-redirect = <HTTP or HTTPS U.

Pagina 900

40-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Using 802.

Pagina 901

40-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication MD A does not enforce the order of de vice authentication.

Pagina 902

40-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication 802.

Pagina 903

40-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication About 802.1X Port-Based Authentication Host Authorization— Ensures that on ly traf f ic from authorized hosts (connect ing to the switch with a supplicant) is allo wed on the network.

Pagina 904

40-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication switch denies access to the netw ork for all wireless access point-attached clients.

Pagina 905

40-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication • Conf iguring 802.1X with Inaccessible Authentication Bypass, page 40-60 (optional) • Conf iguring 802.

Pagina 906

40-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication 802.1X Configuration Guidelines Guidelines for conf iguring 802.1X authentication in clude the follo wing: • The 802.

Pagina 907

40-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Note T o allow VLAN assignment, you must enable AAA authorization to configure the switch for all network-related service requests.

Pagina 908

40-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Note Enabling Spanning T ree PortFast ensures that a port comes up immediately after authorization.

Pagina 909

40-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Switch(config-if)# switchport m.

Pagina 910

40-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Dot1x Authenticator Client List ------------------------------- Supplicant = 0015.

Pagina 911

40-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication T o conf igure the RADIUS server parameters on the swi tch, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global conf iguration mode.

Pagina 912

40-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This ex ample shows ho w to specify t he server with IP address 17 2.120.39.46 as the RADIUS serv er .

Pagina 913

40-35 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication This exampl e show s how to en able 802.1X authentication and to allo w multiple hosts: Cisco IOS Release 12.

Pagina 914

40-36 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This example sho ws ho w to enable MD A and to allo w both a host and a 802.1X voice de vice (a Cisco or third-party phon e with 802.

Pagina 915

40-37 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Switch(config-if)# dot1x port-c.

Pagina 916

40-38 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Switch(config-if)# authenticat.

Pagina 917

40-39 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication switchport voice vlan 1234 acce.

Pagina 918

40-40 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Cisco ACS Configuration for DACL Note O n l y C i s c o AC S s u p p o r t s DAC L .

Pagina 919

40-41 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Configuring ACS T o conf igure .

Pagina 920

40-42 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication dot1x pae authenticator end Switch# Switch# show access-list pacl-4 10 permit ip host 1.

Pagina 921

40-43 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Configuring a Do wnloadable Policy T o configure do wnloadable po licies, perform this task: Command Purpose Step 1 Switch# configure terminal Enters global conf iguration mode.

Pagina 922

40-44 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication The follo wing example illustrates ho w to configure a swit ch for do wnloadable policy: Switch# config terminal Enter configuration commands, one per line.

Pagina 923

40-45 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Configuring the Switch T o conf igure the switch for per -user AC L and filt er-ID A CL: Step 1 Config ure the IP de vice tracking table.

Pagina 924

40-46 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Figure 40-12 sho ws how members of the group you are conf iguring are denied all acce ss to the 10.

Pagina 925

40-47 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Figure 40-13 Configur ing the Filter -ID At tribute Note Outbound A CLs (for example, 100 .

Pagina 926

40-48 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication The follo w ing command sho ws that the Policy Enforced Module (EPM) session contains the per-user -a cl from A CS: Switch# show epm session ip 50.

Pagina 927

40-49 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication The follo wing command shows t .

Pagina 928

40-50 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Configuring a Per-User ACL and.

Pagina 929

40-51 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication The follo wing example illustrates ho w to configure a swit ch for do wnloadable policy: Switch# config terminal Enter configuration commands, one per line.

Pagina 930

40-52 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This example sho ws ho w to configure a switch to deri ve the reauthenti cation period from the server and to verify the conf iguration: Cisco IOS Release 12.

Pagina 931

40-53 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Dot1x Authenticator Client List Empty Port Status = AUTHORIZED Switch# Configuring MAC Move MA C move allo ws an authenticated host to move fro m one switch port to anoth er .

Pagina 932

40-54 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This exampl e show s how to gl.

Pagina 933

40-55 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication %PM-4-ERR_DISABLE: security-violation error detected on <interface name>, putting <interface name> in err-disable state Configuring 802.

Pagina 934

40-56 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This example sho ws how to enable regular VLAN 50 on Fast Ethernet 4/3 as a guest VLAN on a static access port: Cisco IOS Release 12.

Pagina 935

40-57 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Cisco IOS Release 12.

Pagina 936

40-58 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This e xample sho ws how to en able the gues t VLAN feature and to specify VLAN 5 as a guest VLAN: Cisco IOS Release 12.

Pagina 937

40-59 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Note Removing a 802 .1X MAB conf igurat ion from a port does not imp act th e authorized or authenticated state of the port.

Pagina 938

40-60 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication QuietPeriod = 60 ServerTimeout.

Pagina 939

40-61 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Step 4 Switch(config)# interface interface-id Specifi es the port to be configured and enters interface configuration mode.

Pagina 940

40-62 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication The follo wing example shows a full configuration of 802.

Pagina 941

40-63 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Switch# configure terminal Swit.

Pagina 942

40-64 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Note Unidirectional controlled port only w orks when Sp anning Tree PortF ast is enabled on the port.

Pagina 943

40-65 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication SuppTimeout = 30 ReAuthPeriod = 3600 (Locally configured) ReAuthMax = 2 MaxReq = 2 TxPeriod = 30 RateLimitPeriod = 0 Switch# Cisco IOS Release 12.

Pagina 944

40-66 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Note Ensure that the VLANs yo u specify as part of the VLA N group are enabled on the switch.

Pagina 945

40-67 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication ACS Configuration After conf iguring the switch, you mu st provide the VLAN gro up name in the A CS configur ation.

Pagina 946

40-68 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Figur e 40-15 VLAN User Distr .

Pagina 947

40-69 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication This exampl e shows ho w to enable a regular VLAN 4 0 on Fast Ethernet 4 /3 as a authentication-fa iled VLAN on a static access port: Cisco IOS Release 12.

Pagina 948

40-70 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Cisco IOS Release 12.

Pagina 949

40-71 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication This exampl e show s how to enable 802.1X with v oice VLAN feature on Fa st Ethernet interface 5/ 9: Cisco IOS Release 12.

Pagina 950

40-72 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication T o enable 802.1X with VLAN assignment, perfo rm this task: The follo wing example sho ws ho w to configure MD A on an interface and 802.

Pagina 951

40-73 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Figure 40-16 User Se t Up Note .

Pagina 952

40-74 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Step 3 Switch(config-fallback-profile)# ip access-group rule-name in Specif ies the default A CL to apply to network tr af fic before web-based aut hentication.

Pagina 953

40-75 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Step 3 Switch(config-fallback-profile)# ip access-group rule-name in Specif ies the default A CL to apply to network tr af fic before web-based aut hentication.

Pagina 954

40-76 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This exampl e show s how to enable 802.1X fal lback to MAB, and then to enable web-based authentication, on an 802 .

Pagina 955

40-77 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Dot1x Info for GigabitEthernet7.

Pagina 956

40-78 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication T o determine if a host was au.

Pagina 957

40-79 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication T o enable periodic reauthentic.

Pagina 958

40-80 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication Cisco IOS Release 12.

Pagina 959

40-81 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication This exampl e shows ho w to enable 802.1X on Fa st Ethernet interface 5/9 and to allo w multiple hosts: Cisco IOS Release 12.

Pagina 960

40-82 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This exampl e shows ho w to set the quiet period on the swi tch to 30 seconds: Cisco IOS Release 12.

Pagina 961

40-83 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication This example sho ws how to set the re transm ission time to 60 seconds: Cisco IOS Release 12.

Pagina 962

40-84 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication T o set the switch-to-client f.

Pagina 963

40-85 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Cisco IOS Release 12.

Pagina 964

40-86 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication When CISP is enabled on a trunk po rt, the following features are iner t.

Pagina 965

40-87 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Figur e 40-17 Specifying the Cisco A V P air Starting with Cisco IOS XE Release 3.

Pagina 966

40-88 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication dot1x pae authenticator authen.

Pagina 967

40-89 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication Current configuration : 149 byt.

Pagina 968

40-90 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port -Based Authentication This exampl e show s how to co.

Pagina 969

40-91 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Configuring 802.1X Port-Based Auth entication • Although modif ied trunk pa.

Pagina 970

40-92 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Switch# dot1x initialize Removing 802.

Pagina 971

40-93 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Understanding RADIUS RADIUS is a distributed client/server system th at secures networks against unauthorized access.

Pagina 972

40-94 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Figur e 40-18 T ransiti oning fr om RA.

Pagina 973

40-95 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS • CoA Request Commands, page 40 -97 • Session Reauthenticati on, page 40-98 • Displaying 802.

Pagina 974

40-96 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS T able 40-3 sho ws the possible values fo r the Error-Cause attribute. Preconditions T o use the CoA interface, a session must already ex ist on the switch.

Pagina 975

40-97 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS • Audit-Session-Id (Cisco VSA) • Ac.

Pagina 976

40-98 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Session Reauthentication The AAA serve.

Pagina 977

40-99 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS CoA Disconnect-Request This command is a standard Discon nect-Request.

Pagina 978

40-100 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Configuring RADIUS This section descri bes ho w to conf igure your switch to suppor t RADIUS.

Pagina 979

40-101 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Y ou identify RADIUS security servers b y their hostnam e or IP address, hostname and specif ic UDP port numbers, or their IP address and specif ic UDP port numbers.

Pagina 980

40-102 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS T o configure per -server RADIUS server communication, perform this task. This procedure is required .

Pagina 981

40-103 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS This exampl e sho ws how to conf igure.

Pagina 982

40-104 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Step 3 Switch(config)# aaa authentication login { default | list-name } method1 [ method2.

Pagina 983

40-105 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS T o disable AAA, use the no aaa new-model global conf iguration command. T o disable AAA authentic ation, use the no aaa authentication login { default | list-name } metho d1 [ method2.

Pagina 984

40-106 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS T o define th e AAA server group and .

Pagina 985

40-107 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS T o remove the specif ied RADIUS server , use the no radius-server host hostname | ip-addr ess global confi guration command.

Pagina 986

40-108 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS T o disable authorization, use the no aa a authorization { network | exec } me thod1 global configuratio n command.

Pagina 987

40-109 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Configuring Settings fo r All RADIUS S.

Pagina 988

40-110 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS For e x ample, this A V pair activ at.

Pagina 989

40-111 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Configuring the Switch for Vendor-Prop.

Pagina 990

40-112 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Controlling Switch Access with RADIUS Configuring CoA on the Switch T o conf igure CoA on a switch, perfo rm th ese steps. This procedure is required.

Pagina 991

40-113 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Displaying 802.1X Statistics and Status T o disable AAA, use the no aaa new-model global configurat ion comm and.

Pagina 992

40-114 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Displaying Authentication Details Displaying Authentication Details This se.

Pagina 993

40-115 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Displaying Authentication Details Displaying a Summary of All Auth M anager .

Pagina 994

40-116 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Displaying Authentication Details The indi vidual output can be further ref ined by using the handle , interface , MA C , session-id , or method ke ywords: Switch# show authentication sessions mac 000f.

Pagina 995

40-117 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Displaying Authentication Details mab Not run Displaying MAB Details The fol.

Pagina 996

40-118 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 40 Configuring 802.1X Port-Based Authentication Displaying Authentication Details Switch(config)# epm logging Switch# clear dot1x all Switch# *May 15 08:31:26.561: %EPM-6-POLICY_REQ: IP=100.

Pagina 997

CH A P T E R 41-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 41 Configuring the PPPoE Intermediate Agent DSL Forum TR-101 [1] of fers a means by which the PPPoE Discov ery packets are tagged at the service provider's access switch with subscriber line specif ic information.

Pagina 998

41-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent Related Documents Related Documents RFCs About PPPoE Intermediate Agent PPPoE Int.

Pagina 999

41-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent RFCs The follo wing example sho ws how to set an access node id entifier o f abcd .

Pagina 1000

41-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent RFCs Enabling PPPoE IA on an Interface This functionality enables the PPPoE IA feature on an interf ace. The pppoe intermediate-agent command has an effect only if the PPPoE IA feature was enabled globally with this command.

Pagina 1001

41-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent RFCs Configuring PPPoE IA Vendor-tag Stripping on an Interface This functionality .

Pagina 1002

41-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent Displaying Config uration Parameters Specif ic VLAN: Switch# configure terminal S.

Pagina 1003

41-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent Displaying Configuration Parameters The info ke yword appears if the PPPoE Intermediate Agent is enabled globally on an interf ace or on a VLAN (in an interface).

Pagina 1004

41-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent Clearing Packet Counters Server responses from untrusted ports = 0 Client request.

Pagina 1005

41-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent Tro ublesho oting Tips The event option of the command echoes important messag es (interf ace st at e change to errd isabled due to PPPoE discov ery packet s entering at a rate exceedin g the conf igured limit).

Pagina 1006

41-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 41 Configuring the PPPoE Intermediate Agent Troubleshooting Tips.

Pagina 1007

CH A P T E R 42-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 42 Configuring Web-Based Authentication This chapter describe s how to configure web-based authentication.

Pagina 1008

42-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 42 Configurin g Web-Based Authenticatio n About Web-Based Authentic ation These sections describe the role of web-based authe.

Pagina 1009

42-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 42 Configuring Web-Based Authentic ation About Web-Based Authentication For Layer 3 interfaces, web-based authentication se ts an HTTP intercept ACL when the feature is configured on the interf ace (or when the interface is put in service).

Pagina 1010

42-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 42 Configurin g Web-Based Authenticatio n About Web-Based Authentic ation Customization of the Authentication Proxy Web Pages.

Pagina 1011

42-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 42 Configuring Web-Based Authentic ation About Web-Based Authentication LAN Port IP Y ou can configur e LAN port IP (LPIP) and Layer 2 we b-based auth entication on the same port.

Pagina 1012

42-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 42 Configurin g Web-Based Authenticatio n Configuring Web-Base d Authentication Configuring Web-Based Authentication These se.

Pagina 1013

42-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 42 Configuring Web-Based Authentic ation Configuring Web-Based Authentication proxyacl# 40=permit udp any any eq tftp Note The proxyacl entry determines the type of allowed network access.

Pagina 1014

42-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 42 Configurin g Web-Based Authenticatio n Configuring Web-Base d Authentication This exampl e show s how to enable web-based .

Pagina 1015

42-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 42 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Configuring AAA Authentication T o enable web-ba.

Pagina 1016

42-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 42 Configurin g Web-Based Authenticatio n Configuring Web-Base d Authentication When you configure the RADIUS serv er parameters, foll ow these steps: • Specify th e key string on a separate command line.

Pagina 1017

42-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 42 Configuring Web-Based Authentic ation Configuring Web-Based Authentication This example sho ws how to conf igure the RADIUS server parameters on a switch: Switch(config)# ip radius source-interface Vlan80 Switch(config)# radius-server host 172.

Pagina 1018

42-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 42 Configurin g Web-Based Authenticatio n Configuring Web-Base d Authentication When configuring customized auth entication pro xy web pa ges, observe the following guide lines: • T o enable the custom web pages featur e, specify all four cust om HTML f iles.

Pagina 1019

42-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 42 Configuring Web-Based Authentic ation Configuring Web-Based Authentication Specifying a Redirection URL for Successful Login W ith Cisco IOS Release 12.

Pagina 1020

42-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 42 Configurin g Web-Based Authenticatio n Displaying Web-Based Authentication Status This exampl e shows ho w to set the max.

Pagina 1021

CH A P T E R 43-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 43 Configuring Port Security This chapter descr ibes how to config ure port security on the Catalyst 4500 series switch.

Pagina 1022

43-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Port Securi ty Comm ands Port Security Commands This table lists the commands most commonly used with port secur ity . Command Purpose Navigation errdisable recov ery cause psecure-vi olation Brings a secure p ort out of error-disabled state.

Pagina 1023

43-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security About Port Security About Port Security Port security enables you to res trict the number of MA C addresses (termed secur e MA C addresses ) on a port, allowing you to pre vent access by unauthorized M AC addresses.

Pagina 1024

43-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity About Port Security Secure MAC Addresses Port security supports th e follo w ing types of secure MA C addresses: • Dynamic or Learned—Dynamic secure MAC addresses are learned when packets are recei v ed from the host on the secure port.

Pagina 1025

43-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security About Port Security Note On a trunk port, a maximum numb er of secure MA C addresses can be configured on both the port and port VLAN.

Pagina 1026

43-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity About Port Security The sticky secure MA C a ddresses do not automatically become part of the conf iguration f ile, which is the startup config uration used each time the sw itch restarts.

Pagina 1027

43-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security on Acc ess Ports Invalid Packet Handling Y ou might want to rate limit .

Pagina 1028

43-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Ac cess Po rts Step 4 Switch(config-if)# [ no ] switchport port-security maximum value (Optional) Sets the max imum number of secure MA C addresses for the interface.

Pagina 1029

43-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security on Acc ess Ports Step 6 Switch(config-if)# [ no ] switchport port-secur.

Pagina 1030

43-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Ac cess Po rts Note T o clear dynamic ally learned port security MA C addre sses in the CAM table, use the clear port-security dynamic command.

Pagina 1031

43-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security on Acc ess Ports Example 1: Setting Maximum Nu mber of Secure Addresses This exampl e show s how to enable port security on the F ast Ethernet interface 3/12 and ho w to set the maximum number of secure ad dresses to 5.

Pagina 1032

43-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Ac cess Po rts This exampl e shows ho w to set the aging time to .

Pagina 1033

43-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security on Acc ess Ports Example 6: Configuring Sticky Port Security This exam.

Pagina 1034

43-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on PVLA N Po rts The follo wing example sho ws how to conf igure rate limit for in val id source packets on F ast Ethernet interface 5/1: Switch# configure terminal Enter configuration commands, one per line.

Pagina 1035

43-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security on PVLAN Ports Figur e 43-1 P ort Secur i ty on Isol ated Pr ivat e VL.

Pagina 1036

43-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on PVLA N Po rts Example of Port Security on an Isolated Private VLA.

Pagina 1037

43-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuri ng Port Securit y on Trunk Port s Example of Port Security on a Private VLAN Promiscuo.

Pagina 1038

43-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Trun k Ports Figure 43-2 T r unk Por t Se cur ity Y ou can configure various po rt security related parameters on a per -port per-VLAN basis.

Pagina 1039

43-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuri ng Port Securit y on Trunk Port s Examples of Trunk Port Security The follo wing examp.

Pagina 1040

43-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Trun k Ports 5 3 0 6 3 0 Switch# Switch# show running interface gi1/1 Building configuration.

Pagina 1041

43-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuri ng Port Securit y on Trunk Port s Switch# show port-security interface g1/1 address vl.

Pagina 1042

43-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Voice Ports Port Mode Changes Generally , when a port mode changes, all dynamic ad dresses associated with that port are removed.

Pagina 1043

43-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security on Voice Ports Configuring Port Security on Voice Ports T o conf igure.

Pagina 1044

43-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Voice Ports Step 6 Switch(config-if)# [ no ] switchport port-security mac-address mac_address [ vlan { voice | access }] (Optional) Specif ies a secure MA C address for the interface.

Pagina 1045

43-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security on Voice Ports Note T o clear dynamically learned port security MA C addresses in the CAM table, use the clear port-security dynamic command.

Pagina 1046

43-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security on Voice Ports Switch# show port-security address Secure Mac Address.

Pagina 1047

43-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Displaying Port Security Settings Total Addresses in System (excluding one mac per port) : 5 Max Addresses limit in System (excluding one mac per port) : 3072 Switch# show running-config interface fastEthernet 5/1 Building configuration.

Pagina 1048

43-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Displaying Port Security Settings T o display traf fic contro l information, perform one or mo.

Pagina 1049

43-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Displaying Port Security Settings Fa3/6 2 2 0 Shutdown Fa3/7 2 2 0 Shutdown Fa3/8 2 2 0 Shutdown.

Pagina 1050

43-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Displaying Port Security Settings 1 0000.0001.1201 SecureSticky Fa3/7 - 1 0000.0001.1300 SecureSticky Fa3/8 - 1 0000.0001.1301 SecureSticky Fa3/8 - 1 0000.

Pagina 1051

43-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Configuring Port Security with Oth er Features/Environments Example 7: Displaying Secured MAC Ad.

Pagina 1052

43-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Configuring Port Security w ith Other Features/En vironments Any combination of the source MA .

Pagina 1053

43-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Security Port Security Configuration Guidelines and Restrictions Figur e 43-3 P ort Secur ity in a Wirele.

Pagina 1054

43-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 43 Configuring Port Secu rity Port Security Con figuration Guidelines an d Re stric tions • When you enter a maximum secu .

Pagina 1055

CH A P T E R 44-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 44 Configuring Control Plane Policing and Layer 2 Control Packet QoS This chapter cont ains information on ho w to protect yo ur Catalyst 4500 series switch using control plane policing (CoPP).

Pagina 1056

44-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Configuring Control Plane Policing • General Guid eli.

Pagina 1057

44-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Configuring Cont ro l Plane Policing For the data and m anagement p lane traff ic, you can de fine your own A CLs to m atch the tra f fi c class that you want to police.

Pagina 1058

44-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Configuring Control Plane Policing • Begi nning with Cisco IOS Release 12.2(31) SGA1, the GARP class wa s excluded from CoPP .

Pagina 1059

44-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Configuring Cont ro l Plane Policing The follo wing example sho ws how to pol ice CDP packets: Switch# config terminal Enter configuration commands, one per line.

Pagina 1060

44-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Configuring Control Plane Policing Configuring CoPP for.

Pagina 1061

44-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Configuring Cont ro l Plane Policing The follo wing example sho ws how to configure trusted hosts wi th source addresses 10.

Pagina 1062

44-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Configuring Control Plane Policing Class system-cpp-cgm.

Pagina 1063

44-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Monitoring CoPP Monitoring CoPP Y ou can e nter the show.

Pagina 1064

44-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Monitoring CoPP Match: access-group name system-cpp-ri.

Pagina 1065

44-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Configuring Layer 2 Control Packet QoS permit any 0180.c200.0000 0000.0000.000f Extended MAC access list system-cpp-cdp permit any host 0100.

Pagina 1066

44-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Configuring Layer 2 Control Packet QoS Enabling Layer 2 Control Packet QoS T o enable Layer 2 control packet Qo S, perform this task: T able 44-1 list s the types of packets impacted b y this feature.

Pagina 1067

44-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Configuring Layer 2 Control Packet QoS Switch(config-if.

Pagina 1068

44-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Configuring Layer 2 Control Packet QoS Note TCAM resources are not consumed when the interface is in a down state.

Pagina 1069

44-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Configuring Layer 2 Control Packet QoS Switch(config)# .

Pagina 1070

44-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Configuring Layer 2 Control Packet QoS The follo w ing example sho ws how to create user-def ine d MACLs and class maps to id entify EAPOL and BPDU pack ets.

Pagina 1071

44-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 44 Configuring Control Pl ane Policing and Layer 2 Control Packet QoS Policing IPv6 Control Traffic Policing IPv6 Control Tra.

Pagina 1072

44-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 44 Configuri ng Control Plane Policing and Layer 2 Control Packet QoS Policing IPv6 Control Traffic police cir 32000 bc 1500.

Pagina 1073

CH A P T E R 46-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 46 Configuring Dynamic ARP Inspection This chapter descri bes how to configure Dynamic ARP Inspection (D AI) on the Catalyst 4500 series switch.

Pagina 1074

46-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n About Dynamic ARP Inspectio n ARP Cache Poisoning Y ou can atta ck hosts, switches, and routers connected to your Layer 2 network by “poisoning ” their ARP caches.

Pagina 1075

46-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection About Dynamic ARP In spection Interface Trust State, Security Co verage and Network Configuration D AI assoc iates a trust state with each interface on the system.

Pagina 1076

46-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n About Dynamic ARP Inspectio n Relative Priority of Static Bindings and DHCP Snooping Entries As mentioned pre viously , DAI populates it s database of v alid MA C address to IP address bindings through DHCP snoo ping.

Pagina 1077

46-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Port Channels Function A gi ve n physical port can join a chann el only when th e trust state of the physical port and of the channel match.

Pagina 1078

46-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection Figur e 46-3 ARP P ack et V alidation on a VLAN E.

Pagina 1079

46-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection DAI Configuration Example This example sh ows ho w to configu re D A I on Switch A in VLAN 100. Y ou would perform a similar procedure on Switch B.

Pagina 1080

46-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection Gi3/1 Untrusted 15 1 Gi3/2 Untrusted 15 1 Gi3/3 U.

Pagina 1081

46-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection SwitchA# show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface ------------------ --------------- ---------- ------------- ---- -------------------- 00:01:00:01:00:01 170.

Pagina 1082

46-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection Gi3/20 Untrusted 15 1 Gi3/21 Untrusted 15 1 Gi3/.

Pagina 1083

46-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Configuring ARP ACLs for Non-DHCP Environments This procedure sho ws ho w to conf igure D AI when Switch B show n in Figure 46-3 does not support D AI or DHCP snoopi ng.

Pagina 1084

46-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection Step 5 Switch(config)# ip arp inspectio n filter arp-acl-name vlan vlan-range [ static ] Applies the ARP A CL to the VLAN.

Pagina 1085

46-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection T o remov e the ARP A CL, use the no arp access-list gl obal confi guration command.

Pagina 1086

46-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection Gi3/35 Untrusted 15 1 Gi3/36 Untrusted 15 1 Gi3/.

Pagina 1087

46-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection T o conf igure the log b uffer , perform this task: Command Purpose Step 1 Switch# configure terminal Enters global configurati on mode.

Pagina 1088

46-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection T o return to the default lo g buf fer settings, use th e no ip arp inspection log-b uffer global configuration command.

Pagina 1089

46-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection T o limit the rate of incoming ARP pack ets, perform this task: T o return to the defaul t rate-limit conf iguration, use the no ip arp inspection limit interf ace configuration command.

Pagina 1090

46-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection SwitchB# show ip arp inspection interfaces Inter.

Pagina 1091

46-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection vmps Disabled pagp-flap Disabled dtp-flap Disabled .

Pagina 1092

46-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection T o perform specific checks on incomin g ARP pack ets, perform this task: T o disable checking , use the no ip arp inspection v alidate [ src-mac ] [ dst-mac ] [ ip ] global confi guration command.

Pagina 1093

46-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 46 Configuring Dynamic ARP Insp ection Configuring Dynamic ARP Inspection Vlan Configuration Operation ACL Match Static ACL -.

Pagina 1094

46-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 46 Co nfig uring Dynamic ARP Inspectio n Configuring Dynamic ARP Inspection.

Pagina 1095

CH A P T E R 45-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 45 Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts This chapter describes ho w to configu re Dynamic Host Conf iguration Protocol (DHCP) snoopin g, IP source guard, and IP source guard (IPSG) for static hosts on Catalyst 4500 series switches.

Pagina 1096

45-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts About DHCP Snooping The DHCP snooping binding table.

Pagina 1097

45-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts About DHCP Snooping The mechanism for the database agent stores the bindings in a file at a conf igured location .

Pagina 1098

45-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts About DHCP Snooping Option 82 Data Insertion In residential, metropolit an Ethern et-acces s en vironments, DHCP can cent rally manage the IP address assignments for a large number of subscribers.

Pagina 1099

45-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts About DHCP Snooping • The DHCP serv er unicasts the reply to the switch if the request was relayed to the server b y the switch.

Pagina 1100

45-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping Figure 45-3 sho ws the packet formats for user-confi gured remote ID and circuit ID suboptions.

Pagina 1101

45-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping • Enabling DHCP Sn oopin.

Pagina 1102

45-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping T o enable DHCP snooping, perform th is task: Y ou can configure DHCP snooping for a single VLAN or a r ange of VLANs.

Pagina 1103

45-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping Switch(config-if)# ip dhcp.

Pagina 1104

45-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping the ip dhcp snooping inf.

Pagina 1105

45-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping T o disable DHCP snooping, use the no ip dhcp snooping global config uration command.

Pagina 1106

45-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping This exampl e shows ho w.

Pagina 1107

45-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping Enabling the DHCP Snoopin.

Pagina 1108

45-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping T o pre vent the port fr.

Pagina 1109

45-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping Switch# show errdisable r.

Pagina 1110

45-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping Switch# show ip dhcp snooping database detail Agent URL : tftp://10.

Pagina 1111

45-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring DHCP Snooping The switch maintains tw o sets of counters for thes e i gnored bindings.

Pagina 1112

45-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Displaying DHCP Sno oping Inform ation Last Succeded Time : 15:24:34 UTC Sun Jul 8 2001 Last Failed Time : None Last Failed Reason : No failure recorded.

Pagina 1113

45-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts About IP Source Gu ard Displaying a Binding Table The DHCP snooping bindi ng table f or each switch contains bi nding entries that correspond to unt rusted ports.

Pagina 1114

45-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Gua rd the client IP traf fi.

Pagina 1115

45-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Guard If you want to stop IP .

Pagina 1116

45-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Displaying IP Source Guar d Information Switch# sh.

Pagina 1117

45-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Displaying IP Source Bindi ng Information • This .

Pagina 1118

45-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Guard for Static Hosts Configuring IP Source Guard for Static Hosts Note IPSG for static hosts should not be used o n uplink ports.

Pagina 1119

45-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Gu ard for Static Hosts Configuring IPSG for Static Hosts on a Layer 2 Access Port Y ou c an configure IPSG for static hosts on a Laye r 2 access po rt.

Pagina 1120

45-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Guard for Static Hosts T o s.

Pagina 1121

45-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Gu ard for Static Hosts The follo wing example displays all IP- to-MA C binding entries for all interfaces.

Pagina 1122

45-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Guard for Static Hosts 200.1.1.5 0001.0600.0000 8 GigabitEthernet3/1 INACTIVE 200.

Pagina 1123

45-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 45 Configuring DHCP Snoopin g, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Gu ard for Static Hosts Switc.

Pagina 1124

45-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 45 Configurin g DHCP Snooping, IP Source Guard, and IPSG for Static Hosts Configuring IP Source Guard for Static Hosts.

Pagina 1125

CH A P T E R 47-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 47 Configuring Network Security with ACLs This chapter describes how to use access control lists (A CLs) to configure network security on the Catalyst 4500 series switches.

Pagina 1126

47-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs About ACLs • Using VLAN Maps with Router A CLs, page 47-32 • Conf iguring P A.

Pagina 1127

47-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs About ACLs The Catalyst 4500 seri es switch supports three types of A CLs: • IP A.

Pagina 1128

47-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs About ACLs • Extended IP access lists u se source and destination addresses and o ptional protocol type information for matching operations.

Pagina 1129

47-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs About ACLs As with router A CLs, the switch examines A CLs assoc i ated with features configured on a gi ven interface and permits or denies pack et forwardi ng based on ho w the packet ma tches the ent ries in the A CL.

Pagina 1130

47-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Hardware and Software ACL Support Figur e 47 -2 Using VLAN Maps t o Control T raf.

Pagina 1131

47-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs TCAM Programming and ACLs for Supervisor En gine II-Pl us, Supervisor Eng in e IV, .

Pagina 1132

47-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs TCAM Programming and ACLs for Supervisor Engine II-Plus, Su perviso r Engine IV, .

Pagina 1133

47-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs TCAM Programming and ACLs for Supervisor En gine II-Pl us, Supervisor Eng in e IV, .

Pagina 1134

47-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs TCAM Programming and ACLs for Supervisor Engine II-Plus, Su perviso r Engine IV,.

Pagina 1135

47-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs TCAM Programming and ACLs for Supervisor En gine II-Pl us, Supervisor Eng in e IV,.

Pagina 1136

47-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs TCAM Programming and ACLs for Supervisor Engine II-Plus, Su perviso r Engine IV,.

Pagina 1137

47-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs TCAM Programming and ACLs for Supervisor En gine II-Pl us, Supervisor Eng in e IV, Supervisor Eng in e V, and Pack ets that match entries in partiall y programmed A C Ls are processed in software using the CPU.

Pagina 1138

47-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs TCAM Programming and ACLs for Supervisor Engine II-Plus, Su perviso r Engine IV, Supervisor Engine V, and Supervisor • DHCP Snooping shoul d be enabled globally on a gi ven VLAN.

Pagina 1139

47-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs TCAM Programming and ACLs for Supervisor En gine II-Pl us, Supervisor Eng in e IV,.

Pagina 1140

47-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs TCAM Programming and ACLs for Superviso r En gine 6-E and Supervisor Engine 6L-E.

Pagina 1141

47-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Layer 4 Operators in ACLs • gt (greater than) • lt (less than) • neq (not eq.

Pagina 1142

47-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Layer 4 Operators in ACLs Note The eq operator can be used an unlimited n umber of times because eq does not use a Layer 4 operation in hardware.

Pagina 1143

47-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Layer 4 Operators in ACLs • F or some packets, when the hardware runs out of res.

Pagina 1144

47-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring Unicast MA C Address Filtering access-list 103 permit tcp any gt 1024 any gt 1023 Note Remember that source port lt 80 an d destination port lt 80 are consider ed dif ferent operations.

Pagina 1145

47-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring Named MAC Exten ded ACLs For more in formation about the supp orted non-IP protocols in the mac access-list extended command, refer to the Catalyst 4500 Series Switc h Cisco IOS Command Refer e nce .

Pagina 1146

47-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring EtherT ype Matching Switch(config)# mac access-list extended mac1 Sw.

Pagina 1147

47-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring Named IPv6 ACLs Switch(config)# mac access-list extended matching Swit.

Pagina 1148

47-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Applying IPv6 ACLs to a Layer 3 Interface Note Hardware stat istics is disabled b y default.

Pagina 1149

47-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring VLAN Maps • VLAN Map Conf iguration Guidelines, page 47-25 • Creat.

Pagina 1150

47-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring VLAN Maps • If the VLAN map has at least one match clause for the type of packet (IP or MA C) and the packet does not ma tch any of these match c lauses, the de fault is to drop the pac ket.

Pagina 1151

47-27 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring VLAN Maps Example 1 This example sho ws how to create an A CL and a VLAN map to deny a packet. In the f irst map, any packets that match the ip1 A CL (TCP pack ets) wo uld be dropp ed.

Pagina 1152

47-28 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring VLAN Maps Example 3 In this examp le, the VLAN map is configured to dr op MA C packets and forward IP packets by default.

Pagina 1153

47-29 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring VLAN Maps Applying a VLAN Map to a VLAN T o apply a VLAN map to on e o.

Pagina 1154

47-30 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring VLAN Maps Figur e 47 -3 Wiring Closet Configur ation For e xample, i.

Pagina 1155

47-31 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring VLAN Maps Denying Access to a Server on Another VLAN Figure 47-4 sho ws how to restrict access to a server on another VLAN.

Pagina 1156

47-32 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Displaying VL AN Ac cess Map Information Displaying VLAN Access Map Information .

Pagina 1157

47-33 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Using VLAN Maps with Router ACLs When possible , try to writ e the ACL so that all entrie s have a single action except for the final, default action.

Pagina 1158

47-34 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Using VLAN Maps with Ro ute r AC Ls Figur e 47 -5 Applying ACLs on S witched P a ck ets ACLs and Routed Packets Figure 47-6 sho ws how A CLs are applied on routed packet s.

Pagina 1159

47-35 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring PACLs Figur e 47 -6 Applying ACLs on Routed P ack ets Configuring PACLs This section describes ho w to conf igure P A CLs, which are used to control f iltering on Layer 2 interfaces.

Pagina 1160

47-36 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring PACLs Step 2 Use the IP access-group, IPv6 traff i c-filter , or mac access-group interface co mmand to apply IPv4, IPv6, or MA C A CLs to one or more La yer 2 interfaces.

Pagina 1161

47-37 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring PACLs ip access-list extended AUTH-DEFAULT-ACL This A CL is not n vgened. A UTH-DEF A UL T -A CL is a ttached provided there are sessions applying dynamic A CLs (Per-user/Filter -Id/DA CL).

Pagina 1162

47-38 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring PACLs Configuring IPv4, IPv6, and MAC ACLs on a Layer 2 Interface Note Only IPv4, IPv6 and MA C A CLs can be applied to Layer 2 physical in terfaces.

Pagina 1163

47-39 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring PACLs Using PACL with Access-Group Mode Y ou can use the access group mode to change the way P A CLs interact with other A CLs.

Pagina 1164

47-40 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring PACLs Applying ACLs to a Layer 2 Interface T o apply IPv4, IPv6, an .

Pagina 1165

47-41 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Using PACL with VLAN Maps an d Router ACLs This example sho ws that MA C a ccess g.

Pagina 1166

47-42 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Using PACL with VLAN Maps and Router ACLs Figur e 47 -7 Scenar io 1: P ACL Int e.

Pagina 1167

47-43 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring RA Guard Scenario 3 : Host A is connected to an interface in VLAN 10, which has a V A CL and an SVI conf igured.

Pagina 1168

47-44 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring RA Guard obtained from the obser ved source address of the Router-Adv ertisement (RA) message. Howev er, in some networks, in v alid RAs are observed.

Pagina 1169

47-45 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring RA Guard Figur e 47 -1 0 T ypical RA Guard Deployment Configuring RA G.

Pagina 1170

47-46 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring RA Guard ! interface GigabitEthernet1/1 ipv6 nd raguard end The foll.

Pagina 1171

47-47 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 47 Configuri ng Network Security with ACLs Configuring RA Guard • RA Guard is purely an Layer 2 port based feature and can be conf igured only on switchpo rts. It works irresp ectiv e of whether IPv6 routing is enabled.

Pagina 1172

47-48 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 47 Configurin g N etwork Security with ACLs Configuring RA Guard.

Pagina 1173

CH A P T E R 48-1 Catalyst 4500 Switch Software Configuration Guide OL-23818-01 48 Support for IPv6 This chapter lists th e IP version 6 (IPv6) features supported on the Catalyst 45 00 and Catalyst 4900 series switches.

Pagina 1174

48-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 48 Suppo rt for IPv6 About IPv6 For informatio n about ho w Cisco Systems implements IPv6, go to thi s URL: http://www .cisco.com/en/ US/products/ps6553/pro ducts_ios_technolog y_home.

Pagina 1175

48-3 Catalyst 4500 Switch Software Configuration Guide OL-23818-01 Chapter 48 Support for IPv6 About IPv6 Y ou can find infor mation about these features at t his location: http://www .cisco.com/en/ US/docs/ios/ipv6/conf iguration/guide/ip6-addr g_bsc_con.

Pagina 1176

48-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 48 Suppo rt for IPv6 About IPv6 • MQC traf fic po licing • MQC packing marking an d remarking • Queueing Y ou can find infor mation about these features at t his location: http://www .

Pagina 1177

48-5 Catalyst 4500 Switch Software Configuration Guide OL-23818-01 Chapter 48 Support for IPv6 About IPv6 Static Routes Networking de vices forward pack ets using route information t hat is either manually conf igured or dynamically learned using a routing protocol.

Pagina 1178

48-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 48 Suppo rt for IPv6 About IPv6 http://www .cisco.com/en/ US/docs/ios/ipv6/con figuration /guide/ip6-rip.htm l OSPF The switch running the IP services feature set su pports Open Shortest P ath First (OSPF) for IPv6, a link-state protocol for IP .

Pagina 1179

48-7 Catalyst 4500 Switch Software Configuration Guide OL-23818-01 Chapter 48 Support for IPv6 IPv6 Default States Tunneling The follo wing tunneling features are supported for IPv6 on the Cat alyst 4.

Pagina 1180

48-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 48 Suppo rt for IPv6 IPv6 Default States.

Pagina 1181

CH A P T E R 49-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 49 Port Unicast and Mult icast Flood Blocking This chapter de scribes how to configure multicast a nd unicas t flood bloc king on th e Cataly st 4000 family swi tch.

Pagina 1182

49-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 49 Port Unic as t and Multicast Flood Blocking Configuring Port Block ing Note Blocking of unicast or multicast traf fic is not auto matically en abled on a switch port; you must explicit ly configure it.

Pagina 1183

49-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 49 Port Unicast and Multicast Flo od Blocking Configuring Port Blocking Broadcast Suppression Level: 100 Multicast Suppression.

Pagina 1184

49-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 49 Port Unic as t and Multicast Flood Blocking Configuring Port Block ing.

Pagina 1185

CH A P T E R 50-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 50 Configuring Storm Control This chapter describe s how to configure port-based traf fic con trol on the Catalyst 4500 series swit ch.

Pagina 1186

50-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 50 Configuring Sto rm Control About Storm Control Note Storm control and Multicast storm con trol are supported in hardw are on all ports on the WS-X4516 , WS-X4013+10GE, WS-X4516-10GE, WS-C4948, WS-C4948-10GE, WS-C4900M, WS-C4948E, WS-X45-Sup6-E, and WS-X45 -Sup6L-E.

Pagina 1187

50-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 50 Configuring Storm Control Enabling Broadcast Storm Control Software-Based Storm Control Implementation When storm control is enabled on an inte rface, the switch monitors pack ets receiv ed on the interface and determines whether the packets are broadcast.

Pagina 1188

50-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 50 Configuring Sto rm Control Enabling Multicast Storm Control The follo wing example sho ws how to enab le storm control on interf ace: Switch# configure terminal Enter configuration commands, one per line.

Pagina 1189

50-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 50 Configuring Storm Control Enabling Multicast Storm Control Enabling Multicast Suppression on Catalyst 4900M, Catalyst 4948E.

Pagina 1190

50-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 50 Configuring Sto rm Control Disabling Broadca st Storm Control Enabling Multicast Suppression on All Other Supervisor Engin.

Pagina 1191

50-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 50 Configuring Storm Control Disabling Multicas t Storm Control The follo wing example sho ws how to disabl e storm control on interf ace. Switch# configure terminal Enter configuration commands, one per line.

Pagina 1192

50-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 50 Configuring Sto rm Control Displaying St orm Control Displaying Storm Control Note Use the show interface capabilities command to determine the mode in which storm con trol is supported on an i nterface.

Pagina 1193

CH A P T E R 51-1 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 51 Configuring SPAN and RSPAN This chapter descri bes how to configure the Swit ched Port Analyzer (SP AN) and Remote SP AN (RSP AN) on the Catalyst 4500 seri es switches.

Pagina 1194

51-2 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN About SPAN and RSPAN • Defa ult SP AN and RSP AN Configurat ion, page 51-6 SP AN mirrors traf fic from one or more source interfaces on an y VLAN or from one or more VLANs to a destination interface for analysis.

Pagina 1195

51-3 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN About SPAN and RSPAN SPAN and RSPAN C oncepts and Terminology This section describes co ncepts a.

Pagina 1196

51-4 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN About SPAN and RSPAN Some features that can cause a pa cket to be dropped du ring recei ve processing hav e no effect on SP AN; the destination port recei ves a copy of th e packet e ven if the actual incoming packet is dropped.

Pagina 1197

51-5 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN About SPAN and RSPAN Destination Port Each local SP AN session or RSP AN destin ation sessi on must ha ve a destination port (also called a monitoring port ) that recei ves a copy of traff ic from the source ports and VLANs.

Pagina 1198

51-6 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN About SPAN and RSPAN • VSP AN monitors only t raff ic that enters the sw itch, not traff ic that is routed betwee n VLANs.

Pagina 1199

51-7 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Configuring SPAN Configuring SPAN The follo wing sections describe how to conf igure SP AN: • .

Pagina 1200

51-8 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Configuring SPAN Configuring SPAN Sources T o conf igure the source for a SP AN session, perfo.

Pagina 1201

51-9 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Configuring SPAN Configuring SPAN Destinations T o conf igure the destination for a SP AN session, perform this task: Note SP AN is limited t o one destinat ion port per session.

Pagina 1202

51-10 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN CPU Port Sniffing Configuration Scenario This exampl e shows ho w to use the commands described in this chapter to completely configu re and unconf igure a span session.

Pagina 1203

51-11 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN CPU Port Sniffing T o conf igure CPU source snif fing, perform this task: This e xample sho ws how to configu re a CPU source to snif f all pack ets receiv ed by the CPU: Switch# configure terminal Enter configuration commands, one per line.

Pagina 1204

51-12 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Encapsulation Configuratio n This example sh ows ho w to use queue names and queue number ran.

Pagina 1205

51-13 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Access List Filtering T o configure ingress packets and en capsulati on, perform this task: This examp le shows ho w to conf igure a destination port with 802.

Pagina 1206

51-14 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Access List Filtering • When no A CLs are applied to packets e xiting a SP AN destination i.

Pagina 1207

51-15 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Packet Type Filtering This example sho ws how to conf igure IP access grou p 10 on a SP AN session and verify that an access list has been conf igured: Switch# configure terminal Enter configuration commands, one per line.

Pagina 1208

51-16 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Configuration Example This example sho ws how to conf igure a session to a ccept only unicast.

Pagina 1209

51-17 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Configuring RSPAN Note Y ou can apply an output access control list ( A CL) to RSP AN traff ic to selectively f ilter or monitor specific pack ets.

Pagina 1210

51-18 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Configuring RSPAN This exampl e show s how to clear any e xisting RSP AN conf iguration for session 1, conf igure RSP AN session 1 to monitor mul tiple source interfac es, and conf igure the destination RSP AN VLAN.

Pagina 1211

51-19 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Configuring RSPAN Creating an RSPAN Destination Session T o create an RSP AN destinati on sessi.

Pagina 1212

51-20 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Configuring RSPAN Creating an RSPAN Destination Se ssion and Enabling Ingress Traffic T o cre.

Pagina 1213

51-21 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Configuring RSPAN This examp le sho ws how to co nf igure VLAN 901 as the source remote VLAN and ho w to config ure t he destination port for ing ress traff ic on VLAN 5 by using a securit y device that su pports 802.

Pagina 1214

51-22 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Configuring RSPAN This exampl e shows ho w to remove port 1 as an RSP AN source for RSP AN session 1: Switch# configure terminal Enter configuration commands, one per line.

Pagina 1215

51-23 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Configuring RSPAN T o remove one or more source VLANs from the RSP AN ses sion, use the no monitor session session_number source vlan vlan-id rx glo bal configurat ion command.

Pagina 1216

51-24 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Configuring RSPAN T o monitor all VLANs on the trunk port, use th e no monitor session session_number f ilter vlan global confi guration command.

Pagina 1217

51-25 Software Configuration Guide—Release 15.0(2)SG OL-23818-01 Chapter 51 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Status This exampl e show s how to clear any e xisting configu ration.

Pagina 1218

51-26 Software Configuration Guide—Rele ase 15.0(2)SG OL-23818-01 Chapter 51 Config uring SPAN and RSPAN Displaying SPAN and RSPAN Status.

Pagina 1219