You'll be entered into a quarterly drawing for free Cisco Press books by returning this survey! Cisco is dedicated to customer satisfaction and would like to hear your thoughts on these printed manuals. Please visit the Cisco Product Comments on-line survey at www.cisco.com/go/crc to submit your comments about accessing Cisco technical manuals. Thank you for your time.
General Information 1
Years of networking experience:
2
I have these network types:
Years of experience with Cisco products: LAN
Backbone
Switches
Routers
WAN
Other: 3
I have these Cisco products: Other (specify models):
4
I perform these types of tasks: Network management
5
I use these types of documentation: Command reference
H/W installation and/or maintenance
S/W configuration
Other: H/W installation
H/W configuration
S/W configuration
Quick reference
Release notes
Online help
% Cisco.com
% CD-ROM
% Printed manuals
Cisco.com
CD-ROM
Printed manuals
Other: 6
I access this information through:
7
I prefer this access method:
8
I use the following three product features the most:
% Other: Other:
Document Information Document Title:
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide
Part Number:
OL-3999-08
S/W Release (if applicable): 12.2(18)SXF5
On a scale of 1–5 (5 being the best), please let us know how we rate in the following areas: The document is complete.
The information is accurate.
The information is well organized.
The information I wanted was easy to find.
The document is written at my technical level of understanding.
The information I found was useful to my job.
Please comment on our lowest scores:
Mailing Information Organization
Date
Contact Name Mailing Address City
State/Province
Zip/Postal Code
Country
Phone (
)
Extension
E-mail
Fax
)
May we contact you further concerning our documentation?
( Yes
No
You can also send us your comments by e-mail to
[email protected], or by fax to 408-527-8089. When mailing this card from outside of the United States, please enclose in an envelope addressed to the location on the back of this card with the required postage or fax to 1-408-527-8089.
FIRST-CLASS MAIL
PERMIT NO. 4631
SAN JOSE CA
BUSINESS REPLY MAIL POSTAGE WILL BE PAID BY ADDRESSEE
DOCUMENT RESOURCE CONNECTION CISCO SYSTEMS INC 170 WEST TASMAN DR SAN JOSE CA 95134-9916
NO POSTAGE NECESSARY IF MAILED IN THE UNITED STATES
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide Release 12.2SX
Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100
Text Part Number: OL-3999-08
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCVP, the Cisco Logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0704R)
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX © 2001–2006, Cisco Systems, Inc. All rights reserved.
CONTENTS Preface
xxxi
Audience
xxxi
Organization
xxxi
Related Documentation Conventions
xxxiv
xxxv
Obtaining Documentation xxxvi Cisco.com xxxvi Product Documentation DVD xxxvi Ordering Documentation xxxvi Documentation Feedback
xxxvii
Cisco Product Security Overview xxxvii Reporting Security Problems in Cisco Products Product Alerts and Field Notices
xxxviii
Obtaining Technical Assistance xxxviii Cisco Support Website xxxviii Submitting a Service Request xxxix Definitions of Service Request Severity
xxxix
Obtaining Additional Publications and Information Product Overview
xl
1-1
Supported Hardware and Software User Interfaces
xxxvii
1-1
1-1
Configuring Embedded CiscoView Support 1-2 Understanding Embedded CiscoView 1-2 Installing and Configuring Embedded CiscoView 1-2 Displaying Embedded CiscoView Information 1-3 Software Features Supported in Hardware by the PFC and DFC Command-Line Interfaces
1-3
2-1
Accessing the CLI 2-1 Accessing the CLI through the EIA/TIA-232 Console Interface
2-2
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
i
Contents
Accessing the CLI through Telnet
2-2
Performing Command Line Processing
2-3
Performing History Substitution Cisco IOS Command Modes
2-3 2-4
Displaying a List of Cisco IOS Commands and Syntax ROM-Monitor Command-Line Interface
2-6
Configuring the Switch for the First Time Default Configuration
2-5
3-1
3-1
Configuring the Switch 3-2 Using the Setup Facility or the setup Command 3-2 Using Configuration Mode 3-10 Checking the Running Configuration Before Saving 3-10 Saving the Running Configuration Settings 3-11 Reviewing the Configuration 3-11 Configuring a Default Gateway 3-11 Configuring a Static Route 3-12 Configuring a BOOTP Server 3-13 Protecting Access to Privileged EXEC Commands 3-15 Setting or Changing a Static Enable Password 3-15 Using the enable password and enable secret Commands 3-15 Setting or Changing a Line Password 3-16 Setting TACACS+ Password Protection for Privileged EXEC Mode Encrypting Passwords 3-17 Configuring Multiple Privilege Levels 3-17 Recovering a Lost Enable Password
3-16
3-19
Modifying the Supervisor Engine Startup Configuration 3-20 Understanding the Supervisor Engine Boot Configuration 3-20 Configuring the Software Configuration Register 3-21 Specifying the Startup System Image 3-24 Understanding Flash Memory 3-24 CONFIG_FILE Environment Variable 3-25 Controlling Environment Variables 3-26
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
ii
Contents
Configuring a Supervisor Engine 720
4-1
Using the Bootflash or Bootdisk on a Supervisor Engine 720 Using the Slots on a Supervisor Engine 720 Configuring Supervisor Engine 720 Ports
4-1
4-1 4-2
Configuring and Monitoring the Switch Fabric Functionality 4-2 Understanding How the Switch Fabric Functionality Works 4-2 Configuring the Switch Fabric Functionality 4-4 Monitoring the Switch Fabric Functionality 4-4 Configuring a Supervisor Engine 32
5-1
Flash Memory on a Supervisor Engine 32 Supervisor Engine 32 Ports
5-1
5-2
Configuring the Supervisor Engine 2 and the Switch Fabric Module Using the Slots on a Supervisor Engine 2
6-1
6-1
Understanding How the Switch Fabric Module Works 6-1 Switch Fabric Module Overview 6-2 Switch Fabric Module Slots 6-2 Switch Fabric Redundancy 6-2 Forwarding Decisions for Layer 3-Switched Traffic 6-2 Switching Modes 6-3 Configuring the Switch Fabric Module 6-3 Configuring the Switching Mode 6-4 Configuring Fabric-Required Mode 6-4 Configuring an LCD Message 6-5 Monitoring the Switch Fabric Module 6-5 Displaying the Module Information 6-6 Displaying the Switch Fabric Module Redundancy Status Displaying Fabric Channel Switching Modes 6-6 Displaying the Fabric Status 6-7 Displaying the Fabric Utilization 6-7 Displaying Fabric Errors 6-7 Configuring NSF with SSO Supervisor Engine Redundancy
6-6
7-1
Understanding NSF with SSO Supervisor Engine Redundancy 7-1 NSF with SSO Supervisor Engine Redundancy Overview 7-2 SSO Operation 7-2 NSF Operation 7-3
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
iii
Contents
Cisco Express Forwarding 7-3 Multicast MLS NSF with SSO 7-4 Routing Protocols 7-4 NSF Benefits and Restrictions 7-8 Supervisor Engine Configuration Synchronization 7-9 Supervisor Engine Redundancy Guidelines and Restrictions 7-9 Redundancy Configuration Guidelines and Restrictions 7-9 Hardware Configuration Guidelines and Restrictions 7-10 Configuration Mode Restrictions 7-10 NSF Configuration Tasks 7-11 Configuring SSO 7-11 Configuring Multicast MLS NSF with SSO 7-12 Verifying Multicast NSF with SSO 7-12 Configuring CEF NSF 7-13 Verifying CEF NSF 7-13 Configuring BGP NSF 7-13 Verifying BGP NSF 7-14 Configuring OSPF NSF 7-14 Verifying OSPF NSF 7-15 Configuring IS-IS NSF 7-16 Verifying IS-IS NSF 7-16 Configuring EIGRP NSF 7-18 Verifying EIGRP NSF 7-18 Synchronizing the Supervisor Engine Configurations Copying Files to the Redundant Supervisor Engine
7-19
7-19
Configuring SRM with SSO Supervisor Engine Redundancy Understanding SRM with SSO 8-1 Supervisor Engine Redundancy Overview 8-2 SRM with SSO Operation 8-2 Supervisor Engine 720 Configuration Synchronization
8-4
Supervisor Engine 720 Redundancy Guidelines and Restrictions Redundancy Guidelines and Restrictions 8-5 Hardware Configuration Guidelines and Restrictions 8-5 Configuration Mode Restrictions 8-6 Configuring Supervisor Engine 720 Redundancy
8-1
8-4
8-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
iv
Contents
Configuring SRM with SSO Redundancy 8-6 Configuring the SRM with SSO Route Convergence Interval Synchronizing the Supervisor Engine Configurations 8-8 Displaying the Redundancy States 8-8 Copying Files to the Redundant Supervisor Engine
8-7
8-8
Configuring RPR and RPR+ Supervisor Engine Redundancy Understanding RPR and RPR+ 9-1 Supervisor Engine Redundancy Overview 9-2 RPR Operation 9-2 RPR+ Operation 9-3 Supervisor Engine Configuration Synchronization
9-1
9-4
Supervisor Engine Redundancy Guidelines and Restrictions 9-4 Redundancy Guidelines and Restrictions 9-5 RPR+ Guidelines and Restrictions 9-5 Hardware Configuration Guidelines and Restrictions 9-6 Configuration Mode Restrictions 9-6 Configuring Supervisor Engine Redundancy 9-7 Configuring Redundancy 9-7 Synchronizing the Supervisor Engine Configurations Displaying the Redundancy States 9-8 Performing a Fast Software Upgrade Copying Files to an MSFC Configuring Interfaces
9-8
9-8
9-10
10-1
Understanding Interface Configuration Using the Interface Command
10-1
10-2
Configuring a Range of Interfaces
10-4
Defining and Using Interface-Range Macros
10-5
Configuring Optional Interface Features 10-6 Configuring Ethernet Interface Speed and Duplex Mode Configuring Jumbo Frame Support 10-10 Configuring IEEE 802.3x Flow Control 10-13 Configuring the Port Debounce Timer 10-14 Adding a Description for an Interface 10-15 Understanding Online Insertion and Removal Monitoring and Maintaining Interfaces
10-7
10-16
10-16
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
v
Contents
Monitoring Interface Status 10-17 Clearing Counters on an Interface 10-17 Resetting an Interface 10-18 Shutting Down and Restarting an Interface Checking the Cable Status Using the TDR
10-18
10-19
Configuring LAN Ports for Layer 2 Switching
11-1
Understanding How Layer 2 Switching Works 11-1 Understanding Layer 2 Ethernet Switching 11-1 Understanding VLAN Trunks 11-2 Layer 2 LAN Port Modes 11-4 Default Layer 2 LAN Interface Configuration
11-5
Layer 2 LAN Interface Configuration Guidelines and Restrictions
11-5
Configuring LAN Interfaces for Layer 2 Switching 11-6 Configuring a LAN Port for Layer 2 Switching 11-7 Configuring a Layer 2 Switching Port as a Trunk 11-7 Configuring a LAN Interface as a Layer 2 Access Port 11-14 Configuring a Custom IEEE 802.1Q EtherType Field Value 11-15 Configuring Flex Links
12-1
Understanding Flex Links
12-1
Configuring Flex Links 12-2 Flex Links Default Configuration 12-2 Flex Links Configuration Guidelines and Restrictions Configuring Flex Links 12-3 Monitoring Flex Links
12-2
12-3
Configuring EtherChannels
13-1
Understanding How EtherChannels Work 13-1 EtherChannel Feature Overview 13-1 Understanding How EtherChannels Are Configured Understanding Port Channel Interfaces 13-4 Understanding Load Balancing 13-5
13-2
EtherChannel Feature Configuration Guidelines and Restrictions
13-5
Configuring EtherChannels 13-6 Configuring Port Channel Logical Interfaces for Layer 3 EtherChannels Configuring Channel Groups 13-8 Configuring the LACP System Priority and System ID 13-10
13-7
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
vi
Contents
Configuring EtherChannel Load Balancing 13-11 Configuring the EtherChannel Min-Links Feature 13-12 Configuring VTP
14-1
Understanding How VTP Works 14-1 Understanding the VTP Domain 14-2 Understanding VTP Modes 14-2 Understanding VTP Advertisements 14-3 Understanding VTP Version 2 14-3 Understanding VTP Pruning 14-3 VTP Default Configuration
14-5
VTP Configuration Guidelines and Restrictions Configuring VTP 14-6 Configuring VTP Global Parameters Configuring the VTP Mode 14-8 Displaying VTP Statistics 14-10 Configuring VLANs
14-5
14-6
15-1
Understanding How VLANs Work 15-1 VLAN Overview 15-1 VLAN Ranges 15-2 Configurable VLAN Parameters 15-3 Understanding Token Ring VLANs 15-3 VLAN Default Configuration
15-6
VLAN Configuration Guidelines and Restrictions
15-8
Configuring VLANs 15-9 VLAN Configuration Options 15-9 Creating or Modifying an Ethernet VLAN 15-10 Assigning a Layer 2 LAN Interface to a VLAN 15-12 Configuring the Internal VLAN Allocation Policy 15-12 Configuring VLAN Translation 15-13 Mapping 802.1Q VLANs to ISL VLANs 15-16 Configuring Private VLANs
16-1
Understanding How Private VLANs Work 16-1 Private VLAN Domains 16-2 Private VLAN Ports 16-3 Primary, Isolated, and Community VLANs 16-3
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
vii
Contents
Private VLAN Port Isolation 16-4 IP Addressing Scheme with Private VLANs 16-4 Private VLANs Across Multiple Switches 16-5 Private VLAN Interaction with Other Features 16-5 Private VLAN Configuration Guidelines and Restrictions Secondary and Primary VLAN Configuration 16-7 Private VLAN Port Configuration 16-9 Limitations with Other Features 16-9
16-6
Configuring Private VLANs 16-11 Configuring a VLAN as a Private VLAN 16-11 Associating Secondary VLANs with a Primary VLAN 16-12 Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN Configuring a Layer 2 Interface as a Private VLAN Host Port 16-14 Configuring a Layer 2 Interface as a Private VLAN Promiscuous Port 16-15 Monitoring Private VLANs
16-13
16-17
Configuring Cisco IP Phone Support
17-1
Understanding Cisco IP Phone Support 17-1 Cisco IP Phone Connections 17-1 Cisco IP Phone Voice Traffic 17-2 Cisco IP Phone Data Traffic 17-3 Cisco IP Phone Power Configurations 17-3 Default Cisco IP Phone Support Configuration
17-4
Cisco IP Phone Support Configuration Guidelines and Restrictions
17-4
Configuring Cisco IP Phone Support 17-5 Configuring Voice Traffic Support 17-5 Configuring Data Traffic Support 17-7 Configuring Inline Power Support 17-8 Configuring IEEE 802.1Q Tunneling
18-1
Understanding How 802.1Q Tunneling Works
18-1
802.1Q Tunneling Configuration Guidelines and Restrictions Configuring 802.1Q Tunneling 18-6 Configuring 802.1Q Tunnel Ports 18-6 Configuring the Switch to Tag Native VLAN Traffic
18-3
18-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
viii
Contents
Configuring Layer 2 Protocol Tunneling
19-1
Understanding How Layer 2 Protocol Tunneling Works Configuring Support for Layer 2 Protocol Tunneling Configuring Standard-Compliant IEEE MST
19-1
19-2
20-1
Understanding MST 20-1 MST Overview 20-2 MST Regions 20-2 IST, CIST, and CST 20-3 Hop Count 20-6 Boundary Ports 20-6 Standard-Compliant MST Implementation 20-7 Interoperability with IEEE 802.1D-1998 STP 20-9 Understanding RSTP 20-9 Port Roles and the Active Topology 20-10 Rapid Convergence 20-11 Synchronization of Port Roles 20-12 Bridge Protocol Data Unit Format and Processing Topology Changes 20-15
20-13
Configuring MST 20-15 Default MST Configuration 20-16 MST Configuration Guidelines and Restrictions 20-16 Specifying the MST Region Configuration and Enabling MST Configuring the Root Bridge 20-19 Configuring a Secondary Root Bridge 20-20 Configuring Port Priority 20-21 Configuring Path Cost 20-22 Configuring the Switch Priority 20-23 Configuring the Hello Time 20-24 Configuring the Forwarding-Delay Time 20-25 Configuring the Transmit Hold Count 20-25 Configuring the Maximum-Aging Time 20-26 Configuring the Maximum-Hop Count 20-26 Specifying the Link Type to Ensure Rapid Transitions 20-26 Designating the Neighbor Type 20-27 Restarting the Protocol Migration Process 20-28
20-17
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
ix
Contents
Displaying the MST Configuration and Status
20-28
Configuring STP and Prestandard IEEE 802.1s MST
21-1
Understanding How STP Works 21-1 STP Overview 21-2 Understanding the Bridge ID 21-2 Understanding Bridge Protocol Data Units 21-4 Election of the Root Bridge 21-4 STP Protocol Timers 21-5 Creating the Spanning Tree Topology 21-5 STP Port States 21-6 STP and IEEE 802.1Q Trunks 21-12 Understanding How IEEE 802.1w RSTP Works IEEE 802.1w RSTP Overview 21-13 RSTP Port Roles 21-13 RSTP Port States 21-14 Rapid-PVST 21-14
21-13
Understanding How Prestandard IEEE 802.1s MST Works IEEE 802.1s MST Overview 21-15 MST-to-PVST Interoperability 21-16 Common Spanning Tree 21-17 MST Instances 21-18 MST Configuration Parameters 21-18 MST Regions 21-18 Message Age and Hop Count 21-20 Default STP Configuration
21-14
21-20
STP and MST Configuration Guidelines and Restrictions
21-21
Configuring STP 21-21 Enabling STP 21-22 Enabling the Extended System ID 21-23 Configuring the Root Bridge 21-24 Configuring a Secondary Root Bridge 21-25 Configuring STP Port Priority 21-26 Configuring STP Port Cost 21-28 Configuring the Bridge Priority of a VLAN 21-29 Configuring the Hello Time 21-31 Configuring the Forward-Delay Time for a VLAN 21-31 Configuring the Maximum Aging Time for a VLAN 21-32
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
x
Contents
Enabling Rapid-PVST
21-32
Configuring Prestandard IEEE 802.1s MST 21-33 Enabling MST 21-33 Displaying MST Configurations 21-35 Configuring MST Instance Parameters 21-38 Configuring MST Instance Port Parameters 21-39 Restarting Protocol Migration 21-39 Configuring Optional STP Features
22-1
Understanding How PortFast Works
22-2
Understanding How BPDU Guard Works
22-2
Understanding How PortFast BPDU Filtering Works Understanding How UplinkFast Works
22-3
Understanding How BackboneFast Works
22-4
Understanding How EtherChannel Guard Works Understanding How Root Guard Works
22-6
Understanding How Loop Guard Works
22-6
Enabling PortFast
22-2
22-6
22-8
Enabling PortFast BPDU Filtering Enabling BPDU Guard Enabling UplinkFast
22-10
22-11 22-12
Enabling BackboneFast
22-13
Enabling EtherChannel Guard Enabling Root Guard
22-14
Enabling Loop Guard
22-15
Configuring Layer 3 Interfaces
22-14
23-1
Layer 3 Interface Configuration Guidelines and Restrictions Configuring Subinterfaces on Layer 3 Interfaces Configuring IPv4 Routing and Addresses
23-2
23-4
Configuring IPX Routing and Network Numbers
23-7
Configuring AppleTalk Routing, Cable Ranges, and Zones Configuring Other Protocols on Layer 3 Interfaces Configuring UDE and UDLR
23-1
23-8
23-9
24-1
Understanding UDE and UDLR
24-1
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xi
Contents
UDE and UDLR Overview 24-1 Supported Hardware 24-2 Understanding UDE 24-2 Understanding UDLR 24-3 Configuring UDE and UDLR 24-3 Configuring UDE 24-3 Configuring UDLR 24-6 Configuring PFC3BXL and PFC3B Mode Multiprotocol Label Switching PFC3BXL and PFC3B Mode MPLS Label Switching 25-1 Understanding MPLS 25-2 Understanding PFC3BXL and PFC3B Mode MPLS Label Switching Supported Hardware Features 25-4 Supported Cisco IOS Features 25-5 MPLS Guidelines and Restrictions 25-7 PFC3BXL and PFC3B Mode MPLS Supported Commands 25-7 Configuring MPLS 25-7 MPLS Per-Label Load Balancing 25-7 MPLS Configuration Examples 25-8 PFC3BXL or PFC3B Mode VPN Switching 25-9 PFC3BXL or PFC3B Mode VPN Switching Operation 25-10 MPLS VPN Guidelines and Restrictions 25-11 PFC3BXL or PFC3B Mode MPLS VPN Supported Commands Configuring MPLS VPN 25-11 MPLS VPN Sample Configuration 25-12 Any Transport over MPLS 25-13 AToM Load Balancing 25-14 Understanding EoMPLS 25-14 EoMPLS Guidelines and Restrictions Configuring EoMPLS 25-16 Configuring IPv4 Multicast VPN Support
25-1
25-2
25-11
25-14
26-1
Understanding How MVPN Works 26-1 MVPN Overview 26-1 Multicast Routing and Forwarding and Multicast Domains Multicast Distribution Trees 26-2 Multicast Tunnel Interfaces 26-5 PE Router Routing Table Support for MVPN 26-6
26-2
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xii
Contents
Multicast Distributed Switching Support 26-6 Hardware-Assisted IPv4 Multicast 26-6 MVPN Configuration Guidelines and Restrictions
26-7
Configuring MVPN 26-8 Forcing Ingress Multicast Replication Mode (Optional) 26-8 Configuring a Multicast VPN Routing and Forwarding Instance Configuring Multicast VRF Routing 26-15 Configuring Interfaces for Multicast Routing to Support MVPN
26-9
26-20
Sample Configurations for MVPN 26-22 MVPN Configuration with Default MDTs Only 26-22 MVPN Configuration with Default and Data MDTs 26-24 Configuring IP Unicast Layer 3 Switching
27-1
Understanding How Layer 3 Switching Works 27-1 Understanding Hardware Layer 3 Switching 27-2 Understanding Layer 3-Switched Packet Rewrite 27-2 Default Hardware Layer 3 Switching Configuration Configuration Guidelines and Restrictions Configuring Hardware Layer 3 Switching
27-4
27-4 27-4
Displaying Hardware Layer 3 Switching Statistics
27-5
Configuring IPv6 Multicast PFC3 and DFC3 Layer 3 Switching Features that Support IPv6 Multicast
28-1
28-1
IPv6 Multicast Guidelines and Restrictions New or Changed IPv6 Multicast Commands Configuring IPv6 Multicast Layer 3 Switching
28-2 28-3 28-3
Using show Commands to Verify IPv6 Multicast Layer 3 Switching 28-3 Verifying MFIB Clients 28-4 Displaying the Switching Capability 28-4 Verifying the (S,G) Forwarding Capability 28-4 Verifying the (*,G) Forwarding Capability 28-5 Verifying the Subnet Entry Support Status 28-5 Verifying the Current Replication Mode 28-5 Displaying the Replication Mode Auto Detection Status 28-5 Displaying the Replication Mode Capabilities 28-5 Displaying Subnet Entries 28-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xiii
Contents
Displaying the IPv6 Multicast Summary 28-6 Displaying the NetFlow Hardware Forwarding Count 28-6 Displaying the FIB Hardware Bridging and Drop Counts 28-7 Displaying the Shared and Well-Known Hardware Adjacency Counters Configuring IPv4 Multicast Layer 3 Switching
28-7
29-1
Understanding How IPv4 Multicast Layer 3 Switching Works IPv4 Multicast Layer 3 Switching Overview 29-2 Multicast Layer 3 Switching Cache 29-2 Layer 3-Switched Multicast Packet Rewrite 29-3 Partially and Completely Switched Flows 29-3 Non-RPF Traffic Processing 29-5 Multicast Boundary 29-6 Understanding How IPv4 Bidirectional PIM Works
29-1
29-7
Default IPv4 Multicast Layer 3 Switching Configuration
29-7
IPv4 Multicast Layer 3 Switching Configuration Guidelines and Restrictions Restrictions 29-8 Unsupported Features 29-8
29-8
Configuring IPv4 Multicast Layer 3 Switching 29-9 Source-Specific Multicast with IGMPv3, IGMP v3lite, and URD 29-9 Enabling IPv4 Multicast Routing Globally 29-9 Enabling IPv4 PIM on Layer 3 Interfaces 29-10 Enabling IP Multicast Layer 3 Switching Globally 29-11 Enabling IP Multicast Layer 3 Switching on Layer 3 Interfaces 29-11 Configuring the Replication Mode 29-11 Enabling Local Egress Replication 29-13 Configuring the Layer 3 Switching Global Threshold 29-14 Enabling Installation of Directly Connected Subnets 29-15 Specifying the Flow Statistics Message Interval 29-15 Enabling Shortcut-Consistency Checking 29-15 Configuring ACL-Based Filtering of RPF Failures 29-16 Displaying RPF Failure Rate-Limiting Information 29-16 Configuring Multicast Boundary 29-17 Displaying IPv4 Multicast Layer 3 Hardware Switching Summary 29-17 Displaying the IPv4 Multicast Routing Table 29-20 Displaying IPv4 Multicast Layer 3 Switching Statistics 29-21 Configuring IPv4 Bidirectional PIM 29-22 Enabling IPv4 Bidirectional PIM Globally
29-22
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xiv
OL-3999-08
Contents
Configuring the Rendezvous Point for IPv4 Bidirectional PIM Groups Setting the IPv4 Bidirectional PIM Scan Interval 29-23 Displaying IPv4 Bidirectional PIM Information 29-24 Using IPv4 Debug Commands 29-26 Clearing IPv4 Multicast Layer 3 Switching Statistics 29-26 Configuring MLDv2 Snooping for IPv6 Multicast Traffic
29-23
30-1
Understanding How MLDv2 Snooping Works 30-1 MLDv2 Snooping Overview 30-2 MLDv2 Messages 30-2 Source-Based Filtering 30-3 Explicit Host Tracking 30-3 MLDv2 Snooping Proxy Reporting 30-3 Joining an IPv6 Multicast Group 30-4 Leaving a Multicast Group 30-6 Understanding the MLDv2 Snooping Querier 30-7 Default MLDv2 Snooping Configuration
30-7
MLDv2 Snooping Configuration Guidelines and Restrictions
30-7
MLDv2 Snooping Querier Configuration Guidelines and Restrictions Enabling the MLDv2 Snooping Querier
30-8
30-8
Configuring MLDv2 Snooping 30-9 Enabling MLDv2 Snooping 30-9 Configuring a Static Connection to a Multicast Receiver Configuring a Multicast Router Port Statically 30-11 Configuring the MLD Snooping Query Interval 30-11 Enabling Fast-Leave Processing 30-12 Enabling SSM Safe Reporting 30-12 Configuring Explicit Host Tracking 30-13 Configuring Report Suppression 30-13 Displaying MLDv2 Snooping Information 30-14 Configuring IGMP Snooping for IPv4 Multicast Traffic
30-10
31-1
Understanding How IGMP Snooping Works 31-1 IGMP Snooping Overview 31-2 Joining a Multicast Group 31-2 Leaving a Multicast Group 31-4 Understanding the IGMP Snooping Querier 31-5
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xv
Contents
Understanding IGMP Version 3 Support Default IGMP Snooping Configuration
31-5
31-7
IGMP Snooping Configuration Guidelines and Restrictions
31-8
IGMP Snooping Querier Configuration Guidelines and Restrictions Enabling the IGMP Snooping Querier
31-8
31-9
Configuring IGMP Snooping 31-9 Enabling IGMP Snooping 31-10 Configuring a Static Connection to a Multicast Receiver 31-11 Configuring a Multicast Router Port Statically 31-11 Configuring the IGMP Snooping Query Interval 31-11 Enabling IGMP Fast-Leave Processing 31-12 Configuring Source Specific Multicast (SSM) Mapping 31-12 Enabling SSM Safe Reporting 31-13 Configuring IGMPv3 Explicit Host Tracking 31-13 Displaying IGMP Snooping Information 31-14 Configuring PIM Snooping
32-1
Understanding How PIM Snooping Works Default PIM Snooping Configuration
32-1
32-4
PIM Snooping Configuration Guidelines and Restrictions Configuring PIM Snooping 32-4 Enabling PIM Snooping Globally 32-5 Enabling PIM Snooping in a VLAN 32-5 Disabling PIM Snooping Designated-Router Flooding Configuring RGMP
32-4
32-6
33-1
Understanding How RGMP Works Default RGMP Configuration
33-1
33-2
RGMP Configuration Guidelines and Restrictions Enabling RGMP on Layer 3 Interfaces Configuring Network Security
33-3
34-1
Configuring MAC Address-Based Traffic Blocking Configuring TCP Intercept
33-2
34-1
34-2
Configuring Unicast Reverse Path Forwarding Check 34-2 Understanding PFC3 Unicast RPF Check Support 34-2 Understanding PFC2 Unicast RPF Check Support 34-3
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xvi
OL-3999-08
Contents
Unicast RPF Check Guidelines and Restrictions Configuring Unicast RPF Check 34-3 Understanding Cisco IOS ACL Support
34-3
35-1
Cisco IOS ACL Configuration Guidelines and Restrictions Hardware and Software ACL Support
35-1
35-2
Configuring IPv6 Address Compression
35-3
Optimized ACL Logging with a PFC3 35-4 Understanding OAL 35-4 OAL Guidelines and Restrictions 35-4 Configuring OAL 35-5 Guidelines and Restrictions for Using Layer 4 Operators in ACLs Determining Layer 4 Operation Usage 35-7 Determining Logical Operation Unit Usage 35-7 Configuring VLAN ACLs
35-6
36-1
Understanding VACLs 36-1 VACL Overview 36-2 Bridged Packets 36-2 Routed Packets 36-3 Multicast Packets 36-4 Configuring VACLs 36-4 VACL Configuration Overview 36-5 Defining a VLAN Access Map 36-5 Configuring a Match Clause in a VLAN Access Map Sequence 36-6 Configuring an Action Clause in a VLAN Access Map Sequence 36-7 Applying a VLAN Access Map 36-8 Verifying VLAN Access Map Configuration 36-8 VLAN Access Map Configuration and Verification Examples 36-9 Configuring a Capture Port 36-9 Configuring VACL Logging
36-11
Configuring Denial of Service Protection
37-1
Understanding How DoS Protection Works DoS Protection with a PFC2 37-2 DoS Protection with a PFC3 37-10 DoS Protection Default Configuration
37-2
37-21
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xvii
Contents
DoS Protection Configuration Guidelines and Restrictions PFC2 37-22 PFC3 37-23 Monitoring Packet Drop Statistics 37-24 Displaying Rate-Limiter Information 37-26 Understanding How Control Plane Policing Works CoPP Default Configuration 37-29
Monitoring CoPP
37-30
37-27
37-28
CoPP Configuration Guidelines and Restrictions Configuring CoPP
37-28
Defining Traffic Classification 37-31 Traffic Classification Overview 37-31 Traffic Classification Guidelines 37-33 Sample Basic ACLs for CoPP Traffic Classification Configuring Sticky ARP
37-22
37-33
37-34
Configuring DHCP Snooping
38-1
Understanding DHCP Snooping 38-1 Overview of DHCP Snooping 38-2 Trusted and Untrusted Sources 38-2 DHCP Snooping Binding Database 38-2 Packet Validation 38-3 DHCP Snooping Option-82 Data Insertion 38-3 Overview of the DHCP Snooping Database Agent Default Configuration for DHCP Snooping
38-5
38-6
DHCP Snooping Configuration Restrictions and Guidelines DHCP Snooping Configuration Restrictions 38-7 DHCP Snooping Configuration Guidelines 38-7 Minimum DHCP Snooping Configuration 38-8
38-7
Configuring DHCP Snooping 38-9 Enabling DHCP Snooping Globally 38-9 Enabling DHCP Option-82 Data Insertion 38-10 Enabling the DHCP Option-82 on Untrusted Port Feature 38-10 Enabling DHCP Snooping MAC Address Verification 38-11 Enabling DHCP Snooping on VLANs 38-12 Configuring the DHCP Trust State on Layer 2 LAN Interfaces 38-13 Configuring DHCP Snooping Rate Limiting on Layer 2 LAN Interfaces
38-14
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xviii
OL-3999-08
Contents
Configuring the DHCP Snooping Database Agent 38-14 Configuration Examples for the Database Agent 38-15 Displaying a Binding Table 38-18 Configuring Dynamic ARP Inspection
39-1
Understanding DAI 39-1 Understanding ARP 39-1 Understanding ARP Spoofing Attacks 39-2 Understanding DAI and ARP Spoofing Attacks 39-2 Interface Trust States and Network Security 39-3 Rate Limiting of ARP Packets 39-4 Relative Priority of ARP ACLs and DHCP Snooping Entries Logging of Dropped Packets 39-4 Default DAI Configuration
39-4
39-5
DAI Configuration Guidelines and Restrictions
39-5
Configuring DAI 39-6 Enabling DAI on VLANs 39-7 Configuring the DAI Interface Trust State 39-7 Applying ARP ACLs for DAI Filtering 39-8 Configuring ARP Packet Rate Limiting 39-9 Enabling DAI Error-Disabled Recovery 39-10 Enabling Additional Validation 39-11 Configuring DAI Logging 39-12 Displaying DAI Information 39-15 DAI Configuration Samples 39-16 Sample One: Two Switches Support DAI 39-16 Sample Two: One Switch Supports DAI 39-20 Configuring Traffic Storm Control
40-1
Understanding Traffic Storm Control
40-1
Default Traffic Storm Control Configuration Configuration Guidelines and Restrictions Enabling Traffic Storm Control
Understanding UUFB Configuring UUFB
40-3
40-3
Displaying Traffic Storm Control Settings Unknown Unicast Flood Blocking
40-2
40-5
41-1
41-1 41-1
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xix
Contents
Configuring PFC QoS
42-1
Understanding How PFC QoS Works 42-2 Port Types Supported by PFC QoS 42-2 Overview 42-2 Component Overview 42-6 Understanding Classification and Marking 42-16 Policers 42-19 Understanding Port-Based Queue Types 42-22 PFC QoS Default Configuration 42-28 PFC QoS Global Settings 42-29 Default Values With PFC QoS Enabled 42-30 Default Values With PFC QoS Disabled 42-49 PFC QoS Configuration Guidelines and Restrictions 42-49 General Guidelines 42-50 PFC3 Guidelines 42-51 PFC2 Guidelines 42-52 Class Map Command Restrictions 42-53 Policy Map Command Restrictions 42-53 Policy Map Class Command Restrictions 42-53 Supported Granularity for CIR and PIR Rate Values 42-53 Supported Granularity for CIR and PIR Token Bucket Sizes 42-54 IP Precedence and DSCP Values 42-55 Configuring PFC QoS 42-55 Enabling PFC QoS Globally 42-56 Enabling Ignore Port Trust 42-57 Configuring DSCP Transparency 42-58 Enabling Queueing-Only Mode 42-58 Enabling Microflow Policing of Bridged Traffic 42-59 Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports 42-60 Enabling Egress ACL Support for Remarked DSCP 42-61 Creating Named Aggregate Policers 42-61 Configuring a PFC QoS Policy 42-64 Configuring Egress DSCP Mutation on a PFC3 42-82 Configuring Ingress CoS Mutation on IEEE 802.1Q Tunnel Ports 42-83 Configuring DSCP Value Maps 42-86 Configuring the Trust State of Ethernet LAN and OSM Ports 42-90 Configuring the Ingress LAN Port CoS Value 42-91 Configuring Standard-Queue Drop Threshold Percentages 42-92
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xx
OL-3999-08
Contents
Mapping QoS Labels to Queues and Drop Thresholds 42-98 Allocating Bandwidth Between Standard Transmit Queues 42-108 Setting the Receive-Queue Size Ratio 42-110 Configuring the Transmit-Queue Size Ratio 42-111 Common QoS Scenarios 42-112 Sample Network Design Overview 42-112 Classifying Traffic from PCs and IP Phones in the Access Layer 42-113 Accepting the Traffic Priority Value on Interswitch Links 42-116 Prioritizing Traffic on Interswitch Links 42-117 Using Policers to Limit the Amount of Traffic from a PC 42-120 PFC QoS Glossary
42-122
Configuring PFC3BXL or PFC3B Mode MPLS QoS Terminology
43-1
43-2
PFC3BXL or PFC3B Mode MPLS QoS Features MPLS Experimental Field 43-3 Trust 43-3 Classification 43-3 Policing and Marking 43-4 Preserving IP ToS 43-4 EXP Mutation 43-4 MPLS DiffServ Tunneling Modes 43-4
43-3
PFC3BXL or PFC3B Mode MPLS QoS Overview 43-4 Specifying the QoS in the IP Precedence Field 43-5 PFC3BXL or PFC3B Mode MPLS QoS 43-5 LERs at the Input Edge of an MPLS Network 43-6 LSRs in the Core of an MPLS Network 43-7 LERs at the Output Edge of an MPLS Network 43-7 Understanding PFC3BXL or PFC3B Mode MPLS QoS LERs at the EoMPLS Edge 43-8 LERs at the IP Edge (MPLS, MPLS VPN) 43-9 LSRs at the MPLS Core 43-13
43-8
PFC3BXL or PFC3B MPLS QoS Default Configuration
43-15
MPLS QoS Commands
43-16
PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines Configuring PFC3BXL or PFC3B Mode MPLS QoS
43-17
43-18
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxi
Contents
Enabling QoS Globally 43-18 Enabling Queueing-Only Mode 43-19 Configuring a Class Map to Classify MPLS Packets 43-20 Configuring the MPLS Packet Trust State on Ingress Ports 43-22 Configuring a Policy Map 43-23 Displaying a Policy Map 43-28 Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation Configuring EXP Value Maps 43-30 MPLS DiffServ Tunneling Modes 43-31 Short Pipe Mode 43-32 Uniform Mode 43-33 MPLS DiffServ Tunneling Restrictions and Usage Guidelines Configuring Short Pipe Mode 43-35 Ingress PE Router—Customer Facing Interface 43-36 Configuring Ingress PE Router—P Facing Interface 43-37 Configuring the P Router—Output Interface 43-38 Configuring the Egress PE Router—Customer Facing Interface
43-29
43-35
43-39
Configuring Uniform Mode 43-40 Configuring the Ingress PE Router—Customer Facing Interface 43-40 Configuring the Ingress PE Router—P Facing Interface 43-41 Configuring the Egress PE Router—Customer Facing Interface 43-42 Configuring PFC QoS Statistics Data Export
44-1
Understanding PFC QoS Statistics Data Export
44-1
PFC QoS Statistics Data Export Default Configuration Configuring PFC QoS Statistics Data Export
44-2
Configuring the Cisco IOS Firewall Feature Set Cisco IOS Firewall Feature Set Support Overview Cisco IOS Firewall Guidelines and Restrictions Additional CBAC Configuration
44-2
45-1 45-1 45-2
45-3
Configuring Network Admission Control
46-1
Understanding NAC 46-1 NAC Overview 46-1 NAC Device Roles 46-2 AAA Down Policy 46-3
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxii
OL-3999-08
Contents
NAC Layer 2 IP Validation
46-4
Configuring NAC 46-11 Default NAC Configuration 46-11 NAC Layer 2 IP Guidelines, Limitations, and Restrictions Configuring NAC Layer 2 IP Validation 46-13 Configuring EAPoUDP 46-16 Configuring Identity Profiles and Policies 46-17 Configuring a NAC AAA Down Policy 46-17
46-11
Monitoring and Maintaining NAC 46-21 Clearing Table Entries 46-21 Displaying NAC Information 46-21 Configuring IEEE 802.1X Port-Based Authentication
47-1
Understanding 802.1X Port-Based Authentication 47-1 Device Roles 47-2 Authentication Initiation and Message Exchange 47-3 Ports in Authorized and Unauthorized States 47-4 Supported Topologies 47-4 Default 802.1X Port-Based Authentication Configuration
47-5
802.1X Port-Based Authentication Guidelines and Restrictions
47-6
Configuring 802.1X Port-Based Authentication 47-7 Enabling 802.1X Port-Based Authentication 47-7 Configuring Switch-to-RADIUS-Server Communication 47-8 Enabling Periodic Reauthentication 47-10 Manually Reauthenticating the Client Connected to a Port 47-11 Initializing Authentication for the Client Connected to a Port 47-11 Changing the Quiet Period 47-11 Changing the Switch-to-Client Retransmission Time 47-12 Setting the Switch-to-Client Retransmission Time for EAP-Request Frames 47-13 Setting the Switch-to-Authentication-Server Retransmission Time for Layer 4 Packets Setting the Switch-to-Client Frame Retransmission Number 47-14 Enabling Multiple Hosts 47-14 Resetting the 802.1X Configuration to the Default Values 47-15 Displaying 802.1X Status Configuring Port Security
47-13
47-15 48-1
Understanding Port Security 48-1 Port Security with Dynamically Learned and Static MAC Addresses
48-1
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxiii
Contents
Port Security with Sticky MAC Addresses Default Port Security Configuration
48-2
48-3
Port Security Guidelines and Restrictions
48-3
Configuring Port Security 48-4 Enabling Port Security 48-4 Configuring the Port Security Violation Mode on a Port 48-6 Configuring the Port Security Rate Limiter 48-7 Configuring the Maximum Number of Secure MAC Addresses on a Port Enabling Port Security with Sticky MAC Addresses on a Port 48-9 Configuring a Static Secure MAC Address on a Port 48-10 Configuring Secure MAC Address Aging on a Port 48-11 Displaying Port Security Settings Configuring CDP
48-8
48-12
49-1
Understanding How CDP Works
49-1
Configuring CDP 49-1 Enabling CDP Globally 49-2 Displaying the CDP Global Configuration 49-2 Enabling CDP on a Port 49-2 Displaying the CDP Interface Configuration 49-3 Monitoring and Maintaining CDP 49-3 Configuring UDLD
50-1
Understanding How UDLD Works 50-1 UDLD Overview 50-1 UDLD Aggressive Mode 50-2 Default UDLD Configuration
50-3
Configuring UDLD 50-3 Enabling UDLD Globally 50-3 Enabling UDLD on Individual LAN Interfaces 50-4 Disabling UDLD on Fiber-Optic LAN Interfaces 50-4 Configuring the UDLD Probe Message Interval 50-5 Resetting Disabled LAN Interfaces 50-5 Configuring NetFlow
51-1
Understanding NetFlow 51-1 NetFlow Overview 51-1
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxiv
OL-3999-08
Contents
NetFlow on the MSFC 51-2 NetFlow on the PFC 51-3 Default NetFlow Configuration
51-5
NetFlow Configuration Guidelines and Restrictions
51-5
Configuring NetFlow 51-6 Configuring NetFlow on the PFC 51-6 Configuring NetFlow on the MSFC 51-10 Configuring NDE
52-1
Understanding NDE 52-1 NDE Overview 52-1 NDE on the MSFC 52-2 NDE on the PFC 52-2 Default NDE Configuration
52-8
NDE Configuration Guidelines and Restrictions
52-8
Configuring NDE 52-9 Configuring NDE on the PFC 52-9 Configuring NDE on the MSFC 52-11 Enabling NDE for Ingress-Bridged IP Traffic 52-13 Displaying the NDE Address and Port Configuration Configuring NDE Flow Filters 52-15 Displaying the NDE Configuration 52-16 Configuring Local SPAN, RSPAN, and ERSPAN
52-14
53-1
Understanding How Local SPAN, RSPAN, and ERSPAN Work 53-1 Local SPAN, RSPAN, and ERSPAN Overview 53-2 Local SPAN, RSPAN, and ERSPAN Sources 53-5 Local SPAN, RSPAN, and ERSPAN Destination Ports 53-6 Local SPAN, RSPAN, and ERSPAN Configuration Guidelines and Restrictions Feature Incompatiblities 53-6 Local SPAN, RSPAN, and ERSPAN Session Limits 53-7 Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions 53-9 VSPAN Guidelines and Restrictions 53-10 RSPAN Guidelines and Restrictions 53-10 ERSPAN Guidelines and Restrictions 53-11 Configuring Local SPAN, RSPAN, and ERSPAN 53-12 Configuring Destination Port Permit Lists (Optional)
53-6
53-13
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxv
Contents
Configuring Local SPAN 53-14 Configuring RSPAN 53-15 Configuring ERSPAN 53-18 Configuring Source VLAN Filtering for Local SPAN and RSPAN 53-23 Configuring a Destination Port as an Unconditional Trunk 53-23 Configuring Destination Trunk Port VLAN Filtering 53-24 Verifying the Configuration 53-25 Configuration Examples 53-26 Configuring SNMP IfIndex Persistence Understanding SNMP IfIndex Persistence
54-1 54-1
Configuring SNMP IfIndex Persistence 54-2 Enabling SNMP IfIndex Persistence Globally 54-2 Disabling SNMP IfIndex Persistence Globally 54-2 Enabling and Disabling SNMP IfIndex Persistence on Specific Interfaces 54-2 Clearing SNMP IfIndex Persistence Configuration from a Specific Interface 54-3 Power Management and Environmental Monitoring
55-1
Understanding How Power Management Works 55-1 Enabling or Disabling Power Redundancy 55-2 Powering Modules Off and On 55-3 Viewing System Power Status 55-4 Power Cycling Modules 55-5 Determining System Power Requirements 55-5 Determining System Hardware Capacity 55-5 Determining Sensor Temperature Threshold 55-9 Understanding How Environmental Monitoring Works 55-10 Monitoring System Environmental Status 55-10 Understanding LED Environmental Indications 55-12 Configuring Online Diagnostics
56-1
Understanding How Online Diagnostics Work
56-1
Configuring Online Diagnostics 56-2 Setting Bootup Online Diagnostics Level 56-2 Configuring On-Demand Online Diagnostics 56-2 Scheduling Online Diagnostics 56-4 Configuring Health-Monitoring Diagnostics 56-5 Running Online Diagnostic Tests 56-5 Starting and Stopping Online Diagnostic Tests
56-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxvi
OL-3999-08
Contents
Displaying Online Diagnostic Tests and Test Results Performing Memory Tests Diagnostic Sanity Check
56-10 56-10
Configuring Web Cache Services Using WCCP Understanding WCCP 57-2 WCCP Overview 57-2 Hardware Acceleration 57-3 Understanding WCCPv1 Configuration Understanding WCCPv2 Configuration WCCPv2 Features 57-6 Restrictions for WCCPv2
56-7
57-1
57-4 57-5
57-7
Configuring WCCP 57-8 Specifying a Version of WCCP 57-8 Configuring a Service Group Using WCCPv2 57-8 Excluding Traffic on a Specific Interface from Redirection 57-10 Registering a Router to a Multicast Address 57-10 Using Access Lists for a WCCP Service Group 57-11 Setting a Password for a Router and Cache Engines 57-11 Verifying and Monitoring WCCP Configuration Settings
57-12
WCCP Configuration Examples 57-12 Changing the Version of WCCP on a Router Example 57-13 Performing a General WCCPv2 Configuration Example 57-13 Running a Web Cache Service Example 57-13 Running a Reverse Proxy Service Example 57-14 Registering a Router to a Multicast Address Example 57-14 Using Access Lists Example 57-14 Setting a Password for a Router and Cache Engines Example 57-15 Verifying WCCP Settings Example 57-15 Using the Top N Utility
58-1
Understanding the Top N Utility 58-1 Top N Utility Overview 58-1 Understanding Top N Utility Operation
58-2
Using the Top N Utility 58-2 Enabling Top N Utility Report Creation
58-3
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxvii
Contents
Displaying the Top N Utility Reports 58-3 Clearing Top N Utility Reports 58-4 Using the Layer 2 Traceroute Utility
59-1
Understanding the Layer 2 Traceroute Utility Usage Guidelines
59-1
Using the Layer 2 Traceroute Utility
APPENDIX
A
59-1
Online Diagnostic Tests
59-2
A-1
Global Health-Monitoring Tests TestSPRPInbandPing A-2 TestScratchRegister A-3 TestMacNotification A-3
A-2
Per-Port Tests A-4 TestNonDisruptiveLoopback A-4 TestLoopback A-5 TestActiveToStandbyLoopback A-5 TestTransceiverIntegrity A-6 TestNetflowInlineRewrite A-6 PFC Layer 2 Forwarding Engine Tests TestNewIndexLearn A-7 TestDontConditionalLearn A-7 TestBadBpduTrap A-8 TestMatchCapture A-8 TestStaticEntry A-9
A-7
DFC Layer 2 Forwarding Engine Tests A-9 TestDontLearn A-9 TestNewLearn A-10 TestIndexLearn A-10 TestConditionalLearn A-11 TestTrap A-11 TestBadBpdu A-12 TestProtocolMatchChannel A-13 TestCapture A-13 TestStaticEntry A-14 PFC Layer 3 Forwarding Engine Tests TestFibDevices A-14 TestIPv4FibShortcut A-15 TestIPv6FibShortcut A-15
A-14
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxviii
OL-3999-08
Contents
TestMPLSFibShortcut A-16 TestNATFibShortcut A-16 TestL3Capture2 A-17 TestAclPermit A-17 TestAclDeny A-18 TestNetflowShortcut A-18 TestQoS A-19 DFC Layer 3 Forwarding Engine Tests TestFibDevices A-19 TestIPv4FibShortcut A-20 TestIPv6FibShortcut A-20 TestMPLSFibShortcut A-21 TestNATFibShortcut A-21 TestL3Capture2 A-22 TestAclPermit A-22 TestAclDeny A-23 TestQoS A-23 TestNetflowShortcut A-24
A-19
Replication Engine Tests A-24 TestL3VlanMet A-24 TestIngressSpan A-25 TestEgressSpan A-25 Fabric Tests A-26 TestFabricSnakeForward A-26 TestFabricSnakeBackward A-27 TestSynchedFabChannel A-27 TestFabricCh0Health A-28 TestFabricCh1Health A-28 Exhaustive Memory Tests A-28 TestFibTcamSSRAM A-29 TestAsicMemory A-29 TestAclQosTcam A-30 TestNetflowTcam A-30 TestQoSTcam A-30 IPSEC Services Modules Tests A-32 TestIPSecClearPkt A-32 TestHapiEchoPkt A-32 TestIPSecEncryptDecryptPkt A-33 Stress Tests
A-33
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxix
Contents
TestTrafficStress A-33 TestEobcStressPing A-34 Critical Recovery Tests A-34 TestL3HealthMonitoring A-34 TestTxPathMonitoring A-35 TestSynchedFabChannel A-35 General Tests A-36 ScheduleSwitchover A-36 TestFirmwareDiagStatus A-36
APPENDIX
B
Acronyms
B-1
INDEX
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxx
OL-3999-08
Preface This preface describes who should read the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX, how it is organized, and its document conventions.
Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6500 series switches.
Organization This guide is organized as follows: Chapter
Title
Description
Chapter 1
Product Overview
Presents an overview of the Catalyst 6500 series switches.
Chapter 2
Command-Line Interfaces
Describes how to use the command-line interface (CLI).
Chapter 3
Configuring the Switch for the First Time
Describes how to perform a baseline configuration.
Chapter 4
Configuring a Supervisor Engine 720
Describes how to configure a Supervisor Engine 720.
Chapter 5
Configuring a Supervisor Engine 32
Describes how to configure a Supervisor Engine 32.
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module
Describes how to configure a Supervisor Engine 2 and the Switch Fabric Module.
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
Describes how to configure NSF with SSO supervisor engine redundancy.
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy
Describes how to configure SRM with SSO supervisor engine redundancy.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxxi
Preface Organization
Chapter
Title
Description
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy
Describes how to configure RPR and RPR+ supervisor engine redundancy.
Chapter 10
Configuring Interfaces
Describes how to configure non-layer-specific features on LAN interfaces.
Chapter 11
Configuring LAN Ports for Layer Describes how to configure LAN interfaces to 2 Switching support Layer 2 features, including VLAN trunks.
Chapter 12
Configuring Flex Links
Describes how to configure Flex Links.
Chapter 13
Configuring EtherChannels
Describes how to configure Layer 2 and Layer 3 EtherChannel port bundles.
Chapter 14
Configuring VTP
Describes how to configure the VLAN Trunking Protocol (VTP).
Chapter 15
Configuring VLANs
Describes how to configure VLANs.
Chapter 16
Configuring Private VLANs
Describes how to configure private VLANs.
Chapter 17
Configuring Cisco IP Phone Support
Describes how to configure Cisco IP Phone support.
Chapter 18
Configuring IEEE 802.1Q Tunneling
Describes how to configure IEEE 802.1Q tunneling.
Chapter 19
Configuring Layer 2 Protocol Tunneling
Describes how to configure Layer 2 protocol tunneling.
Chapter 20
Configuring Standard-Compliant IEEE MST
Describes how to configure standard-compliant IEEE MST.
Chapter 21
Configuring STP and Prestandard Describes how to configure the Spanning Tree IEEE 802.1s MST Protocol (STP) and Prestandard IEEE 802.1s Multiple Spanning Tree (MST).
Chapter 22
Configuring Optional STP Features
Describes how to configure the STP PortFast, UplinkFast, and BackboneFast features.
Chapter 23
Configuring Layer 3 Interfaces
Describes how to configure LAN interfaces to support Layer 3 features.
Chapter 24
Configuring UDE and UDLR
Describes how to configure unidirectional Ethernet (UDE) and unidirectional link routing (UDLR).
Chapter 25
Configuring PFC3BXL and Describes how to configure PFC3BXL or PFC3B PFC3B Mode Multiprotocol Label Multiprotocol Label Switching (MPLS). Switching
Chapter 26
Configuring IPv4 Multicast VPN Support
Describes how to configure IPv4 Multicast Virtual Private Network (MVPN).
Chapter 27
Configuring IP Unicast Layer 3 Switching
Describes how to configure IP unicast Layer 3 switching.
Chapter 28
Configuring IPv6 Multicast PFC3 Describes how to configure IPv6 Multicast and DFC3 Layer 3 Switching Multilayer Switching (MMLS).
Chapter 29
Configuring IPv4 Multicast Layer 3 Switching
Chapter 30
Configuring MLDv2 Snooping for Describes how to configure Multicast Listener IPv6 Multicast Traffic Discovery version 2 (MLDv2) snooping.
Describes how to configure IPv4 Multicast Multilayer Switching (MMLS).
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxxii
OL-3999-08
Preface Organization
Chapter
Title
Description
Chapter 31
Configuring IGMP Snooping for IPv4 Multicast Traffic
Describes how to configure Internet Group Management Protocol (IGMP) snooping.
Chapter 32
Configuring PIM Snooping
Describes how to configure protocol independent multicast (PIM) snooping.
Chapter 33
Configuring RGMP
Describes how to configure Router-Port Group Management Protocol (RGMP).
Chapter 34
Configuring Network Security
Describes how to configure network security features that are unique to the Catalyst 6500 series switches.
Chapter 35
Understanding Cisco IOS ACL Support
Describes how Catalyst 6500 series switches support Cisco IOS ACLs.
Chapter 36
Configuring VLAN ACLs
Describes how to configure VLAN ACLs.
Chapter 37
Configuring Denial of Service Protection
Describes how to configure denial of service protection.
Chapter 38
Configuring DHCP Snooping
Describes how to configure DHCP snooping.
Chapter 39
Configuring Dynamic ARP Inspection
Describes how to configure dynamic ARP inspection.
Chapter 40
Configuring Traffic Storm Control Describes how to configure traffic storm control.
Chapter 41
Unknown Unicast Flood Blocking Describes how to configure unknown unicast flood blocking.
Chapter 42
Configuring PFC QoS
Chapter 43
Configuring PFC3BXL or PFC3B Describes how to configure MPLS QoS. Mode MPLS QoS
Chapter 44
Configuring PFC QoS Statistics Data Export
Describes how to configure PFC QoS statistics data export.
Chapter 45
Configuring the Cisco IOS Firewall Feature Set
Describes how to configure the Cisco IOS Firewall feature set.
Chapter 46
Configuring Network Admission Control
Describes how to configure Network Admission Control.
Chapter 47
Configuring IEEE 802.1X Port-Based Authentication
Describes how to configure IEEE 802.1X port-based authentication.
Chapter 48
Configuring Port Security
Describes how to configure port security.
Chapter 49
Configuring CDP
Describes how to configure Cisco Discovery Protocol (CDP).
Chapter 50
Configuring UDLD
Describes how to configure the UniDirectional Link Detection (UDLD) protocol.
Chapter 51
Configuring NetFlow
Describes how to configure the NetFlow table
Chapter 52
Configuring NDE
Describes how to configure Netflow Data Export (NDE).
Chapter 53
Configuring Local SPAN, RSPAN, and ERSPAN
Describes how to configure the Switch Port Analyzer (SPAN).
Describes how to configure quality of service (QoS).
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxxiii
Preface Related Documentation
Chapter
Title
Description
Chapter 54
Configuring SNMP IfIndex Persistence
Describes how to configure SNMP ifIndex persistence.
Chapter 55
Power Management and Environmental Monitoring
Describes how to configure power management and environmental monitoring features.
Chapter 56
Configuring Online Diagnostics
Describes how to configure online diagnostics and run diagnostic tests.
Chapter 57
Configuring Web Cache Services Using WCCP
Describes how to configure the Web Cache Communication Protocol (WCCP).
Chapter 58
Using the Top N Utility
Describes how to use the Top N utility.
Chapter 59
Using the Layer 2 Traceroute Utility
Describes how to use the Layer 2 traceroute utility.
Appendix A Online Diagnostic Tests
Provides recommendations for how to use the online diagnostic tests.
Appendix B Acronyms
Defines the acronyms used in this publication.
Related Documentation The following publications are available for the Catalyst 6500 series switches: •
Catalyst 6500 Series Switch Installation Guide
•
Catalyst 6500 Series Switch Module Installation Guide
•
Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX
•
Catalyst 6500 Series Switch Cisco IOS System Message Guide, Release 12.2SX
•
Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2
•
Cisco IOS Configuration Guides and Command References—Use these publications to help you configure Cisco IOS software features not described in the Catalyst 6500 series switch publications: – Configuration Fundamentals Configuration Guide – Configuration Fundamentals Command Reference – Bridging and IBM Networking Configuration Guide – Bridging and IBM Networking Command Reference – Interface Configuration Guide – Interface Command Reference – Network Protocols Configuration Guide, Part 1, 2, and 3 – Network Protocols Command Reference, Part 1, 2, and 3 – Security Configuration Guide – Security Command Reference – Switching Services Configuration Guide – Switching Services Command Reference – Voice, Video, and Home Applications Configuration Guide
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxxiv
OL-3999-08
Preface Conventions
– Voice, Video, and Home Applications Command Reference – Software Command Summary – Software System Error Messages – Debug Command Reference – Internetwork Design Guide – Internetwork Troubleshooting Guide – Configuration Builder Getting Started Guide
The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/index.htm •
For information about MIBs, go to this URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Conventions This document uses the following conventions: Convention
Description
boldface font
Commands, command options, and keywords are in boldface.
italic font
Arguments for which you supply values are in italics.
[ ]
Elements in square brackets are optional.
{x|y|z}
Alternative keywords are grouped in braces and separated by vertical bars.
[x|y|z]
Optional alternative keywords are grouped in brackets and separated by vertical bars.
string
A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.
screen
font
Terminal sessions and information the system displays are in screen font.
boldface screen
Information you must enter is in boldface screen font.
font italic screen
font
Arguments for which you supply values are in italic screen font. This pointer highlights an important line of text in an example.
^
The symbol ^ represents the key labeled Control—for example, the key combination ^D in a screen display means hold down the Control key while you press the D key.
< >
Nonprinting characters, such as passwords are in angle brackets.
Notes use the following conventions:
Note
Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxxv
Preface Obtaining Documentation
Cautions use the following conventions:
Caution
Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.
Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/techsupport You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL: http://www.cisco.com/univercd/home/home.htm The Product Documentation DVD is created and released regularly. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL: http://www.cisco.com/go/marketplace/docstore
Ordering Documentation You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL: http://www.cisco.com/go/marketplace/docstore If you do not have a user ID or password, you can register at this URL: http://tools.cisco.com/RPF/register/register.do
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxxvi
OL-3999-08
Preface Documentation Feedback
Documentation Feedback You can provide feedback about Cisco technical documentation on the Cisco Support site area by entering your comments in the feedback form available in every online document.
Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html From this site, you will find information about how to do the following: •
Report security vulnerabilities in Cisco products
•
Obtain assistance with security incidents that involve Cisco products
•
Register to receive security information from Cisco
A current list of security advisories, security notices, and security responses for Cisco products is available at this URL: http://www.cisco.com/go/psirt To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL: http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT: •
For emergencies only —
[email protected] An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•
For nonemergencies —
[email protected]
In an emergency, you can also reach PSIRT by telephone:
Tip
•
1 877 228-7302
•
1 408 525-6532
We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x. Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxxvii
Preface Product Alerts and Field Notices
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html The link on this page has the current PGP key ID in use. If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.
Product Alerts and Field Notices Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive these announcements by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information. To access the Product Alert Tool, you must be a registered Cisco.com user. Registered users can access the tool at this URL: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en To register as a Cisco.com user, go to this URL: http://tools.cisco.com/RPF/register/register.do
Obtaining Technical Assistance Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Support website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Support Website The Cisco Support website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL: http://www.cisco.com/en/US/support/index.html Access to all tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL: http://tools.cisco.com/RPF/register/register.do
Note
Before you submit a request for service online or by phone, use the Cisco Product Identification Tool to locate your product serial number. You can access this tool from the Cisco Support website by clicking the Get Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xxxviii
OL-3999-08
Preface Obtaining Technical Assistance
Tip
Displaying and Searching on Cisco.com
If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5. To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. After using the Search box on the Cisco.com home page, click the Advanced Search link next to the Search box on the resulting page and then click the Technical Support & Documentation radio button. To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.
Submitting a Service Request Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL: http://www.cisco.com/techsupport/servicerequest For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly. To open a service request by telephone, use one of the following numbers: Asia-Pacific: +61 2 8446 7411 Australia: 1 800 805 227 EMEA: +32 2 704 55 55 USA: 1 800 553 2447 For a complete list of Cisco TAC contacts, go to this URL: http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity To ensure that all service requests are reported in a standard format, Cisco has established severity definitions. Severity 1 (S1)—An existing network is “down” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation. Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation. Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xxxix
Preface Obtaining Additional Publications and Information
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. •
The Cisco Online Subscription Center is the website where you can sign up for a variety of Cisco e-mail newsletters and other communications. Create a profile and then select the subscriptions that you would like to receive. To visit the Cisco Online Subscription Center, go to this URL: http://www.cisco.com/offer/subscribe
•
The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL: http://www.cisco.com/go/guide
•
Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.com/go/marketplace/
•
Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL: http://www.ciscopress.com
•
Internet Protocol Journal is a quarterly journal published by Cisco for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/ipj
•
Networking products offered by Cisco, as well as customer support services, can be obtained at this URL: http://www.cisco.com/en/US/products/index.html
•
Networking Professionals Connection is an interactive website where networking professionals share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL: http://www.cisco.com/discuss/networking
•
“What’s New in Cisco Documentation” is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of “What’s New in Cisco Documentation” at this URL: http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm
•
World-class networking training is available from Cisco. You can view current offerings at this URL: http://www.cisco.com/en/US/learning/index.html
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xl
OL-3999-08
Preface Obtaining Additional Publications and Information
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
xli
Preface Obtaining Additional Publications and Information
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
xlii
OL-3999-08
C H A P T E R
1
Product Overview This chapter consists of these sections: •
Supported Hardware and Software, page 1-1
•
User Interfaces, page 1-1
•
Configuring Embedded CiscoView Support, page 1-2
•
Software Features Supported in Hardware by the PFC and DFC, page 1-3
Supported Hardware and Software For complete information about the chassis, modules, and software features supported by the Catalyst 6500 series switches, refer to the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htm
User Interfaces Release 12.2SX supports configuration using the following interfaces: •
CLI—See Chapter 2, “Command-Line Interfaces.”
•
SNMP—Refer to the Release 12.2 IOS Configuration Fundamentals Configuration Guide and Command Reference at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm
•
Cisco IOS web browser interface—Refer to “Using the Cisco Web Browser” in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htm
•
Embedded CiscoView—See the “Configuring Embedded CiscoView Support” section on page 1-2.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
1-1
Chapter 1
Product Overview
Configuring Embedded CiscoView Support
Configuring Embedded CiscoView Support These sections describe configuring Embedded CiscoView support: •
Understanding Embedded CiscoView, page 1-2
•
Installing and Configuring Embedded CiscoView, page 1-2
•
Displaying Embedded CiscoView Information, page 1-3
Understanding Embedded CiscoView The Embedded CiscoView network management system is a web-based interface that uses HTTP and SNMP to provide a graphical representation of the switch and to provide a GUI-based management and configuration interface. You can download the Java Archive (JAR) files for Embedded CiscoView at this URL: http://www.cisco.com/kobayashi/sw-center/netmgmt/ciscoview/embed-cview-planner.shtml
Installing and Configuring Embedded CiscoView To install and configure Embedded CiscoView, perform this task:
Step 1
Command
Purpose
Router# dir device_name
Displays the contents of the device. If you are installing Embedded CiscoView for the first time, or if the CiscoView directory is empty, skip to Step 4.
Step 2
Router# delete device_name:cv/*
Removes existing files from the CiscoView directory.
Step 3
Router# squeeze device_name:
Recovers the space in the file system.
Step 4
Router# archive tar /xtract tftp:// ip_address_of_tftp_server/ciscoview.tar device_name:cv
Extracts the CiscoView files from the tar file on the TFTP server to the CiscoView directory.
Step 5
Router# dir device_name:
Displays the contents of the device. In a redundant configuration, repeat Step 1 through Step 5 for the file system on the redundant supervisor engine.
Step 6
Router# configure terminal
Enters global configuration mode.
Step 7
Router(config)# ip http server
Enables the HTTP web server.
Step 8
Router(config)# snmp-server community string ro
Configures the SNMP password for read-only operation.
Step 9
Router(config)# snmp-server community string rw
Configures the SNMP password for read/write operation.
Note
The default password for accessing the switch web page is the enable-level password of the switch.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
1-2
OL-3999-08
Chapter 1
Product Overview Software Features Supported in Hardware by the PFC and DFC
For more information about web access to the switch, refer to “Using the Cisco Web Browser” in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt1/fcf005.htm
Displaying Embedded CiscoView Information To display the Embedded CiscoView information, enter the following EXEC commands: Command
Purpose
Router# show ciscoview package
Displays information about the Embedded CiscoView files.
Router# show ciscoview version
Displays the Embedded CiscoView version.
Software Features Supported in Hardware by the PFC and DFC These sections describe the hardware support provided by Policy Feature Card 3 (PFC3), Policy Feature Card 2 (PFC2), Distributed Forwarding Card 3 (DFC3) and Distributed Forwarding Card (DFC): •
Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFC, page 1-3
•
Software Features Supported in Hardware by the PFC3 and DFC3, page 1-4
Software Features Supported in Hardware by the PFC3, PFC2, DFC3, and DFC The PFC3, PFC2, DFC3, and DFC provide hardware support for these Cisco IOS software features: •
Access Control Lists (ACLs) for Layer 3 ports and VLAN interfaces – Permit and deny actions of input and output standard and extended ACLs
Note
Flows that require ACL logging are processed in software on the MSFC.
– Except on MPLS interfaces, reflexive ACL flows after the first packet in a session is processed
in software on the MSFC – Dynamic ACL flows
Note
Idle timeout is processed in software on the MSFC.
For more information about PFC and DFC support for ACLs, see Chapter 35, “Understanding Cisco IOS ACL Support.” For complete information about configuring ACLs, refer to the Cisco IOS Security Configuration Guide, Release 12.2, “Traffic Filtering and Firewalls,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/index.htm •
VLAN ACLs (VACLs)—To configure VACLs, see Chapter 36, “Configuring VLAN ACLs.”
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
1-3
Chapter 1
Product Overview
Software Features Supported in Hardware by the PFC and DFC
•
Policy-based routing (PBR) for route-map sequences that use the match ip address, set ip next-hop, and ip default next-hop PBR keywords. To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2, “Classification,” “Configuring Policy-Based Routing,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm
Note
If the MSFC3 address falls within the range of a PBR ACL, traffic addressed to the MSFC3 is policy routed in hardware instead of being forwarded to the MSFC3. To prevent policy routing of traffic addressed to the MSFC3, configure PBR ACLs to deny traffic addressed to the MSFC3.
•
Except on MPLS interfaces, TCP intercept—To configure TCP intercept, see the “Configuring TCP Intercept” section on page 34-2.
•
Firewall feature set images provide these features: – Context-Based Access Control (CBAC) —The PFC installs entries in the NetFlow table to
direct flows that require CBAC to the MSFC where the CBAC is applied in software on the MSFC. – Authentication Proxy—After authentication on the MSFC, the PFC provides TCAM support for
the authentication policy. – Port-to-Application Mapping (PAM)—PAM is done in software on the MSFC.
To configure firewall features, see Chapter 45, “Configuring the Cisco IOS Firewall Feature Set.” •
Hardware-assisted NetFlow Aggregation—Refer to this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/nde.htm#1081085
Software Features Supported in Hardware by the PFC3 and DFC3 The PFC3 and DFC3 provide hardware support for these Cisco IOS software features: •
Bidirectional Protocol Independent Multicast (PIM) in hardware—See “Understanding How IPv4 Bidirectional PIM Works” section on page 29-7.
•
Multiple-path Unicast Reverse Path Forwarding (RPF) Check—To configure Unicast RPF Check, see the “Configuring Unicast Reverse Path Forwarding Check” section on page 34-2.
•
Except on MPLS interfaces, Network Address Translation (NAT) for IPv4 unicast and multicast traffic. Note the following information about hardware-assisted NAT: – NAT of UDP traffic is supported only in PFC3BXL or PFC3B mode. – The PFC3 does not support NAT of multicast traffic. – The PFC3 does not support NAT configured with a route-map that specifies length. – When you configure NAT and NDE on an interface, the PFC3 sends all traffic in fragmented
packets to the MSFC3 to be processed in software. (CSCdz51590) To configure NAT, refer to the Cisco IOS IP Configuration Guide, Release 12.2, “IP Addressing and Services,” “Configuring IP Addressing,” “Configuring Network Address Translation,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfipadr. htm#1042290
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
1-4
OL-3999-08
Chapter 1
Product Overview Software Features Supported in Hardware by the PFC and DFC
To prevent a significant volume of NAT traffic from being sent to the MSFC3, due to either a DoS attack or a misconfiguration, enter the mls rate-limit unicast acl {ingress | egress} command described at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/m1.htm#56404 (CSCea23296) •
With Release 12.2(18)SXE and later releases, IPv4 Multicast over point-to-point generic route encapsulation (GRE) Tunnels—Refer to the publication at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htm Releases earlier than Release 12.2(18)SXE support IPv4 multicast over point-to-point GRE tunnels in software on the MSFC.
Note
The PFC3 does not provide hardware acceleration for tunnels configured with the tunnel key command. •
GRE Tunneling and IP in IP Tunneling—The PFC3 and DFC3s support the following tunnel commands: – tunnel destination – tunnel mode gre – tunnel mode ipip – tunnel source – tunnel ttl – tunnel tos
Other supported types of tunneling run in software on the MSFC3. The tunnel ttl command (default 255) sets the TTL of encapsulated packets. The tunnel tos command, if present, sets the ToS byte of a packet when it is encapsulated. If the tunnel tos command is not present and QoS is not enabled, the ToS byte of a packet sets the ToS byte of the packet when it is encapsulated. If the tunnel tos command is not present and QoS is enabled, the ToS byte of a packet as modified by PFC QoS sets the ToS byte of the packet when it is encapsulated. To configure GRE Tunneling and IP in IP Tunneling, refer to these publications: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/icflogin.htm http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_r/irfshoip.htm To configure the tunnel tos and tunnel ttl commands, refer to this publication: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17 /12s_tos.htm Note the following information about tunnels: – Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot
share a source even if the destinations are different. Use secondary addresses on loopback interfaces or create multiple loopback interfaces. (CSCdy72539) – Each tunnel interface uses one internal VLAN. – Each tunnel interface uses one additional router MAC address entry per router MAC address. – The PFC3A does not support any PFC QoS features on tunnel interfaces.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
1-5
Chapter 1
Product Overview
Software Features Supported in Hardware by the PFC and DFC
– The PFC3B and PFC3BXL support PFC QoS features on tunnel interfaces. – The MSFC3 supports tunnels configured with egress features on the tunnel interface. Examples
of egress features are output Cisco IOS ACLs, NAT (for inside to outside translation), TCP intercept, CBAC, and encryption.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
1-6
OL-3999-08
C H A P T E R
2
Command-Line Interfaces This chapter describes the command-line interfaces (CLIs) you use to configure the Catalyst 6500 series switches.
Note
For complete syntax and usage information for the commands used in this chapter, refer to these publications: •
The Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
The Release 12.2 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm
This chapter consists of these sections: •
Accessing the CLI, page 2-1
•
Performing Command Line Processing, page 2-3
•
Performing History Substitution, page 2-3
•
Cisco IOS Command Modes, page 2-4
•
Displaying a List of Cisco IOS Commands and Syntax, page 2-5
•
ROM-Monitor Command-Line Interface, page 2-6
Accessing the CLI These sections describe accessing the CLI: •
Accessing the CLI through the EIA/TIA-232 Console Interface, page 2-2
•
Accessing the CLI through Telnet, page 2-2
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
2-1
Chapter 2
Command-Line Interfaces
Accessing the CLI
Accessing the CLI through the EIA/TIA-232 Console Interface Note
EIA/TIA-232 was known as recommended standard 232 (RS-232) before its acceptance as a standard by the Electronic Industries Alliance (EIA) and Telecommunications Industry Association (TIA). Perform initial configuration over a connection to the EIA/TIA-232 console interface. Refer to the Catalyst 6500 Series Switch Module Installation Guide for console interface cable connection procedures. To make a console connection, perform this task:
Command
Purpose
Step 1
Press Return.
Brings up the prompt.
Step 2
Router> enable
Initiates enable mode enable.
Step 3
Password: password Router#
Completes enable mode enable.
Step 4
Router# quit
Exits the session when finished. After making a console connection, you see this display: Press Return for Console prompt Router> enable Password: Router#
Accessing the CLI through Telnet Note
Before you can make a Telnet connection to the switch, you must configure an IP address (see the “Configuring IPv4 Routing and Addresses” section on page 23-4). The switch supports up to eight simultaneous Telnet sessions. Telnet sessions disconnect automatically after remaining idle for the period specified with the exec-timeout command. To make a Telnet connection to the switch, perform this task:
Command
Purpose
Step 1
telnet {hostname | ip_addr}
Makes a Telnet connection from the remote host to the switch you want to access.
Step 2
Password: password
Initiates authentication.
Router#
Note
Step 3
Router> enable
Initiates enable mode enable.
Step 4
Password: password Router#
Completes enable mode enable.
Step 5
Router# quit
Exits the session when finished.
If no password has been configured, press Return.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
2-2
OL-3999-08
Chapter 2
Command-Line Interfaces Performing Command Line Processing
This example shows how to open a Telnet session to the switch: unix_host% telnet Router_1 Trying 172.20.52.40... Connected to 172.20.52.40. Escape character is '^]'. User Access Verification Password: Router_1> enable Password: Router_1#
Performing Command Line Processing Commands are not case sensitive. You can abbreviate commands and parameters if the abbreviations contain enough letters to be different from any other currently available commands or parameters. You can scroll through the last 20 commands stored in the history buffer, and enter or edit the command at the prompt. Table 2-1 lists the keyboard shortcuts for entering and editing commands. Table 2-1
Keyboard Shortcuts
Keystrokes
Purpose
Press Ctrl-B or press the left arrow key1
Moves the cursor back one character.
Press Ctrl-F or press the right arrow key1
Moves the cursor forward one character.
Press Ctrl-A
Moves the cursor to the beginning of the command line.
Press Ctrl-E
Moves the cursor to the end of the command line.
Press Esc B
Moves the cursor back one word.
Press Esc F
Moves the cursor forward one word.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Performing History Substitution The history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the history substitution commands.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
2-3
Chapter 2
Command-Line Interfaces
Cisco IOS Command Modes
Table 2-2
History Substitution Commands
Command Ctrl-P or the up arrow key.
Purpose 1
Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
Ctrl-N or the down arrow key.1
Returns to more recent commands in the history buffer after recalling commands with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively more recent commands.
Router# show history
While in EXEC mode, lists the last several commands you have just entered.
1. The arrow keys function only on ANSI-compatible terminals such as VT100s.
Cisco IOS Command Modes Note
For complete information about Cisco IOS command modes, refer to the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm
The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. To get a list of the commands in a given mode, type a question mark (?) at the system prompt. See the “Displaying a List of Cisco IOS Commands and Syntax” section on page 2-5. When you start a session on the switch, you begin in user mode, often called user EXEC mode. Only a limited subset of the commands are available in EXEC mode. To have access to all commands, you must enter privileged EXEC mode. Normally, you must type in a password to access privileged EXEC mode. From privileged EXEC mode, you can type in any EXEC command or access global configuration mode. The configuration modes allow you to make changes to the running configuration. If you later save the configuration, these commands are stored across reboots. You must start at global configuration mode. From global configuration mode, you can enter interface configuration mode, subinterface configuration mode, and a variety of protocol-specific modes.
Note
With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command. ROM-monitor mode is a separate mode used when the switch cannot boot properly. For example, the switch might enter ROM-monitor mode if it does not find a valid system image when it is booting, or if its configuration file is corrupted at startup. See the “ROM-Monitor Command-Line Interface” section on page 2-6. Table 2-3 lists and describes frequently used Cisco IOS modes.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
2-4
OL-3999-08
Chapter 2
Command-Line Interfaces Displaying a List of Cisco IOS Commands and Syntax
Table 2-3
Frequently Used Cisco IOS Command Modes
Mode
Description of Use
How to Access
User EXEC
Connect to remote devices, change Log in. terminal settings on a temporary basis, perform basic tests, and display system information.
Prompt Router>
Privileged EXEC (enable) Set operating parameters. The privileged command set includes the commands in user EXEC mode, as well as the configure command. Use this command to access the other command modes.
From the user EXEC mode, enter the enable command and the enable password.
Router#
Global configuration
Configure features that affect the system as a whole.
From the privileged EXEC mode, enter the configure terminal command.
Router(config)#
Interface configuration
Many features are enabled for a particular interface. Interface commands enable or modify the operation of an interface.
From global configuration mode, enter the interface type slot/port command.
Router(config-if)#
Console configuration
From the directly connected console or the virtual terminal used with Telnet, use this configuration mode to configure the console interface.
From global configuration mode, Router(config-line)# enter the line console 0 command.
The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t. When you type exit, the switch backs out one level. To exit configuration mode completely and return to privileged EXEC mode, press Ctrl-Z.
Displaying a List of Cisco IOS Commands and Syntax In any command mode, you can display a list of available commands by entering a question mark (?). Router> ?
To display a list of commands that begin with a particular character sequence, type in those characters followed by the question mark (?). Do not include a space. This form of help is called word help because it completes a word for you. Router# co? collect configure
connect
copy
To display keywords or arguments, enter a question mark in place of a keyword or argument. Include a space before the question mark. This form of help is called command syntax help because it reminds you which keywords or arguments are applicable based on the command, keywords, and arguments you have already entered.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
2-5
Chapter 2
Command-Line Interfaces
ROM-Monitor Command-Line Interface
For example: Router# configure ? memory network overwrite-network terminal
Configure Configure Overwrite Configure
from NV memory from a TFTP network host NV memory from TFTP network host from the terminal
To redisplay a command you previously entered, press the up arrow key or Ctrl-P. You can continue to press the up arrow key to see the last 20 commands you entered.
Tip
If you are having trouble entering a command, check the system prompt, and enter the question mark (?) for a list of available commands. You might be in the wrong command mode or using incorrect syntax. Enter exit to return to the previous mode. Press Ctrl-Z or enter the end command in any mode to immediately return to privileged EXEC mode.
ROM-Monitor Command-Line Interface The ROM-monitor is a ROM-based program that executes upon platform power-up, reset, or when a fatal exception occurs. The switch enters ROM-monitor mode if it does not find a valid software image, if the NVRAM configuration is corrupted, or if the configuration register is set to enter ROM-monitor mode. From the ROM-monitor mode, you can load a software image manually from Flash memory, from a network server file, or from bootflash. You can also enter ROM-monitor mode by restarting and pressing the Break key during the first 60 seconds of startup.
Note
The Break key is always enabled for 60 seconds after rebooting, regardless of whether the Break key is configured to be off by configuration register settings. To access the ROM-monitor mode through a terminal server, you can escape to the Telnet prompt and enter the send break command for your terminal emulation program to break into ROM-monitor mode. Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark (?) to see the available ROM-monitor commands. For more information about the ROM-monitor commands, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
2-6
OL-3999-08
C H A P T E R
3
Configuring the Switch for the First Time This chapter contains information about how to initially configure the Catalyst 6500 series switch, which supplements the administration information and procedures in these publications: •
Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm
•
Cisco IOS Configuration Fundamentals Configuration Command Reference, Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_r/index.htm
Note
For complete syntax and usage information for the commands used in this chapter, refer to these publications: •
The Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
The Release 12.2 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm
This chapter consists of these sections: •
Default Configuration, page 3-1
•
Configuring the Switch, page 3-2
•
Protecting Access to Privileged EXEC Commands, page 3-15
•
Recovering a Lost Enable Password, page 3-19
•
Modifying the Supervisor Engine Startup Configuration, page 3-20
Default Configuration Table 3-1 shows the default configuration.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-1
Chapter 3
Configuring the Switch for the First Time
Configuring the Switch
Table 3-1
Default Configuration
Feature
Default Value
Administrative connection
Normal mode
Global information
No value for the following: •
System name
•
System contact
•
Location
System clock
No value for system clock time
Passwords
No passwords configured for normal mode or enable mode (press the Return key)
Prompt
Router>
Configuring the Switch These sections describe how to configure the switch: •
Using the Setup Facility or the setup Command, page 3-2
•
Using Configuration Mode, page 3-10
•
Checking the Running Configuration Before Saving, page 3-10
•
Saving the Running Configuration Settings, page 3-11
•
Reviewing the Configuration, page 3-11
•
Configuring a Default Gateway, page 3-11
•
Configuring a Static Route, page 3-12
•
Configuring a BOOTP Server, page 3-13
Using the Setup Facility or the setup Command These sections describe the setup facility and the setup command: •
Setup Overview, page 3-2
•
Configuring the Global Parameters, page 3-3
•
Configuring Interfaces, page 3-8
Setup Overview At initial startup, the switch automatically defaults to the setup facility. (The setup command facility functions exactly the same as a completely unconfigured system functions when you first boot it up.) You can run the setup facility by entering the setup command at the enable prompt (#). When you enter the setup command, current system configuration defaults are displayed in square brackets [ ] as you move through the setup command process and are queried by the system to make changes.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-2
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Configuring the Switch
For example, you will see this display when you use the setup facility: Configuring interface FastEtherent3/1: Is this interface in use?: yes Configure IP on this interface?: yes
When you use the setup command, you see this display: Configuring interface FastEthernet4/1: Is this interface in use?[yes]: yes Configure IP on this interface?[yes]: yes
Configuring the Global Parameters When you first start the setup facility or enter the setup command, you are queried by the system to configure the global parameters, which are used for controlling system-wide settings. To boot the switch and enter the global parameters, follow these steps: Step 1
Connect a console terminal to the console interface on the supervisor engine, and then boot the system to the user EXEC prompt (Router>). The following display appears after you boot the Catalyst 6500 series switch (depending on your configuration, your display might not exactly match the example): System Bootstrap, Version 6.1(2) Copyright (c) 1994-2000 by cisco Systems, Inc. c6k_sup2 processor with 131072 Kbytes of main memory rommon 1 > boot disk0:c6sup22-jsv-mz.121-5c.EX.bin Self decompressing the image : ################################################# ################################################################################ ################################################################################ ################################################################################ ################################################################################ [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
Cisco Internetwork Operating System Software IOS (tm) c6sup2_sp Software (c6sup2_sp-SPV-M), Version 12.1(5c)EX, EARLY DEPLOYM ENT RELEASE SOFTWARE (fc1) Synced to mainline version: 12.1(5c) TAC:Home:Software:Ios General:CiscoIOSRoadmap:12.1 Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 28-Mar-01 18:36 by hqluong Image text-base: 0x30020980, data-base: 0x306B8000
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-3
Chapter 3
Configuring the Switch for the First Time
Configuring the Switch
Start as Primary processor 00:00:05: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging out put. 00:00:03: Currently running ROMMON from S (Gold) region 00:00:05: %OIR-6-CONSOLE: Changing console ownership to route processor
System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) Copyright (c) 2000 by cisco Systems, Inc. Cat6k-MSFC2 platform with 131072 Kbytes of main memory rommon 1 > boot Self decompressing the image : ################################################# ################################################################################ ## [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706
Cisco Internetwork Operating System Software IOS (tm) MSFC2 Software (C6MSFC2-BOOT-M), Version 12.1(3a)E4, EARLY DEPLOYMENT R ELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Sat 14-Oct-00 05:33 by eaarmas Image text-base: 0x30008980, data-base: 0x303B6000 cisco Cat6k-MSFC2 (R7000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04430J9K R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on X.25 software, Version 3.0.0. 509K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K).
Press RETURN to get started!
Note
The first two sections of the configuration script (the banner and the installed hardware) appear only at initial system startup. On subsequent uses of the setup command facility, the setup script begins with the following System Configuration Dialog.
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: y
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-4
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Configuring the Switch
At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity for management of the system, extended setup will ask you to configure each interface on the system
Note
Step 2
The examples in this section are intended as examples only. Your configuration might look differently depending on your system configuration.
Enter yes or press Return when asked if you want to enter the configuration dialog and if you want to see the current interface summary. Press Return to accept the default (yes): Would you like to enter the initial configuration dialog? [yes]: First, would you like to see the current interface summary? [yes]:
This example of a yes response (displayed during the setup facility) shows a switch at first-time startup; that is, nothing has been configured: Current interface summary Interface Vlan1
IP-Address unassigned
OK? Method Status Protocol YES TFTP administratively down down
GigabitEthernet1/1
unassigned
YES TFTP
administratively down down
GigabitEthernet1/2
unassigned
YES TFTP
administratively down down
GigabitEthernet3/1
unassigned
YES TFTP
administratively down down
GigabitEthernet3/2
unassigned
YES TFTP
administratively down down
GigabitEthernet3/3
unassigned
YES TFTP
administratively down down
GigabitEthernet3/4
unassigned
YES TFTP
administratively down down
GigabitEthernet3/5
unassigned
YES TFTP
administratively down down
GigabitEthernet3/6
unassigned
YES TFTP
administratively down down
GigabitEthernet3/7
unassigned
YES TFTP
administratively down down
GigabitEthernet3/8
unassigned
YES TFTP
administratively down down
(Additional displayed text omitted from this example.)
This example of a yes response (displayed during the setup command facility) shows a switch with some interfaces already configured: Current interface summary Interface Vlan1
IP-Address unassigned
OK? Method Status Protocol YES TFTP administratively down down
GigabitEthernet1/1
172.20.52.34
YES NVRAM
up
GigabitEthernet1/2
unassigned
YES TFTP
administratively down down
up
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-5
Chapter 3
Configuring the Switch for the First Time
Configuring the Switch
GigabitEthernet3/1
unassigned
YES TFTP
administratively down down
GigabitEthernet3/2
unassigned
YES TFTP
administratively down down
GigabitEthernet3/3
unassigned
YES TFTP
administratively down down
GigabitEthernet3/4
unassigned
YES TFTP
administratively down down
GigabitEthernet3/5
unassigned
YES TFTP
administratively down down
GigabitEthernet3/6
unassigned
YES TFTP
administratively down down
GigabitEthernet3/7
unassigned
YES TFTP
administratively down down
GigabitEthernet3/8
unassigned
YES TFTP
administratively down down
<...output truncated...>
Step 3
Choose which protocols to support on your interfaces. On IP installations only, you can accept the default values for most of the questions. A typical minimal configuration using IP follows and continues through Step 8: Configuring global parameters: Enter host name [Router]: Router
Step 4
Enter the enable secret password when the following is displayed (remember this password for future reference): The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: barney
Step 5
Enter the enable password when the following is displayed (remember this password for future reference): The enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images. Enter enable password: wilma
The commands available at the user EXEC level are a subset of those available at the privileged EXEC level. Because many privileged EXEC commands are used to set operating parameters, you should protect these commands with passwords to prevent unauthorized use. You must enter the correct password to gain access to privileged EXEC commands. When you are running from the boot ROM monitor, the enable password might be the correct one to use, depending on your boot ROM level. The enable and enable secret passwords need to be different for effective security. You can enter the same password for both enable and enable secret during the setup script, but you receive a warning message indicating that you should enter a different password.
Note
An enable secret password can contain from 1 to 25 uppercase and lowercase alphanumeric characters; an enable password can contain any number of uppercase and lowercase alphanumeric characters. In both cases, a number cannot be the first character. Spaces are also valid password characters; for example, “two words” is a valid password. Leading spaces are ignored; trailing spaces are recognized.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-6
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Configuring the Switch
Step 6
Enter the virtual terminal password when the following is displayed (remember this password for future reference): The virtual terminal password is used to protect access to the router over a network interface. Enter virtual terminal password: bambam
Step 7
In most cases you will use IP routing. If so, you must also select an interior routing protocol, for example, the Enhanced Interior Gateway Routing Protocol (EIGRP). Enter yes (the default) or press Return to configure IP, and then select EIGRP: Configure IP? [yes]: Configure EIGRP routing? [yes]: Your IGRP autonomous system number [1]: 301
Step 8
Enter yes or no to accept or refuse SNMP management: Configure SNMP Network Management? [yes]: Community string [public]:
For complete SNMP information and procedures, refer to these publications: •
Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, “Cisco IOS System Management,” “Configuring SNMP Support,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf014.htm
•
Cisco IOS Configuration Fundamentals Configuration Command Reference, Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_r/index.htm
To provide a review of what you have done, a display similar to the following appears and lists all of the configuration parameters you selected in Steps 3 through 8. These parameters and their defaults are shown in the order in which they appeared on your console terminal: The following configuration command script was created: hostname router enable secret 5 $1$S3Lx$uiTYg2UrFK1U0dgWdjvxw. enable password lab line vty 0 4 password lab no snmp-server ! ip routing eigrp 301 ! interface Vlan1 shutdown no ip address ! interface GigabitEthernet1/1 shutdown no ip address ! interface GigabitEthernet1/2 shutdown no ip address ! . <...output truncated...>
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-7
Chapter 3
Configuring the Switch for the First Time
Configuring the Switch
.! end
[0] Go to the IOS command prompt without saving this config. [1] Return back to the setup without saving this config. [2] Save this configuration to nvram and exit. Enter your selection [2]: 2 % You can enter the setup, by typing setup at IOS command prompt Router#
This completes the procedure on how to configure global parameters. The setup facility continues with the process to configure interfaces in the next section “Configuring Interfaces.”
Configuring Interfaces This section provides steps for configuring installed interfaces (using the setup facility or setup command facility) to allow communication over your external networks. To configure the interface parameters, you need your interface network addresses, subnet mask information, and which protocols you want to configure. (For additional interface configuration information on each of the modules available, refer to the individual configuration notes that shipped with your modules.)
Note
The examples in this section are intended as examples only. Your configuration might look differently depending on your system configuration. To configure interfaces, follow these steps:
Step 1
At the prompt for the Gigabit Ethernet interface configuration, enter the appropriate responses for your requirements, using your own address and subnet mask: Do you want to configure GigabitEthernet1/1 interface? [no]: yes Configure IP on this interface? [no]: yes IP address for this interface: 172.20.52.34 Subnet mask for this interface [255.255.0.0] : 255.255.255.224 Class B network is 172.20.0.0, 27 subnet bits; mask is /27
Step 2
At the prompt for all other interface types, enter the appropriate responses for your requirements: Do you want to configure FastEthernet5/1 interface? [no]: y Configure IP on this interface? [no]: y IP address for this interface: 172.20.52.98 Subnet mask for this interface [255.255.0.0] : 255.255.255.248 Class B network is 172.20.0.0, 29 subnet bits; mask is /29
Repeat this step for each interface you need to configure. Proceed to Step 3 to check and verify your configuration parameters. When you reach and respond to the configuration dialog for the last installed interface, your interface configuration is complete. Step 3
Check and verify the entire list of configuration parameters, which should display on your console terminal and end with the following query: Use this configuration? [yes/no]:
A no response returns you to the enable prompt (#). You will need to reenter the setup command to reenter your configuration. A yes response saves the running configuration to NVRAM as follows:
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-8
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Configuring the Switch
Use this configuration? [yes/no]: yes [OK] Use the enabled mode ‘configure’ command to modify this configuration. Press RETURN to get started!
After you press the Return key, this prompt appears: Router>
This completes the procedures for configuring global parameters and interface parameters in your system. Your interfaces are now available for limited use. If you want to modify the currently saved configuration parameters after the initial configuration, enter the setup command. To perform more complex configurations, enter configuration mode and use the configure command. Check the current state of the switch using the show version command, which displays the software version and the interfaces, as follows: Router# show version Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(5c)EX, EARLY DEPLOY) Synced to mainline version: 12.1(5c) TAC:Home:Software:Ios General:CiscoIOSRoadmap:12.1 Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 28-Mar-01 17:52 by hqluong Image text-base: 0x30008980, data-base: 0x315D0000 ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) BOOTFLASH: c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(5c)EX, EARLY DEPL) Router uptime is 2 hours, 33 minutes System returned to ROM by power-on (SP by power-on) Running default software cisco Catalyst 6000 (R7000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04430J9K R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 48 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2 Router#
For detailed interface configuration information, refer to the Cisco IOS Interface Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/index.htm
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-9
Chapter 3
Configuring the Switch for the First Time
Configuring the Switch
Using Configuration Mode If you prefer not to use the setup facility, you can configure the switch from configuration mode as follows: Step 1
Connect a console terminal to the console interface of your supervisor engine.
Step 2
When you are asked if you want to enter the initial dialog, answer no to enter the normal operating mode as follows: Would you like to enter the initial dialog? [yes]: no
Step 3
After a few seconds you will see the user EXEC prompt (Router>). Type enable to enter enable mode: Router> enable
Note
Configuration changes can only be made in enable mode.
The prompt will change to the privileged EXEC prompt (#) as follows: Router#
Step 4
At the prompt (#), enter the configure terminal command to enter configuration mode as follows: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#
At the prompt, enter the interface type slot/interface command to enter interface configuration mode as follows: Router(config)# interface fastethernet 5/1 Router(config-if)#
In either of these configuration modes, you can enter any changes to the configuration. Enter the end command to exit configuration mode. Step 5
Save your settings. (See the “Saving the Running Configuration Settings” section on page 3-11.)
Your switch is now minimally configured and can boot with the configuration you entered. To see a list of the configuration commands, enter ? at the prompt or press the help key in configuration mode.
Checking the Running Configuration Before Saving You can check the configuration settings you entered or changes you made by entering the show running-config command at the privileged EXEC prompt (#) as follows: Router# show running-config Building configuration... Current Current ! version service service
configuration: configuration : 3441 bytes 12.1 timestamps debug datetime localtime timestamps log datetime localtime
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-10
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Configuring the Switch
no service password-encryption ! hostname Router ! boot buffersize 522200 boot system flash disk0:c6sup22-jsv-mz.121-5c.EX.bin enable password lab ! redundancy main-cpu auto-sync standard ip subnet-zero no ip finger ! cns event-service server ! <...output truncated...> ! interface FastEthernet3/3 ip address 172.20.52.19 255.255.255.224 ! <...output truncated...> ! line con 0 exec-timeout 0 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad mop telnet rlogin udptn nasi ! end Router#
Saving the Running Configuration Settings To store the configuration or changes to your startup configuration in NVRAM, enter the copy running-config startup-config command at the privileged EXEC prompt (#) as follows: Router# copy running-config startup-config
This command saves the configuration settings that you created in configuration mode. If you fail to do this step, your configuration will be lost the next time you reload the system.
Reviewing the Configuration To display information stored in NVRAM, enter the show startup-config EXEC command. The display should be similar to the display from the show running-config EXEC command.
Configuring a Default Gateway Note
The switch uses the default gateway only when it is not configured to route.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-11
Chapter 3
Configuring the Switch for the First Time
Configuring the Switch
To send data to another subnet when the switch is not configured with a routing protocol, configure a default gateway. The default gateway must be the IP address of an interface on a router in the same subnet. To configure a default gateway, perform this task: Command
Purpose
Step 1
Router(config)# ip default-gateway A.B.C.D
Configures a default gateway.
Step 2
Router# show ip route
Verifies that the default gateway appears correctly in the IP routing table.
This example shows how to configure a default gateway and how to verify the configuration: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip default-gateway 172.20.52.35 Router(config)# end 3d17h: %SYS-5-CONFIG_I: Configured from console by console Router# show ip route Default gateway is 172.20.52.35 Host Gateway ICMP redirect cache is empty Router#
Last Use
Total Uses
Interface
Configuring a Static Route If your Telnet station or SNMP network management workstation is on a different network from your switch and a routing protocol has not been configured, you might need to add a static routing table entry for the network where your end station is located. To configure a static route, perform this task: Command
Purpose
Step 1
Router(config)# ip route dest_IP_address mask {forwarding_IP | vlan vlan_ID}
Configures a static route.
Step 2
Router# show running-config
Verifies the static route configuration.
This example shows how to use the ip route command to configure a static route to a workstation at IP address 171.10.5.10 on the switch with a subnet mask and IP address 172.20.3.35 of the forwarding router: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip route 171.10.5.10 255.255.255.255 172.20.3.35 Router(config)# end Router#
This example shows how to use the show running-config command to confirm the configuration of the previously configured static route: Router# show running-config Building configuration... . <...output truncated...>
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-12
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Configuring the Switch
. ip default-gateway 172.20.52.35 ip classless ip route 171.10.5.10 255.255.255.255 172.20.3.35 no ip http server ! line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi ! end Router#
This example shows how to use the ip route command to configure a static route to a workstation at IP address 171.20.5.3 on the switch with subnet mask and connected over VLAN 1: Router# configure terminal Router(config)# ip route 171.20.5.3 255.255.255.255 vlan 1 Router(config)# end Router#
This example shows how to use the show running-config command to confirm the configuration of the previously configured static route: Router# show running-config Building configuration... . <...output truncated...> . ip default-gateway 172.20.52.35 ip classless ip route 171.20.52.3 255.255.255.255 Vlan1 no ip http server ! ! x25 host z ! line con 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi ! end Router#
Configuring a BOOTP Server The Bootstrap Protocol (BOOTP) automatically assigns an IP address by adding the MAC and IP addresses of the interface to the BOOTP server configuration file. When the switch boots, it automatically retrieves the IP address from the BOOTP server.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-13
Chapter 3
Configuring the Switch for the First Time
Configuring the Switch
The switch performs a BOOTP request only if the current IP address is set to 0.0.0.0. (This address is the default address for a new switch or a switch that has had its startup-config file cleared using the erase command.) To allow your switch to retrieve its IP address from a BOOTP server, you must first determine the MAC address of the switch and add that MAC address to the BOOTP configuration file on the BOOTP server. To create a BOOTP server configuration file, follow these steps: Step 1
Install the BOOTP server code on the workstation, if it is not already installed.
Step 2
Determine the MAC address from the label on the chassis.
Step 3
Add an entry in the BOOTP configuration file (usually /usr/etc/bootptab) for each switch. Press Return after each entry to create a blank line between each entry. See the example BOOTP configuration file that follows in Step 4.
Step 4
Enter the reload command to reboot and automatically request the IP address from the BOOTP server. This example BOOTP configuration file shows the added entry: # /etc/bootptab: database for bootp server (/etc/bootpd) # # Blank lines and lines beginning with '#' are ignored. # # Legend: # # first field -- hostname # (may be full domain name and probably should be) # # hd -- home directory # bf -- bootfile # cs -- cookie servers # ds -- domain name servers # gw -- gateways # ha -- hardware address # ht -- hardware type # im -- impress servers # ip -- host IP address # lg -- log servers # lp -- LPR servers # ns -- IEN-116 name servers # rl -- resource location protocol servers # sm -- subnet mask # tc -- template host (points to similar host entry) # to -- time offset (seconds) # ts -- time servers # # ######################################################################### # Start of individual host entries ######################################################################### Router: tc=netcisco0: ha=0000.0ca7.ce00: ip=172.31.7.97: dross: tc=netcisco0: ha=00000c000139: ip=172.31.7.26:
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-14
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Protecting Access to Privileged EXEC Commands
Protecting Access to Privileged EXEC Commands The following tasks provide a way to control access to the system configuration file and privileged EXEC commands: •
Setting or Changing a Static Enable Password, page 3-15
•
Using the enable password and enable secret Commands, page 3-15
•
Setting or Changing a Line Password, page 3-16
•
Setting TACACS+ Password Protection for Privileged EXEC Mode, page 3-16
•
Encrypting Passwords, page 3-17
•
Configuring Multiple Privilege Levels, page 3-17
Setting or Changing a Static Enable Password To set or change a static password that controls access to the privileged EXEC mode, perform this task: Command
Purpose
Router(config)# enable password password
Sets a new password or changes an existing password for the privileged EXEC mode.
This example shows how to configure an enable password as “lab” at the privileged EXEC mode: Router# configure terminal Router(config)# enable password lab Router(config)#
To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-19.
Using the enable password and enable secret Commands To provide an additional layer of security, particularly for passwords that cross the network or that are stored on a TFTP server, you can use either the enable password or enable secret commands. Both commands configure an encrypted password that you must enter to access enable mode (the default) or to access a specified privilege level. We recommend that you use the enable secret command. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. To configure the switch to require an enable password, perform either of these tasks: Command
Purpose
Router(config)# enable password [level level] {password | encryption-type encrypted-password}
Establishes a password for the privileged EXEC mode.
Router(config)# enable secret [level level] {password | encryption-type encrypted-password}
Specifies a secret password, saved using a nonreversible encryption method. (If enable password and enable secret commands are both set, users must enter the enable secret password.)
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-15
Chapter 3
Configuring the Switch for the First Time
Protecting Access to Privileged EXEC Commands
Use either of these commands with the level option to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level. Use the privilege level configuration command to specify commands accessible at various levels. If you enable the service password-encryption command, the password you enter is encrypted. When you display it with the more system:running-config command, it displays in encrypted form. If you specify an encryption type, you must provide an encrypted password that you copy from another Catalyst 6500 series switch configuration.
Note
You cannot recover a lost encrypted password. You must clear NVRAM and set a new password. See the “Recovering a Lost Enable Password” section on page 3-19 if you lose or forget your password. To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-19.
Setting or Changing a Line Password To set or change a password on a line, perform this task: Command
Purpose
Router(config-line)# password password
Sets a new password or change an existing password for the privileged level.
To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-19.
Setting TACACS+ Password Protection for Privileged EXEC Mode For complete information about TACACS+, refer to these publications: •
Cisco IOS Security Configuration Guide, Release 12.2, “Authentication, Authorization, and Accounting (AAA),” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fsaaa/index.htm
•
Cisco IOS Security Command Reference, Release 12.2, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/index.htm
To set the TACACS+ protocol to determine whether or not a user can access privileged EXEC mode, perform this task: Command
Purpose
Router(config)# enable use-tacacs
Sets the TACACS-style user ID and password-checking mechanism for the privileged EXEC mode.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-16
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Protecting Access to Privileged EXEC Commands
When you set TACACS password protection at the privileged EXEC mode, the enable EXEC command prompts for both a new username and a password. This information is then sent to the TACACS+ server for authentication. If you are using the extended TACACS+, it also sends any existing UNIX user identification code to the TACACS+ server.
Caution
If you enter the enable use-tacacs command, you must also enter tacacs-server authenticate enable, or you are locked out of the privileged EXEC mode.
Note
When used without extended TACACS, the enable use-tacacs command allows anyone with a valid username and password to access the privileged EXEC mode, creating a potential security problem. This problem occurs because the switch cannot tell the difference between a query resulting from entering the enable command and an attempt to log in without extended TACACS.
Encrypting Passwords Because protocol analyzers can examine packets (and read passwords), you can increase access security by configuring the Cisco IOS software to encrypt passwords. Encryption prevents the password from being readable in the configuration file. To configure the Cisco IOS software to encrypt passwords, perform this task: Command
Purpose
Router(config)# service password-encryption
Encrypts a password.
Encryption occurs when the current configuration is written or when a password is configured. Password encryption is applied to all passwords, including authentication key passwords, the privileged command password, console and virtual terminal line access passwords, and Border Gateway Protocol (BGP) neighbor passwords. The service password-encryption command keeps unauthorized individuals from viewing your password in your configuration file.
Caution
The service password-encryption command does not provide a high level of network security. If you use this command, you should also take additional network security measures. Although you cannot recover a lost encrypted password (that is, you cannot get the original password back), you can regain control of the switch after you lose or forget the encrypted password. See the “Recovering a Lost Enable Password” section on page 3-19 if you lose or forget your password. To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-19.
Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC mode and privileged EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-17
Chapter 3
Configuring the Switch for the First Time
Protecting Access to Privileged EXEC Commands
For example, if you want many users to have access to the clear line command, you can assign it level 2 security and distribute the level 2 password widely. If you want more restricted access to the configure command, you can assign it level 3 security and distribute that password to more restricted users. These tasks describe how to configure additional levels of security: •
Setting the Privilege Level for a Command, page 3-18
•
Changing the Default Privilege Level for Lines, page 3-18
•
Logging In to a Privilege Level, page 3-18
•
Exiting a Privilege Level, page 3-19
•
Displaying the Password, Access Level, and Privilege Level Configuration, page 3-19
Setting the Privilege Level for a Command To set the privilege level for a command, perform this task: Command
Purpose
Step 1
Router(config)# privilege mode level level command
Sets the privilege level for a command.
Step 2
Router(config)# enable password level level [encryption-type] password
Specifies the enable password for a privilege level.
To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-19.
Changing the Default Privilege Level for Lines To change the default privilege level for a given line or a group of lines, perform this task: Command
Purpose
Router(config-line)# privilege level level
Changes the default privilege level for the line.
To display the password or access level configuration, see the “Displaying the Password, Access Level, and Privilege Level Configuration” section on page 3-19.
Logging In to a Privilege Level To log in at a specified privilege level, perform this task: Command
Purpose
Router# enable level
Logs into a specified privilege level.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-18
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Recovering a Lost Enable Password
Exiting a Privilege Level To exit to a specified privilege level, perform this task: Command
Purpose
Router# disable level
Exits to a specified privilege level.
Displaying the Password, Access Level, and Privilege Level Configuration To display the password, access level, and privilege level configuration, perform this task: Command
Purpose
Step 1
Router# show running-config
Displays the password and the access level configuration.
Step 2
Router# show privilege
Shows the privilege level configuration.
This example shows how to display the password and access level configuration: Router# show running-config <...output truncated...> enable password lab <...output truncated...>
This example shows how to display the privilege level configuration: Router# show privilege Current privilege level is 15 Router#
Recovering a Lost Enable Password To recover a lost enable password, follow these steps: Step 1
Connect to the console interface.
Step 2
Configure the switch to boot up without reading the configuration memory (NVRAM).
Step 3
Reboot the system.
Step 4
Access enable mode (which can be done without a password when one is not configured).
Step 5
View or change the password, or erase the configuration.
Step 6
Reconfigure the switch to boot up and read the NVRAM as it normally does.
Step 7
Reboot the system.
Note
Password recovery requires the Break signal. You must be familiar with how your terminal or PC terminal emulator issues this signal. For example, in ProComm, the Alt-B keys generate the Break signal. In a Windows terminal session, you press the Break or Ctrl and Break keys simultaneously.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-19
Chapter 3
Configuring the Switch for the First Time
Modifying the Supervisor Engine Startup Configuration
Modifying the Supervisor Engine Startup Configuration These sections describe how the startup configuration on the supervisor engine works and how to modify the configuration register and BOOT variable: •
Understanding the Supervisor Engine Boot Configuration, page 3-20
•
Configuring the Software Configuration Register, page 3-21
•
Specifying the Startup System Image, page 3-24
•
Understanding Flash Memory, page 3-24
•
CONFIG_FILE Environment Variable, page 3-25
•
Controlling Environment Variables, page 3-26
Understanding the Supervisor Engine Boot Configuration These next sections describe how the boot configuration works on the supervisor engine.
Understanding the Supervisor Engine Boot Process The supervisor engine boot process involves two software images: ROM monitor and supervisor engine software. When the switch is powered up or reset, the ROM-monitor code is executed. Depending on the NVRAM configuration, the supervisor engine either stays in ROM-monitor mode or loads the supervisor engine software. Two user-configurable parameters determine how the switch boots: the configuration register and the BOOT environment variable. The configuration register is described in the “Modifying the Boot Field and Using the boot Command” section on page 3-22. The BOOT environment variable is described in the “Specifying the Startup System Image” section on page 3-24.
Understanding the ROM Monitor The ROM monitor executes upon power-up, reset, or when a fatal exception occurs. The switch enters ROM-monitor mode if the switch does not find a valid software image, if the NVRAM configuration is corrupted, or if the configuration register is set to enter ROM-monitor mode. From ROM-monitor mode, you can manually load a software image from bootflash or a Flash PC card.
Note
For complete syntax and usage information for the ROM monitor commands, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX publication. You can also enter ROM-monitor mode by restarting and then pressing the Break key during the first 60 seconds of startup. If you are connected through a terminal server, you can escape to the Telnet prompt and enter the send break command to enter ROM-monitor mode.
Note
The Break key is always enabled for 60 seconds after rebooting, regardless of whether the configuration-register setting has the Break key disabled.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-20
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration
The ROM monitor has these features: •
Power-on confidence test
•
Hardware initialization
•
Boot capability (manual boot and autoboot)
•
Debug utility and crash analysis
•
Monitor call interface (EMT calls—the ROM monitor provides information and some functionality to the running software images through EMT calls)
•
File system (the ROM monitor knows the simple file system and supports the newly developed file system through the dynamic linked file system library [MONLIB])
•
Exception handling
Configuring the Software Configuration Register The switch uses a 16-bit software configuration register, which allows you to set specific system parameters. Settings for the software configuration register are written into NVRAM. Following are some reasons for changing the software configuration register settings: •
To select a boot source and default boot filename.
•
To enable or disable the Break function.
•
To control broadcast addresses.
•
To set the console terminal baud rate.
•
To load operating software from flash memory.
•
To recover a lost password.
•
To allow you to manually boot the system using the boot command at the bootstrap program prompt.
•
To force an automatic boot from the system bootstrap software (boot image) or from a default system image in onboard flash memory, and read any boot system commands that are stored in the configuration file in NVRAM.
Table 3-2 lists the meaning of each of the software configuration memory bits, and Table 3-3 defines the boot field.
Caution
The recommended configuration register setting is 0x2102. If you configure a setting that leaves break enabled and you send a break sequence over a console connection, the switch drops into ROMMON. Table 3-2
Software Configuration Register Bit Meaning
Bit Number1 Hexadecimal
Meaning
00 to 03
0x0000 to 0x000F Boot field (see Table 3-3)
06
0x0040
Causes system software to ignore NVRAM contents
07
0x0080
OEM2 bit enabled
08
0x0100
Break disabled
09
0x0200
Use secondary bootstrap
10
0x0400
Internet Protocol (IP) broadcast with all zeros
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-21
Chapter 3
Configuring the Switch for the First Time
Modifying the Supervisor Engine Startup Configuration
Table 3-2
Software Configuration Register Bit Meaning (continued)
Bit Number1 Hexadecimal
Meaning
11 to 12
0x0800 to 0x1000 Console line speed (default is 9600 baud)
13
0x2000
Boot default flash software if network boot fails
14
0x4000
IP broadcasts do not have network numbers
15
0x8000
Enable diagnostic messages and ignore NVRAM contents
1. The factory default value for the configuration register is 0x2102. 2. OEM = original equipment manufacturer.
Table 3-3
Explanation of Boot Field (Configuration Register Bits 00 to 03)
Boot Field Meaning 00
Stays at the system bootstrap prompt
01
Boots the first system image in onboard flash memory
02 to 0F
Specifies a default filename for booting over the network; enables boot system commands that override the default filename
Modifying the Boot Field and Using the boot Command The configuration register boot field determines whether or not the switch loads an operating system image, and if so, where it obtains this system image. The following sections describe using and setting the configuration register boot field, and the tasks you must perform to modify the configuration register boot field. Bits 0 through 3 of the software configuration register form the boot field. Note
The factory default configuration register setting for systems and spares is 0x2102. When the boot field is set to either 0 or 1 (0-0-0-0 or 0-0-0-1), the system ignores any boot instructions in the system configuration file and the following occurs: •
When the boot field is set to 0, you must boot the operating system manually by entering the boot command to the system bootstrap program or ROM monitor.
•
When the boot field is set to 1, the system boots the first image in the onboard bootflash single in-line memory module (SIMM).
•
When the entire boot field equals a value between 0-0-1-0 and 1-1-1-1, the switch loads the system image specified by boot system commands in the startup configuration file.
You can enter the boot command only, or enter the command and include additional boot instructions, such as the name of a file stored in flash memory, or a file that you specify for booting from a network server. If you use the boot command without specifying a file or any other boot instructions, the system boots from the default flash image (the first image in onboard flash memory). Otherwise, you can instruct the system to boot from a specific flash image (using the boot system flash filename command). You can also use the boot command to boot images stored in the Flash PC cards located in Flash PC card slot 0 or slot 1 on the supervisor engine. If you set the boot field to any bit pattern other than 0 or 1, the system uses the resulting number to form a filename for booting over the network. You must set the boot field for the boot functions you require.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-22
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration
Modifying the Boot Field You modify the boot field from the software configuration register. To modify the software configuration register boot field, perform this task: Command
Purpose
Step 1
Router# show version
Determines the current configuration register setting.
Step 2
Router# configure terminal
Enters configuration mode, selecting the terminal option.
Step 3
Router(config)# config-register value
Modifies the existing configuration register setting to reflect the way in which you want the switch to load a system image.
Step 4
Router(config)# end
Exits configuration mode.
Step 5
Router# reload
Reboots to make your changes take effect.
To modify the configuration register while the switch is running Cisco IOS, follow these steps: Step 1
Enter the enable command and your password to enter privileged level as follows: Router> enable Password: Router#
Step 2
Enter the configure terminal command at the EXEC mode prompt (#) as follows: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#
Step 3
Configure the configuration register to0x2102 as follows: Router(config)# config-register 0x2102
Set the contents of the configuration register by entering the config-register value configuration command, where value is a hexadecimal number preceded by 0x (see Table 3-2 on page 3-21). Step 4
Enter the end command to exit configuration mode. The new value settings are saved to memory; however, the new settings do not take effect until the system software is reloaded by rebooting the system.
Step 5
Enter the show version EXEC command to display the configuration register value currently in effect and that will be used at the next reload. The value is displayed on the last line of the screen display, as in this example: Configuration register is 0x141 (will be 0x2102 at next reload)
Step 6
Save your settings. See the “Saving the Running Configuration Settings” section on page 3-11. However, note that configuration register changes take effect only after the system reloads, such as when you enter a reload command from the console.
Step 7
Reboot the system. The new configuration register value takes effect with the next system boot.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-23
Chapter 3
Configuring the Switch for the First Time
Modifying the Supervisor Engine Startup Configuration
Verifying the Configuration Register Setting Enter the show version EXEC command to verify the current configuration register setting. In ROM-monitor mode, enter the o command to verify the value of the configuration register boot field. To verify the configuration register setting, perform this task: Command
Purpose
Router# show version | include Configuration register
Displays the configuration register setting.
In this example, the show version command indicates that the current configuration register is set so that the switch does not automatically load an operating system image. Instead, it enters ROM-monitor mode and waits for user-entered ROM monitor commands. The new setting instructs the switch to load a system image from commands in the startup configuration file or from a default system image stored on a network server. Router1# show version | include Configuration register Configuration register is 0x2102 Router#
Specifying the Startup System Image You can enter multiple boot commands in the startup configuration file or in the BOOT environment variable to provide backup methods for loading a system image.
Note
•
Store the system software image in the sup-bootflash:, disk0:, or disk1: device (only Supervisor Engine 720 has disk1:).
•
A non-ATA Flash PC card in a Supervisor Engine 2 is slot0:. Non-ATA Flash PC cards are too small for Release 12.2SX images.
•
Do not store the system software image in the bootflash: device, which is on the MSFC and is not accessible at boot time.
The BOOT environment variable is also described in the “Specify the Startup System Image in the Configuration File” section in the “Loading and Maintaining System Images and Microcode” chapter of the Cisco IOS Configuration Fundamentals Configuration Guide.
Understanding Flash Memory The following sections describe flash memory:
Note
•
Flash Memory Features, page 3-25
•
Security Features, page 3-25
•
Flash Memory Configuration Process, page 3-25
The descriptions in the following sections applies to both the bootflash device and to removable flash memory cards.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-24
OL-3999-08
Chapter 3
Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration
Flash Memory Features The flash memory components allow you to do the following: •
Copy the system image to flash memory using TFTP.
•
Copy the system image to flash memory using rcp.
•
Boot the system from flash memory either automatically or manually.
•
Copy the flash memory image to a network server using TFTP or rcp.
•
Boot manually or automatically from a system software image stored in flash memory.
Security Features The flash memory components support the following security features: •
Flash memory cards contain a write-protect switch that you can use to protect data. You must set the switch to unprotected to write data to the Flash PC card.
•
The system image stored in flash memory can be changed only from privileged EXEC level on the console terminal.
Flash Memory Configuration Process To configure your switch to boot from flash memory, follow these steps: Step 1
Copy a system image to flash memory using TFTP or rcp (refer to the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2, “Cisco IOS File Management,” “Loading and Maintaining System Images,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/ffcprt2/fcf008.htm
Step 2
Configure the system to boot automatically from the file in flash memory. You might need to change the configuration register value. See the “Modifying the Boot Field and Using the boot Command” section on page 3-22, for more information on modifying the configuration register.
Step 3
Save your configurations.
Step 4
Power cycle and reboot your system to ensure that all is working as expected.
CONFIG_FILE Environment Variable For class A flash file systems, the CONFIG_FILE environment variable specifies the file system and filename of the configuration file to use for initialization (startup). Valid file systems can include nvram:, disk0:, and sup-bootflash:. For detailed file management configuration information, refer to the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm After you save the CONFIG_FILE environment variable to your startup configuration, the switch checks the variable upon startup to determine the location and filename of the configuration file to use for initialization.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
3-25
Chapter 3
Configuring the Switch for the First Time
Modifying the Supervisor Engine Startup Configuration
The switch uses the NVRAM configuration during initialization when the CONFIG_FILE environment variable does not exist or when it is null (such as at first-time startup). If the switch detects a problem with NVRAM or a checksum error, the switch enters setup mode. See the “Using the Setup Facility or the setup Command” section on page 3-2 for more information on the setup command facility.
Controlling Environment Variables Although the ROM monitor controls environment variables, you can create, modify, or view them with certain commands. To create or modify the BOOT environment variable, use the boot system global configuration command. Refer to the “Specify the Startup System Image in the Configuration File” section in the “Loading and Maintaining System Images and Microcode” chapter of the Configuration Fundamentals Configuration Guide for details on setting the BOOT environment variable. Refer to the “Specify the Startup Configuration File” section in the “Modifying, Downloading, and Maintaining Configuration Files” chapter of the Configuration Fundamentals Configuration Guide for details on setting the CONFIG_FILE variable.
Note
When you use the boot system global configuration command, you affect only the running configuration. You must save the environment variable setting to your startup configuration to place the information under ROM monitor control and for the environment variables to function as expected. Enter the copy system:running-config nvram:startup-config command to save the environment variables from your running configuration to your startup configuration. You can view the contents of the BOOT environment variable using the show bootvar command. This command displays the settings for these variables as they exist in the startup configuration as well as in the running configuration if a running configuration setting differs from a startup configuration setting. This example shows how to check the environment variables: Router# show bootvar BOOT variable = disk0:,1;sup-bootflash:,1; CONFIG_FILE variable = BOOTLDR variable = Configuration register is 0x2102 Router#
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
3-26
OL-3999-08
C H A P T E R
4
Configuring a Supervisor Engine 720 This chapter describes how to configure a Supervisor Engine 720 in a Catalyst 6500 series switch. This chapter contains these sections:
Note
•
Using the Bootflash or Bootdisk on a Supervisor Engine 720, page 4-1
•
Using the Slots on a Supervisor Engine 720, page 4-1
•
Configuring Supervisor Engine 720 Ports, page 4-2
•
Configuring and Monitoring the Switch Fabric Functionality, page 4-2
•
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
With a 3-slot chassis, install the Supervisor Engine 720 in either slot 1 or 2.
•
With a 6-slot or a 9-slot chassis, install the Supervisor Engine 720 in either slot 5 or 6.
•
With a 13-slot chassis, install the Supervisor Engine 720 in either slot 7 or 8.
Using the Bootflash or Bootdisk on a Supervisor Engine 720 All 12.2SX releases support the Supervisor Engine 720 64-MB bootflash device (sup-bootflash:). Release 12.2(18)SXE5 and rebuilds and Release 12.2(18)SXF and rebuilds support WS-CF-UPG=, which replaces the bootflash device with a CompactFlash adapter and 512 MB CompactFlash card (sup-bootdisk:). Refer to this publication: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/78_17277.htm
Using the Slots on a Supervisor Engine 720 The Supervisor Engine 720 has two CompactFlash Type II slots. The CompactFlash Type II slots support CompactFlash Type II Flash PC cards sold by Cisco Systems, Inc. The keywords for the slots on the active Supervisor Engine 720 are disk0: and disk1:. The keywords for the slots on a redundant Supervisor Engine 720 are slavedisk0: and slavedisk1:.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
4-1
Chapter 4
Configuring a Supervisor Engine 720
Configuring Supervisor Engine 720 Ports
Configuring Supervisor Engine 720 Ports Supervisor Engine 720 port 1 has a small form-factor pluggable (SFP) connector and has no unique configuration options. Supervisor Engine 720 port 2 has an RJ-45 connector and an SFP connector (default). To use the RJ-45 connector, you must change the configuration. To configure port 2 on a Supervisor Engine 720 to use either the RJ-45 connector or the SFP connector, perform this task: Command
Purpose
Step 1
Router(config)# interface gigabitethernet slot/2
Selects the Ethernet port to be configured.
Step 2
Router(config-if)# media-type {rj45 | sfp}
Selects the connector to use.
Router(config-if)# no media-type
Reverts to the default configuration (SFP).
This example shows how to configure port 2 on a Supervisor Engine 720 in slot 5 to use the RJ-45 connector: Router(config)# interface gigabitethernet 5/2 Router(config-if)# media-type rj45
Configuring and Monitoring the Switch Fabric Functionality These sections describe how to configure the switching mode and monitor the switch fabric functionality that is included on a Supervisor Engine 720: •
Understanding How the Switch Fabric Functionality Works, page 4-2
•
Configuring the Switch Fabric Functionality, page 4-4
•
Monitoring the Switch Fabric Functionality, page 4-4
Understanding How the Switch Fabric Functionality Works These sections describe how the switch fabric functionality works: •
Switch Fabric Functionality Overview, page 4-2
•
Forwarding Decisions for Layer 3-Switched Traffic, page 4-3
•
Switching Modes, page 4-3
Switch Fabric Functionality Overview The switch fabric functionality is built into the Supervisor Engine 720 and creates a dedicated connection between fabric-enabled modules and provides uninterrupted transmission of frames between these modules. In addition to the direct connection between fabric-enabled modules provided by the switch fabric funtionality, fabric-enabled modules also have a direct connection to the 32-Gbps forwarding bus.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
4-2
OL-3999-08
Chapter 4
Configuring a Supervisor Engine 720 Configuring and Monitoring the Switch Fabric Functionality
Forwarding Decisions for Layer 3-Switched Traffic Either a PFC3 or a Distributed Feature Card 3 (DFC3) makes the forwarding decision for Layer 3-switched traffic as follows: •
A PFC3 makes all forwarding decisions for each packet that enters the switch through a module without a DFC3.
•
A DFC3 makes all forwarding decisions for each packet that enters the switch on a DFC3-enabled module in these situations: – If the egress port is on the same module as the ingress port, the DFC3 forwards the packet
locally (the packet never leaves the module). – If the egress port is on a different fabric-enabled module, the DFC3 sends the packet to the
egress module, which sends it out the egress port. – If the egress port is on a different nonfabric-enabled module, the DFC3 sends the packet to the
Supervisor Engine 720. The Supervisor Engine 720 fabric interface transfers the packet to the 32-Gbps switching bus where it is received by the egress module and is sent out the egress port.
Switching Modes With a Supervisor Engine 720, traffic is forwarded to and from modules in one of the following modes: •
Compact mode—The switch uses this mode for all traffic when only fabric-enabled modules are installed. In this mode, a compact version of the DBus header is forwarded over the switch fabric channel, which provides the best possible performance.
•
Truncated mode—The switch uses this mode for traffic between fabric-enabled modules when there are both fabric-enabled and nonfabric-enabled modules installed. In this mode, the switch sends a truncated version of the traffic (the first 64 bytes of the frame) over the switch fabric channel.
•
Bus mode—The switch uses this mode for traffic between nonfabric-enabled modules and for traffic between a nonfabric-enabled module and a fabric-enabled module. In this mode, all traffic passes between the local bus and the supervisor engine bus.
Table 4-1 shows the switching modes used with fabric-enabled and nonfabric-enabled modules installed. Table 4-1
Switch Fabric Functionality Switching Modes
Modules
Switching Modes
Between fabric-enabled modules (when no nonfabric-enabled modules are installed)
Compact1
Between fabric-enabled modules (when nonfabric-enabled modules are also installed)
Truncated2
Between fabric-enabled and nonfabric-enabled modules
Bus
Between non-fabric-enabled modules
Bus
1. In show commands, displayed as dcef mode for fabric-enabled modules with DFC3 installed; displayed as fabric mode for other fabric-enabled modules. 2. Displayed as fabric mode in show commands.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
4-3
Chapter 4
Configuring a Supervisor Engine 720
Configuring and Monitoring the Switch Fabric Functionality
Configuring the Switch Fabric Functionality To configure the switching mode, perform this task: Command
Purpose
Router(config)# [no] fabric switching-mode allow {bus-mode | {truncated [{threshold [number]}]}
Configures the switching mode.
When configuring the switching mode, note the following information:
Caution
•
To allow use of nonfabric-enabled modules or to allow fabric-enabled modules to use bus mode, enter the fabric switching-mode allow bus-mode command.
•
To prevent use of nonfabric-enabled modules or to prevent fabric-enabled modules from using bus mode, enter the no fabric switching-mode allow bus-mode command.
When you enter the no fabric switching-mode allow bus-mode command, power is removed from any nonfabric-enabled modules installed in the switch. •
To allow fabric-enabled modules to use truncated mode, enter the fabric switching-mode allow truncated command.
•
To prevent fabric-enabled modules from using truncated mode, enter the no fabric switching-mode allow truncated command.
•
To configure how many fabric-enabled modules must be installed before they use truncated mode instead of bus mode, enter the fabric switching-mode allow truncated threshold number command.
•
To return to the default truncated-mode threshold, enter the no fabric switching-mode allow truncated threshold command.
Monitoring the Switch Fabric Functionality The switch fabric functionality supports a number of show commands for monitoring purposes. A fully automated startup sequence brings the module online and runs the connectivity diagnostics on the ports. These sections describe how to monitor the switch fabric functionality: •
Displaying the Switch Fabric Redundancy Status, page 4-5
•
Displaying Fabric Channel Switching Modes, page 4-5
•
Displaying the Fabric Status, page 4-5
•
Displaying the Fabric Utilization, page 4-6
•
Displaying Fabric Errors, page 4-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
4-4
OL-3999-08
Chapter 4
Configuring a Supervisor Engine 720 Configuring and Monitoring the Switch Fabric Functionality
Displaying the Switch Fabric Redundancy Status To display the switch fabric redundancy status, perform this task: Command
Purpose
Router# show fabric active
Displays switch fabric redundancy status.
Router# show fabric active Active fabric card in slot 5 No backup fabric card in the system Router#
Displaying Fabric Channel Switching Modes To display the fabric channel switching mode of one or all modules, perform this task: Command
Purpose
Router# show fabric switching-mode [module {slot_number | all]
Displays fabric channel switching mode of one or all modules.
This example shows how to display the fabric channel switching mode of all modules: Router# show fabric switching-mode all %Truncated mode is allowed %System is allowed to operate in legacy mode Module Slot 5 9 Router#
Switching Mode DCEF Crossbar
Bus Mode Compact Compact
Displaying the Fabric Status To display the fabric status of one or all switching modules, perform this task: Command
Purpose
Router# show fabric status [slot_number | all]
Displays fabric status.
This example shows how to display the fabric status of all modules: Router# show fabric status slot channel speed 1 5 6 8 8 9 Router#
0 0 0 0 1 0
8G 8G 20G 8G 8G 8G
module status OK OK OK OK OK Down- DDRsync
fabric status OK Up- Timeout Up- BufError OK OK OK
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
4-5
Chapter 4
Configuring a Supervisor Engine 720
Configuring and Monitoring the Switch Fabric Functionality
Displaying the Fabric Utilization To display the fabric utilization of one or all modules, perform this task: Command
Purpose
Router# show fabric utilization [slot_number | all]
Displays fabric utilization.
This example shows how to display the fabric utilization of all modules: Router# show fabric utilization all Lo% Percentage of Low-priority traffic. Hi% Percentage of High-priority traffic. slot 5 9 Router#
channel 0 0
speed 20G 8G
Ingress Lo% 0 0
Egress Lo% 0 0
Ingress Hi% Egress Hi% 0 0 0 0
Displaying Fabric Errors To display fabric errors of one or all modules, perform this task: Command
Purpose
Router# show fabric errors [slot_number | all]
Displays fabric errors.
This example shows how to display fabric errors on all modules: Router# show fabric errors Module errors: slot channel 1 0 8 0 8 1 9 0 Fabric errors: slot channel 1 0 8 0 8 1 9 0 Router#
crc 0 0 0 0
hbeat 0 0 0 0
sync 0 0 0 0
sync 0 0 0 0
buffer 0 0 0 0
timeout 0 0 0 0
DDR sync 0 0 0 0
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
4-6
OL-3999-08
C H A P T E R
5
Configuring a Supervisor Engine 32 This chapter describes how to configure a Supervisor Engine 32 in a Catalyst 6500 series switch. This chapter contains these sections:
Note
•
Flash Memory on a Supervisor Engine 32, page 5-1
•
Supervisor Engine 32 Ports, page 5-2
•
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
With Cisco IOS software, this is the minimum required Supervisor Engine 32 memory: – 512 MB DRAM on the Supervisor Engine 32 – 512 MB DRAM on the MSFC2A
•
Supervisor Engine 32 has a PFC3B and operates in PFC3B mode.
•
The Supervisor Engine 32 is supported in the WS-6503 and WS-6503-E (3-slot) chassis, but not the CISCO7603 chassis.
•
With a 3-slot or a 4-slot chassis, install the Supervisor Engine 32 in either slot 1 or 2.
•
With a 6-slot or a 9-slot chassis, install the Supervisor Engine 32 in either slot 5 or 6.
•
With a 13-slot chassis, install the Supervisor Engine 32 in either slot 7 or 8.
•
Supervisor Engine 32 does not support switch fabric connectivity.
•
For information about the hardware and software features supported by the Supervisor Engine 32, see the Release Notes for Cisco IOS Release 12.2SX on the Supervisor Engine 720, Supervisor Engine 32, and Supervisor Engine 2 at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/ol_4164.htm
Flash Memory on a Supervisor Engine 32 The Supervisor Engine 32 supports the following flash memory: •
disk0:—One external CompactFlash Type II slot (supports CompactFlash Type II Flash PC cards)
•
sup-bootdisk:—256 MB internal CompactFlash memory (from ROMMON, it is bootdisk:)
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
5-1
Chapter 5
Configuring a Supervisor Engine 32
Supervisor Engine 32 Ports
Supervisor Engine 32 Ports The console port for the Supervisor Engine 32 port is an EIA/TIA-232 (RS-232) port. The Supervisor Engine 32 also has two Universal Serial Bus (USB) 2.0 ports that are not currently enabled. WS-SUP32-GE-3B ports 1 through 8 have small form-factor pluggable (SFP) connectors and port 9 is a 10/100/1000 Mbps RJ-45 port. WS-SUP32-10GE ports 1 and 2 are 10 Gigabit Ethernet ports that accept XENPAKs and port 3 is a 10/100/1000 Mbps RJ-45 port.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
5-2
OL-3999-08
C H A P T E R
6
Configuring the Supervisor Engine 2 and the Switch Fabric Module This chapter describes how to configure the Supervisor Engine 2 and the Switch Fabric Module (SFM) for the Catalyst 6500 series switches.
Note
•
Release 12.2(18)SXE and rebuilds of Release 12.2(18)SXE do not support Supervisor Engine 2.
•
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SXat this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
This chapter consists of these sections: •
Using the Slots on a Supervisor Engine 2, page 6-1
•
Understanding How the Switch Fabric Module Works, page 6-1
•
Configuring the Switch Fabric Module, page 6-3
•
Monitoring the Switch Fabric Module, page 6-5
Using the Slots on a Supervisor Engine 2 The Supervisor Engine 2 has one Flash PC card (PCMCIA) slot. With PCMCIA Advanced Technology Attachment (ATA) FlashDisk devices, the keyword for the slot on the active Supervisor Engine 2 is disk0: and the keyword for the slot on a redundant Supervisor Engine 2 is slavedisk0:. With non-ATA Flash PC cards, the keyword for the slot on the active Supervisor Engine 2 is slot0: and the keyword for the slot on a redundant Supervisor Engine 2 is slaveslot0:.
Understanding How the Switch Fabric Module Works These sections describe how the Switch Fabric Module works: •
Switch Fabric Module Overview, page 6-2
•
Switch Fabric Module Slots, page 6-2
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
6-1
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module
Understanding How the Switch Fabric Module Works
•
Switch Fabric Redundancy, page 6-2
•
Forwarding Decisions for Layer 3-Switched Traffic, page 6-2
•
Switching Modes, page 6-3
Switch Fabric Module Overview The Switch Fabric Module creates a dedicated connection between fabric-enabled modules and provides uninterrupted transmission of frames between these modules. In addition to the direct connection between fabric-enabled modules provided by the Switch Fabric Module, fabric-enabled modules also have a direct connection to the 32-Gbps forwarding bus. The Switch Fabric Module does not have a console. A two-line LCD display on the front panel shows fabric utilization, software revision, and basic system information.
Switch Fabric Module Slots With a 13-slot chassis, install the Switch Fabric Modules in either slot 7 or 8.
Note
In a 13-slot chassis, only slots 9 through 13 support dual switch fabric interface switching modules (for example, WS-X6816-GBIC). With all other chassis, install the Switch Fabric Modules in either slot 5 or 6.
Switch Fabric Redundancy The Switch Fabric Module first installed functions as the primary module. For redundancy, you can install a redundant Switch Fabric Module. When two Switch Fabric Modules are installed at the same time, the module in the upper slot functions as the primary module, and the one in the lower slot functions as the backup. If you reset the module installed in the upper slot, the one in the lower slot becomes active. No configuration is required for Switch Fabric Module redundancy. The module in the upper slot functions as the primary module and a redundant Switch Fabric Module in the lower slot automatically takes over if the primary module fails.
Forwarding Decisions for Layer 3-Switched Traffic Either a PFC2 or a Distributed Feature Card (DFC) makes the forwarding decision for Layer 3-switched traffic as follows: •
A PFC2 makes all forwarding decisions for each packet that enter the switch through a module without a DFC.
•
A DFC makes all forwarding decisions for each packet that enters the switch on a DFC-enabled module in these situations: – If the egress port is on the same module as the ingress port, the DFC forwards the packet locally
(the packet never leaves the module).
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
6-2
OL-3999-08
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module Configuring the Switch Fabric Module
– If the egress port is on a different fabric-enabled module, the DFC sends the packet across the
SFM to the egress module, which sends it out the egress port. – If the egress port is on a different nonfabric-enabled module, the DFC sends the packet across
the SFM to the Supervisor Engine 2. The Supervisor Engine 2 fabric interface transfers the packet to the 32-Gbps switching bus where it is received by the egress module and is sent out the egress port.
Switching Modes When you install a Switch Fabric Module, the traffic is forwarded to and from modules in one of the following modes: •
Compact mode—The switch uses this mode for all traffic when only fabric-enabled modules are installed. In this mode, a compact version of the DBus header is forwarded over the switch fabric channel, which provides the best possible performance.
•
Truncated mode—The switch uses this mode for traffic between fabric-enabled modules when there are both fabric-enabled and nonfabric-enabled modules installed. In this mode, the switch sends a truncated version of the traffic (the first 64 bytes of the frame) over the switch fabric channel.
•
Bus mode—The switch uses this mode for traffic between nonfabric-enabled modules and for traffic between a nonfabric-enabled module and a fabric-enabled module. In this mode, all traffic passes between the local bus and the supervisor engine bus.
Table 6-1 shows the switching modes used with fabric-enabled and nonfabric-enabled modules installed. Table 6-1
Switching Modes with Switch Fabric Module Installed
Modules
Switching Modes
Between fabric-enabled modules (when no nonfabric-enabled modules are installed)
Compact1
Between fabric-enabled modules (when nonfabric-enabled modules are also installed)
Truncated2
Between fabric-enabled and nonfabric-enabled modules
Bus
Between non-fabric-enabled modules
Bus
1. In show commands, displayed as dcef mode for fabric-enabled modules with DFC installed; displayed as fabric mode for other fabric-enabled modules. 2. Displayed as fabric mode in show commands.
Configuring the Switch Fabric Module These section describe configuring the Switch Fabric Module:
Note
•
Configuring the Switching Mode, page 6-4
•
Configuring Fabric-Required Mode, page 6-4
•
Configuring an LCD Message, page 6-5
When you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
6-3
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module
Configuring the Switch Fabric Module
Configuring the Switching Mode To configure the switching mode, perform this task: Command
Purpose
Router(config)# [no] fabric switching-mode allow {bus-mode | {truncated [{threshold [number]}]}
Configures the switching mode.
When configuring the switching mode, note the following information:
Caution
•
To allow use of nonfabric-enabled modules or to allow fabric-enabled modules to use bus mode, enter the fabric switching-mode allow bus-mode command.
•
To prevent use of nonfabric-enabled modules or to prevent fabric-enabled modules from using bus mode, enter the no fabric switching-mode allow bus-mode command.
When you enter the no fabric switching-mode allow bus-mode command, power is removed from any nonfabric-enabled modules installed in the switch. •
To allow fabric-enabled modules to use truncated mode, enter the fabric switching-mode allow truncated command.
•
To prevent fabric-enabled modules from using truncated mode, enter the no fabric switching-mode allow truncated command.
•
To configure how many fabric-enabled modules must be installed before they use truncated mode instead of bus mode, enter the fabric switching-mode allow truncated threshold number command.
•
To return to the default truncated-mode threshold, enter the no fabric switching-mode allow truncated threshold command.
Configuring Fabric-Required Mode To configure fabric-required mode, which prevents all switching modules from operating unless there is a Switch Fabric Module installed, perform this task: Command
Purpose
Router(config)# fabric required
Configures fabric-required mode, which prevents switching modules from operating without a switch fabric module.
Router(config)# no fabric required
Clears fabric-required mode.
Caution
If you enter the fabric required command on a switch that does not have a Switch Fabric Module installed, all modules except the supervisor engine turn off.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
6-4
OL-3999-08
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module Monitoring the Switch Fabric Module
When configuring fabric-required mode, note the following information: •
If you boot the switch with fabric-required mode configured but without a Switch Fabric Module installed, only the supervisor engine receives power; no switching modules power up.
•
When the switch is operating with fabric-required mode configured and a Switch Fabric Module installed, if you remove the switch fabric module or if it fails, the switch removes power from all switching modules; only the supervisor engine remains active.
•
When the switch is operating with fabric-required mode configured and with redundant Switch Fabric Modules installed, if you remove both switch fabric modules or if both fail, the switch removes power from all switching modules; only the supervisor engine remains active.
Configuring an LCD Message To configure a message for display on the LCD, perform this task: Command
Purpose
Router(config)# fabric lcd-banner d message d
Configures a message for display on the LCD.
Router(config)# no fabric lcd-banner
Clears the message displayed on the LCD.
When configuring a message for display on the LCD, note the following information: •
The d parameter is a delimiting character. You cannot use the delimiting character in the message. The delimiter is a character of your choice—a pound sign (#), for example.
•
You can use the following tokens, in the form $(token), in the message text: – $(hostname)—Displays the switch’s host name. – $(domain)—Displays the switch’s domain name.
Monitoring the Switch Fabric Module The Switch Fabric Module supports a number of show commands for monitoring purposes. A fully automated startup sequence brings the module online and runs the connectivity diagnostics on the ports. These sections describe how to monitor the Switch Fabric Module:
Note
•
Displaying the Module Information, page 6-6
•
Displaying the Switch Fabric Module Redundancy Status, page 6-6
•
Displaying Fabric Channel Switching Modes, page 6-6
•
Displaying the Fabric Status, page 6-7
•
Displaying the Fabric Utilization, page 6-7
•
Displaying Fabric Errors, page 6-7
The Switch Fabric Module does not require any user configuration.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
6-5
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module
Monitoring the Switch Fabric Module
Displaying the Module Information To display the module information, perform this task: Command
Purpose
Router# show module {5 | 6 | 7 | 8}
Displays module information.
This example shows how to display module information: Router# show module 5 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------5 0 Switching Fabric Module WS-C6500-SFM SAD04420JR5 Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------5 0001.0002.0003 to 0001.0002.0003 1.0 6.1(3) 6.2(0.97) Ok
Displaying the Switch Fabric Module Redundancy Status To display the switch fabric module redundancy status, perform this task: Command
Purpose
Router# show fabric active
Displays switch fabric module redundancy status.
This example shows how to display the switch fabric module redundancy status: Router# show fabric active Active fabric card in slot 5 No backup fabric card in the system Router#
Displaying Fabric Channel Switching Modes To display the fabric channel switching mode of one or all modules, perform this task: Command
Purpose
Router# show fabric switching-mode [module {slot_number | all]
Displays fabric channel switching mode of one or all modules.
This example shows how to display the fabric channel switching mode of all modules: Router# show fabric switching-mode all bus-only mode is allowed Module Slot Switching Mode 1 Bus 2 Bus 3 DCEF 4 DCEF 5 No Interfaces 6 DCEF
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
6-6
OL-3999-08
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module Monitoring the Switch Fabric Module
Displaying the Fabric Status To display the fabric status of one or all switching modules, perform this task: Command
Purpose
Router# show fabric status [slot_number | all]
Displays fabric status.
This example shows how to display the fabric status of all modules: Router# show fabric status all slot channel module status status 1 0 OK 3 0 OK 3 1 OK 4 0 OK Router#
fabric OK OK OK OK
Displaying the Fabric Utilization To display the fabric utilization of one or all modules, perform this task: Command
Purpose
Router# show fabric utilization [slot_number | all]
Displays fabric utilization.
This example shows how to display the fabric utilization of all modules: Router# show fabric utilization all slot channel Ingress % Egress 1 0 0 3 0 0 3 1 0 4 0 0 4 1 0 6 0 0 6 1 0 7 0 0 7 1 0 Router#
% 0 0 0 0 0 0 0 0 0
Displaying Fabric Errors To display fabric errors of one or all modules, perform this task: Command
Purpose
Router# show fabric errors [slot_number | all]
Displays fabric errors.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
6-7
Chapter 6
Configuring the Supervisor Engine 2 and the Switch Fabric Module
Monitoring the Switch Fabric Module
This example shows how to display fabric errors on all modules: Router# show fabric errors slot channel module crc 1 0 0 3 0 0 3 1 0 4 0 0 4 1 0 6 0 0 6 1 0 7 0 0 7 1 0 Router#
module hbeat 0 0 0 0 0 0 0 0 0
module sync 0 0 0 0 0 0 0 0 0
fabric sync 0 0 0 0 0 0 0 0 0
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
6-8
OL-3999-08
C H A P T E R
7
Configuring NSF with SSO Supervisor Engine Redundancy This chapter describes how to configure supervisor engine redundancy using Cisco nonstop forwarding (NSF) with stateful switchover (SSO).
Note
•
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
Release 12.2(18)SXD and later releases support nonstop forwarding (NSF) with stateful switchover (SSO) on all supervisor engines.
•
Release 12.2(17b)SXA, rebuilds of Release 12.2(17b)SXA, Release 12.2(17d)SXB, and rebuilds of Release 12.2(17d)SXB support SRM with SSO on Supervisor Engine 720 (see Chapter 8, “Configuring SRM with SSO Supervisor Engine Redundancy”).
•
Release 12.2(18)SXD and later releases do not support SRM with SSO.
•
All releases support RPR and RPR+ (see Chapter 9, “Configuring RPR and RPR+ Supervisor Engine Redundancy”)
•
NSF with SSO does not support IPv6 multicast traffic.
This chapter consists of these sections: •
Understanding NSF with SSO Supervisor Engine Redundancy, page 7-1
•
Supervisor Engine Configuration Synchronization, page 7-9
•
NSF Configuration Tasks, page 7-11
•
Copying Files to the Redundant Supervisor Engine, page 7-19
Understanding NSF with SSO Supervisor Engine Redundancy These sections describe supervisor engine redundancy using NSF with SSO: •
NSF with SSO Supervisor Engine Redundancy Overview, page 7-2
•
SSO Operation, page 7-2
•
NSF Operation, page 7-3
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-1
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
Understanding NSF with SSO Supervisor Engine Redundancy
•
Cisco Express Forwarding, page 7-3
•
Multicast MLS NSF with SSO, page 7-4
•
Routing Protocols, page 7-4
•
NSF Benefits and Restrictions, page 7-8
NSF with SSO Supervisor Engine Redundancy Overview Note
•
With Release 12.2(18)SXD and earlier releases, when a redundant supervisor engine is in standby mode, the two Gigabit Ethernet interfaces on the redundant supervisor engine are always active.
•
With a Supervisor Engine 720 and Release 12.2(18)SXE and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on both supervisor engines, which ensures that all modules are operating in dCEF mode and simplifies switchover to the redundant supervisor engine. (CSCec05612)
•
With a Supervisor Engine 2 and Release 12.2(18)SXD1 and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on the redundant supervisor engine, which ensures that all modules are operating in dCEF mode. (CSCec05612)
Catalyst 6500 series switches support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. Cisco NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover while continuing to forward IP packets. Catalyst 6500 series switches also support route processor redundancy (RPR), route processor redundancy plus (RPR+), and single router mode with stateful switchover (SRM with SSO) for redundancy. For information about these redundancy modes, see Chapter 9, “Configuring RPR and RPR+ Supervisor Engine Redundancy.” The following events cause a switchover: •
A hardware failure on the active supervisor engine
•
Clock synchronization failure between supervisor engines
•
A manual switchover
SSO Operation SSO establishes one of the supervisor engines as active while the other supervisor engine is designated as standby, and then SSO synchronizes information between them. A switchover from the active to the redundant supervisor engine occurs when the active supervisor engine fails, or is removed from the switch, or is manually shut down for maintenance. This type of switchover ensures that Layer 2 traffic is not interrupted. In networking devices running SSO, both supervisor engines must be running the same configuration so that the redundant supervisor engine is always ready to assume control following a fault on the active supervisor engine. SSO switchover also preserves FIB and adjacency entries and can forward Layer 3 traffic after a switchover. Configuration information and data structures are synchronized from the active to the redundant supervisor engine at startup and whenever changes to the active supervisor engine configuration occur. Following an initial synchronization between the two supervisor engines, SSO maintains state information between them, including forwarding information.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-2
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy Understanding NSF with SSO Supervisor Engine Redundancy
During switchover, system control and routing protocol execution is transferred from the active supervisor engine to the redundant supervisor engine. The switch requires between 0 and 3 seconds to switchover from the active to the redundant supervisor engine.
NSF Operation Cisco NSF always runs with SSO and provides redundancy for Layer 3 traffic. NSF works with SSO to minimize the amount of time that a network is unavailable to its users following a switchover. The main purpose of NSF is to continue forwarding IP packets following a supervisor engine switchover. Cisco NSF is supported by the BGP, OSPF, and IS-IS protocols for routing and is supported by Cisco Express Forwarding (CEF) for forwarding. The routing protocols have been enhanced with NSF-capability and awareness, which means that routers running these protocols can detect a switchover and take the necessary actions to continue forwarding network traffic and to recover route information from the peer devices. The IS-IS protocol can be configured to use state information that has been synchronized between the active and the redundant supervisor engine to recover route information following a switchover instead of information received from peer devices. A networking device is NSF-aware if it is running NSF-compatible software. A device is NSF-capable if it has been configured to support NSF; it will rebuild routing information from NSF-aware or NSF-capable neighbors. Each protocol depends on CEF to continue forwarding packets during switchover while the routing protocols rebuild the Routing Information Base (RIB) tables. After the routing protocols have converged, CEF updates the FIB table and removes stale route entries. CEF then updates the line cards with the new FIB information.
Cisco Express Forwarding A key element of NSF is packet forwarding. In a Cisco networking device, packet forwarding is provided by Cisco Express Forwarding (CEF). CEF maintains the FIB, and uses the FIB information that was current at the time of the switchover to continue forwarding packets during a switchover. This feature reduces traffic interruption during the switchover. During normal NSF operation, CEF on the active supervisor engine synchronizes its current FIB and adjacency databases with the FIB and adjacency databases on the redundant supervisor engine. Upon switchover of the active supervisor engine, the redundant supervisor engine initially has FIB and adjacency databases that are mirror images of those that were current on the active supervisor engine. For platforms with intelligent line cards, the line cards will maintain the current forwarding information over a switchover. For platforms with forwarding engines, CEF will keep the forwarding engine on the redundant supervisor engine current with changes that are sent to it by CEF on the active supervisor engine. The line cards or forwarding engines will be able to continue forwarding after a switchover as soon as the interfaces and a data path are available. As the routing protocols start to repopulate the RIB on a prefix-by-prefix basis, the updates will cause prefix-by-prefix updates to CEF, which it uses to update the FIB and adjacency databases. Existing and new entries will receive the new version (“epoch”) number, indicating that they have been refreshed. The forwarding information is updated on the line cards or forwarding engine during convergence. The supervisor engine signals when the RIB has converged. The software removes all FIB and adjacency entries that have an epoch older than the current switchover epoch. The FIB now represents the newest routing protocol forwarding information.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-3
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
Understanding NSF with SSO Supervisor Engine Redundancy
Multicast MLS NSF with SSO Note
NSF with SSO does not support IPv6 multicast traffic. If you configure support for IPv6 multicast traffic, configure RPR or RPR+ redundancy. Multicast multilayer switching (MMLS) NSF with SSO is required so that Layer 3 multicast traffic that is switched by the router is not dropped during switchover. Without MMLS NSF with SSO, the Layer 3 multicast traffic is dropped until the multicast protocols converge. During the switchover process, traffic is forwarded using the old database (from the previously active supervisor engine). After multicast routing protocol convergence has taken place, the shortcuts downloaded by the newly active MSFC will be merged with the existing flows and marked as new shortcuts. Stale entries will slowly be purged from the database allowing NSF to function during the switchover while ensuring a smooth transition to the new cache. Because multicast routing protocols such as Protocol Independent Multicast (PIM) sparse mode and PIM dense mode are data driven, multicast packets are leaked to the router during switchover so that the protocols can converge. Because the traffic does not need to be forwarded by software for control-driven protocols such as bidirectional PIM, the switch will continue to leak packets using the old cache for these protocols. The router builds the mroute cache and installs the shortcuts in hardware. After the new routes are learned, a timer is triggered to go through the database and purge the old flows.
Note
Multicast MLS NSF with SSO requires NSF support in the unicast protocols.
Routing Protocols The routing protocols run only on the MSFC of the active supervisor engine, and they receive routing updates from their neighbor routers. Routing protocols do not run on the MSFC of the redundant supervisor engine. Following a switchover, the routing protocols request that the NSF-aware neighbor devices send state information to help rebuild the routing tables. Alternately, the IS-IS protocol can be configured to synchronize state information from the active to the redundant supervisor engine to help rebuild the routing table on the NSF-capable device in environments where neighbor devices are not NSF-aware. Cisco NSF supports the BGP, OSPF, IS-IS, and EIGRP protocols
Note
For NSF operation, the routing protocols depend on CEF to continue forwarding packets while the routing protocols rebuild the routing information.
BGP Operation When an NSF-capable router begins a BGP session with a BGP peer, it sends an OPEN message to the peer. Included in the message is a statement that the NSF-capable device has “graceful” restart capability. Graceful restart is the mechanism by which BGP routing peers avoid a routing flap following a switchover. If the BGP peer has received this capability, it is aware that the device sending the message is NSF-capable. Both the NSF-capable router and its BGP peers need to exchange the graceful restart capability in their OPEN messages at the time of session establishment. If both the peers do not exchange the graceful restart capability, the session will not be graceful restart capable.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-4
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy Understanding NSF with SSO Supervisor Engine Redundancy
If the BGP session is lost during the supervisor engine switchover, the NSF-aware BGP peer marks all the routes associated with the NSF-capable router as stale; however, it continues to use these routes to make forwarding decisions for a set period of time. This functionality prevents packets from being lost while the newly active supervisor engine is waiting for convergence of the routing information with the BGP peers. After a supervisor engine switchover occurs, the NSF-capable router reestablishes the session with the BGP peer. In establishing the new session, it sends a new graceful restart message that identifies the NSF-capable router as having restarted. At this point, the routing information is exchanged between the two BGP peers. After this exchange is complete, the NSF-capable device uses the routing information to update the RIB and the FIB with the new forwarding information. The NSF-aware device uses the network information to remove stale routes from its BGP table; the BGP protocol then is fully converged. If a BGP peer does not support the graceful restart capability, it will ignore the graceful restart capability in an OPEN message but will establish a BGP session with the NSF-capable device. This function will allow interoperability with non-NSF-aware BGP peers (and without NSF functionality), but the BGP session with non-NSF-aware BGP peers will not be graceful restart capable.
Note
BGP support in NSF requires that neighbor networking devices be NSF-aware; that is, the devices must have the graceful restart capability and advertise that capability in their OPEN message during session establishment. If an NSF-capable router discovers that a particular BGP neighbor does not have graceful restart capability, it will not establish an NSF-capable session with that neighbor. All other neighbors that have graceful restart capability will continue to have NSF-capable sessions with this NSF-capable networking device.
OSPF Operation When an OSPF NSF-capable router performs a supervisor engine switchover, it must perform the following tasks in order to resynchronize its link state database with its OSPF neighbors: •
Relearn the available OSPF neighbors on the network without causing a reset of the neighbor relationship
•
Reacquire the contents of the link state database for the network
As quickly as possible after a supervisor engine switchover, the NSF-capable router sends an OSPF NSF signal to neighboring NSF-aware devices. Neighbor networking devices recognize this signal as an indicator that the neighbor relationship with this router should not be reset. As the NSF-capable router receives signals from other routers on the network, it can begin to rebuild its neighbor list. After neighbor relationships are reestablished, the NSF-capable router begins to resynchronize its database with all of its NSF-aware neighbors. At this point, the routing information is exchanged between the OSPF neighbors. Once this exchange is complete, the NSF-capable device uses the routing information to remove stale routes, update the RIB, and update the FIB with the new forwarding information. The OSPF protocols are then fully converged.
Note
OSPF NSF requires that all neighbor networking devices be NSF-aware. If an NSF-capable router discovers that it has non-NSF-aware neighbors on a particular network segment, it will disable NSF capabilities for that segment. Other network segments composed entirely of NSF-capable or NSF-aware routers will continue to provide NSF capabilities.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-5
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
Understanding NSF with SSO Supervisor Engine Redundancy
IS-IS Operation When an IS-IS NSF-capable router performs a supervisor engine switchover, it must perform the following tasks in order to resynchronize its link state database with its IS-IS neighbors: •
Relearn the available IS-IS neighbors on the network without causing a reset of the neighbor relationship
•
Reacquire the contents of the link state database for the network
The IS-IS NSF feature offers two options when you configure NSF: •
Internet Engineering Task Force (IETF) IS-IS
•
Cisco IS-IS
If neighbor routers on a network segment are running a software version that supports the IETF Internet draft for router restartability, they will assist an IETF NSF router that is restarting. With IETF, neighbor routers provide adjacency and link-state information to help rebuild the routing information following a switchover. A benefit of IETF IS-IS configuration is operation between peer devices based on a proposed standard.
Note
If you configure IETF on the networking device, but neighbor routers are not IETF-compatible, NSF will abort following a switchover. If the neighbor routers on a network segment are not NSF-aware, you must use the Cisco configuration option. The Cisco IS-IS configuration transfers both protocol adjacency and link-state information from the active to the redundant supervisor engine. An advantage of Cisco configuration is that it does not rely on NSF-aware neighbors.
IETF IS-IS Configuration As quickly as possible after a supervisor engine switchover, the NSF-capable router sends IS-IS NSF restart requests to neighboring NSF-aware devices using the IETF IS-IS configuration. Neighbor networking devices recognize this restart request as an indicator that the neighbor relationship with this router should not be reset, but that they should initiate database resynchronization with the restarting router. As the restarting router receives restart request responses from routers on the network, it can begin to rebuild its neighbor list. After this exchange is complete, the NSF-capable device uses the link-state information to remove stale routes, update the RIB, and update the FIB with the new forwarding information; IS-IS is then fully converged. The switchover from one supervisor engine to the other happens within seconds. IS-IS reestablishes its routing table and resynchronizes with the network within a few additional seconds. At this point, IS-IS waits for a specified interval before it will attempt a second NSF restart. During this time, the new redundant supervisor engine will boot up and synchronize its configuration with the active supervisor engine. The IS-IS NSF operation waits for a specified interval to ensure that connections are stable before attempting another restart of IS-IS NSF. This functionality prevents IS-IS from attempting back-to-back NSF restarts with stale information.
Cisco IS-IS Configuration Using the Cisco configuration option, full adjacency and LSP information is saved, or checkpointed, to the redundant supervisor engine. Following a switchover, the newly active supervisor engine maintains its adjacencies using the check-pointed data, and can quickly rebuild its routing tables.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-6
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy Understanding NSF with SSO Supervisor Engine Redundancy
Note
Following a switchover, Cisco IS-IS NSF has complete neighbor adjacency and LSP information; however, it must wait for all interfaces to come on line that had adjacencies prior to the switchover. If an interface does not come on line within the allocated interface wait time, the routes learned from these neighbor devices are not considered in routing table recalculation. IS-IS NSF provides a command to extend the wait time for interfaces that, for whatever reason, do not come on line in a timely fashion. The switchover from one supervisor engine to the other happens within seconds. IS-IS reestablishes its routing table and resynchronizes with the network within a few additional seconds. At this point, IS-IS waits for a specified interval before it will attempt a second NSF restart. During this time, the new redundant supervisor engine will boot up and synchronize its configuration with the active supervisor engine. After this synchronization is completed, IS-IS adjacency and LSP data is check-pointed to the redundant supervisor engine; however, a new NSF restart will not be attempted by IS-IS until the interval time expires. This functionality prevents IS-IS from attempting back-to-back NSF restarts.
EIGRP Operation When an EIGRP NSF-capable router initially comes back up from an NSF restart, it has no neighbor and its topology table is empty. The router is notified by the redundant (now active) supervisor engine when it needs to bring up the interfaces, reacquire neighbors, and rebuild the topology and routing tables. The restarting router and its peers must accomplish these tasks without interrupting the data traffic directed toward the restarting router. EIGRP peer routers maintain the routes learned from the restarting router and continue forwarding traffic through the NSF restart process. To prevent an adjacency reset by the neighbors, the restarting router will use a new Restart (RS) bit in the EIGRP packet header to indicate a restart. The RS bit will be set in the hello packets and in the initial INIT update packets during the NSF restart period. The RS bit in the hello packets allows the neighbors to be quickly notified of the NSF restart. Without seeing the RS bit, the neighbor can only detect an adjacency reset by receiving an INIT update or by the expiration of the hello hold timer. Without the RS bit, a neighbor does not know if the adjacency reset should be handled using NSF or the normal startup method. When the neighbor receives the restart indication, either by receiving the hello packet or the INIT packet, it will recognize the restarting peer in its peer list and will maintain the adjacency with the restarting router. The neighbor then sends it topology table to the restarting router with the RS bit set in the first update packet indicating that it is NSF-aware and is helping out the restarting router. The neighbor does not set the RS bit in their hello packets, unless it is also a NSF restarting neighbor.
Note
A router may be NSF-aware but may not be participating in helping out the NSF restarting neighbor because it is coming up from a cold start. If at least one of the peer routers is NSF-aware, the restarting router would then receive updates and rebuild its database. The restarting router must then find out if it had converged so that it can notify the routing information base (RIB). Each NSF-aware router is required to send an end of table (EOT) marker in the last update packet to indicate the end of the table content. The restarting router knows it has converged when it receives the EOT marker. The restarting router can then begin sending updates. An NSF-aware peer would know when the restarting router had converged when it receives an EOT indication from the restarting router. The peer then scans its topology table to search for the routes with the restarted neighbor as the source. The peer compares the route timestamp with the restart event timestamp to determine if the route is still available. The peer then goes active to find alternate paths for the routes that are no longer available through the restarted router.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-7
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
Understanding NSF with SSO Supervisor Engine Redundancy
When the restarting router has received all EOT indications from its neighbors or when the NSF converge timer expires, EIGRP will notify the RIB of convergence. EIGRP waits for the RIB convergence signal and then floods its topology table to all awaiting NSF-aware peers.
NSF Benefits and Restrictions Cisco NSF provides these benefits: •
Improved network availability NSF continues forwarding network traffic and application state information so that user session information is maintained after a switchover.
•
Overall network stability Network stability may be improved with the reduction in the number of route flaps that had been created when routers in the network failed and lost their routing tables.
•
Neighboring routers do not detect a link flap Because the interfaces remain up throughout a switchover, neighboring routers do not detect a link flap (the link does not go down and come back up).
•
Prevents routing flaps Because SSO continues forwarding network traffic in the event of a switchover, routing flaps are avoided.
•
No loss of user sessions User sessions established before the switchover are maintained.
Cisco NSF with SSO has these restrictions: •
For NSF operation, you must have SSO configured on the device.
•
NSF with SSO supports IP Version 4 traffic and protocols only.
•
The Hot Standby Routing Protocol (HSRP) is not SSO-aware, meaning state information is not maintained between the active and standby supervisor engine during normal operation. HSRP and SSO can coexist but both features work independently. Traffic that relies on HSRP may switch to the HSRP standby in the event of a supervisor switchover.
•
The Gateway Load Balancing Protocol (GLBP) is not SSO-aware, meaning state information is not maintained between the active and standby supervisor engine during normal operation. GLBP and SSO can coexist but both features work independently. Traffic that relies on GLBP may switch to the GLBP standby in the event of a Supervisor switchover.
•
The Virtual Redundancy Routing Protocols (VRRP) is not SSO-aware, meaning state information is not maintained between the active and standby supervisor engine during normal operation. VRRP and SSO can coexist but both features work independently. Traffic that relies on VRRP may switch to the VRRP standby in the event of a supervisor switchover.
•
Multiprotocol Label Switching (MPLS) is not suported with Cisco NSF with SSO; however, MPLS and NSF with SSO can coexist. If NSF with SSO is configured in the same chassis with MPLS, the failover performance of MPLS protocols will be at least equivalent to RPR+ while the supported NSF with SSO protocols still retain the additional benefits of NSF with SSO.
•
All neighboring devices participating in BGP NSF must be NSF-capable and configured for BGP graceful restart.
•
OSPF NSF for virtual links is not supported.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-8
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy Supervisor Engine Configuration Synchronization
•
All OSPF networking devices on the same network segment must be NSF-aware (running an NSF software image).
•
For IETF IS-IS, all neighboring devices must be running an NSF-aware software image.
•
IPv4 Multicast NSF with SSO is supported by the PFC3 only.
•
The underlying unicast protocols must be NSF-aware in order to use multicast NSF with SSO.
•
Bidirectional forwarding detection (BFD) is not SSO-aware and is not supported by NSF with SSO.
Supervisor Engine Configuration Synchronization These sections describe supervisor engine configuration synchronization:
Note
•
Supervisor Engine Redundancy Guidelines and Restrictions, page 7-9
•
Redundancy Configuration Guidelines and Restrictions, page 7-9
Configuration changes made through SNMP are not synchronized to the redundant supervisor engine. After you configure the switch through SNMP, copy the running-config file to the startup-config file on the active supervisor engine to trigger synchronization of the startup-config file on the redundant supervisor engine.
Supervisor Engine Redundancy Guidelines and Restrictions These sections describe supervisor engine redundancy guidelines and restrictions: •
Redundancy Configuration Guidelines and Restrictions, page 7-9
•
Hardware Configuration Guidelines and Restrictions, page 7-10
•
Configuration Mode Restrictions, page 7-10
Redundancy Configuration Guidelines and Restrictions These guidelines and restrictions apply to all redundancy modes: •
With Release 12.2(18)SXD and earlier releases, when a redundant supervisor engine is in standby mode, the two Gigabit Ethernet interfaces on the redundant supervisor engine are always active.
•
With a Supervisor Engine 720 and Release 12.2(18)SXE and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on both supervisor engines, which ensures that all modules are operating in dCEF mode and simplifies switchover to the redundant supervisor engine.
•
With a Supervisor Engine 2 and Release 12.2(18)SXD1 and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on the redundant supervisor engine, which ensures that all modules are operating in dCEF mode.
•
Supervisor engine redundancy does not provide supervisor engine mirroring or supervisor engine load balancing. Only one supervisor engine is active.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-9
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
Supervisor Engine Configuration Synchronization
•
Configuration changes made through SNMP are not synchronized to the redundant supervisor engine. After you configure the switch through SNMP, copy the running-config file to the startup-config file on the active supervisor engine to trigger synchronization of the startup-config file on the redundant supervisor engine.
•
Supervisor engine switchover takes place after the failed supervisor engine completes a core dump. A core dump can take up to 15 minutes. To get faster switchover time, disable core dump on the supervisor engines.
•
With a Supervisor Engine 720 and Release 12.2(18)SXF and later releases, if a fabric synchronization error occurs, the default behavior is to switchover to the redundant supervisor engine. In some cases, a switchover to the redundant supervisor engine is more disruptive than powering down the module that caused the fabric synchronization error. Enter the no fabric error-recovery fabric-switchover command to disable the switchover and power down the module with the fabric synchronization error.
Hardware Configuration Guidelines and Restrictions For redundant operation, the following guidelines and restrictions must be met: •
Cisco IOS running on the supervisor engine and the MSFC supports redundant configurations where the supervisor engines and MSFC routers are identical. If they are not identical, one will boot first and become active and hold the other supervisor engine and MSFC in a reset condition.
•
Each supervisor engine must have the resources to run the switch on its own, which means all supervisor engine resources are duplicated, including all flash devices.
•
Make separate console connections to each supervisor engine. Do not connect a Y cable to the console ports.
•
Both supervisor engines must have the same system image (see the “Copying Files to the Redundant Supervisor Engine” section on page 7-19).
Note
•
Note
If a newly installed redundant supervisor engine has the Catalyst operating system installed, remove the active supervisor engine and boot the switch with only the redundant supervisor engine installed. Follow the procedures in the current release notes to convert the redundant supervisor engine from the Catalyst operating system.
The configuration register in the startup-config must be set to autoboot.
There is no support for booting from the network.
Configuration Mode Restrictions The following configuration restrictions apply during the startup synchronization process: •
You cannot perform configuration changes during the startup (bulk) synchronization. If you attempt to make configuration changes during this process, the following message is generated: Config mode locked out till standby initializes
•
If configuration changes occur at the same time as a supervisor engine switchover, these configuration changes are lost.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-10
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy NSF Configuration Tasks
NSF Configuration Tasks The following sections describe the configuration tasks for the NSF feature: •
Configuring SSO, page 7-11
•
Configuring Multicast MLS NSF with SSO, page 7-12
•
Verifying Multicast NSF with SSO, page 7-12
•
Configuring CEF NSF, page 7-13
•
Verifying CEF NSF, page 7-13
•
Configuring BGP NSF, page 7-13
•
Verifying BGP NSF, page 7-14
•
Configuring OSPF NSF, page 7-14
•
Verifying OSPF NSF, page 7-15
•
Configuring IS-IS NSF, page 7-16
•
Verifying IS-IS NSF, page 7-16
Configuring SSO You must configure SSO in order to use NSF with any supported protocol. To configure SSO, perform this task: Command
Purpose
Step 1
Router(config)# redundancy
Enters redundancy configuration mode.
Step 2
Router(config-red)# mode sso
Configures SSO. When this command is entered, the redundant supervisor engine is reloaded and begins to work in SSO mode.
Step 3
Router# show running-config
Verifies that SSO is enabled.
Step 4
Router# show redundancy states
Displays the operating redundancy mode.
Note
The sso keyword is supported in Release 12.2(17b)SXA and later releases. This example shows how to configure the system for SSO and display the redundancy state: Router> enable Router# configure terminal Enter configuration commands, one per line. Router(config)# redundancy Router(config-red)# mode sso Router(config-red)# end Router# show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT Mode = Duplex Unit = Primary Unit ID = 5
End with CNTL/Z.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-11
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
NSF Configuration Tasks
Redundancy Mode Redundancy Mode Split Mode Manual Swact Communications
(Operational) = sso (Configured) = sso = Disabled = Enabled = Up
client count = 29 client_notification_TMR keep_alive TMR keep_alive count keep_alive threshold RF debug mask Router#
= = = = =
30000 milliseconds 9000 milliseconds 1 18 0x0
Configuring Multicast MLS NSF with SSO Note
The commands in this section are optional and can be used to customize your configuration. For most users, the default settings are adequate. Multicast MLS NSF with SSO is on by default when SSO is selected as the redundancy mode. To configure multicast NSF with SSO parameters, perform this task:
Command
Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# mls ip multicast sso convergence-time time
Specifies the maximum time to wait for protocol convergence; valid values are from 0 to 3600 seconds.
Step 3
Router(config)# mls ip multicast sso leak interval
Specifies the packet leak interval; valid values are from 0 to 3600 seconds. For PIM sparse mode and PIM dense mode this is the period of time after which packet leaking for existing PIM sparse mode and PIM dense mode mutlitcast forwarding entries should be completed.
Step 4
Router(config)# mls ip multicast sso leak percentage
Specifies the percentage of multicast flows; valid values are from 1 to 100 percent. The value represents the percentage of the total number of existing PIM sparse mode and PIM dense mode multicast flows that should be flagged for packet leaking.
Verifying Multicast NSF with SSO To verify the multicast NSF with SSO settings, enter the show mls ip multicast sso command: router# show mls ip multicast sso Multicast SSO is enabled Multicast HA Parameters ---------------------------------------------------+------+ protocol convergence timeout 120 secs flow leak percent 10 flow leak interval 60 secs
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-12
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy NSF Configuration Tasks
Configuring CEF NSF The CEF NSF feature operates by default while the networking device is running in SSO mode. No configuration is necessary.
Verifying CEF NSF To verify that CEF is NSF-capable, enter the show cef state command: router# show cef state CEF Status [RP] CEF enabled/running dCEF enabled/running CEF switching enabled/running CEF default capabilities: Always FIB switching: yes Default CEF switching: yes Default dCEF switching: yes Update HWIDB counters: no Drop multicast packets: no . . . CEF NSF capable: yes IPC delayed func on SSO: no RRP state: I am standby RRP: no My logical slot: 0 RF PeerComm: no
Configuring BGP NSF Note
You must configure BGP graceful restart on all peer devices participating in BGP NSF. To configure BGP for NSF, perform this task (repeat this procedure on each of the BGP NSF peer devices):
Command
Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# router bgp as-number
Enables a BGP routing process, which places the router in router configuration mode.
Step 3
Router(config-router)# bgp graceful-restart
Enables the BGP graceful restart capability, starting BGP NSF. If you enter this command after the BGP session has been established, you must restart the session for the capability to be exchanged with the BGP neighbor. Use this command on the restarting router and all of its peers.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-13
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
NSF Configuration Tasks
Verifying BGP NSF To verify BGP NSF, you must check that the graceful restart function is configured on the SSO-enabled networking device and on the neighbor devices. To verify, follow these steps: Step 1
Verify that “bgp graceful-restart” appears in the BGP configuration of the SSO-enabled router by entering the show running-config command: Router# show running-config . . . router bgp 120 . . . bgp graceful-restart neighbor 10.2.2.2 remote-as 300 . . .
Step 2
Repeat step 1 on each of the BGP neighbors.
Step 3
On the SSO device and the neighbor device, verify that the graceful restart function is shown as both advertised and received, and confirm the address families that have the graceful restart capability. If no address families are listed, then BGP NSF also will not occur: router# show ip bgp neighbors x.x.x.x BGP neighbor is 192.168.2.2, remote AS YY, external link BGP version 4, remote router ID 192.168.2.2 BGP state = Established, up for 00:01:18 Last read 00:00:17, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh:advertised and received(new) Address family IPv4 Unicast:advertised and received Address famiiy IPv4 Multicast:advertised and received Graceful Restart Capabilty:advertised and received Remote Restart timer is 120 seconds Address families preserved by peer: IPv4 Unicast, IPv4 Multicast Received 1539 messages, 0 notifications, 0 in queue Sent 1544 messages, 0 notifications, 0 in queue Default minimum time between advertisement runs is 30 seconds
Configuring OSPF NSF Note
All peer devices participating in OSPF NSF must be made OSPF NSF-aware, which happens automatically once you install an NSF software image on the device.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-14
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy NSF Configuration Tasks
To configure OSPF NSF, perform this task: Command
Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# router ospf processID
Enables an OSPF routing process, which places the router in router configuration mode.
Step 3
Router(config-router)# nsf
Enables NSF operations for OSPF.
Verifying OSPF NSF To verify OSPF NSF, you must check that the NSF function is configured on the SSO-enabled networking device. To verify OSPF NSF, follow these steps: Step 1
Verify that ‘nsf’ appears in the OSPF configuration of the SSO-enabled device by entering the show running-config command: Router# show running-config router ospf 120 log-adjacency-changes nsf network 192.168.20.0 0.0.0.255 area 0 network 192.168.30.0 0.0.0.255 area 1 network 192.168.40.0 0.0.0.255 area 2 . . .
Step 2
Enter the show ip ospf command to verify that NSF is enabled on the device: router> show ip ospf Routing Process "ospf 1" with ID 192.168.2.1 and Domain ID 0.0.0.1 Supports only single TOS(TOS0) routes Supports opaque LSA SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs Number of external LSA 0. Checksum Sum 0x0 Number of opaque AS LSA 0. Checksum Sum 0x0 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 Non-Stop Forwarding enabled, last NSF restart 00:02:06 ago (took 44 secs) Area BACKBONE(0) Number of interfaces in this area is 1 (0 loopback) Area has no authentication SPF algorithm executed 3 times
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-15
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
NSF Configuration Tasks
Configuring IS-IS NSF To configure IS-IS NSF, perform this task: Command
Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# router isis [tag]
Enables an IS-IS routing process, which places the router in router configuration mode.
Step 3
Router(config-router)# nsf [cisco | ietf]
Enables NSF operation for IS-IS. Enter the ietf keyword to enable IS-IS in a homogeneous network where adjacencies with networking devices supporting IETF draft-based restartability is guaranteed. Enter the cisco keyword to run IS-IS in heterogeneous networks that might not have adjacencies with NSF-aware networking devices.
Step 4
Router(config-router)# nsf interval [minutes]
(Optional) Specifies the minimum time between NSF restart attempts. The default time between consecutive NSF restart attempts is 5 minutes.
Step 5
Router(config-router)# nsf t3 {manual [seconds] | adjacency}
(Optional) Specifies the time IS-IS will wait for the IS-IS database to synchronize before generating overloaded link-state information for itself and flooding that information out to its neighbors. The t3 keyword applies only if you selected IETF operation. When you specify adjacency, the router that is restarting obtains its wait time from neighboring devices.
Step 6
Router(config-router)# nsf interface wait seconds
(Optional) Specifies how long an IS-IS NSF restart will wait for all interfaces with IS-IS adjacencies to come up before completing the restart. The default is 10 seconds.
Verifying IS-IS NSF To verify IS-IS NSF, you must check that the NSF function is configured on the SSO-enabled networking device. To verify IS-IS NSF, follow these steps: Step 1
Verify that “nsf” appears in the IS-IS configuration of the SSO-enabled device by entering the show running-config command. The display will show either the Cisco IS-IS or the IETF IS-IS configuration. The following display indicates that the device uses the Cisco implementation of IS-IS NSF: Router# show running-config <...Output Truncated...> router isis nsf cisco <...Output Truncated...>
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-16
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy NSF Configuration Tasks
Step 2
If the NSF configuration is set to cisco, enter the show isis nsf command to verify that NSF is enabled on the device. Using the Cisco configuration, the display output will be different on the active and redundant RPs. The following display shows sample output for the Cisco configuration on the active RP. In this example, note the presence of “NSF restart enabled”: router# show isis nsf NSF is ENABLED, mode 'cisco' RP is ACTIVE, standby ready, bulk sync complete NSF interval timer expired (NSF restart enabled) Checkpointing enabled, no errors Local state:ACTIVE, Peer state:STANDBY HOT, Mode:SSO
The following display shows sample output for the Cisco configuration on the standby RP. In this example, note the presence of “NSF restart enabled”: router# show isis nsf NSF enabled, mode 'cisco' RP is STANDBY, chkpt msg receive count:ADJ 2, LSP 7 NSF interval timer notification received (NSF restart enabled) Checkpointing enabled, no errors Local state:STANDBY HOT, Peer state:ACTIVE, Mode:SSO
Step 3
If the NSF configuration is set to ietf, enter the show isis nsf command to verify that NSF is enabled on the device. The following display shows sample output for the IETF IS-IS configuration on the networking device: router# show isis nsf NSF is ENABLED, mode IETF NSF pdb state:Inactive NSF L1 active interfaces:0 NSF L1 active LSPs:0 NSF interfaces awaiting L1 CSNP:0 Awaiting L1 LSPs: NSF L2 active interfaces:0 NSF L2 active LSPs:0 NSF interfaces awaiting L2 CSNP:0 Awaiting L2 LSPs: Interface:Serial3/0/2 NSF L1 Restart state:Running NSF p2p Restart retransmissions:0 Maximum L1 NSF Restart retransmissions:3 L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF p2p Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE Interface:GigabitEthernet2/0/0 NSF L1 Restart state:Running NSF L1 Restart retransmissions:0 Maximum L1 NSF Restart retransmissions:3 L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF L2 Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE L2 NSF CSNP requested:FALSE
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-17
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
NSF Configuration Tasks
Interface:Loopback1 NSF L1 Restart state:Running NSF L1 Restart retransmissions:0 Maximum L1 NSF Restart retransmissions:3 L1 NSF ACK requested:FALSE L1 NSF CSNP requested:FALSE NSF L2 Restart state:Running NSF L2 Restart retransmissions:0 Maximum L2 NSF Restart retransmissions:3 L2 NSF ACK requested:FALSE L2 NSF CSNP requested:FALSE
Configuring EIGRP NSF To configure EIGRP NSF, perform this task: Command
Purpose
Step 1
Router# configure terminal
Enters global configuration mode.
Step 2
Router(config)# router eigrp as-number
Enables an EIGRP routing process, which places the router in router configuration mode.
Step 3
Router(config-router)# nsf
Enables EIGRP NSF. Use this command on the restarting router and all of its peers.
Verifying EIGRP NSF To verify EIGRP NSF, you must check that the NSF function is configured on the SSO-enabled networking device. To verify EIGRP NSF, follow these steps: Step 1
Verify that “nsf” appears in the EIGRP configuration of the SSO-enabled device by entering the show running-config command: Router# show running-config . . . router eigrp 100 auto-summary nsf . . .
Step 2
Enter the show ip protocols command to verify that NSF is enabled on the device: Router# show ip protocols *** IP Routing is NSF aware *** Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-18
OL-3999-08
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy Copying Files to the Redundant Supervisor Engine
EIGRP maximum hopcount 100 EIGRP maximum metric variance 1 Redistributing: eigrp 100 EIGRP NSF-aware route hold timer is 240s EIGRP NSF enabled NSF signal timer is 20s NSF converge timer is 120s Automatic network summarization is in effect Maximum path: 4 Routing for Networks: Routing Information Sources: Gateway Distance Last Update Distance: internal 90 external 170
Synchronizing the Supervisor Engine Configurations During normal operation, the startup-config and config-registers configurations are synchronized by default between the two supervisor engines. In a switchover, the new active supervisor engine uses the current configuration.
Copying Files to the Redundant Supervisor Engine Enter this command to copy a file to the disk0: device on a redundant supervisor engine: Router# copy source_device:source_filename slavedisk0:target_filename
Enter this command to copy a file to the bootflash: device on a redundant supervisor engine: Router# copy source_device:source_filename slavesup-bootflash:target_filename
Enter this command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
7-19
Chapter 7
Configuring NSF with SSO Supervisor Engine Redundancy
Copying Files to the Redundant Supervisor Engine
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
7-20
OL-3999-08
C H A P T E R
8
Configuring SRM with SSO Supervisor Engine Redundancy This chapter describes how to configure Supervisor Engine 720 redundancy using single router mode (SRM) with stateful switchover (SSO).
Note
•
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
Release 12.2(18)SXD and later releases support nonstop forwarding (NSF) with stateful switchover (SSO) on Supervisor Engine 720 and Supervisor Engine 2 (see Chapter 7, “Configuring NSF with SSO Supervisor Engine Redundancy”).
•
Release 12.2(17b)SXA, rebuilds of Release 12.2(17b)SXA, Release 12.2(17d)SXB, and rebuilds of Release 12.2(17d)SXB support SRM with SSO on Supervisor Engine 720.
•
Supervisor Engine 2 does not support SRM with SSO.
•
Release 12.2(18)SXD and later releases do not support SRM with SSO.
•
All releases support RPR and RPR+ (see Chapter 9, “Configuring RPR and RPR+ Supervisor Engine Redundancy”).
This chapter consists of these sections: •
Understanding SRM with SSO, page 8-1
•
Supervisor Engine 720 Redundancy Guidelines and Restrictions, page 8-4
•
Configuring Supervisor Engine 720 Redundancy, page 8-6
•
Copying Files to the Redundant Supervisor Engine, page 8-8
Understanding SRM with SSO These sections describe Supervisor Engine 720 redundancy using SRM with SSO: •
Supervisor Engine Redundancy Overview, page 8-2
•
SRM with SSO Operation, page 8-2
•
Supervisor Engine 720 Configuration Synchronization, page 8-4
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
8-1
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy
Understanding SRM with SSO
Supervisor Engine Redundancy Overview Note
With Release 12.2(18)SXD and earlier releases, the two Gigabit Ethernet interfaces on a redundant Supervisor Engine 720 are always active. Catalyst 6500 series switches support fault resistance by allowing a redundant Supervisor Engine 720 to take over if the primary Supervisor Engine 720 fails. Catalyst 6500 series switches support these redundancy modes: •
Route processor redundancy (RPR): – Supports a switchover time of 2 or more minutes (see Chapter 7, “Configuring NSF with SSO
Supervisor Engine Redundancy”). – Supported on Supervisor Engine 720 and Supervisor Engine 2. •
Route processor redundancy plus (RPR+): – Supports a switchover time of 30 or more seconds (see Chapter 7, “Configuring NSF with SSO
Supervisor Engine Redundancy”). – Supported on Supervisor Engine 720 and Supervisor Engine 2. •
Single router mode with stateful switchover (SRM with SSO): – Supports a switchover time of 1 or more seconds. – Supported on Supervisor Engine 720. – Not supported on Supervisor Engine 2.
•
Nonstop Forwarding (NSF) with SSO: – Supported on Supervisor Engine 720 and Supervisor Engine 2. – See Chapter 7, “Configuring NSF with SSO Supervisor Engine Redundancy.”
The following events cause a switchover: •
A hardware failure on the active Supervisor Engine 720
•
Clock synchronization failure between Supervisor Engine 720s
•
A manual switchover
SRM with SSO Operation Caution
Note
To avoid reloads with software releases where caveat CSCed17605 is not resolved, do not configure the SSO with SRM redundancy mode with a WS-SVC-IPSEC-1 module installed. Caveat CSCed17605 is resolved in Release 12.2(17d)SXB and later releases.
SRM with SSO redundancy mode does not support MPLS. If you configure MPLS, use the RPR+ redundancy mode.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
8-2
OL-3999-08
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy Understanding SRM with SSO
When the switch is powered on, SRM with SSO runs between the two Supervisor Engine 720s. The Supervisor Engine 720 that boots first becomes the active Supervisor Engine 720. The Multilayer Switch Feature Card 3 MSFC3 and Policy Feature Card 3 PFC3 become fully operational. The configuration of the redundant Supervisor Engine 720 and MSFC3 is exactly the same as the active Supervisor Engine 720 and MSFC3. Processes such as routing protocols are created on both the active MSFC3 and the redundant MSFC3. The redundant Supervisor Engine 720 is fully initialized and configured, which shortens the switchover time. The active Supervisor Engine 720 checks the image version of the redundant Supervisor Engine 720 when the redundant Supervisor Engine 720 comes online. If the image on the redundant Supervisor Engine 720 does not match the image on the active Supervisor Engine 720, RPR redundancy mode is used. If the active Supervisor Engine 720 or MSFC3 fails, the redundant Supervisor Engine 720 and MSFC3 become active. The newly active Supervisor Engine 720 uses the existing PFC3 Layer 3 switching information to forward traffic while the newly active MSFC3 builds its routing table. SRM with SSO supports the following features: •
Auto-startup and bootvar synchronization between active and redundant Supervisor Engine 720s.
•
Hardware signals that detect and decide the active or redundant status of Supervisor Engine 720s.
•
Clock synchronization every 60 seconds from the active to the redundant Supervisor Engine 720.
•
An operational Supervisor Engine 720 present in place of the failed unit becomes the redundant Supervisor Engine 720.
•
Installed modules are not reloaded—Because both the startup configuration and the running configuration are continually synchronized from the active to the redundant Supervisor Engine 720, installed modules are not reloaded during a switchover.
•
Online insertion and removal (OIR) of the redundant Supervisor Engine 720—SRM with SSO allows OIR of the redundant Supervisor Engine 720 for maintenance. When the redundant Supervisor Engine 720 is inserted, the active Supervisor Engine 720 detects its presence and begins to transition the redundant Supervisor Engine 720 to a fully initialized state.
•
Synchronization of OIR events.
•
Manual user-initiated switchover using the redundancy force-switchover command.
SRM with SSO supports stateful switchover of these Layer 2 features: •
Link negotiation
•
Flow control
•
VLANs
•
VTP
•
VLAN trunks
•
DTP
•
STP
•
PAgP/LACP
•
CDP
•
UDLD
•
SPAN/RSPAN
•
Voice VLAN and inline power
•
802.1x
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
8-3
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy
Supervisor Engine 720 Redundancy Guidelines and Restrictions
•
802.1Q
•
Port security
•
MAC move notification
•
Traffic storm control
•
IEEE 802.1Q tunneling
•
Layer 2 protocol tunneling
•
ARP
•
Bridge groups
•
IGMP snooping
Supervisor Engine 720 Configuration Synchronization Note
Configuration changes made through SNMP are not synchronized to the redundant Supervisor Engine 720. After you configure the switch through SNMP, copy the running-config file to the startup-config file on the active Supervisor Engine 720 to trigger synchronization of the startup-config file on the redundant Supervisor Engine 720 and with SRM with SSO or RPR+, reload the redundant Supervisor Engine 720 and MSFC3. With SRM with SSO mode, the following operations trigger configuration synchronization: •
When a redundant Supervisor Engine 720 first comes online, the startup-config file is copied from the active Supervisor Engine 720 to the redundant Supervisor Engine 720. This synchronization overwrites any existing startup configuration file on the redundant Supervisor Engine 720.
•
When configuration changes occur during normal operation, redundancy performs an incremental synchronization from the active Supervisor Engine 720 to the redundant Supervisor Engine 720. Redundancy synchronizes user-entered CLI commands incrementally line-by-line from the active Supervisor Engine 720 to the redundant Supervisor Engine 720.
Even though the redundant Supervisor Engine 720 is fully initialized, it only interacts with the active Supervisor Engine 720 to receive incremental changes to the configuration files as they occur. You cannot enter CLI commands on the redundant Supervisor Engine 720.
Supervisor Engine 720 Redundancy Guidelines and Restrictions These sections describe Supervisor Engine 720 redundancy guidelines and restrictions: •
Redundancy Guidelines and Restrictions, page 8-5
•
Hardware Configuration Guidelines and Restrictions, page 8-5
•
Configuration Mode Restrictions, page 8-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
8-4
OL-3999-08
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy Supervisor Engine 720 Redundancy Guidelines and Restrictions
Redundancy Guidelines and Restrictions When configuring SRM with SSO, follow these guidelines and restrictions: •
With Release 12.2(18)SXD and eralier releases, the two Gigabit Ethernet interfaces on a redundant Supervisor Engine 720 are always active.
•
Supervisor engine redundancy does not provide Supervisor Engine 720 mirroring or Supervisor Engine 720 load balancing. Only one Supervisor Engine 720 is active.
•
Configuration changes made through SNMP are not synchronized to the redundant Supervisor Engine 720. After you configure the switch through SNMP, copy the running-config file to the startup-config file on the active Supervisor Engine 720 to trigger synchronization of the startup-config file on the redundant Supervisor Engine 720 and with SRM with SSO, reload the redundant Supervisor Engine 720 and MSFC3.
•
Supervisor Engine 720 switchover takes place after the failed Supervisor Engine 720 completes a core dump. A core dump can take up to 15 minutes. To get faster switchover time, disable core dump on the Supervisor Engine 720s.
•
Both Supervisor Engine 720s must run the same version of Cisco IOS software. If the Supervisor Engine 720s are not running the same version of Cisco IOS software, the redundant Supervisor Engine 720 comes online in RPR mode.
•
Supervisor engine redundancy does not support nondefault VLAN data file names or locations. Do not enter the vtp file file_name command on a switch that has a redundant Supervisor Engine 720.
•
Before installing a redundant Supervisor Engine 720, enter the no vtp file command to return to the default configuration.
•
Supervisor engine redundancy does not support configuration entered in VLAN database mode. Use global configuration mode with RPR+ redundancy (see Chapter 15, “Configuring VLANs”).
Hardware Configuration Guidelines and Restrictions For redundant operation, the following guidelines and restrictions must be met: •
Cisco IOS running on the Supervisor Engine 720 and the MSFC3 supports redundant configurations where the Supervisor Engine 720s and MSFC3 routers are identical. If they are not identical, one will boot first and become active and hold the other Supervisor Engine 720 and MSFC3 in a reset condition.
•
Each Supervisor Engine 720 must have the resources to run the switch on its own, which means all Supervisor Engine 720 resources are duplicated, including all flash devices.
•
Make separate console connections to each Supervisor Engine 720. Do not connect a Y cable to the console ports.
•
Both Supervisor Engine 720s must have the same system image (see the “Copying Files to the Redundant Supervisor Engine” section on page 8-8).
Note
If a newly installed redundant Supervisor Engine 720 has the Catalyst operating system installed, remove the active Supervisor Engine 720 and boot the switch with only the redundant Supervisor Engine 720 installed. Follow the procedures in the current release notes to convert the redundant Supervisor Engine 720 from the Catalyst operating system.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
8-5
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy
Configuring Supervisor Engine 720 Redundancy
•
Note
The configuration register in the startup-config must be set to autoboot (see the “Modifying the Boot Field” section on page 3-23).
There is no support for booting from the network. With Release 12.2(17b)SXA, rebuilds of Release 12.2(17b)SXA, Release 12.2(17d)SXB, and rebuilds of Release 12.2(17d)SXB, if these requirements are met, the Supervisor Engine 720 functions in SRM with SSO mode by default.
Configuration Mode Restrictions The following configuration restrictions apply during the startup synchronization process: •
You cannot perform configuration changes during the startup (bulk) synchronization. If you attempt to make configuration changes during this process, the following message is generated: Config mode locked out till standby initializes
•
If configuration changes occur at the same time as a Supervisor Engine 720 switchover, these configuration changes are lost.
Configuring Supervisor Engine 720 Redundancy These sections describe how to configure Supervisor Engine 720 redundancy: •
Configuring SRM with SSO Redundancy, page 8-6
•
Configuring the SRM with SSO Route Convergence Interval, page 8-7
•
Synchronizing the Supervisor Engine Configurations, page 8-8
•
Displaying the Redundancy States, page 8-8
Configuring SRM with SSO Redundancy To configure SRM with SSO redundancy, perform this task: Command
Purpose
Step 1
Router(config)# redundancy
Enters redundancy configuration mode.
Step 2
Router(config-red)# mode sso
Configures SRM with SSO. When this command is entered, the redundant Supervisor Engine 720 is reloaded and begins to work in SRM with SSO mode.
Step 3
Router# show running-config
Verifies that SRM with SSO is enabled.
Step 4
Router# show redundancy states
Displays the operating redundancy mode.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
8-6
OL-3999-08
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy Configuring Supervisor Engine 720 Redundancy
When configuring redundancy, note the following: •
The sso keyword is supported on Supervisor Engine 720 in Release 12.2(17b)SXA, rebuilds of Release 12.2(17b)SXA, Release 12.2(17d)SXB, and rebuilds of Release 12.2(17d)SXB.
•
The sso keyword is not supported on Supervisor Engine 2 in Release 12.2(17b)SXA, rebuilds of Release 12.2(17b)SXA, Release 12.2(17d)SXB, and rebuilds of Release 12.2(17d)SXB.
This example shows how to configure the system for SRM with SSO and display the redundancy state: Router> enable Router# configure terminal Enter configuration commands, one per line. Router(config)# redundancy Router(config-red)# mode sso Router(config-red)# end Router# show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT Mode = Duplex Unit = Primary Unit ID = 5 Redundancy Mode Redundancy Mode Split Mode Manual Swact Communications
End with CNTL/Z.
(Operational) = Stateful Switchover (Configured) = Stateful Switchover = Disabled = Enabled = Up
client count = 29 client_notification_TMR keep_alive TMR keep_alive count keep_alive threshold RF debug mask Router#
= = = = =
30000 milliseconds 9000 milliseconds 1 18 0x0
Configuring the SRM with SSO Route Convergence Interval After a switchover, SRM with SSO uses the existing PFC3 Layer 3 switching information to forward traffic while the newly active MSFC3 builds its routing table. You can configure how long the newly active PFC3 waits before purging the existing PFC3 Layer 3 switching information. To configure the SRM with SSO route convergence interval, perform this task: Command
Purpose
Step 1
Router(config)# redundancy
Enters redundancy configuration mode.
Step 2
Router(config-red)# route-converge-interval interval_seconds
Configures the SRM with SSO route convergence interval. Valid values for interval_seconds are from 60 to 3600 seconds.
Router(config-red)# no route-converge-interval
Returns to the default route convergence interval (120 seconds).
Router# show running-config
Verifies the configuration.
Step 3
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
8-7
Chapter 8
Configuring SRM with SSO Supervisor Engine Redundancy
Copying Files to the Redundant Supervisor Engine
Synchronizing the Supervisor Engine Configurations During normal operation, the startup-config and config-registers configuration are synchronized by default between the two Supervisor Engine 720s. In a switchover, the new active Supervisor Engine 720 uses the current configuration.
Displaying the Redundancy States To display the redundancy states, perform this task: Command
Purpose
Router# show redundancy states
Displays the redundancy states.
This example shows how to display the redundancy states: Router# show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT Mode = Duplex Unit = Primary Unit ID = 1 Redundancy Mode Redundancy Mode Split Mode Manual Swact Communications
(Operational) = Route Processor Redundancy Plus (Configured) = Route Processor Redundancy Plus = Disabled = Enabled = Up
client count = 11 client_notification_TMR keep_alive TMR keep_alive count keep_alive threshold RF debug mask
= = = = =
30000 milliseconds 9000 milliseconds 0 18 0x0
Router#
Copying Files to the Redundant Supervisor Engine Use the following command to copy a file to the disk0: device on a redundant Supervisor Engine 720: Router# copy source_device:source_filename slavedisk0:target_filename
Use the following command to copy a file to the bootflash: device on a redundant Supervisor Engine 720: Router# copy source_device:source_filename slavesup-bootflash:target_filename
Use the following command to copy a file to the bootflash: device on a redundant MSFC3: Router# copy source_device:source_filename slavebootflash:target_filename
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
8-8
OL-3999-08
C H A P T E R
9
Configuring RPR and RPR+ Supervisor Engine Redundancy This chapter describes how to configure supervisor engine redundancy using route processor redundancy (RPR) and RPR+.
Note
•
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
All releases support RPR and RPR+.
•
With Release 12.2(18)SXE and later releases, RPR and RPR+ support IPv6 multicast traffic.
•
Release 12.2(18)SXD and later releases support nonstop forwarding (NSF) with stateful switchover (SSO) on all supervisor engines (see Chapter 7, “Configuring NSF with SSO Supervisor Engine Redundancy”).
•
Release 12.2(17b)SXA, rebuilds of Release 12.2(17b)SXA, Release 12.2(17d)SXB, and rebuilds of Release 12.2(17d)SXB support SRM with SSO on Supervisor Engine 720 (see Chapter 8, “Configuring SRM with SSO Supervisor Engine Redundancy”).
•
Release 12.2(18)SXD and later releases do not support SRM with SSO.
This chapter consists of these sections: •
Understanding RPR and RPR+, page 9-1
•
Supervisor Engine Redundancy Guidelines and Restrictions, page 9-4
•
Configuring Supervisor Engine Redundancy, page 9-7
•
Performing a Fast Software Upgrade, page 9-8
•
Copying Files to an MSFC, page 9-10
Understanding RPR and RPR+ These sections describe supervisor engine redundancy using RPR and RPR+: •
Supervisor Engine Redundancy Overview, page 9-2
•
RPR Operation, page 9-2
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
9-1
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy
Understanding RPR and RPR+
•
RPR+ Operation, page 9-3
•
Supervisor Engine Configuration Synchronization, page 9-4
Supervisor Engine Redundancy Overview Note
•
With Release 12.2(18)SXD and earlier releases, when a redundant supervisor engine is in standby mode, the two Gigabit Ethernet interfaces on the redundant supervisor engine are always active.
•
With a Supervisor Engine 720 and Release 12.2(18)SXE and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on both supervisor engines, which ensures that all modules are operating in dCEF mode and simplifies switchover to the redundant supervisor engine. (CSCec05612)
•
With a Supervisor Engine 2 and Release 12.2(18)SXD1 and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on the redundant supervisor engine, which ensures that all modules are operating in dCEF mode. (CSCec05612)
Catalyst 6500 series switches support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. Catalyst 6500 series switches support these redundancy modes: •
RPR—Supports a switchover time of 2 or more minutes.
•
Route processor redundancy plus (RPR+)—Supports a switchover time of 30 or more seconds.
The following events cause a switchover: •
A hardware failure on the active supervisor engine
•
Clock synchronization failure between supervisor engines
•
A manual switchover
RPR Operation RPR supports the following features: •
Auto-startup and bootvar synchronization between active and redundant supervisor engines
•
Hardware signals that detect and decide the active or redundant status of supervisor engines
•
Clock synchronization every 60 seconds from the active to the redundant supervisor engine
•
A redundant supervisor engine that is booted but not all subsystems are up: if the active supervisor engine fails, the redundant supervisor engine become fully operational
•
An operational supervisor engine present in place of the failed unit becomes the redundant supervisor engine
•
Support for fast software upgrade (FSU) (See the “Performing a Fast Software Upgrade” section on page 9-8.)
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
9-2
OL-3999-08
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy Understanding RPR and RPR+
When the switch is powered on, RPR runs between the two supervisor engines. The supervisor engine that boots first becomes the RPR active supervisor engine. The Multilayer Switch Feature Card and Policy Feature Card become fully operational. The MSFC and PFC on the redundant supervisor engine come out of reset but are not operational. In a switchover, the redundant supervisor engine become fully operational and the following occurs:
Note
•
All switching modules power up again
•
Remaining subsystems on the MSFC (including Layer 2 and Layer 3 protocols) are brought up
•
Access control lists (ACLs) are reprogrammed into supervisor engine hardware
In a switchover, there is a disruption of traffic because some address states are lost and then restored after they are dynamically redetermined.
RPR+ Operation When RPR+ mode is used, the redundant supervisor engine is fully initialized and configured, which shortens the switchover time. The active supervisor engine checks the image version of the redundant supervisor engine when the redundant supervisor engine comes online. If the image on the redundant supervisor engine does not match the image on the active supervisor engine, RPR redundancy mode is used. With RPR+, the redundant supervisor engine is fully initialized and configured, which shortens the switchover time if the active supervisor engine fails or if a manual switchover is performed. When the switch is powered on, RPR+ runs between the two supervisor engines. The supervisor engine that boots first becomes the active supervisor engine. The Multilayer Switch Feature Card and Policy Feature Card become fully operational. The MSFC and PFC on the redundant supervisor engine come out of reset but are not operational. RPR+ enhances RPR by providing the following additional benefits: •
Reduced switchover time Depending on the configuration, the switchover time is 30 or more seconds.
•
Installed modules are not reloaded Because both the startup configuration and the running configuration are continually synchronized from the active to the redundant supervisor engine, installed modules are not reloaded during a switchover.
•
Online insertion and removal (OIR) of the redundant supervisor engine RPR+ allows OIR of the redundant supervisor engine for maintenance. When the redundant supervisor engine is inserted, the active supervisor engine detects its presence and begins to transition the redundant supervisor engine to fully initialized state.
•
Synchronization of OIR events
•
Manual user-initiated switchover using the redundancy force-switchover command
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
9-3
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy
Supervisor Engine Redundancy Guidelines and Restrictions
Supervisor Engine Configuration Synchronization These sections describe supervisor engine configuration synchronization:
Note
•
RPR Supervisor Engine Configuration Synchronization, page 9-4
•
RPR+ Supervisor Engine Configuration Synchronization, page 9-4
Configuration changes made through SNMP are not synchronized to the redundant supervisor engine. After you configure the switch through SNMP, copy the running-config file to the startup-config file on the active supervisor engine to trigger synchronization of the startup-config file on the redundant supervisor engine and with RPR+, reload the redundant supervisor engine and MSFC.
RPR Supervisor Engine Configuration Synchronization During RPR mode operation, the startup-config files and the config-register configurations are synchronized by default between the two supervisor engines. In a switchover, the new active supervisor engine uses the current configuration.
RPR+ Supervisor Engine Configuration Synchronization With RPR+ mode, the following operations trigger configuration synchronization: •
When a redundant supervisor engine first comes online, the startup-config file is copied from the active supervisor engine to the redundant supervisor engine. This synchronization overwrites any existing startup configuration file on the redundant supervisor engine.
•
When configuration changes occur during normal operation, redundancy performs an incremental synchronization from the active supervisor engine to the redundant supervisor engine. Redundancy synchronizes user-entered CLI commands incrementally line-by-line from the active supervisor engine to the redundant supervisor engine.
Even though the redundant supervisor engine is fully initialized, it only interacts with the active supervisor engine to receive incremental changes to the configuration files as they occur. You cannot enter CLI commands on the redundant supervisor engine.
Supervisor Engine Redundancy Guidelines and Restrictions These sections describe supervisor engine redundancy guidelines and restrictions: •
Redundancy Guidelines and Restrictions, page 9-5
•
RPR+ Guidelines and Restrictions, page 9-5
•
Hardware Configuration Guidelines and Restrictions, page 9-6
•
Configuration Mode Restrictions, page 9-6
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
9-4
OL-3999-08
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy Supervisor Engine Redundancy Guidelines and Restrictions
Redundancy Guidelines and Restrictions These guidelines and restrictions apply to RPR and RPR+ redundancy modes: •
With Release 12.2(18)SXD and earlier releases, when a redundant supervisor engine is in standby mode, the two Gigabit Ethernet interfaces on the redundant supervisor engine are always active.
•
With a Supervisor Engine 720 and Release 12.2(18)SXE and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on both supervisor engines, which ensures that all modules are operating in dCEF mode and simplifies switchover to the redundant supervisor engine. (CSCec05612)
•
With a Supervisor Engine 2 and Release 12.2(18)SXD1 and later releases, if all the installed switching modules have DFCs, enter the fabric switching-mode allow dcef-only command to disable the Ethernet ports on the redundant supervisor engine, which ensures that all modules are operating in dCEF mode. (CSCec05612)
•
Supervisor engine redundancy does not provide supervisor engine mirroring or supervisor engine load balancing. Only one supervisor engine is active.
•
Configuration changes made through SNMP are not synchronized to the redundant supervisor engine. After you configure the switch through SNMP, copy the running-config file to the startup-config file on the active supervisor engine to trigger synchronization of the startup-config file on the redundant supervisor engine and with RPR+, reload the redundant supervisor engine and MSFC.
•
Supervisor engine switchover takes place after the failed supervisor engine completes a core dump. A core dump can take up to 15 minutes. To get faster switchover time, disable core dump on the supervisor engines.
RPR+ Guidelines and Restrictions These guidelines and restrictions apply to RPR+: •
Network services are disrupted until the redundant supervisor engine takes over and the switch recovers.
•
The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed traffic is interrupted until route tables reconverge.
•
Static IP routes are maintained across a switchover because they are configured from entries in the configuration file.
•
Information about dynamic states maintained on the active supervisor engine is not synchronized to the redundant supervisor engine and is lost on switchover. These are examples of dynamic state information that is lost at switchover: – Frame Relay Switched Virtual Circuits (SVCs)
Note
Frame Relay-switched DLCI information is maintained across a switchover because Frame Relay-switched DLCI configuration is in the configuration file.
– All terminated PPP sessions – All ATM SVC information – All terminated TCP and other connection-oriented Layer 3 and Layer 4 sessions
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
9-5
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy
Supervisor Engine Redundancy Guidelines and Restrictions
– BGP sessions – All Automatic Protection System (APS) state information •
Both supervisor engines must run the same version of Cisco IOS software. If the supervisor engines are not running the same version of Cisco IOS software, the redundant supervisor engine comes online in RPR mode.
•
Supervisor engine redundancy does not support nondefault VLAN data file names or locations. Do not enter the vtp file file_name command on a switch that has a redundant supervisor engine.
•
Before installing a redundant supervisor engine, enter the no vtp file command to return to the default configuration.
•
Supervisor engine redundancy does not support configuration entered in VLAN database mode. Use global configuration mode with RPR+ redundancy (see Chapter 15, “Configuring VLANs”).
Hardware Configuration Guidelines and Restrictions For redundant operation, the following guidelines and restrictions must be met: •
Cisco IOS running on the supervisor engine and the MSFC supports redundant configurations where the supervisor engines and MSFC routers are identical. If they are not identical, one will boot first and become active and hold the other supervisor engine and MSFC in a reset condition.
•
Each supervisor engine must have the resources to run the switch on its own, which means all supervisor engine resources are duplicated, including all flash devices.
•
Make separate console connections to each supervisor engine. Do not connect a Y cable to the console ports.
•
Both supervisor engines must have the same system image (see the “Copying Files to an MSFC” section on page 9-10).
Note
•
Note
If a newly installed redundant supervisor engine has the Catalyst operating system installed, remove the active supervisor engine and boot the switch with only the redundant supervisor engine installed. Follow the procedures in the current release notes to convert the redundant supervisor engine from the Catalyst operating system.
The configuration register in the startup-config must be set to autoboot (see the “Modifying the Boot Field” section on page 3-23).
There is no support for booting from the network. With releases earlier than Release 12.2(17b)SXA, if these requirements are met, the switch functions in RPR+ mode by default.
Configuration Mode Restrictions The following configuration restrictions apply during the startup synchronization process: •
You cannot perform configuration changes during the startup (bulk) synchronization. If you attempt to make configuration changes during this process, the following message is generated: Config mode locked out till standby initializes
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
9-6
OL-3999-08
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy Configuring Supervisor Engine Redundancy
•
If configuration changes occur at the same time as a supervisor engine switchover, these configuration changes are lost.
Configuring Supervisor Engine Redundancy These sections describe how to configure supervisor engine redundancy: •
Configuring Redundancy, page 9-7
•
Synchronizing the Supervisor Engine Configurations, page 9-8
•
Displaying the Redundancy States, page 9-8
Configuring Redundancy To configure redundancy, perform this task: Command
Purpose
Step 1
Router(config)# redundancy
Enters redundancy configuration mode.
Step 2
Router(config-red)# mode { rpr | rpr-plus}
Configures RPR or RPR+. When this command is entered, the redundant supervisor engine is reloaded and begins to work in RPR or RPR+ mode.
Step 3
Router# show running-config
Verifies that RPR or RPR+ is enabled.
Step 4
Router# show redundancy states
Displays the operating redundancy mode.
This example shows how to configure the system for RPR+ and display the redundancy state: Router> enable Router# configure terminal Enter configuration commands, one per line. Router(config)# redundancy Router(config-red)# mode rpr-plus Router(config-red)# end Router# show redundancy states my state = 13 -ACTIVE peer state = 1 -DISABLED Mode = Simplex Unit = Primary Unit ID = 1 Redundancy Mode Redundancy Mode Split Mode Manual Swact Communications
End with CNTL/Z.
(Operational) = Route Processor Redundancy Plus (Configured) = Route Processor Redundancy Plus = Disabled = Disabled Reason: Simplex mode = Down Reason: Simplex mode
client count = 11 client_notification_TMR keep_alive TMR keep_alive count keep_alive threshold RF debug mask
= = = = =
30000 milliseconds 4000 milliseconds 0 7 0x0
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
9-7
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy
Performing a Fast Software Upgrade
Router#
Synchronizing the Supervisor Engine Configurations During normal operation, the startup-config and config-registers configuration are synchronized by default between the two supervisor engines. In a switchover, the new active supervisor engine uses the current configuration.
Note
Do not change the default auto-sync configuration.
Displaying the Redundancy States To display the redundancy states, perform this task: Command
Purpose
Router# show redundancy states
Displays the redundancy states.
This example shows how to display the redundancy states: Router# show redundancy states my state = 13 -ACTIVE peer state = 8 -STANDBY HOT Mode = Duplex Unit = Primary Unit ID = 1 Redundancy Mode Redundancy Mode Split Mode Manual Swact Communications
(Operational) = Route Processor Redundancy Plus (Configured) = Route Processor Redundancy Plus = Disabled = Enabled = Up
client count = 11 client_notification_TMR keep_alive TMR keep_alive count keep_alive threshold RF debug mask
= = = = =
30000 milliseconds 9000 milliseconds 0 18 0x0
Router#
Performing a Fast Software Upgrade The fast software upgrade (FSU) procedure supported by RPR allows you to upgrade the Cisco IOS image on the supervisor engines without reloading the system.
Note
If you are performing a first-time upgrade to RPR from EHSA, you must reload both supervisor engines. FSU from EHSA is not supported.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
9-8
OL-3999-08
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy Performing a Fast Software Upgrade
To perform an FSU, perform this task:
Step 1
Command
Purpose
Router# copy source_device:source_filename {disk0
Copies the new Cisco IOS image to the disk0: device or the disk1: device on the active supervisor engine.
| disk1}:target_filename
Or: Router# copy source_device:source_filename sup-bootflash:target_filename
Copies the new Cisco IOS image to the bootflash: device on the active supervisor engine.
Or: Router# copy source_device:source_filename {slavedisk0 | slavedisk1}:target_filename
Copies the new Cisco IOS image to the disk0: device or the disk1: device on the redundant supervisor engine.
Or: Router# copy source_device:source_filename slavesup-bootflash:target_filename
Copies the new Cisco IOS image to the bootflash: device on the redundant supervisor engine.
Step 2
Router# config terminal Router(config)# config-register 0x2102 Router(config)# boot system flash device:file_name
Configures the supervisor engines to boot the new image.
Step 3
Router# copy running-config start-config
Saves the configuration.
Step 4
Router# hw-module {module num} reset
Reloads the redundant supervisor engine and brings it back online (running the new version of the Cisco IOS software). Note
Step 5
Router# redundancy force-switchover
Before reloading the redundant supervisor engine, make sure you wait long enough to ensure that all configuration synchronization changes have completed.
Conducts a manual switchover to the redundant supervisor engine. The redundant supervisor engine becomes the new active supervisor engine running the new Cisco IOS image. The modules are reloaded and the module software is downloaded from the new active supervisor engine. The old active supervisor engine reboots with the new image and becomes the redundant supervisor engine. Note
To perform an EHSA to RPR FSU, use the reload command in Step 5.
This example shows how to perform an FSU: Router# config terminal Router(config)# config-register 0x2102 Router(config)# boot system flash disk0:image_name Router# copy running-config start-config Router# hw-module reset Router# redundancy force-switchover Router#
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
9-9
Chapter 9
Configuring RPR and RPR+ Supervisor Engine Redundancy
Copying Files to an MSFC
Copying Files to an MSFC Use the following command to copy a file to the bootflash: device on an active MSFC: Router# copy source_device:source_filename bootflash:target_filename
Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
9-10
OL-3999-08
C H A P T E R
10
Configuring Interfaces This chapter describes how to configure interfaces on the Catalyst 6500 series switches. This chapter consists of these sections:
Note
•
Understanding Interface Configuration, page 10-1
•
Using the Interface Command, page 10-2
•
Configuring a Range of Interfaces, page 10-4
•
Defining and Using Interface-Range Macros, page 10-5
•
Configuring Optional Interface Features, page 10-6
•
Understanding Online Insertion and Removal, page 10-16
•
Monitoring and Maintaining Interfaces, page 10-16
•
Checking the Cable Status Using the TDR, page 10-19
For complete syntax and usage information for the commands used in this chapter, refer to these publications: •
The Catalyst 6500 Series Switch Cisco IOS Command Reference, Release 12.2SX at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/cmdref/index.htm
•
The Release 12.2 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm
Understanding Interface Configuration Many features in the software are enabled on a per-interface basis. When you enter the interface command, you must specify the following information: •
Interface type: – Ethernet (use the ethernet keyword) – Fast Ethernet (use the fastethernet keyword) – Gigabit Ethernet (use the gigabitethernet keyword) – 10-Gigabit Ethernet (use the tengigabitethernet keyword)
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
10-1
Chapter 10
Configuring Interfaces
Using the Interface Command
Note
For WAN interfaces, refer to the configuration note for the WAN module.
•
Slot number—The slot in which the module is installed. On the Catalyst 6500 series switch, slots are numbered starting with 1, from top to bottom.
•
Port number—The physical port number on the module. On the Catalyst 6500 series switch, the port numbers always begin with 1. When facing the rear of the switch, ports are numbered from the left to the right.
You can identify ports from the physical location. You also can use show commands to display information about a specific port, or all the ports.
Using the Interface Command Note
You use the commands described in this section to configure both physical ports and logical interfaces. These procedures apply to all interface configuration processes. Begin the interface configuration process in global configuration mode. To use the interface command, follow these steps:
Step 1
Enter the configure terminal command at the privileged EXEC prompt to enter global configuration mode: Router# configure terminal Enter configuration commands, one per line. Router(config)#
Step 2
End with CNTL/Z.
In the global configuration mode, enter the interfaces command. Identify the interface type and the number of the connector or interface card. The following example shows how to select Fast Ethernet, slot 5, interface 1: Router(config)# interfaces fastethernet 5/1 Router(config-if)#
Step 3
Enter the show interfaces EXEC command to see a list of all interfaces that are installed. A report is provided for each interface that the device supports, as shown in this display: Router# show interfaces fastethernet 5/48 FastEthernet5/48 is up, line protocol is up Hardware is C6k 100Mb 802.3, address is 0050.f0ac.3083 (bia 0050.f0ac.3083) Internet address is 172.20.52.18/27 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue :0/40 (size/max) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 4834677 packets input, 329545368 bytes, 0 no buffer Received 4796465 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
10-2
OL-3999-08
Chapter 10
Configuring Interfaces Using the Interface Command
51926 packets output, 15070051 bytes, 0 underruns 0 output errors, 2 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router#
Step 4
Enter the show hardware EXEC command to see a list of the system software and hardware: Router# show hardware Cisco Internetwork Operating System Software IOS (tm) c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(5c)EX, EARLY DEPLOY) Synced to mainline version: 12.1(5c) TAC:Home:Software:Ios General:CiscoIOSRoadmap:12.1 Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Wed 28-Mar-01 17:52 by hqluong Image text-base: 0x30008980, data-base: 0x315D0000 ROM: System Bootstrap, Version 12.1(3r)E2, RELEASE SOFTWARE (fc1) BOOTFLASH: c6sup2_rp Software (c6sup2_rp-JSV-M), Version 12.1(5c)EX, EARLY DEPL) Router uptime is 2 hours, 55 minutes System returned to ROM by power-on (SP by power-on) Running default software cisco Catalyst 6000 (R7000) processor with 114688K/16384K bytes of memory. Processor board ID SAD04430J9K R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache Last reset from power-on Bridging software. X.25 software, Version 3.0.0. SuperLAT software (copyright 1990 by Meridian Technology Corp). TN3270 Emulation software. 1 Virtual Ethernet/IEEE 802.3 interface(s) 48 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2 Router#
Step 5
To begin configuring Fast Ethernet port 5/5, enter the interface keyword, interface type, and slot number/port number at the privileged EXEC prompt, as shown in the following example: Router# configure terminal Enter configuration commands, one per line. Router(config)# interface fastethernet 5/5 Router(config-if)#
Note
Step 6
End with CNTL/Z.
You do not need to add a space between the interface type and interface number. For example, in the preceding line you can specify either fastethernet 5/5 or fastethernet5/5.
After each interface command, enter the interface configuration commands your particular interface requires. The commands you enter define the protocols and applications that will run on the interface. The commands are collected and applied to the interface command until you enter another interface command or press Ctrl-Z to get out of interface configuration mode and return to privileged EXEC mode.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
10-3
Chapter 10
Configuring Interfaces
Configuring a Range of Interfaces
Step 7
After you configure an interface, check its status by using the EXEC show commands listed in “Monitoring and Maintaining Interfaces” section on page 10-16.
Configuring a Range of Interfaces The interface-range configuration mode allows you to configure multiple interfaces with the same configuration parameters. After you enter the interface-range configuration mode, all command parameters you enter are attributed to all interfaces within that range until you exit out of the interface-range configuration mode. To configure a range of interfaces with the same configuration, perform this task: Command
Purpose
Router(config)# [no] interface range {{vlan vlan_ID - vlan_ID [, vlan vlan_ID - vlan_ID]} | {type1 slot/port - port [, type1 slot/port - port]} | {macro_name [, macro_name]}}
Selects the range of interfaces to be configured.
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
When configuring a range of interfaces, note the following information:
Note
•
For information about macros, see the “Defining and Using Interface-Range Macros” section on page 10-5.
•
You can enter up to five comma-separated ranges.
•
You are not required to enter spaces before or after the comma.
•
With releases earlier than Release 12.2(18)SXE, you must add a space between the interface numbers and the dash when using the interface range command. For example, interface range fastethernet 1 - 5 is valid syntax; interface range fastethernet 1-5 is invalid.
•
With Release 12.2(18)SXE and later releases, you do not need to add a space between the interface numbers and the dash when using the interface range command.
•
With releases earlier than Release 12.2(18)SXD, the no interface range command does not support VLAN interfaces.
•
With Release 12.2(18)SXD and later releases, the no interface range command supports VLAN interfaces.
•
With releases earlier than Release 12.2(18)SXD, for VLAN interfaces, the interface range command supports only those VLAN interfaces for which Layer 2 VLANs have been created with the interface vlan command (the show running-configuration command displays the configured VLAN interfaces). The interface range command does not support VLAN interfaces that are not displayed by the show running-configuration command.
•
With Release 12.2(18)SXD and later releases, the interface range command supports VLAN interfaces for which Layer 2 VLANs have not been created with the interface vlan command.
The link state messages (LINK-3-UPDOWN and LINEPROTO-5-UPDOWN) are disabled by default. Enter the logging event link status command on each interface where you want the messages enabled.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
10-4
OL-3999-08
Chapter 10
Configuring Interfaces Defining and Using Interface-Range Macros
This example shows how to reenable all Fast Ethernet ports 5/1 to 5/5: Router(config)# interface range fastethernet 5/1 - 5 Router(config-if)# no shutdown Router(config-if)# *Oct 6 08:24:35: %LINK-3-UPDOWN: Interface FastEthernet5/1, changed state to up *Oct 6 08:24:35: %LINK-3-UPDOWN: Interface FastEthernet5/2, changed state to up *Oct 6 08:24:35: %LINK-3-UPDOWN: Interface FastEthernet5/3, changed state to up *Oct 6 08:24:35: %LINK-3-UPDOWN: Interface FastEthernet5/4, changed state to up *Oct 6 08:24:35: %LINK-3-UPDOWN: Interface FastEthernet5/5, changed state to up *Oct 6 08:24:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 5, changed state to up *Oct 6 08:24:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 3, changed state to up *Oct 6 08:24:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 4, changed state to up Router(config-if)#
This example shows how to use a comma to add different interface type strings to the range to reenable all Fast Ethernet ports in the range 5/1 to 5/5 and both Gigabit Ethernet ports (1/1 and 1/2): Router(config-if)# interface range fastethernet 5/1 - 5, gigabitethernet 1/1 - 2 Router(config-if)# no shutdown Router(config-if)# *Oct 6 08:29:28: %LINK-3-UPDOWN: Interface FastEthernet5/1, changed state to up *Oct 6 08:29:28: %LINK-3-UPDOWN: Interface FastEthernet5/2, changed state to up *Oct 6 08:29:28: %LINK-3-UPDOWN: Interface FastEthernet5/3, changed state to up *Oct 6 08:29:28: %LINK-3-UPDOWN: Interface FastEthernet5/4, changed state to up *Oct 6 08:29:28: %LINK-3-UPDOWN: Interface FastEthernet5/5, changed state to up *Oct 6 08:29:28: %LINK-3-UPDOWN: Interface GigabitEthernet1/1, changed state to up *Oct 6 08:29:28: %LINK-3-UPDOWN: Interface GigabitEthernet1/2, changed state to up *Oct 6 08:29:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 5, changed state to up *Oct 6 08:29:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 3, changed state to up *Oct 6 08:29:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 4, changed state to up Router(config-if)#
If you enter multiple configuration commands while you are in interface-range configuration mode, each command is executed as it is entered (they are not batched together and executed after you exit interface-range configuration mode). If you exit interface-range configuration mode while the commands are being executed, some commands may not be executed on all interfaces in the range. Wait until the command prompt reappears before exiting interface-range configuration mode.
Defining and Using Interface-Range Macros You can define an interface-range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface range macro command string, you must define the macro.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
10-5
Chapter 10
Configuring Interfaces
Configuring Optional Interface Features
To define an interface-range macro, perform this task: Command
Purpose
Router(config)# define interface-range macro_name {vlan vlan_ID - vlan_ID} | {type1 slot/port - port} [, {type1 slot/port - port}]
Defines the interface-range macro and save it in NVRAM.
Router(config)# no define interface-range macro_name
Deletes a macro.
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to define an interface-range macro named enet_list to select Fast Ethernet ports 5/1 through 5/4: Router(config)# define interface-range enet_list fastethernet 5/1 - 4
To show the defined interface-range macro configuration, perform this task: Command
Purpose
Router# show running-config
Shows the defined interface-range macro configuration.
This example shows how to display the defined interface-range macro named enet_list: Router# show running-config | include define define interface-range enet_list FastEthernet5/1 - 4 Router#
To use an interface-range macro in the interface range command, perform this task: Command
Purpose
Router(config)# interface range macro macro_name
Selects the interface range to be configured using the values saved in a named interface-range macro.
This example shows how to change to the interface-range configuration mode using the interface-range macro enet_list: Router(config)# interface range macro enet_list Router(config-if)#
Configuring Optional Interface Features These sections describe optional interface features: •
Configuring Ethernet Interface Speed and Duplex Mode, page 10-7
•
Configuring Jumbo Frame Support, page 10-10
•
Configuring IEEE 802.3x Flow Control, page 10-13
•
Configuring the Port Debounce Timer, page 10-14
•
Adding a Description for an Interface, page 10-15
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
10-6
OL-3999-08
Chapter 10
Configuring Interfaces Configuring Optional Interface Features
Configuring Ethernet Interface Speed and Duplex Mode These sections describe how to configure Ethernet port speed and duplex mode: •
Speed and Duplex Mode Configuration Guidelines, page 10-7
•
Configuring the Ethernet Interface Speed, page 10-7
•
Setting the Interface Duplex Mode, page 10-8
•
Configuring Link Negotiation on Gigabit Ethernet Ports, page 10-8
•
Displaying the Speed and Duplex Mode Configuration, page 10-9
Speed and Duplex Mode Configuration Guidelines You usually configure Ethernet port speed and duplex mode parameters to auto and allow the Catalyst 6500 series switch to negotiate the speed and duplex mode between ports. If you decide to configure the port speed and duplex modes manually, consider the following information:
Note
Caution
•
If you set the Ethernet port speed to auto, the switch automatically sets the duplex mode to auto.
•
If you enter the no speed command, the switch automatically configures both speed and duplex to auto.
•
If you configure an Ethernet port speed to a value other than auto (for example, 10, 100, or 1000 Mbps), configure the connecting port to match. Do not configure the connecting port to negotiate the speed.
•
If you manually configure the Ethernet port speed to either 10 Mbps or 100 Mbps, the switch prompts you to also configure the duplex mode on the port.
Catalyst 6500 series switches cannot automatically negotiate Ethernet port speed and duplex mode if the connecting port is configured to a value other than auto.
Changing the Ethernet port speed and duplex mode configuration might shut down and reenable the interface during the reconfiguration.
Configuring the Ethernet Interface Speed Note
If you configure the Ethernet port speed to auto on a 10/100-Mbps or 10/100/1000-Mbps Ethernet port, both speed and duplex are autonegotiated. To configure the port speed for a 10/100 or a 10/100/1000-Mbps Ethernet port, perform this task:
Command
Purpose
Step 1
Router(config)# interface fastethernet slot/port
Selects the Ethernet port to be configured.
Step 2
Router(config-if)# speed {10 | 100 | 1000 | {auto [10 100 [1000]]}}
Configures the speed of the Ethernet interface.
Router(config-if)# no speed
Reverts to the default configuration (speed auto).
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
10-7
Chapter 10
Configuring Interfaces
Configuring Optional Interface Features
Release 12.2(17a)SX and later releases support the 10 100 1000 keywords after the auto keyword. When configuring the port speed for a 10/100/1000-Mbps Ethernet port with Release 12.2(17a)SX and later releases, note the following: •
Enter the auto 10 100 keywords to restrict the negotiated speed to 10-Mbps or 100-Mbps.
•
The auto 10 100 1000 keywords have the same effect as the auto keyword by itself.
This example shows how to configure the speed to 100 Mbps on the Fast Ethernet port 5/4: Router(config)# interface fastethernet 5/4 Router(config-if)# speed 100
Setting the Interface Duplex Mode Note
•
10-Gigabit Ethernet and Gigabit Ethernet are full duplex only. You cannot change the duplex mode on 10-Gigabit Ethernet or Gigabit Ethernet ports or on a 10/100/1000-Mps port configured for Gigabit Ethernet.
•
If you set the port speed to auto on a 10/100-Mbps or a 10/100/1000-Mbps Ethernet port, both speed and duplex are autonegotiated. You cannot change the duplex mode of autonegotiation ports.
To set the duplex mode of an Ethernet or Fast Ethernet port, perform this task: Command
Purpose
Step 1
Router(config)# interface fastethernet slot/port
Selects the Ethernet port to be configured.
Step 2
Router(config-if)# duplex [auto | full | half]
Sets the duplex mode of the Ethernet port.
Router(config-if)# no duplex
Reverts to the default configuration (duplex auto).
This example shows how to set the duplex mode to full on Fast Ethernet port 5/4: Router(config)# interface fastethernet 5/4 Router(config-if)# duplex full
Configuring Link Negotiation on Gigabit Ethernet Ports Note
Link negotiation does not negotiate port speed. On Gigabit Ethernet ports, link negotiation exchanges flow-control parameters, remote fault information, and duplex information. Link negotiation is enabled by default. The ports on both ends of a link must have the same setting. The link will not come up if the ports at each end of the link are set inconsistently (link negotiation enabled on one port and disabled on the other port). Table 10-1 shows the four possible link negotiation configurations and the resulting link status for each configuration.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
10-8
OL-3999-08
Chapter 10
Configuring Interfaces Configuring Optional Interface Features
Table 10-1 Link Negotiation Configuration and Possible Link Status
Link Negotiation State
Link Status
Local Port
Remote Port
Local Port
Remote Port
Off
Off
Up
Up
On
On
Up
Up
Off
On
Up
Down
On
Off
Down
Up
To configure link negotiation on a port, perform this task: Command
Purpose
Step 1
Router(config)# interface gigabitethernet slot/port
Selects the port to be configured.
Step 2
Router(config-if)# speed nonegotiate
Disables link negotiation.
Router(config-if)# no speed nonegotiate
Reverts to the default configuration (link negotiation enabled).
This example shows how to enable link negotiation on Gigabit Ethernet port 5/4: Router(config)# interface gigabitethernet 5/4 Router(config-if)# no speed nonegotiate
Displaying the Speed and Duplex Mode Configuration To display the speed and duplex mode configuration for a port, perform this task: Command
Purpose
Router# show interfaces type
1
Displays the speed and duplex mode configuration.
slot/port
1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to display the speed and duplex mode of Fast Ethernet port 5/4: Router# show interfaces fastethernet 5/4 FastEthernet5/4 is up, line protocol is up Hardware is Cat6K 100Mb Ethernet, address is 0050.f0ac.3058 (bia 0050.f0ac.3058) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:33, output never, output hang never Last clearing of "show interface" counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 1238 packets input, 273598 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
10-9
Chapter 10
Configuring Interfaces
Configuring Optional Interface Features
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 1380 packets output, 514382 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out Router#
Configuring Jumbo Frame Support These sections describe jumbo frame support:
Caution
•
Understanding Jumbo Frame Support, page 10-10
•
Configuring MTU Sizes, page 10-12
The following switching modules support a maximum ingress frame size of 8092 bytes: • • • • •
WS-X6516-GE-TX when operating at 100 Mbps WS-X6148-RJ-45, WS-X6148-RJ-45V and WS-X6148-RJ21, WS-X6148-RJ21V WS-X6248-RJ-45 and WS-X6248-TEL WS-X6248A-RJ-45 and WS-X6248A-TEL WS-X6348-RJ-45, WS-X6348-RJ45V and WS-X6348-RJ-21, WX-X6348-RJ21V
When jumbo frame support is configured, these modules drop ingress frames larger than 8092 bytes.
Note
The WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6148-GE-TX, and WS-X6148V-GE-TX do not support jumbo frames.
Understanding Jumbo Frame Support These sections describe jumbo frame support: •
Jumbo Frame Support Overview, page 10-10
•
Ethernet Ports, page 10-11
•
VLAN Interfaces, page 10-12
Jumbo Frame Support Overview A jumbo frame is a frame larger than the default Ethernet size. You enable jumbo frame support by configuring a larger-than-default maximum transmission unit (MTU) size on a port or VLAN interface and configuring the global LAN port MTU size.
Note
•
Jumbo frame support fragments routed traffic in software on the MSFC.
•
Jumbo frame support does not fragment bridged traffic.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
10-10
OL-3999-08
Chapter 10
Configuring Interfaces Configuring Optional Interface Features
Bridged and Routed Traffic Size Check at Ingress 10, 10/100, and 100 Mbps Ethernet and 10-Gigabit Ethernet Ports
Jumbo frame support compares ingress traffic size with the global LAN port MTU size at ingress 10, 10/100, and 100 Mbps Ethernet and 10-Gigabit Ethernet LAN ports that have a nondefault MTU size configured. The port drops traffic that is oversized. You can configure the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section on page 10-13). Bridged and Routed Traffic Size Check at Ingress Gigabit Ethernet Ports
Gigabit Ethernet LAN ports configured with a nondefault MTU size accept frames containing packets of any size larger than 64 bytes. With a nondefault MTU size configured, Gigabit Ethernet LAN ports do not check for oversize ingress frames. Routed Traffic Size Check on the PFC
For traffic that needs to be routed, Jumbo frame support on the PFC compares traffic sizes to the configured MTU sizes and provides Layer 3 switching for jumbo traffic between interfaces configured with MTU sizes large enough to accommodate the traffic. Between interfaces that are not configured with large enough MTU sizes, if the “do not fragment bit” is not set, the PFC sends the traffic to the MSFC to be fragmented and routed in software. If the “do not fragment bit” is set, the PFC drops the traffic. Bridged and Routed Traffic Size Check at Egress 10, 10/100, and 100 Mbps Ethernet Ports
10, 10/100, and 100 Mbps Ethernet LAN ports configured with a nondefault MTU size transmit frames containing packets of any size larger than 64 bytes. With a nondefault MTU size configured, 10, 10/100, and 100 Mbps Ethernet LAN ports do not check for oversize egress frames. Bridged and Routed Traffic Size Check at Egress Gigabit Ethernet and 10-Gigabit Ethernet Ports
Jumbo frame support compares egress traffic size with the global egress LAN port MTU size at egress Gigabit Ethernet and 10-Gigabit Ethernet LAN ports that have a nondefault MTU size configured. The port drops traffic that is oversized. You can configure the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section on page 10-13).
Ethernet Ports These sections describe configuring nondefault MTU sizes on Ethernet ports: •
Ethernet Port Overview, page 10-11
•
Layer 3 Ethernet Ports, page 10-12
•
Layer 2 Ethernet Ports, page 10-12
Ethernet Port Overview
Configuring a nondefault MTU size on a 10, 10/100, or 100 Mbps Ethernet port limits ingress packets to the global LAN port MTU size and permits egress traffic of any size larger than 64 bytes. Configuring a nondefault MTU size on a Gigabit Ethernet port permits ingress packets of any size larger than 64 bytes and limits egress traffic to the global LAN port MTU size. Configuring a nondefault MTU size on a 10-Gigabit Ethernet port limits ingress and egress packets to the global LAN port MTU size. Configuring a nondefault MTU size on an Ethernet port limits routed traffic to the configured MTU size.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
10-11
Chapter 10
Configuring Interfaces
Configuring Optional Interface Features
You can configure the MTU size on any Ethernet port. Layer 3 Ethernet Ports
On a Layer 3 port, you can configure an MTU size on each Layer 3 Ethernet port that is different than the global LAN port MTU size.
Note
Traffic through a Layer 3 Ethernet LAN port that is configured with a nondefault MTU size is also subject to the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section on page 10-13). Layer 2 Ethernet Ports
On a Layer 2 port, you can only configure an MTU size that matches the global LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section on page 10-13).
VLAN Interfaces You can configure a different MTU size on each Layer 3 VLAN interface. Configuring a nondefault MTU size on a VLAN interface limits traffic to the nondefault MTU size. You can configure the MTU size on VLAN interfaces to support jumbo frames.
Configuring MTU Sizes These sections describe how to configure MTU sizes: •
Configuring MTU Sizes, page 10-12
•
Configuring the Global Egress LAN Port MTU Size, page 10-13
Configuring the MTU Size To configure the MTU size, perform this task: Command
Purpose
Step 1
Router(config)# interface {{vlan vlan_ID} | {{type1 slot/port} | {port-channel port_channel_number} slot/port}}
Selects the interface to configure.
Step 2
Router(config-if)# mtu mtu_size
Configures the MTU size.
Router(config-if)# no mtu
Reverts to the default MTU size (1500 bytes).
Step 3
Router(config-if)# end
Exits configuration mode.
Step 4
Router# show running-config interface [{gigabitethernet | tengigabitethernet} slot/port]
Displays the running configuration.
1.
type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, or ge-wan
When configuring the MTU size, note the following information: •
For VLAN interfaces and Layer 3 Ethernet ports, supported MTU values are from 64 to 9216 bytes.
•
For Layer 2 Ethernet ports, you can configure only the global egress LAN port MTU size (see the “Configuring the Global Egress LAN Port MTU Size” section on page 10-13).
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX
10-12
OL-3999-08
Chapter 10
Configuring Interfaces Configuring Optional Interface Features
This example shows how to configure the MTU size on Gigabit Ethernet port 1/2: Router# configure terminal Router(config)# interface gigabitethernet 1/2 Router(config-if)# mtu 9216 Router(config-if)# end
This example shows how to verify the configuration: Router# show interface gigabitethernet 1/2 GigabitEthernet1/2 is administratively down, line protocol is down Hardware is C6k 1000Mb 802.3, address is 0030.9629.9f88 (bia 0030.9629.9f88) MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec, <...Output Truncated...> Router#
Configuring the Global Egress LAN Port MTU Size To configure the global egress LAN port MTU size, perform this task:
Step 1
Step 2
Command
Purpose
Router(config)# system jumbomtu mtu_size
Configures the global egress LAN port MTU size.
Router(config)# no system jumbomtu
Reverts to the default global egress LAN port MTU size (9216 bytes).
Router(config)# end
Exits configuration mode.
Configuring IEEE 802.3x Flow Control Gigabit Ethernet and 10-Gigabit Ethernet ports on the Catalyst 6500 series switches use flow control to stop the transmission of frames to the port for a specified time; other Ethernet ports use flow control to respond to flow-control requests. If a Gigabit Ethernet or 10-Gigabit Ethernet port receive buffer becomes full, the port transmits an IEEE 802.3x pause frame that requests remote ports to delay sending frames for a specified time. All Ethernet ports (10 Gbps, 1 Gbps, 100 Mbps, and 10 Mbps) can receive and respond to IEEE 802.3x pause frames from other devices. To configure flow control on an Ethernet port, perform this task: Command
Purpose 1
Step 1
Router(config)# interface type
Step 2
Router(config-if)# flowcontrol {receive | send} {desired | off | on}
Configures a port to send or respond to pause frames.
Router(config-if)# no flowcontrol {receive | send}
Reverts to the default flow control settings.
Router# show interfaces [type1 slot/port] flowcontrol
Displays the flow-control configuration for all ports.
Step 3
1.
slot/port
Selects the port to configure.
type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX OL-3999-08
10-13
Chapter 10
Configuring Interfaces
Configuring Optional Interface Features
When configuring flow control, note the following information: •
10-Gigabit Ethernet ports are permanently configured to respond to pause frames.
•
When the configuration of the remote ports is unknown, use the receive desired keywords to configure a Gigabit Ethernet port to respond to received pause frames.
•
Use the receive on keywords to configure a Gigabit Ethernet port to respond to received pause frames.
•
Use the receive off keywords to configure a Gigabit Ethernet port to ignore received pause frames.
•
When configuring transmission of pause frames, note the following information: – When the configuration of the remote ports is unknown, use the send desired keywords to
configure a port to send pause frames. – Use the send on keywords to configure a port to send pause frames. – Use the send off keywords to configure a port not to send pause frames.
This example shows how to turn on receive flow control and how to verify the flow-control configuration: Router# configure terminal Router(config)# interface gigabitethernet 1/2 Router(config-if)# flowcontrol receive on Router(config-if)# end Router# show interfaces flowcontrol Interface Send Gi1/1 Desired Gi1/2 Desired Fa5/1 Not capable