Page 1 www.allitebooks.com...
Page 2 Cisco LAN Switching Configuration Handbook Steve McQuerry, CCIE No. 6108 David Jansen, CCIE No. 5952 Dave Hucaby, CCIE No. 4594 Cisco Press 800 East 96th Street Indianapolis, IN 46240 www.allitebooks.com...
Page 3 The information is provided on an “as is” basis. The authors, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it.
Page 4 WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)
Page 5 He has held multiple certifications from Microsoft, Novell, Checkpoint, and Cisco. His focus is to work with Enterprise customers to address end to end manu- facturing architectures. David has been with Cisco for 11 years, and working as a manu- facturing architect for the past year has provided unique experiences helping customers build architectural solutions for manufacturing connectivity.
Page 6 Dedications Steve McQuerry: This work is dedicated to my wife and children. Becky, thank you for your love and support as we continue our life together; I look forward to each new chap- ter we write together. Katie, you are an amazing young lady. I’m excited for all that life has in store for you;...
Page 7 To our technical editors—Don Johnston and Ron Fuller—thanks for the sharp eyes and excellent comments. It was great having you as part of the team. A special thanks to the fine professionals at Cisco Press. You guys are the best in the industry! Thanks to my manager at Cisco, Scott Sprinkle.
Page 8 To all the people at Cisco Press behind the scenes, thank you for all your help and sup- port on this project.
Page 9: Table Of Contents
Cisco LAN Switching Configuration Handbook Contents at a Glance Introduction xviii Chapter 1 CLI Usage Chapter 2 Switch Functionality Chapter 3 Supervisor Engine Configuration Chapter 4 Layer 2 Interface Configuration Chapter 5 Layer 3 Interface Configuration Chapter 6 VLANs and Trunking...
Page 10 Contents Introduction xviii Chapter 1 CLI Usage 1-1: Cisco Internetwork Operating System (IOS) Software Using Cisco IOS Software 1-2: ROM Monitor Using the ROM Monitor Command Set Chapter 2 Switch Functionality 2-1: Catalyst Switch Families Catalyst 2000 Series Catalyst 3000 Series...
Page 11 Cisco LAN Switching Configuration Handbook 3-4: Managing Modules Viewing Modules Accessing Modules Resetting Modules Powering Modules Up and Down 3-5: File Management and Boot Parameters Navigating File Systems Deleting Files from Flash Copying System Files File System Boot Parameters Alias Commands...
Page 12 4-4: EtherChannel Configuration EtherChannel Example Displaying Information About EtherChannels Chapter 5 Layer 3 Interface Configuration 5-1: Layer 3 Switching 5-2: Layer 3 Ethernet Interfaces Configuration Verifying the Configuration Feature Example 5-3: Layer 3 EtherChannels Configuration Verifying the Channel Feature Example 5-4: WAN Interfaces Configuration Configuring an Enhanced FlexWAN Interface...
Page 13 Cisco LAN Switching Configuration Handbook 6-2: VLAN Port Assignments Configuring Static VLANs Configuring Dynamic VLANs Verifying VLAN Assignments 6-3: Trunking Enabling Trunking Specifying VLANs to Trunk Verifying Trunks Feature Example 6-4: VLAN Trunking Protocol Enabling VTP for Operation Setting VTP Passwords...
Page 14 xiii 7-3: STP Convergence Tuning Configuring STP Convergence Tuning 7-4: Navigating the Spanning-Tree Topology Chapter 8 Configuring High Availability Features 8-1: Route Processor Redundancy (RPR/RPR+) Configuration Displaying Information About RPR 8-2: Non-Stop Forwarding/Supervisor Switchover (NSF/SSO) with Supervisor Redundancy SSO/NSF Configuration Displaying Information About SSO and NSF 8-3: Router Redundancy with HSRP Configuration...
Page 15 Cisco LAN Switching Configuration Handbook Chapter 11 Controlling Traffic and Switch Access 11-1: Broadcast Suppression Configuring Broadcast Suppression Verifying Configuration Feature Example 11-2: Protocol Filtering Configuration Verification Feature Example 11-3: Port Security Configuration Verification Feature Example 11-4: VLAN Access Control Lists...
Page 16 Configuration Packet-Tracing Example Chapter 13 Quality of Service 13-1: QoS Theory Layer 2 QoS Classification and Marking Layer 3 QoS Classification and Marking Catalyst Switch Queuing 13-2: QoS Configuration Catalyst 2000/3000 Configuration All Other Catalyst Configuration Displaying Information About QoS...
Page 17 Cisco LAN Switching Configuration Handbook 13-3: QoS Data Export Configuration QoS Data Export Example Displaying Information About QoS Data Export Chapter 14 Voice 14-1: Voice Ports Configuration Example Displaying Information About Voice Ports 14-2: Voice QoS Access Layer Configuration Distribution and Core Layer Configuration...
Page 18: Command Syntax Conventions
xvii Icons Used in This Book Communication PC with Macintosh Access ISDN/Frame Relay Server Software Workstation Switch Server Token Ring Token Ring Terminal File Ciscoworks Modem Server Server Workstation Switch Printer Laptop Front End Cluster Multilayer Mainframe Processor Controller Switch FDDI DSU/CSU Gateway...
Page 19: Introduction
Cisco LAN Switching Configuration Handbook is designed to provide a quick and easy reference guide for all the features that can be configured on Cisco Catalyst switches. In essence, the subject matter from an entire bookshelf of Catalyst software documenta- tion, along with other networking reference material, has been “squashed”...
Page 20: How To Use This Book
Chapter 4, “Layer 2 Interface Configuration”: Describes configuration of Ethernet, ■ Fast Ethernet, Gigabit Ethernet, and EtherChannel interfaces ■ Chapter 5, “Layer 3 Interface Configuration”: Explains how Layer 3 interfaces are used in a switch Chapter 6, “VLANs and Trunking”: Presents VLAN configuration, private VLANs, ■...
Page 21: Configuration Steps
Cisco LAN Switching Configuration Handbook Configuration Steps Each feature that is covered in a section includes the required and optional commands used for common configuration. The difference is that the configuration steps are pre- sented in an outline format. If you follow the outline, you can configure a complex fea- ture or technology.
Page 22: Chapter 1 Cli Usage
The CLI can be accessed through the console port, Telnet, or through SSH. ■ Users can execute Cisco IOS Software commands from a user level or from a ■ privileged level. User level offers basic system information and remote connectivity commands.
Page 23: Using Cisco Ios Software
Parameters for the CLI connection to the switch can be set to preferred values. Using Cisco IOS Software Cisco IOS Software has two basic user modes for switch administration and a number of other modes that enable you to control the configuration of the switch. In addition to a variety of modes, Cisco IOS Software provides features such as help and command-line editing that enable you to interact with the switch for management purposes.
Page 24 Chapter 1: CLI Usage 3 User interface features. a. Entering commands: Switch>, Switch#, Switch(config)# Switch>, Switch#, Switch(config)# Commands can be entered from any mode (EXEC, global config, interface con- fig, subinterface config, vlan and so on). To enable a feature or parameter, type the command and its options normally, as in command.
Page 25 4 Cisco LAN Switching Configuration Handbook If a command line is entered but doesn’t have the correct syntax, an error “% Invalid input detected at ‘^’ marker” is returned. A caret (^) appears below the command character where the syntax error was detected.
Page 26 Chapter 1: CLI Usage 5 system:running-config) configuration file. By default the file displays one screen at a time with a —More— prompt at the bottom. To search for a specific regular expression and start the output listing there, use the begin keyword. To display only the lines that include a regular expression, use the include keyword.
Page 27 6 Cisco LAN Switching Configuration Handbook Terminal sessions. a. Start a new session: Switch# telnet host This initiates a Telnet connection to host (either an IP address or a hostname). Then from the switch CLI, you can continue to communicate with the remote host.
Page 28 Chapter 1: CLI Usage 7 Note When you resume the connection, you are prompted with the message “[Resuming connection 2 to Switch ... ].” After you resume your connection, the message shown here does not change, and the switch does not display a prompt. To refresh the device prompt, press Ctrl-r or Ctrl-l.
Page 29 HTTP server service. This vulnerability is documented as Cisco Bug ID CSCdt93862. To disable the HTTP server, use the no ip http server command. In addition to this bug, the default authentication uses clear-text pass- words.
Page 30: Rom Monitor
If the switch encounters a fatal exception from which it cannot recover, it enters ROM monitor mode. Like the Cisco IOS Software interfaces, ROM monitor is a CLI. ■ ROM monitor offers a limited number of commands associated with booting recov- ■...
Page 31 User interface features. a. Entering commands: rommon> command The rommon command line interprets input a line at a time like the Cisco IOS Software CLI. b. Help. You can enter a question mark (?) at the beginning of a rommon> prompt to get a list of available commands for rommon.
Page 32 Viewing the images on Flash devices: rommon> dir [device:] ROM monitor is responsible for loading the Cisco IOS Software images for a device. To view an image, use the command dir followed by the device name such as dir bootflash: or dir slot0:. You can use the command dev to locate which devices are available.
Page 33 This page intentionally left blank...
Page 34: Switch Functionality
10/100/1000 interfaces along with four SFP 1000Base-X uplink interfaces. The Catalyst 2000 product families offer a wide variety of Cisco IOS feature sets such as Layer 2+ for- warding, enhanced integrated security, quality of service (QoS), and Power over Ethernet...
Page 35: Catalyst 3000 Series
QoS classification and marking, in addi- tion to access control for Layer 2 or Layer 3 ports. The Cisco Blade Switch 3100 series are used in the Data Center Access integrated into blade chassis. The Catalyst 3100, 3750, and 3750-E offer hardware stacking, high levels of resiliency, automation, and sin- gle point of management;...
Page 36: Catalyst 4500 Series
Chapter 2: Switch Functionality 15 ■ Forwarding rate: ■ 3560E-24TD 65.5 Mpps ■ 3560E-24PD 65.5 Mpps ■ 3560E-48TD 101.2 Mpps ■ 3560E-48PD 101.2 Mpps ■ 3560E-48PD-F 101.2 Mpps ■ 3560E-12D 90 Mpps ■ 3560E-12SD 47.6 Mpps ■ Catalyst 3750-E performance: ■...
Page 37: Catalyst 6500
The Catalyst 6500 series switches continue to evolve as new products provide more flexibility and functionality. For example, Cisco introduced Virtual Switching System (VSS) on the Catalyst 6500 with the announcement of the Supervisor 720-10GE-PFC3c. This allows for two Cisco Catalyst 6500 series switches with this supervisor engine to...
Page 38: Switched Campus Network Designs
Chapter 2: Switch Functionality 17 pool together into a VSS 1440. The two switches connect with 10 GbE links called Virtual Switch Links (VSL). When a VSS 1440 is created, it acts as a single virtual Catalyst switch. Note The Catalyst 6500 chassis was classified as end of sale and was replaced with the Catalyst 6500-E chassis.
Page 39 18 Cisco LAN Switching Configuration Handbook Switch Block 1 Switch Block 2 Access Distribution Note the use of dual redundant uplinks into the Core next-higher layer for high availability Figure 2-1 Layers of a Hierarchical Network Design To provide high availability, each switch in a network layer needs to have dual or redundant uplinks to two switches in the next higher layer.
Page 40 Chapter 2: Switch Functionality 19 Switch Blocks Block Building A Building Z Core Block Server Mainframe PSTN Internet Block Block Block Block Figure 2-2 Modular Approach to a Campus Network Design Consider High Availability or Redundancy Features That Can Be Used in Each Network Building Block Tip The network in Figure 2-2 is shown with single uplinks to higher layers for simplicity.
Page 41 20 Cisco LAN Switching Configuration Handbook Remote access: This is called a WAN block. ■ Telephony servers and gateways: This is called a PSTN block. ■ ■ Legacy networks (Token Ring, FDDI, and so on): This is similar to the WAN block, using a router to provide connectivity to various network media types.
Page 42 Chapter 2: Switch Functionality 21 d. Switch blocks Each access layer switch has dual uplinks to two separate distribution ■ switches. ■ Use STP UplinkFast on access layer switches to reduce uplink failover time. ■ Use STP PortFast on access layer ports to reduce startup time for end users. ■...
Page 43 22 Cisco LAN Switching Configuration Handbook e. QoS Configure QoS on every switch in your network. QoS must be properly ■ supported end-to-end. See section “13-2: QoS Configuration,” in Chapter 13, “Quality of Service.” Extend the QoS trust boundary to edge devices (IP phones, for example) ■...
Page 44: Catalyst Switch Families
Campus Network for High Availability Design Guide: http://www.tinyurl.com/d3e6dj. Froom, Richard, Balaji Sivasubramanian, and Erum Frahim. Building Cisco Multilayer Switched Networks (BCMSN), Fourth Edition. Cisco Press, ISBN-10: 1-58705-273-3. Hucaby, Dave. CCNP BCMSN Official Exam Certification Guide, Fourth Edition. Cisco Press, ISBN 1-58720-171-2.
Page 45 This page intentionally left blank...
Page 46: Supervisor Engine Configuration
■ 3-7: Cisco Discovery Protocol: Describes the interaction of the Cisco Discovery Protocol (CDP) with other Cisco devices and how to control CDP functions for switch ports 3-8: Time and Calendar: Presents the basic steps needed to configure date and time ■...
Page 47: Configuration Of Prompt
26 Cisco LAN Switching Configuration Handbook System banners both identify switches and provide information about security ■ policies and monitoring procedures. ■ The configuration of prompts and banners is optional. Configuration of Prompt (Optional) Configure the prompt. a. Configure a prompt by setting a device name:...
Page 48: Ip Addressing And Services
Chapter 3: Supervisor Engine Configuration 27 This is Core_Switch1 for the XYZ corporation. You have accessed a restricted device, unauthorized logins are prohibited. Core_Switch1(config)# end Core_Switch1# copy running-config startup-config 3-2: IP Addressing and Services Switches use IP addresses and services for management purposes. ■...
Page 49: Configuring A Default Gateway
It is referred to as autoinstall in the router community. Autoconfig also requires that a con- figuration file be available on a TFTP server for a full configuration. For more details on autoconfig, consult the Cisco website at http://www.tinyurl.com/akvdx8. Configuring a Default Gateway To access the switch from IP subnets other than the subnet in the management address, you need to configure a default gateway.
Page 50: Configuring Http Services
Chapter 3: Supervisor Engine Configuration 29 Tip If you are not going to use DNS, it is recommended that you disable DNS lookups with the global configuration command no ip domain-lookup. This command prevents the switch from trying to resolve mistyped commands. (Optional) Define the address of the DNS server: (global) ip name-server serveraddress1 [serveraddress2.
Page 51: Passwords And Password Recovery
30 Cisco LAN Switching Configuration Handbook 3-3: Passwords and Password Recovery Passwords provide a layer of protection for the switch to prevent unauthorized use. ■ ■ Catalyst switches have two levels of password protection (user level and privileged level). Privileged passwords are encrypted for tighter security.
Page 52: Password Recovery: Procedure 1
Switch1# copy running-config startup-config Password Recovery: Procedure 1 Password recovery procedure 1 covers the Cisco Catalyst Layer 2 fixed configuration switches 2900XL/3500XL, 2940, 2950/2955, 2960, and 2970 Series, and the Cisco Catalyst Layer 3 fixed configuration switches 3550, 3560, and 3750 series. If you have lost or forgotten your passwords, or if you want to bypass the configuration file, you can use this recovery process to gain access to the device.
Page 53: Feature Example
32 Cisco LAN Switching Configuration Handbook Tip You can find additional information about the password recovery procedure for Cisco Catalyst Layer 2 fixed configuration switches at http://www.tinyurl.com/4jmw4. Feature Example This example shows a typical password recovery procedure 1 for IOS switches.
Page 54: Password Recovery On Ios Devices: Procedure 2
Chapter 3: Supervisor Engine Configuration 33 Password Recovery on IOS Devices: Procedure 2 Password recovery procedure 2 covers the 6000 series switch. If you have lost or forgot- ten your passwords, or if you want to bypass the configuration file, you can use this recovery process.
Page 55: Resetting Modules
34 Cisco LAN Switching Configuration Handbook Router(config)# line vty 0 4 Router(config-line)# password newpassword Router(config)# line con 0 Router(config-line)# password newpassword Router# config-register 0x2102 Router#(config-line)# end Router# copy running-config startup-config 3-4: Managing Modules Many devices have multiple blades or modules used for switching services.
Page 56: Powering Modules Up And Down
■ to boot the proper file with boot parameters. Note Switches have a set of file system commands that facilitate file management. Cisco refers to the file system as the IFS or IOS file system. This file system provides an extremely powerful way to manage files within the switch devices and on remote systems.
Page 57: Navigating File Systems
36 Cisco LAN Switching Configuration Handbook Navigating File Systems View the available file system devices: (privileged) show file systems This command gives a listing of the file systems available on the device and the total size and the amount of free space on the file system in bytes, the type of file system, the flags for the file system, and the alias name used to access the file system.
Page 58 Chapter 3: Supervisor Engine Configuration 37 Table 3-1 Cisco File Systems Prefix File System null: Null destination for copies. You can copy a remote file to null to determine its size. rcp: Remote Copy Protocol (RCP) network server. Change the default file system directory:...
Page 59: Deleting Files From Flash
Flash device. Deleting Files from Flash Cisco switch platforms have three different classifications of file systems. Each of these file systems deals differently with deleting and permanently removing files from the Flash file system. Table 3-2 shows the three types of file systems and the platforms that use these file systems.
Page 60: Copying System Files
Chapter 3: Supervisor Engine Configuration 39 Permanently remove a file from Class A Flash memory: (privileged) squeeze filesystem If you want to permanently remove a file that has been deleted from a Class A file system, you must squeeze the file system. This command permanently removes any file on the file system that has been marked as deleted.
Page 61: File System Boot Parameters
Refer to the related commands portion of section “1-1: Cisco Internetwork Operating System (IOS) Software,” in Chapter 1, “CLI Usage,” for more information about configuring your router to act as a TFTP server.
Page 62: Alias Commands
Alias Commands Because the new file system functionality is the third generation of file management sys- tems for Cisco IOS, alias commands have been established to provide backward compati- bility for commands that existed in previous operating systems. This backward compati- bility enables you to use file management commands that you might have learned in pre- vious releases without having to relearn the new command structure.
Page 63: Redundant Supervisors
Failure of either the Supervisor or the MSFC in RPR/RPR+/SSO mode causes a switchover from the active Supervisor to the standby Supervisor/MSFC. RPR: The first redundancy mode of operation introduced in Cisco IOS Software. In ■ RPR mode, the startup configuration and boot registers are synchronized between the active and standby supervisors;...
Page 64: Forcing A Change To The Standby Supervisor
Cisco IOS. SSO expands the RPR+ capabilities to provide transparent failover of Layer 2 protocols when a supervisor failure occurs.
Page 65: Synchronizing Ios Images
Typically the image is specified in a flash loca- tion using boot variable parameters. For Cisco IOS devices, the configuration registers are synchronized by default, but the boot variables are not automatically synchronized.
Page 66: Synchronizing Boot Parameters
Cisco IOS Software on the Catalyst 6500 supports RPR, also known as Enhanced High System Availability (EHSA), RPR+, NSF/SSO, and single router mode with stateful switchover (SRM/SSO).
Page 67: Cisco Discovery Protocol
(Optional) Disable CDP on an interface or port: (interface)no cdp enable CDP is enabled by default on every port. For ports that are not connected to Cisco devices, it makes no sense to have CDP running. Use the commands in Step 2 to dis- able CDP on a port-by-port basis.
Page 68: Feature Example
Chapter 3: Supervisor Engine Configuration 47 systems to view neighbor information. The command show cdp interface type mod/port or show cdp port mod/port displays port-specific information about CDP. Feature Example This example shows a switch with the CDP timers altered so that the holdtime is 480 sec- onds and the update time is 120 seconds.
Page 69: System Time Configuration
Note Catalyst 4500 and 6500 series switches running native IOS switches can also be configured as NTP authoritative time sources. For configuration information on these devices, check out the Cisco Network Time Protocol: Best Practices White Paper at http: //www.tinyurl.com/4r3ow or refer to Cisco Field Manual: Router Configuration by David Hucaby and Steve McQuerry, Cisco Press, ISBN 1-58705-024-2.
Page 70: Setting The System Time Through Ntp
Chapter 3: Supervisor Engine Configuration 49 (including the words “first” and “last”), the name of the day, the name of the month, and time hh:mm in a 24-hour format. If no arguments are given, the U.S. standard of beginning at 2:00 a.m. on the first Sunday in April, and ending at 2:00 a.m. on the last Sunday in October is used.
Page 71: Example
50 Cisco LAN Switching Configuration Handbook (Optional) Restrict access to NTP using authentication. a. Enable NTP authentication: (global) ntp authenticate b. Define an authentication key: (global) ntp authentication-key key-number md5 value An MD5 authentication key numbered key-number is created. The key is given a text-string value of up to eight clear-text characters.
Page 72 Refer to the following recommended sources for further information about the topics covered in this chapter. Hucaby, Dave. CCNP BCMSN Official Exam Certification Guide, Fourth Edition. Cisco Press, ISBN 1-58720-171-2. Hucaby, Dave and Steve McQuerry. Cisco Field Manual: Router Configuration. Cisco Press, ISBN 1-58705-024-2.
Page 73 This page intentionally left blank...
Page 74: Layer 2 Interface Configuration
Chapter 4 Layer 2 Interface Configuration See the following sections to configure and use these features: ■ 4-1: Switching Table: Explains how to view and add entries to the switching table of Media Access Control (MAC) addresses 4-2: Port Selection: Discusses the various ways you can select switch ports to be ■...
Page 75: Displaying Information About The Switching Table
54 Cisco LAN Switching Configuration Handbook An entry for the destination MAC address mac-addr (dotted-triplet format) is made to point to one or more switch interfaces. If the destination port is a trunk, you must also specify the destination VLAN number vlan-id.
Page 76 Chapter 4: Layer 2 Interface Configuration 55 Table 4-1 Switch Commands to Display Layer 2 Switching Table Content Information Display Function Command Display dynamically learned addresses based (exec) show mac-address-table dynamic on a port or VLAN number Display statically defined addresses based (exec) show mac-address-table static on a port or VLAN number [address mac-addr | detail | interface...
Page 77: Port Selection
(global) define interface-range macro-name port-range (global) interface range macro macro-name The Cisco IOS switches allow lists or ranges of interfaces to be given once so that subsequent commands are applied to each of the interfaces. A port-range is defined as the interface type (ethernet, fastethernet, gigabitethernet, tengigabitethernet, or vlan) followed by the module number, a slash (/), and the starting port number.
Page 78: Port Selection Example
(You can use any port configuration function; port speed is shown here only as a demonstration of port selection.) Cisco IOS switches enable the ports to be identified as two ranges and their speeds to be set with a single interface configuration command: (global) interface range gig 1/1 –...
Page 79 This condition can cause a poor response and a high error rate. Make sure that both ends of a link are set to autonegotiate or the same duplex setting. Although Cisco devices sup- port only full-duplex, the IEEE 802.3z standard does have support for half-duplex GigabitEthernet.
Page 80 Chapter 4: Layer 2 Interface Configuration 59 By default, link negotiation (flow control, duplex, fault information) is enabled on Gigabit Ethernet ports. To disable negotiation, use the disable or no keyword. (Optional; Catalyst 6500 only) Enable the port debounce timer: (interface) link debounce [time debounce_time] By default, the line cards wait 300 milliseconds (10 milliseconds for fiber Gigabit ports) before announcing to the main processor that a port has changed state.
Page 81: Ethernet Example
60 Cisco LAN Switching Configuration Handbook 10. (Optional) Automatically reenable ports from the errDisable state. a. Set the timeout period before ports are automatically reenabled: (global) errdisable recovery {interval interval} If ports in errDisable are automatically reenabled, the ports remain in the errDisable state for interval (30 to 86400 seconds, default 300 seconds).
Page 82: Displaying Information About Layer 2 Interfaces
Chapter 4: Layer 2 Interface Configuration 61 (interface) spanning-tree portfast (interface) switchport mode access (interface) no channel-group (interface) no shutdown Displaying Information About Layer 2 Interfaces Table 4-2 lists some switch commands that you can use to display helpful information about Layer 2 interfaces.
Page 83: Etherchannel
■ You can manually configure EtherChannels or aggregate them through the use of dynamic protocols. PAgP is a Cisco proprietary protocol, whereas Link Aggregation Control Protocol (LACP) is a standards-based protocol defined in IEEE 802.3ad (also known as IEEE 802.3 Clause 43, “Link Aggregation”).
Page 84: Configuration
Chapter 4: Layer 2 Interface Configuration 63 ■ If a link within an EtherChannel fails, the traffic that normally crosses the failed link is moved to the remaining links. EtherChannel links can be static access ports or trunk ports. However, all links to be ■...
Page 85 64 Cisco LAN Switching Configuration Handbook b. Set the STP port cost per VLAN: interface [mod[/port]] spanning-tree cost cost Use the set spantree channelvlancost command to enable the port cost per VLAN to be configured for the EtherChannel with channel-id. The STP port cost is set to cost for all VLANs that will be carried over the EtherChannel.
Page 86 Chapter 4: Layer 2 Interface Configuration 65 Tip You must list all the ports that belong to the EtherChannel in this one command. To add or delete individual ports from the bundle, reissue this command with an updated list of all the desired ports. b.
Page 87 66 Cisco LAN Switching Configuration Handbook Note Depending on your hardware switching platform, the hashing option can vary. See the following link for additional information: http://www.tinyurl.com/2o44ew. (Optional) Use LACP on an EtherChannel. a. Set the system priority: (global) lacp system-priority {value} Specifies the priority of the system for LACP.
Page 88: Etherchannel Example
Chapter 4: Layer 2 Interface Configuration 67 LACP automatically configures an administrative key value equal to the channel group identification number on each port configured to use LACP. The adminis- trative key defines the capability of a port to aggregate with other ports, which is determined by the following configuration restrictions that you establish: ■...
Page 89: Displaying Information About Etherchannels
68 Cisco LAN Switching Configuration Handbook A second EtherChannel is configured to use LACP. The LACP system priority is set to 8192 so that this switch will become the higher-priority decision maker. Ports 6/1, 6/2, 6/7, and 6/8 all belong to LACP administrative key 101, forming a common aggregate link.
Page 90 Chapter 4: Layer 2 Interface Configuration 69 Table 4-3 Switch Commands to Display EtherChannel Link Information EtherChannel protocol used on each show lacp [channel-group-number ] | {counters | module internal [detail] | neighbor [detail]} | [sys-id] EtherChannel capabilities on a module (exec) show interfaces capabilities EtherChannel ID numbers (exec) show etherchannel summary...
Page 91 This page intentionally left blank...
Page 92: Layer 3 Interface Configuration
Chapter 5 Layer 3 Interface Configuration See the following sections for configuration information about these topics: ■ 5-1: Layer 3 Switching: Describes the process involved with Layer 3 switching and the switching elements needed to perform Layer 3 switching 5-2: Layer 3 Ethernet Interfaces: Explains the steps needed to configure Ethernet ■...
Page 93: Layer 3 Ethernet Interfaces
2960, have no module option, and for switches like these, the module (or slot) is always 0. However, when leveraging the Cisco StackWise technology in 3750 and 3750-E series switches, there is a member switch number that distinguishes a switch number for interface numbering switch/port.
Page 94: Verifying The Configuration
Note The information presented here for configuring protocol information on a Layer 3 interface is the minimal requirements. You can find more detailed information concerning protocol configuration in Cisco Field Manual: Router Configuration, published by Cisco Press. Enable the interface: (interface) no shutdown The default status of many Layer 3 interfaces is shutdown, which is a disabled state.
Page 95: Layer 3 Etherchannels
74 Cisco LAN Switching Configuration Handbook PCs in 192.168.10.0 Subnet with 192.168.10.1 as Gateway G 1/1 192.168.10.1 Access_Switch_A Distribution_Switch_A Figure 5-1 Network Topology for Layer 3 Interface Configuration Distribution_Switch_A (config-if)# end Distribution_Switch_A # copy running-config startup-config 5-3: Layer 3 EtherChannels An EtherChannel is the aggregation of multiple physical channels into a single logi- ■...
Page 96 Chapter 5: Layer 3 Interface Configuration 75 number option specifies the channel group number with which each channel mem- ber will be configured. Configure protocol information on the port channel: (interface) ip address address netmask Use the appropriate command to configure the Layer 3 interface with network addressing.
Page 97: Verifying The Channel
76 Cisco LAN Switching Configuration Handbook Verifying the Channel After you configure a channel, you can verify the operation with the following commands: (privileged) show etherchannel number port-channel (privileged) show interfaces port-channel channel-id Consider the following output examples for both of these commands:...
Page 98: Feature Example
Chapter 5: Layer 3 Interface Configuration 77 0 watchdog, 0 multicast 0 input packets with dribble condition detected 342251216 packets output, 3093422680 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out When using the show etherchannel command, the number option specifies the port...
Page 99: Wan Interfaces
78 Cisco LAN Switching Configuration Handbook Distribution_Switch_A (config-if)# no shut Distribution_Switch_A (config-if)# end Distribution_Switch_A # copy running-config startup-config An example of the configuration for Access_Switch_A (a 3560) follows: Access_Switch_A (config)# interface gigabitethernet 0/1 Access_Switch_A (config-if)# channel-group 1 mode on Access_Switch_A (config)# interface gigabitethernet 0/2...
Page 100: Configuring A Spa Interface Processor (Sip) / Shared Port Adapter (Spa Wan Interface
Chapter 5: Layer 3 Interface Configuration 79 FlexWAN module can accept up to two Cisco 7200 or Cisco 7500 WAN port adapters, which deliver WAN consolidation and extend QoS and traffic management capabilities over WAN segments. The Enhanced FlexWAN module supports ATM and Packet over SONET (POS) OC-3 links and channelized, multichannel, and clear channel port adapters at speeds from T1/E1 to T3/E3.
Page 101: Configuring A Packet-Over-Sonet Interface
80 Cisco LAN Switching Configuration Handbook Note SIP / SPA Compatibility Matrix: http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/76sipspa/sipspahw/76intr o.htm#wp1131939 Access the interface: (global)interface fastethernet slot/subslot/port[.subinterface-number] In global configuration mode, use this command to access the interface. The type is a ge-wan, the slot is the chassis slot, and the number is the port number.
Page 102: Verifying Configurations
Chapter 5: Layer 3 Interface Configuration 81 Assign an IP address to the interface: (interface) ip address address netmask Use this command to enable IP processing for the port. Enable the interface: (interface) no shutdown The default status of many Layer 3 interfaces is shutdown, which is a disabled state. To ensure that the interface is operational, enable the interface with the command no shutdown.
Page 103: Layer 3 Virtual Interfaces
82 Cisco LAN Switching Configuration Handbook Core_switch (config-if)# frame-relay interface-dlci 110 Core_switch (config-if)# ip address 192.168.255.5 255.255.255.252 Core_switch (config-if)# no shutdown Core_switch (config-if)# end Core_switch # copy running-config startup-config Core_switch # quit An example of the Core_switch_2 configuration running IOS follows: Core_switch_2>enable...
Page 104: Configuring Subinterfaces
Chapter 5: Layer 3 Interface Configuration 83 the switch. (See the section “6-1: VLAN Configuration.” in Chapter 6, “VLANs and Trunking.”) Assign a protocol address to the interface: (interface) ip address address netmask Use the appropriate command to configure the Layer 3 interface with network addressing.
Page 105: Verifying Configurations
84 Cisco LAN Switching Configuration Handbook Use the appropriate command to configure the Layer 3 subinterface with network addressing. The example here shows the configuration of an IP address. See Step 3 of section “5-2: Layer 3 Ethernet Interfaces” for other protocol options.
Page 106: Routing Tables
Chapter 5: Layer 3 Interface Configuration 85 3560 (config)# vlan 10 3560 (config-vlan)# exit 3560 (config)# interface gigabitethernet 0/1 3560 (config-if)# switchport mode trunk 3560 (config-if)# switchport mode on 3560 (config-if)# switchport trunk encapsulation dot1q 3560 (config-if)# interface vlan 10 3560 (config-if)# ip address 192.168.10.2 255.255.255.0 3560 (config-if)# no shutdown 3560 (config-if)# end...
Page 107: Verifying Routes
A Layer 3 switch works exactly like a router for maintaining routes. Refer to Cisco Field Manual: Router Configuration by Cisco Press for more detailed configuration informa- tion.
Page 108: Vlans And Trunking
■ a single switch through tagging mechanisms ■ 6-4: VLAN Trunking Protocol: Describes the Cisco proprietary protocol for main- taining a forwarding path between switches that are trunking and how to prune for unused VLANs 6-5: Private VLANs: Explains the feature that allows for more granular traffic control ■...
Page 109: Creation Of An Ethernet Vlan
VTP is not required to create VLANs; however, Cisco has set it up to act as a conduit for VLAN configuration between switches as a default to make administration of VLANs easier. Because of this, you must first either configure a VTP with a domain name or disable VTP on the switch.
Page 110 Chapter 6: VLANs and Trunking 89 Table 6-1 Configurable VLAN Parameters Parameter Description A description of the VLAN up to 32 charac- name ters. If none is given, it defaults to VLAN00XXX, where XXX is the VLAN number. The maximum transmission unit (packet size in bytes) that the VLAN can use;...
Page 111: Feature Example
Here the vlan-id would be a number from 1025 to 4096. Numbers 1001 to 1024 are reserved by Cisco and cannot be configured. Caution For Catalyst 6000 series switches with FlexWAN cards, the system identifies these ports internally with VLAN numbers starting with 1025. If you have any FlexWAN modules, be sure to reserve enough VLAN numbers (starting with VLAN 1025) for all the FlexWAN ports you want to install.
Page 112: Vlan Port Assignments
Configuring Static VLANs On a Cisco switch, ports are assigned to a single VLAN. These ports are referred to as access ports and provide a connection for end users or node devices, such as a router or server.
Page 113 92 Cisco LAN Switching Configuration Handbook accessible ports. The authentication server authenticates each client connected to a switch port and assigns the port to a VLAN before making available any services offered by the switch or the LAN. Until the client is authenticated, 802.1X access control enables only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected.
Page 114: Verifying Vlan Assignments
Trunk links must be configured to allow trunking on each end of the link. Enabling Trunking Trunk links are required to pass VLAN information between switches. A port on a Cisco switch is either an access port or a trunk port. Access ports belong to a single VLAN and do not provide any identifying marks on the frames that pass between switches.
Page 115 Tip Remember that not all switches support DTP and might not establish a trunk without intervention. Also remember that DTP offers no benefit when you are trunking with a non- Cisco switch. To eliminate any overhead associated with DTP, it is useful to use the nonegotiate option when DTP is not supported.
Page 116 Note Cisco 2950 and 3500XL switches do not support DTP and are always in a mode similar to nonegotiate. If you turn trunking on for one of these devices, it will not negoti- ate with the other end of the link and requires that the other link be configured to on or nonegotiate.
Page 117: Specifying Vlans To Trunk
(PVID) inconsistent state and will not forward on the link. Note Cisco Discovery Protocol (CDP) version 2 passes native VLAN information between Cisco switches. If you have a native VLAN mismatch, you see CDP error messages on the console output.
Page 118: Verifying Trunks
Chapter 6: VLANs and Trunking 97 By specifying VLANs in the vlanlist field of this command, the VLANs will not be allowed to travel across the trunk link until they are added back to the trunk using the command set trunk mod/port vlanlist or switchport trunk allowed vlan add vlanlist.
Page 119: Vlan Trunking Protocol
■ VTP sends messages between trunked switches to maintain VLANs on these switches to properly trunk. VTP is a Cisco proprietary method of managing VLANs between switches and runs ■ across any type of trunking mechanism. VTP messages are exchanged between switches within a common VTP domain.
Page 120: Setting Vtp Passwords
Chapter 6: VLANs and Trunking 99 a. Specify a VTP domain name: (privileged) vlan database (vlan_database) vtp domain name (global) vtp domain name By default VTP is in server mode, which is an operational mode that enables you to manage VLANs on the local switch’s database and use the information in the database to synchronize with other switches.
Page 121: Changing Vtp Modes
(vlan_database) vtp [server | client | transparent] (global)vtp mode [server | client | transparent] By default, Cisco switches are in VTP server mode. For a VTP server, you can create, delete, or modify a VLAN in the local VLAN database. After you make this change, the VLAN database changes are propagated out to all other switches in server or client mode in the VTP domain.
Page 122: Enabling Vtp Pruning
Chapter 6: VLANs and Trunking 101 in that you can create, delete, or modify VLANs in the local VLAN database. The differ- ence is that these changes are not propagated to other switches. In addition, the local VLAN database does not accept modifications from other switches. VTP transparent mode switches forward or relay information between other server or client switches.
Page 123: Changing Vtp Versions
102 Cisco LAN Switching Configuration Handbook VLANs back, use the command set vtp pruneeligible vlanlist for IOS switches or switchport trunk pruning vlan add vlanlist for IOS. Changing VTP Versions VTP supports two versions. By default all switches are in VTP version 1 mode, but most switches can support version 2 mode.
Page 124: Feature Example
Chapter 6: VLANs and Trunking 103 Feature Example In this example, Access_1, Distribution_1, and Distribution_2 will be assigned to a VTP domain named GO-CATS. Figure 6-2 shows that Access_1 will be in VTP client mode with an 802.1Q trunk connecting to Distribution_1. Distribution_1 will be configured in VTP server mode with an ISL trunk connecting it to Core_1, which is in VTP transparent mode.
Page 125: Private Vlans
104 Cisco LAN Switching Configuration Handbook Distribution_1 (config)# vtp domain GO-CATS Distribution_1 (config)# interface gigabitethernet 1/1 Distribution_1 (config-if)# switchport mode trunk Distribution_1 (config-if)# switchport trunk encapsulation isl Distribution_1 (config-if)# end Distribution_1 (config)# interface gigabitethernet 2/1 Distribution_1 (config-if)# switchport mode trunk...
Page 126: Configuring Private Vlans
Private VLANs are configured in the context of a single switch and cannot have members on other switches. Private VLANs also carry TLVs that are not known to all types of Cisco switches. Create the primary private VLAN: (global) vlan primary_number (vlan-config) private-vlan primary You must first create a primary private VLAN.
Page 127: Configuring Private Edge Vlans
106 Cisco LAN Switching Configuration Handbook This command associates or binds the secondary VLANs to the primary VLAN. The add option enables other VLANs to be associated in the future. Place ports into the isolated and community VLANs: (global) interface type mod/port...
Page 128: Verifying Private Vlan Operation
Chapter 6: VLANs and Trunking 107 To configure a private edge VLAN, select the interface and type the command port protected. To verify that a port is in protected mode, use the command show port protected. Verifying Private VLAN Operation After configuring private VLANs, use the following commands to verify the operation: show vlan private-vlan type show interface private-vlan mapping...
Page 129 108 Cisco LAN Switching Configuration Handbook An example of the configuration for Distribution_1 follows: Distribution_1# conf t Distribution_1 (config)# vtp mode transparent Distribution_1(config)# vlan 90 Distribution_1(config-vlan)# private-vlan primary Distribution_1(config-vlan)# vlan 900 Distribution_1(config-vlan)# private-vlan isolated Distribution_1(config-vlan)# vlan 901 Distribution_1(config-vlan)# private-vlan community...
Page 130 Refer to the following recommended sources for further information about the topics covered in this chapter. Clark, Kennedy and Kevin Hamilton. Cisco LAN Switching. Cisco Press, ISBN 157870-094-9. Froom, Richard, Balaji Sivasubramanian, and Erum Frahim. Building Cisco Multilayer Switched Networks (BCMSN) (Authorized Self-Study Guide), Fourth Edition. Cisco Press, ISBN 158705-273-3.
Page 131 This page intentionally left blank...
Page 132: Spanning Tree Protocol (Stp)
802.1w is an enhancement to Spanning Tree that provides more rapid convergence during topology changes than with traditional Spanning Tree. ■ Cisco Switches run one instance of STP per VLAN with PVST+ (per VLAN spanning tree) or Rapid-PVST+ (Rapid Per VLAN Spanning Tree). Trunking is required between switches to run RPVST.
Page 133: Stp Process
Rapid-PVST+ is a hybrid STP mode that uses IEEE 802.1w (Rapid Spanning Tree) combined with a per VLAN basis. This mode is compatible with IEEE 802.1w but uses a Cisco extension to allow per-vlan spanning tree. Multiple Spanning Tree (MST), based on the IEEE 802.1s standard, extends the ■...
Page 134: Stp Tiebreakers
Chapter 7: Spanning Tree Protocol (STP) 113 STP Tiebreakers When any STP decision has identical conditions or a tie, the final decision is based on this sequence of conditions: The lowest BID The lowest root path cost The lowest sender BID The lowest port ID Path Costs By default, switch ports have the path costs defined in Table 7-1.
Page 135: Stp Port States
114 Cisco LAN Switching Configuration Handbook Note The IEEE uses a nonlinear scale to relate the port bandwidth of a single link to its port cost value. STP treats bundled links, such as Fast EtherChannel and Gigabit EtherChannel, as a single link with an aggregate bandwidth of the individual links. As a result, remember that the port or path cost used for a bundled EtherChannel will be based on the bundled bandwidth.
Page 136: Improving Stp Stability
Chapter 7: Spanning Tree Protocol (STP) 115 Improving STP Stability STP Root Guard helps enforce the root bridge placement and identity in a switched ■ network. When enabled on a port, Root Guard disables the port if a better BPDU is received.
Page 137: Stp Configuration
116 Cisco LAN Switching Configuration Handbook Root Catalyst A Bridge 32768:00-00-00-00-00-0a Root Path Cost = 0+19 Root Path Cost = 0+19 Catalyst B Catalyst C Root Path Cost = Root Path Cost = 0+19+19 0+19+19 32768:00-00-00-00-00-0b 32768:00-00-00-00-00-0c Figure 7-1 Network Diagram for the STP Operation Example The designated ports are chosen: By definition, all ports on the root bridge become designated ports for their segments.
Page 138 Chapter 7: Spanning Tree Protocol (STP) 117 By default, all Catalyst switches run PVST+ STP for one instance of STP on each VLAN. To configure other STP modes, rapid-pvst (802.1w per vlan with IEEE com- patibility) or mst must be explicitly enabled. (MST only) Activate an MST instance: a.
Page 139 118 Cisco LAN Switching Configuration Handbook root bridge’s priority. You can use the secondary keyword to place a secondary or backup root bridge, in case of a primary root failure. Here, the bridge priority is set to 16384. (For MST, the root priority is set to 24576, and the secondary priority to 28672.)
Page 140 Chapter 7: Spanning Tree Protocol (STP) 119 The port cost can be set to cost (1 to 65535 short or MISTP mode, 1 to 2000000 long mode) for all VLANs or STP instances. The mst keyword signifies a port used in MST. c.
Page 141: Stp Configuration Examples
120 Cisco LAN Switching Configuration Handbook problem has been corrected. On the Supervisor IOS, use the EXEC command udld reset to reenable all ports that are disabled by UDLD. 10. (Optional) Improve STP stability with Loop Guard: (interface) spanning-tree loopguard Loop Guard should be enabled only on the ports that you know are root or alternate root ports.
Page 142 Chapter 7: Spanning Tree Protocol (STP) 121 GigE Catalyst C1 Catalyst C2 32768: 00-d0-00-74-60-00 32768: 00-d0-04-57-38-aa 100FX 100FX Catalyst A 32768: 00-01-42-3a-89-00 GigE GigE Catalyst C2 Catalyst C1 32768: 32768: 00-d0-04-57-38-aa 00-d0-00-74-60-00 100FX 100FX Root Bridge Catalyst A 32768: 00-01-42-3a-89-00 Figure 7-2 Network Diagram Demonstrating Poor STP Root Placement As it might be expected, the links between the core and other switches are Gigabit Ethernet.
Page 143: Stp Load Balancing
122 Cisco LAN Switching Configuration Handbook switch A become root ports. Switch C1 makes its Gigabit Ethernet link to C2 a designat- ed port because it has the lower sending BID. And sadly, switch C2 must move its Gigabit Ethernet link to C1 into the blocking state because it is neither a root nor a designated port.
Page 144 Chapter 7: Spanning Tree Protocol (STP) 123 Catalyst A1 Fwd: VLAN 100 (cost 19) Block: VLAN 100 (cost 1000) Block: VLAN 101 (cost 1000) Fwd: VLAN 101 (cost 19) Root Bridge Catalyst D1 Catalyst D2 Catalyst A1 Catalyst A1 Catalyst D2 Catalyst D2 Catalyst D1 Catalyst D1...
Page 145: Stp Convergence Tuning
124 Cisco LAN Switching Configuration Handbook Finally, Catalyst A1 will have the port cost adjusted for ports 1/1 and 1/2 for the two VLANs. Recall that the default port cost is shown as 19 in the diagram. We set the new costs to 1000 on the undesirable paths so that those ports will be blocking.
Page 146: Configuring Stp Convergence Tuning
Chapter 7: Spanning Tree Protocol (STP) 125 ■ When used, this feature should be enabled on all switches in the network. Switches use a request-and-reply mechanism to determine root path stability, so all switches must be able to participate. BackboneFast can only reduce the convergence delay from the default 50 seconds ■...
Page 147: Navigating The Spanning-Tree Topology
126 Cisco LAN Switching Configuration Handbook Note Enabling PortFast on a port also prevents TCN BPDUs from being generated due to a state change on the port. Although STP is still operating on the port to prevent bridging loops, topology changes are not triggered when the attached host goes up or down.
Page 148 Chapter 7: Spanning Tree Protocol (STP) 127 You might have to troubleshoot a network that is foreign to you, or one that is not com- pletely documented. In this case, you need to get an idea of the current active STP topol- ogy, especially the root bridge location.
Page 149: Root Port
128 Cisco LAN Switching Configuration Handbook The port is in the portfast mode ...(output removed)... Interface Gi0/1 (port 67) in Spanning tree 534 is FORWARDING Port path cost 3004, Port priority 128 Designated root has priority 8000, address 00d0.0457.3a15 Designated bridge has priority 32768, address 00d0.ff8a.2a15...
Page 150 Identify the designated bridge on the root port: (exec) show cdp neighbor type mod/num detail The neighboring switch can be found as a Cisco Discovery Protocol (CDP) neighbor if CDP is in use. Look for the neighbor’s IP address in the output. An...
Page 151 802.1s Multiple Spanning Trees, IEEE, at http://www.ieee802.org/1/pages/802.1s.html. Boyles, Tim and David Hucaby. CCNP Switching Exam Certification Guide. Cisco Press, ISBN 1-58720-000-7. Clark, Kennedy and Kevin Hamilton. Cisco LAN Switching. Cisco Press, ISBN 157870- 094-9. Perlman, Radia. Interconnections: Bridges, Routers, Switches, and Internetworking Protocols.
Page 152: Configuring High Availability Features
Chapter 8 Configuring High Availability Features See the following sections to configure and use these features: ■ 8-1: Route Processor Redundancy (RPR/RPR+): Supervisor Redundancy: Discusses the steps needed to configure configuration redundancy and failover for a Catalyst 6500 with redundant supervisor modules 8-2: Non-Stop Forwarding/Supervisor Switchover (NSF/SSO) with Supervisor ■...
Page 153: Configuration
8-2: Non-Stop Forwarding/Supervisor Switchover (NSF/SSO) with Supervisor Redundancy Cisco NSF works with SSO to minimize the amount of time a network is unavailable to its users following a switchover while continuing to forward IP packets. SSO establishes one of the Supervisor engines as active while the other Supervisor engine is designated as standby, and then SSO synchronizes information between them.
Page 154: Sso/Nsf Configuration
0 and 3 seconds to switchover from the active to the redundant Supervisor engine. Cisco NSF always runs with SSO and provides redundancy for Layer 3 traffic. NSF works with SSO to minimize the amount of time that a network is unavailable to its users fol- lowing a switchover.
Page 155 134 Cisco LAN Switching Configuration Handbook Specifies the maximum time to wait for protocol convergence; valid values are from 0 to 3600 seconds. b. (Optional) Configure Packet Leak interval: (global) mls ip multicast sso leak interval Specifies the packet leak interval; valid values are from 0 to 3600 seconds. For...
Page 156: Displaying Information About Sso And Nsf
Chapter 8: Configuring High Availability Features 135 Displaying Information About SSO and NSF You can use the switch commands in Table 8-1 to display helpful information about SSO and NSF. Table 8-1 Commands to Display SSO and NSF Information Display Function Command Displays redundancy states (exec) show redundancy states...
Page 157: Configuration
136 Cisco LAN Switching Configuration Handbook Configuration Specify the HSRP group number and IP address: (interface) standby [group-number] ip [ip-address [secondary]] The VLAN interface participates in HSRP group group-number (0 to 255, default 0) as HSRP IP address ip-address. Use the secondary keyword if this address corre- sponds to a secondary address on the actual VLAN interface.
Page 158: Hsrp Example
Chapter 8: Configuring High Availability Features 137 HSRP devices listen for hellos from the active device until a holdtime period expires. After this, the active device is declared dead, and the next-highest-priority device becomes active. You can adjust this to holdtime (up to 255 seconds, default 10 sec- onds, or up to 3000 milliseconds) by using msec.
Page 159: Displaying Information About Hsrp
Copy the IOS image to the active supervisor: (exec) copy source_device:source_filename {disk0 | disk1 | sup- bootflash}:target_filename Copies the new Cisco IOS image to the disk0: device or the disk1: or the bootflash: device on the active Supervisor engine. Copy the IOS image to the redundant supervisor:...
Page 160 (exec) redundancy force-switchover Conducts a manual switchover to the redundant Supervisor engine. The redundant Supervisor engine becomes the new active Supervisor engine running the new Cisco IOS image. The modules are reloaded, and the module software is downloaded from the new active Supervisor engine.
Page 161 This page intentionally left blank...
Page 162: Multicast
Chapter 9 Multicast Refer to the following sections to configure and use these features: ■ 9-1: Multicast Addressing: Describes multicast flows and multicast addressing in relation to networking devices ■ 9-2: IGMP Snooping: Explains how to configure a switch to constrain multicast traffic by listening to Internet Group Management Protocol (IGMP) messages 9-1: Multicast Addressing Multicasts are directed flows in the network.
Page 163: Igmp Snooping
142 Cisco LAN Switching Configuration Handbook subnet) are well known and don’t require registration. You can find other well-known multicast addresses listed in Appendix B, “Well-Known Protocol, Port, and other Numbers.” Multicast also uses Ethernet or MAC addresses beginning with 01-00-5e. (The least- ■...
Page 164: Configuration
Chapter 9: Multicast 143 ■ Multicast routers cannot keep a detailed list of all hosts belonging to a multicast group. Rather, a router knows only which multicast groups are active on specific subnets. The switch also relays the initial join request for a multicast group to all its known ■...
Page 165: Igmp Snooping Example
144 Cisco LAN Switching Configuration Handbook (Optional) Statically identify a multicast router port: (interface) ip igmp snooping mrouter {interface {interface interface-number} | {Port-channel number}} IGMP snooping automatically detects ports where multicast routers connect. You can also give a static definition of a multicast router port.
Page 166: Displaying Information About Igmp Snooping
Chapter 9: Multicast 145 ports 2/1 and 2/3 as permanent members. These switch ports are assigned to a common VLAN 199. (global) interface fastethernet 2/1 (interface) ip igmp snooping (interface) ip igmp snooping fast-leave (interface) switchport access vlan 199 (global) interface fastethernet 2/3 (interface) ip igmp snooping (interface) ip igmp snooping fast-leave (interface) switchport access vlan 199...
Page 167 Refer to the following recommended sources for further information about the topics covered in this chapter. Internet Protocol (IP) Multicast Technology Overview at www.cisco.com/warp/public/cc/pd/iosw/prodlit/ipimt_ov.htm. Williamson, Beau. Developing IP Multicast Networks, Volume 1 by Cisco Press, ISBN 157870-077-9. Barnes, David and Basir Sakandar. Cisco LAN Switching Fundamentals. Cisco Press, ISBN 1-58705-849-9.
Page 168: Server Load Balancing (Slb)
Chapter 10 Server Load Balancing (SLB) See the following sections to configure and use these features: ■ 10-1: SLB: Covers the configuration steps needed to provide load balancing of traffic to one or more server farms 10-2: SLB Firewall Load Balancing: Discusses the configuration steps necessary to ■...
Page 169 148 Cisco LAN Switching Configuration Handbook weight m, where its capacity for active connections is m divided by the sum of all server weights. SLB assigns new connections to the real server with the num- ber of active connections farthest below its capacity.
Page 170: Configuration
Chapter 10: Server Load Balancing (SLB) 149 ■ IOS SLB can also operate as a Dynamic Feedback Protocol (DFP) load-balancing manager. The DFP manager collects capacity information from DFP agents running on the real servers. Configuration Define a server farm. a.
Page 171 150 Cisco LAN Switching Configuration Handbook Enable client NAT with a pool: ■ (server-farm) nat client pool-name The SLB NAT pool is identified by pool-name (up to 15 characters). e. (Optional) Assign a unique identifier for DFP: (server-farm) bindid [bind-id] Sometimes, a real server is assigned to multiple server farms.
Page 172 Chapter 10: Server Load Balancing (SLB) 151 d. (Optional; IOS SLB only) Reassign connections when a server doesn’t answer: (real-server) reassign threshold SLB attempts to assign a new connection to a real server by forwarding the client’s initial SYN. If the server doesn’t answer with a SYN handshake before the client retransmits its SYN, an unanswered SYN is recorded.
Page 173 152 Cisco LAN Switching Configuration Handbook The virtual server appears as IP address ip-address (default 0.0.0.0 or “all net- works”) with network-mask (default 255.255.255.255). With IOS SLB, it provides load balancing for the specified tcp or udp port: dns or 53 (Domain Name System), ftp or 21 (File Transfer Protocol), https or 443...
Page 174 “Configuring High Availability Features,” for further HSRP configuration information. k. (Optional) Use SLB stateful backup: (virtual-server) replicate casa listening-ip remote-ip port-number [interval] [password [0|7] password [timeout]] IOS SLB replicates and exchanges its load-sharing decision tables with other stateful backup devices using the Cisco Appliance Services Architecture...
Page 175 154 Cisco LAN Switching Configuration Handbook (CASA) mechanism. When a failure occurs, the backup SLB device already has the current state information and can immediately take over. This information is sent from the listening-ip address (an interface on the local device) to the remote-ip address (an interface on the backup device), using TCP port port-number (1 to 65,535).
Page 176: Slb Example
Chapter 10: Server Load Balancing (SLB) 155 ager to associate the server reports with a subsystem (controlled by the SLB device) for global load balancing. To see what subsystem-name values are available from the global manager, use the ip dfp agent ? command. (Optional) Set a DFP agent password: ■...
Page 177 156 Cisco LAN Switching Configuration Handbook 192.168.250.10 VSERVER 10.10.10.101 192.168.250.11 VLAN 10 VLAN 20 192.168.250.12 Client "FARM1" Catalyst 6000 10.10.10.10 VSERVER 192.168.250.13 10.10.10.102 192.168.250.101 "FARM2" Figure 10-2 Network Diagram for the SLB Example The virtual server VSERVER1 at 10.10.10.101 uses the weighted least connections algo- rithm for load balancing between the real servers.
Page 178: Displaying Information About Slb
Chapter 10: Server Load Balancing (SLB) 157 (real-server) faildetect numconns 4 (real-server) retry 30 (real-server) inservice (real-server) exit (server-farm) real 192.168.250.11 (real-server) weight 16 (real-server) faildetect numconns 4 (real-server) retry 30 (real-server) inservice (real-server) exit (server-farm) real 192.168.250.12 (real-server) weight 8 (real-server) faildetect numconns 4 (real-server) retry 30 (real-server) inservice...
Page 179: Slb Firewall Load Balancing
158 Cisco LAN Switching Configuration Handbook Table 10-1 Commands to Display SLB Configuration and Status Information Display Function Command Server farms (exec) show ip slb serverfarms [name serverfarm-name] [detail] Real servers (exec) show ip slb reals [vserver virtual-server-name] [detail] Virtual servers...
Page 180: Configuration
Chapter 10: Server Load Balancing (SLB) 159 ■ Firewall load balancing is performed by computing a hash value of each new traffic flow (source and destination IP addresses and ports). This is called a route lookup. The firewall load-balancing device then masquerades as the IP address for all ■...
Page 181 160 Cisco LAN Switching Configuration Handbook Tip You must also define the probes separately, as described in section “10-3: SLB Probes.” Ping probes are the most useful for firewall load balancing. For each firewall in the firewall farm, configure a probe to send ping packets that pass completely through the firewall, destined for the firewall load-balancing device on the other side.
Page 182: Firewall Load-Balancing Example
Chapter 10: Server Load Balancing (SLB) 161 (Optional) Adjust the TCP or UDP connection parameters. Enter the TCP or UDP configuration mode: ■ (firewall-farm) {tcp | udp} You might need to make adjustments to both TCP and UDP. In this case, this command can be repeated to configure each independently.
Page 183 162 Cisco LAN Switching Configuration Handbook Firewall 192.168.1.2 192.168.100.2 10.70.1.10 10.5.1.2 Internet 192.168.1.1 192.168.100.1 10.70.1.1 Gateway 10.5.1.1 10.70.1.20 Catalyst 6000 Catalyst 6000 “Servers” 192.168.1.3 192.168.100.3 Virtual Server Firewall 10.5.1.80 VLAN 100 VLAN 10 VLAN 102 VLAN 101 Figure 10-4 Network Diagram for the Firewall Load-Balancing Example The firewall farm consists of two real firewalls.
Page 184 Chapter 10: Server Load Balancing (SLB) 163 (global) ip slb probe Ping1 ping (probe) address 192.168.100.1 (probe) interval 10 (probe) faildetect 4 (global) ip slb probe Ping2 ping (probe) address 192.168.100.1 (probe) interval 10 (probe) faildetect 4 (probe) exit Now the configuration for the internal load-balancing device is shown: (global) ip slb firewallfarm Inside (firewall-farm) real 192.168.100.2 (real-firewall) weight 8...
Page 185: Displaying Information About Firewall Load Balancing
164 Cisco LAN Switching Configuration Handbook (probe) faildetect 4 (probe) exit (global) ip slb probe Ping2 ping (probe) address 192.168.1.1 (probe) interval 10 (probe) faildetect 4 (probe) exit (global) ip slb probe HTTP1 http (probe) port 80 (probe) interval 240...
Page 186: Configuration
Chapter 10: Server Load Balancing (SLB) 165 ■ FTP: Opens and closes an FTP connection (TCP ports 20 and 21) to a real server. ■ SMTP: Opens and closes an SMTP connection (TCP port 25) to a real server. ■ DNS: Sends requests to and verifies the replies from a real DNS server.
Page 187: Displaying Information About Slb Probes
166 Cisco LAN Switching Configuration Handbook The probe requests information from the server using the get (the default), post, head (request a header data type), or name (request the data named name) method. A URL can also be given, specifying the server path (text string URL;...
Page 188: Controlling Traffic And Switch Access
Chapter 11 Controlling Traffic and Switch Access See the following sections for configuration information about these topics: ■ 11-1: Broadcast Suppression: Describes the method for preventing the switch from forwarding excessive broadcasts received on a port 11-2: Protocol Filtering: Explains how to configure a port to prevent forwarding of ■...
Page 189: Configuring Broadcast Suppression
A higher threshold allows more broadcast packets to pass through. Broadcast sup- pression on the Cisco 6500 series switches is implemented in hardware. The suppres- sion circuitry monitors packets passing from a LAN interface to the switching bus.
Page 190 Chapter 11: Controlling Traffic and Switch Access 169 current count of broadcasts within the 1-second interval, and when a threshold is reached, filters out subsequent broadcast packets. Because hardware broadcast suppression uses a bandwidth-based method to meas- ure broadcast activity, the most significant implementation factor is setting the per- centage of total available bandwidth that can be used by broadcast traffic.
Page 191: Verifying Configuration
Protocol filtering supports blocking of IP, IPX, AppleTalk, VINES, and DECnet traf- ■ fic. All other protocols are not affected by protocol filtering. Administrative protocols such as Spanning Tree Protocol (STP), Cisco Discovery ■ Protocol (CDP), and VLAN Trunking Protocol (VTP) are not blocked by protocol...
Page 192: Configuration
Chapter 11: Controlling Traffic and Switch Access 171 Configuration By configuring protocol filtering on a switch, you prevent the port from flooding traffic of that type received from other ports in the VLAN out the given port. This can be use- ful in controlling traffic from clients within the same VLAN running different and “chat- ty”...
Page 193: Feature Example
172 Cisco LAN Switching Configuration Handbook Feature Example This example shows the configuration for protocol filtering. This example enables proto- col filtering. It then sets the Fast Ethernet ports 5/1 through 5/6 to enable IP traffic to pass without being filtered and blocks all other traffic. This example also configures ports 5/7 to 5/8 to enable only IPX traffic.
Page 194: Port Security
Chapter 11: Controlling Traffic and Switch Access 173 Switch(config-if)# interface fastethernet 5/10 Switch(config-if)# switchport protocol ip auto Switch(config-if)# switchport protocol ipx auto Switch(config-if)# switchport protocol group off Switch(config-if)# end Switch(config)# copy running-config startup-config 11-3: Port Security Port security enables you to configure a port to only allow a given device or devices ■...
Page 195 174 Cisco LAN Switching Configuration Handbook After you enable port security, you need to determine how many different devices access the ports and how many addresses need to be secured. The value option specifies the number of addresses to be secured. The default value is one address.
Page 196: Verification
Chapter 11: Controlling Traffic and Switch Access 175 Verification To verify the configuration of port security on the switch, use the following command: (privileged) show port security [interface interface-id] [address] Feature Example This example shows the configuration for port security. In this example, ports Fast Ethernet 2/1 are configured to enable a single MAC address 00-01-03-87-09-43 to have access to the port and will shut down if the security is violated.
Page 197: Ios Vacl Configuration
Note ACLs behave in the same manner on both routers and switches. This section does not discuss every option and configuration principal. For more on access list configura- tion, consult the Cisco Press title Cisco Field Manual: Router Configuration. IOS VACL Configuration IOS VACLs are configured as standard or extended IP access lists.
Page 198 Chapter 11: Controlling Traffic and Switch Access 177 The command creates a standard ACL. The number range for standard ACLs is 100 to 199 and 2000 to 2699. The parameter permit enables traffic, and deny drops traffic. The remark parameter enables you to insert remarks into the list that provide information about the list and why parameters are added.
Page 199: Verification
178 Cisco LAN Switching Configuration Handbook Create a VLAN map. If the list you create is going to be mapped to a VLAN, you must configure a vlan access-map to specify an access map name and the action to be taken for a specific...
Page 200 Chapter 11: Controlling Traffic and Switch Access 179 ■ Permit all IP traffic from subnet 10.101.0.0 to host 10.101.1.1. ■ Permit ICMP echo request from all hosts. ■ Permit ICMP echo reply from all hosts. ■ Deny all other ICMP traffic. ■...
Page 201: Switch Authentication
180 Cisco LAN Switching Configuration Handbook Switch(config-access-map)# action forward Switch(config-access-map)# exit Switch(config)# vlan filter watchlist vlan-list 101 Switch(config)# end Switch(config)# copy running-config startup-config 11-5: Switch Authentication ■ Switch authentication enables you to control how people access the switch. By default switch authentication is controlled locally by the user password and the ■...
Page 202 Chapter 11: Controlling Traffic and Switch Access 181 b. Configure privileged-level authentication: (global) line [aux | console | tty | vty] line-number [ending-line-number] (global) login authentication {default | list-name} Use this command to enable or disable privileged-level local authentication for the console, telnet, http, or all services on a switch.
Page 203: Verification
182 Cisco LAN Switching Configuration Handbook This command specifies the address of the RADIUS server. This assumes that the switch has been configured for an IP address and has a gateway if necessary to reach the server. You can specify multiple servers in case one of the devices is not functioning.
Page 204: Access Class
Chapter 11: Controlling Traffic and Switch Access 183 Switch (config-line)# login authentication consoleport Switch (config-line)# aaa authentication login consoleport tacacs+ enable Switch (config-line)# exit Switch (config)# tacacs-server host 192.168.1.8 Switch (config)# tacacs-server key abc123 11-6: Access Class To restrict incoming and outgoing connections between a particular virtual terminal ■...
Page 205: Verification
184 Cisco LAN Switching Configuration Handbook Enable HTTP access control: (global) ip http access-class {access-list-number | name} Verification Use the following command to verify the configuration of the access class: show line [line-number | summary] Feature Example The following example shows an access class configuration. This list enables any user from the network 172.168.5.0 to access the device for Telnet.
Page 206: Verification
Chapter 11: Controlling Traffic and Switch Access 185 Set the Crypto key: (global) crypto key generate rsa Before you can configure SSH, you must enable the switch to generate a key for encoding the data. The crypto key rsa command generates that key. For IOS you are prompted for a value.
Page 207: Configuration
186 Cisco LAN Switching Configuration Handbook Configuration To configure 802.1X port authentication, use the following steps. The 802.1X authentication is enabled automatically. Specify the RADIUS server and key: (global) radius-server host address key string Because the 802.1X process relies on a RADIUS server, you must configure the switch with the address of the RADIUS server and the key used on the server.
Page 208 Chapter 11: Controlling Traffic and Switch Access 187 ■ Switches have MAC address table sizes that are limited in size. Typically, a network intruder floods the switch with a large number of invalid source Media Access Control (MAC) addresses until the CAM table fills up. When that occurs, the switch floods all ports with incoming traffic because it cannot find the port number for a particular MAC address in the MAC table;...
Page 209: Port Security
188 Cisco LAN Switching Configuration Handbook Port Security You can use the port security feature to limit and identify MAC addresses of the stations allowed to access the port. This restricts input to an interface. When you assign secure MAC addresses to a secure port, the port does not forward packets with source address- es outside the group of defined addresses.
Page 210: Dhcp Snooping
Tip For DHCP Snooping to function properly, all DHCP servers must be connected to the switch through trusted interfaces. To ensure that the lease time in the database is accurate, Cisco recommends that you enable and configure NTP. Feature Example The DHCP server connects to interface Fastethernet 1/0/3;...
Page 211: Verification
190 Cisco LAN Switching Configuration Handbook Configure the interface connected to the DHCP server as trusted: switch(config)# interface fastEthernet 1/0/3 switch(config-if)# ip dhcp snooping trust Verification Display the DHCP Snooping configuration for the switch: switch# show ip dhcp snooping Switch DHCP snooping is enabled...
Page 212: Dynamic Arp Inspection
Chapter 11: Controlling Traffic and Switch Access 191 Dynamic ARP Inspection Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed.
Page 213: Verification
Further Reading Refer to the following recommended sources for further information about the topics covered in this chapter. Clark, Kennedy and Kevin Hamilton. Cisco LAN Switching. Cisco Press, ISBN 157870- 094-9. Froom, Richard, Balaji Sivasubramanian, and Erum Frahim. Building Cisco Multilayer Switched Networks (BCMSN) (Authorized Self-Study Guide), Fourth Edition.
Page 214: Switch Management
Chapter 12 Switch Management See the following sections to configure and use these topics: ■ 12-1: Logging: Covers the steps needed to configure a variety of methods to log mes- sages from a switch 12-2: Simple Network Management Protocol: Presents information on how to con- ■...
Page 215: Configuration
194 Cisco LAN Switching Configuration Handbook Logging displays all error and debug messages by default. The logging level can be ■ set to determine which messages should be sent to each of the facilities. ■ Timestamping logging messages or setting the syslog source address can help in real- time debugging and management.
Page 216 Chapter 12: Switch Management 195 When the syslog server receives a message, it forwards the message to a log file or destination based on the originating system facility. In this fashion, syslog servers can collect and organize messages by using the facility as service area or type.
Page 217 196 Cisco LAN Switching Configuration Handbook The Supervisor IOS also enables you to enter the level as a name. Most physical state transitions (ports and modules up or down) are logged at level 5, whereas hardware or software malfunctions are reported at level 3.
Page 218 Chapter 12: Switch Management 197 (Optional) Log messages to terminal sessions. a. (Optional) Log messages to the switch console: (global) logging console level By default, system messages are logged to the console. You can disable logging with the disable keyword. On an IOS switch, only messages with a severity level less than or equal to level (0 to 7 or a name from Table 12-1, default 7 or debugging) are sent to the console.
Page 219: Logging Example
198 Cisco LAN Switching Configuration Handbook (Optional) Control the rate of system message generation: (global) logging rate-limit number [all | console] [except level] To avoid flooding system messages to a logging destination, you can limit the rate that the messages are sent to number (1 to 10,000 messages per second, no default).
Page 220: Configuration
Chapter 12: Switch Management 199 ■ MIBs are structured according to the SNMP MIB module language, which is based on the Abstract Syntax Notation One (ASN.1) language. An SNMP agent runs on a network device and maintains the various MIB variables. ■...
Page 221 (global) snmp-server chassis-id id-string The id-string is text information that the router can provide about its own serial number. If the hardware serial number can be read by Cisco IOS Software, this number is the default chassis ID. Configure SNMP access.
Page 222 Chapter 12: Switch Management 201 Optional standard IP access list acc-list can be given to further limit access only to SNMP managers with permitted IP addresses. Access can be defined for read-only and read-write SNMP modes. Refer to section “11-6: Access Class”...
Page 223 202 Cisco LAN Switching Configuration Handbook (packet authentication, no encryption), noauth (no packet authentication), or priv (packet authentication with encryption). You can also specify SNMP views to limit MIB access for the group, using the keywords read (view readview defines readable objects; defaults to all Internet 1.3.6.1 OID space), write (view writeview defines writeable objects;...
Page 224 Chapter 12: Switch Management 203 ■ Specify the TFTP server operations controlled by SNMP: (global) snmp-server tftp-server-list acc-list You can use SNMP to cause the switch to save or load its configuration file to a TFTP server. You can use the standard IP access list acc-list to permit only a limited set of TFTP server IP addresses.
Page 225 204 Cisco LAN Switching Configuration Handbook c. (Optional) Tune notification parameters. Specify trap options: ■ (global) snmp-server trap-timeout seconds (global) snmp-server queue-length length SNMP traps are not sent reliably because no acknowledgment is required. Traps can be queued and re-sent only when no route to the trap recipient is present.
Page 226: Snmp Example
Chapter 12: Switch Management 205 c. (Optional) Define an RMON alarm: (global) rmon alarm number object interval {delta | absolute} rising- threshold rise [event] falling-threshold fall [event] [owner string] An alarm indexed by number (1 to 65535) is configured to monitor a specific MIB variable object.
Page 227: Span Configuration
206 Cisco LAN Switching Configuration Handbook (global) access-list 6 permit host 172.30.5.91 (global) access-list 6 permit host 172.30.5.95 (global) interface gig 3/1 (interface) no snmp trap link-status Displaying Information About SNMP Table 12-3 lists some switch commands that you can use to display helpful information about SNMP.
Page 228 Chapter 12: Switch Management 207 The source of traffic for the SPAN session can be either switch ports or VLANs. If switch ports are to be monitored, they are identified as src-interface (only a single interface type and number). If a VLANs is to be monitored, it is identified as src-vlan. The SPAN destination port, where the monitoring device is connected, is selected by the interface dest-interface command before the port monitor command is applied.
Page 229: Rspan Configuration
208 Cisco LAN Switching Configuration Handbook (Optional) Disable a SPAN session: (global) no monitor session session SPAN sessions can be disabled individually, referenced by by session number. RSPAN Configuration Create one or more VLANs to be used by RSPAN: (config)vlan vlan_ID{[-vlan_ID] | [,vlan_ID])
Page 230 Chapter 12: Switch Management 209 (Source switches only) Select the monitor sources: (config) monitor session session_number source {{single_interface | interface_list | interface_range | mixed_interface_list | single_vlan | vlan_list | vlan_range | mixed_vlan_list} [rx | tx | both]} | {remote vlan rspan_vlan_ID}} The RSPAN source is identified as one or more physical switch ports src-mod/src- ports, as one or more VLAN numbers vlans.
Page 231: Span Examples
210 Cisco LAN Switching Configuration Handbook Tip You also can configure more than one active RSPAN session at the destination switch. The first session is created as shown previously. To create subsequent sessions, use the create keyword. If create is omitted, the newly configured session overwrites the first session.
Page 232: Displaying Information About Span
Chapter 12: Switch Management 211 File Server Server VLAN 58 5/48 4/39 Network Network Analyzer Analyzer Figure 12-1 Network Diagram for the SPAN Example Catalyst A Trunk Trunk Catalyst C Catalyst B 5/48 RSPAN VLAN 901 Network File Server Analyzer Figure 12-2 Network Diagram for the RSPAN Example Displaying Information About SPAN Use the following command to display helpful information about SPAN.
Page 233 212 Cisco LAN Switching Configuration Handbook Capture instance [1] : ====================== Capture Session ID Session status : up rate-limit value : 10000 redirect index : 0x807 buffer-size : 2097152 capture state : OFF capture mode : Linear capture length : 68...
Page 234: Power Management
Chapter 12: Switch Management 213 Destination IP VRF : None Destination ERSPAN ID : None Origin IP Address : None IP QOS PREC IP TTL : 255 Capture dst_cpu_id Capture vlan Capture buffer size : 32 KB Capture rate-limit value : 10000 Capture filters : None...
Page 235: Displaying Information About Power Management
214 Cisco LAN Switching Configuration Handbook Table 12-4 Switch Commands to Display Power Management Information Display Function Command System power (exec) show power Module power state (exec) show power status all Displaying Information About Power Management Table 12-4 lists some switch commands that you can use to display helpful information about power management.
Page 236: Configuration
Chapter 12: Switch Management 215 Configuration Use ping packets to check reachability: (exec) ping [host] The IP ping sends ICMP type 8 (echo request) packets to the target host (IP address or hostname), and ICMP echo replies are expected in return. The ping packet size, packet-size (bytes), and the number of packets, packet-count, can also be specified.
Page 237 216 Cisco LAN Switching Configuration Handbook Set DF bit in IP header (default no): If set, the packet is not fragmented ■ for a path with a smaller MTU; you can use this to detect the smallest MTU in the path.
Page 238 Chapter 12: Switch Management 217 ■ P: Protocol unreachable message was received. ■ N: Network unreachable message was received. ■ ?: An unknown packet type was received. ■ Q: Source quench was received. The traceroute probes continue to be sent until the maximum TTL value (30 by default for IP) is exceeded or until you interrupt the router with the escape sequence (Ctrl-Shift-6).
Page 239: Packet-Tracing Example
218 Cisco LAN Switching Configuration Handbook [interface type interface_number] source_mac_address [interface type interface_number] destination_mac_address [vlan vlan_id] [detail] Layer 2 traces are performed from the source MAC address src-mac (in dash-sepa- rated hexadecimal pairs) to the destination MAC address dest-mac. Both source and destination must be present in the address table on the switch.
Page 240 Further Reading Refer to the following recommended sources for further information about the topics covered in this chapter. Clark, Kennedy and Kevin Hamilton. Cisco LAN Switching. Cisco Press, ISBN 157870- 094-9. Froom, Richard, Balaji Sivasubramanian, and Erum Frahim. Building Cisco Multilayer Switched Networks (BCMSN) (Authorized Self-Study Guide), Fourth Edition.
Page 241 This page intentionally left blank...
Page 242: Quality Of Service
Chapter 13 Quality of Service See the following sections to configure and use these features: ■ 13-1: QoS Theory: Discusses the various operations and mechanisms that make up quality of service (QoS) as a whole 13-2: QoS Configuration: Explains the sequence of steps necessary to configure ■...
Page 243: Layer 2 Qos Classification And Marking
222 Cisco LAN Switching Configuration Handbook Marking: Assigns a value to either the Layer 3 Differentiated Services Code ■ Point (DSCP), the Layer 2 class of service (CoS), or both for each frame. ■ Scheduling: Assigns traffic to a specific switch port queue for either ingress or egress traffic.
Page 244: Layer 3 Qos Classification And Marking
Chapter 13: Quality of Service 223 ■ Inter-Switch Link (ISL) trunk: Frames are tagged with a 15-bit VLAN ID. The CoS is contained in the lower three bits of the User field. Although this is not standardized, Catalyst switches copy the 802.1p CoS bits from a frame in an 802.1Q trunk into the User field of frames in an ISL trunk.
Page 245 224 Cisco LAN Switching Configuration Handbook Low (1) ■ Medium (2) ■ ■ High (3) Traffic in the AF classes can be dropped, with the most likelihood of dropping in the Low category and the least in the High category. In other words, service level AF class 4 with drop precedence 3 is delivered before AF class 4 with drop precedence 1, which is delivered before AF class 3 with drop precedence 3, and so on.
Page 246 Chapter 13: Quality of Service 225 Table 13-1 Mapping of IP Precedence and DSCP Fields (Continued) IP Precedence (3 Bits) DSCP (6 Bits) Per-Hop Class Drop Codepoint DSCP Bits Name Value Bits Behavior Selector Precedence Name (Decimal) Immediate 1: Low AF21 010 010 (18) 2: Medium...
Page 247: Catalyst Switch Queuing
1. The next-higher priority standard queues follow, begin- ning with 2. The strict-priority queue always receives the highest queue index number. Cisco Catalyst switch ports are described with the following queue type notation: xpyqzt, where the notations indicate the following: ■...
Page 248 Chapter 13: Quality of Service 227 ■ Classification can be performed at ingress switch ports. Inbound CoS, IP prece- dence, or DSCP values can be trusted by accepting the values that were assigned by an attached device. This is acceptable when the source of the values is known and under administrative control.
Page 249: Catalyst 2000/3000 Configuration
(interface) switchport priority extend {cos cos | none | trust} CoS trust can be extended to a Cisco IP Phone or other appliance that is con- nected to a Catalyst switch port. The switch can instruct the appliance on how to trust CoS values from other devices connected to it.
Page 250 Chapter 13: Quality of Service 229 Apply QoS to ports or VLANs: (interface) mls qos vlan-based By default, QoS is port-based (no mls qos vlan-based) or applied to individual Layer 2 ports. QoS policies can be applied to a port’s VLAN instead. When the application is changed, any port-based QoS policies are detached from the port.
Page 251 230 Cisco LAN Switching Configuration Handbook Note that no drop precedences are used by default. This gives DSCP values that differ slightly from those shown in Table 13-2 because the drop prece- dence bits are all 000. When you need to map CoS to DSCP values in a switch, alter the default mapping so that distinct drop precedences are used instead.
Page 252 Chapter 13: Quality of Service 231 e. (Optional) Trust the inbound DSCP value by default: (interface) mls qos trust dscp You can choose to trust only the inbound DSCP value, keeping the ToS and DSCP values intact. No other mapping derives the internal DSCP values. (Optional) Map DSCP values between QoS domains.
Page 253 232 Cisco LAN Switching Configuration Handbook Tip All port types assign frames with CoS 5 to their strict-priority queues (except 1q4t, which has none). The 1p1q0t ports have no thresholds; all frames with CoS values other than 5 are assigned to the standard queue and dropped when the queue is 100 percent full.
Page 254 Chapter 13: Quality of Service 233 Tip On an IOS switch, the 1q4t queue is serviced by a weighted round-robin (WRR) algorithm. Therefore, the thresholds must be set with the wrr-queue threshold command. (Optional) Use weighted random early detection (WRED) receive queues: ■...
Page 255 234 Cisco LAN Switching Configuration Handbook (Optional; Layer 3 only) Create a policer to control inbound packet flow. a. (Optional) Use an aggregate policer: (global) mls qos aggregate-policer aggregate-name rate burst [max-burst] [pir peak-rate] [conform-action action] [exceed-action action] [violate-action action] On an IOS switch, set the CIR rate (32,000 to 4,000,000,000 in bps) and the burst size (1000 to 512,000,000 bytes).
Page 256 Chapter 13: Quality of Service 235 Table 13-3 Granularity of CIR Rate Values CIR/PIR rate Range Granularity of Actual Value 1–1,048,576 (1 mbps) 32,768 (32 kbps) 1,048,577–2,097,152 (2 mbps) 65,536 (64 kbps) 2,097,153–4,194,304 (4 mbps) 131,072 (128 kbps) 4,194,305–8,388,608 (8 mbps) 262,144 (256 kbps) 8,388,609–1,677,216 (16 mbps) 524,288 (512 kbps)
Page 257 236 Cisco LAN Switching Configuration Handbook Table 13-4 Granularity of CIR Burst Values CIR/PIR burst Range Granularity of Actual Value 1–32,768 (32 Kb) 1024 (1 Kb) 32,769–65,536 (64 Kb) 2048 (2 Kb) 65,537–131,072 (128 Kb) 4096 (4 Kb) 131,073–262,144 (256 Kb) 8192 (8 Kb) 262,145–524,288 (512 Kb)
Page 258 Chapter 13: Quality of Service 237 The dscp value can be given as a number (6 bits, 0 to 63) or as a text string name. Available names are default (000000), ef (101110), (Assured Forwarding, AF) af11 (001010), af12 (001100), af13 (001110), af21 (010010), af22 (010100), af23 (010110), af31 (011010), af32 (011100), af33 (011110), af41 (100010), af42 (100100), af43 (100110), (Class Selector, CS) cs1 (precedence 1, 001000), cs2 (precedence 2, 010000), cs3 (precedence 3, 011000), cs4 (precedence 4, 100000), cs5 precedence 5, 101000), cs6 (precedence 6,...
Page 259 238 Cisco LAN Switching Configuration Handbook port number values). The source and destination ports are given as a number (0 to 65535) or as a text string port name. Available TCP names are bgp, chargen, daytime, discard, domain, echo, finger, ftp, ftp-data, gopher, hostname, irc, klogin, kshell, lpd, nntp, pop2, pop3, smtp, sunrpc, syslog, tacacs-ds, talk, telnet, time, uucp, whois, and www.
Page 260 Chapter 13: Quality of Service 239 (global) ip access-list extended acl-name (access-list) {permit | deny} igmp source-ip source-mask destination-ip destination-mask [igmp-type] [precedence precedence] [dscp dscp] [tos tos] The access list is referenced by its name acl-name (text string) or by its number acc-list-number (100 to 199 or 2000 to 2699).
Page 261 240 Cisco LAN Switching Configuration Handbook b. (Optional) Use an access list for matching candidate traffic: (cmap) match access-group name acc-list The class map matches traffic that is permitted by the access list acc-list (named or numbered). This access list is configured in Step 6.
Page 262 Chapter 13: Quality of Service 241 IOS switches can selectively choose the source for the internal DSCP values from ingress traffic. For frames matching the class map, the DSCP value can be derived from cos (using the CoS-to-DSCP mapping), dscp (using the inbound DSCP as is), or ip-precedence (using the ToS-to-DSCP mapping).
Page 263 242 Cisco LAN Switching Configuration Handbook The policer can take the following actions based on how it measures the traffic rate: ■ Conforming (in-profile, less than the CIR): Forwarded by default. An IOS switch allows a conform-action to be taken instead: drop (the frame is...
Page 264 Chapter 13: Quality of Service 243 Table 13-5 Queue Scheduling and Congestion-Avoidance Thresholds Queue Threshold Number Type CoS: Percentage Tail-Drop or Low%/High% WRED Standard Queue 1 Standard Queue 2 Standard Queue 3 2q2t 01: 80% 2,3: 100% 4,5: 80% 6,7: 100% —...
Page 265 244 Cisco LAN Switching Configuration Handbook Tip The weight value for a queue specifies how many bytes are transmitted before mov- ing to the next queue. A whole frame is always transmitted, even if you choose a weight value that is smaller. Therefore, make sure you choose a value for weight1 (the lowest pri- ority queue) that is at least as large as the MTU (the largest frame that can be sent).
Page 266: Displaying Information About Qos
Chapter 13: Quality of Service 245 ■ (Optional) Use WRED receive queues: (interface) wrr-queue random-detect min-threshold queue-id thr1-min thr2-min ... (interface) wrr-queue random-detect max-threshold queue-id thr1-max thr2-max ... For 1p2q2t, 1p3q1t, and 1p2q1t port types, WRED is used. The queue-id is 1 (standard low-priority queue) or 2 (standard high-priority queue)—except 1p3q1t ports, which add 3 (standard highest-priority queue).
Page 267: Qos Data Export
246 Cisco LAN Switching Configuration Handbook Table 13-8 Commands to Display QoS Configuration and Operation Information Display Function Command QoS port information (exec) show mls qos {type number | port- channel number | vlan vlan-id] Port queue scheduling and congestion...
Page 268 Chapter 13: Quality of Service 247 By default, no statistics are sent to the destination. Statistics can be sent to the destination host (either IP address or hostname) using a specific UDP port or through syslog (UDP port 514). If the syslog keyword is used, the syslog facility-name can be given as kern, user, mail, daemon, auth, lpr, news, uucp, cron, local0, local1, local2, local3, local4, local5, local6 (the default), or local7.
Page 269: Qos Data Export Example
Definition of Differentiated Services (DiffServ) IETF RFC 2474 at http://www.ietf.org/rfc/rfc2474.txt. QoS Policing on Catalyst 6500/6000 Series Switches at http://www.tinyurl.com/2599l. QoS Output Scheduling on Catalyst 6500/6000 Series Switches Running Cisco IOS System Software at http://www.tinyurl.com/egcmd. The COPS Protocol, RFC 2748 at http://www.faqs.org/rfcs/rfc2748.html.
Page 270: Voice
Power is provided over pairs 1 and 4 (RJ-45 pins 4,5 and 7,8) at 48V DC. ■ A Catalyst switch can send instructions to a Cisco IP Phone on how to present ■ frames from its voice and data ports. This is done through Cisco Discovery Protocol...
Page 271: Configuration
A DHCP reply is sent to the phone, containing the IP address and TFTP server address (DHCP option 150). The TFTP server is contacted for a phone configuration file. A list of Cisco Unified Communications Manager (CUCM) servers is also obtained.
Page 272 Chapter 14: Voice 251 Tip A Cisco IP Phone can use an 802.1Q trunk to transport packets from two VLANs: the voice VLAN (voice packets) and the native VLAN (data packets, untagged). By default, a Cisco IP Phone transports both its voice packets and the data packets from a connected device over the native VLAN.
Page 273 252 Cisco LAN Switching Configuration Handbook (Optional) Use an 802.1Q trunk with no voice VLAN: ■ (interface) switchport voice vlan dot1p The IP Phone is instructed to use an 802.1Q trunk and the 802.1p CoS priority field, but all voice frames are placed in the null VLAN (VLAN 0). Frames from the phone’s data port are sent untagged (the native VLAN).
Page 274: Example
A Catalyst switch is configured to support an IP Phone on a port. The switch supports inline power, but the switch port might connect to a regular PC or to a Cisco IP Phone. The port is set to automatically detect a device that supports inline power. The access or port VLAN ID (PVID) is set to VLAN number 55.
Page 275: Voice Qos
Let the IP Phone handle the trust boundary for attached PCs; the IP Phone should be ■ trusted. PCs running Cisco SoftPhone should be untrusted. Instead, the inbound voice traffic ■ should be classified and the CoS and differentiated services code point (DSCP) val-...
Page 276 Chapter 14: Voice 255 ■ Normal PCs with no voice capability should be untrusted (CoS and type of service [ToS] set to 0). On Catalyst 6000 switches, port trust can be VLAN-based and applied to the voice ■ VLAN on all trusted ports. Modify the CoS and ToS to DSCP maps so that 3 maps to DSCP 26 (AF31) and 5 ■...
Page 277: Access Layer Configuration
Voice payload transport voice-call signaling protocol Access Layer Configuration (Optional) Establish a trust boundary at the access layer. a. (Optional) Trust QoS from a Cisco IP Phone: IOS L3 interface) mls qos vlan-based (interface) mls qos trust cos IOS L2...
Page 278 Chapter 14: Voice 257 Tip A Cisco IP Phone marks its SCCP voice control packets with CoS 3, ToS 3, and DSCP 26 (AF31). The RTP voice bearer packets are marked with CoS 5, ToS 5, and DSCP 46 (EF).
Page 279 Set the phone access-port trust: (interface) switchport priority extend {trust | none} A Cisco IP Phone has its own access layer switch port, where a PC can be con- nected. This port is untrusted (IOS none) by default, causing the CoS and IP Precedence values for inbound frames to be set to 0.
Page 280: Distribution And Core Layer Configuration
Chapter 14: Voice 259 b. (Layer 3 IOS only) Define the QoS policy: (global) policy-map policy-name (pmap) class class-name access-group acl-name (pmap-class) trust cos The policy uses a class to match traffic from the ACL. CoS values are then trust- ed for matching traffic.
Page 281 260 Cisco LAN Switching Configuration Handbook The QoS information from other switches in a QoS domain can be trusted. This assumes that every switch in the QoS domain has been configured to enforce QoS policies consistently. QoS is port-based on these connections because every VLAN carried over the link will have its QoS values already examined and modified.
Page 282: Voice Qos Example
Cisco IP Telephony Books Davidson, et al. Voice over IP Fundamentals. Cisco Press, 1-58705-257-1. Deel, Nelson, and Smith. Developing Cisco IP Phone Services. Cisco Press, ISBN 1-58705- 060-9. Giralt, Paul and Addis Hallmark. Troubleshooting Cisco IP Telephony. Cisco Press, ISBN 1-...
Page 283 Session Initiation Protocol (SIP), RFC 2543: http://www.ietf.org/rfc/rfc2543.txt H.323 ITU standards at http://www.itu.int/home/index.html Multimedia Gateway Control Protocol (MGCP) v1.0, RFC 2705: ftp://ftp.isi.edu/ in-notes/rfc2705.txt Megaco: http://www.ietf.org/rfc/rfc3015.txt Real-Time Transport Protocol (RTP), RFC 1889: http://www.cs.columbia.edu/~hgs/rtp Voice QoS CIM Voice Internetworking: VoIP Quality of Service, Cisco Systems, ISBN 158720050-3.
Page 284: Cabling Quick Reference
Appendix A Cabling Quick Reference Network cabling is always subject to distance limitations, which depend on the media used and the bandwidth supported. Table A-1 provides a quick reference by listing the maximum cabling distance of a variety of network media and cable types. Table A-1 Cabling Distances for Network Media and Cabling Maximum Media...
Page 285 264 Cisco LAN Switching Configuration Handbook Table A-1 Cabling Distances for Network Media and Cabling Maximum Media Cable Type Distance 1000BASE-SX MMF 62.5 220 m (722 ft) micron, 160 MHz/km MMF 62.5 275 m (902 ft) micron, 200 MHz/km MMF 50.0...
Page 286 STP = single twisted-pair When using 1000BASE-LX/LH GBICs with 62.5 micron multimode fiber, you must use a mode-conditioning patch cord for distances of more than 300 m (984 ft). See www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/cnfg_nts/ethernet/5421_01.htm for installation and usage information. SMI = single-mode intermediate reach.
Page 287 Table A-2 RJ-45 Connector Pinouts Based on Media Type Ethernet UTP Router Token ISDN RJ-45 Console Ring BRIS/ ISDN CT1/PRI 56/64 kbps (DTE) 10/100 1000 BRIU CE1/PRI DSU/CSU* T1/E1 TP0+ – – Rcv Ring TX Tip TX Ring TX– TP0– –...
Page 288: Ethernet Connections
Appendix A: Cabling Quick Reference 267 Back-to-Back Connections In a lab setup or in certain circumstances, you might find that you need to connect two switches or two routers to each other in a back-to-back fashion. Normally, some other active device is used to connect router interfaces. For example, an Ethernet hub or switch, a Token Ring media attachment unit (MAU), and the Public Switched Telephone Network (PSTN) all perform an active role in interconnecting routers.
Page 289: Asynchronous Serial Connections
RJ-45 connectors, fashioned so that pin 1 on one end goes to pin 8 on the other end, pin 2 goes to pin 7, and so forth. Cisco normally supplies a rollover cable with a console cable kit. Table A-4 shows the pinout connections for both ends of the rollover cable.
Page 290: T1/E1 Csu/Dsu Connections
Appendix A: Cabling Quick Reference 269 T1/E1 CSU/DSU Connections You can also make back-to-back connections between two routers with integrated T1/E1 CSU/DSUs using a specially made cable. Again, the transmit and receive pairs are crossed in the cable. Table A-5 lists the pinout connections of both RJ-48 (an RJ-45 will do) ends of the cable.
Page 291 This page intentionally left blank...
Page 292: Well-Known Protocol, Port, And Other Numbers
Appendix B Well-known Protocol, Port, and Other Numbers Refer to the following sections for explanations and listings of well-known numbers: B-1: IP Protocol Numbers ■ B-2: ICMP Type and Code Numbers ■ B-3: Well-known IP Port Numbers ■ B-4: Well-Known IP Multicast Addresses ■...
Page 293 272 Cisco LAN Switching Configuration Handbook Version Hdr len Service type Total length Identification Flags Fragment offset Time to live Protocol Header checksum Source IP address Destination IP address IP options (if needed) Padding Data … Figure B-1 IPv4 Header Format Showing the Protocol Field...
Page 294 Keyword Protocol References Number Stream RFC 1190, RFC 1819 Transmission Control RFC 793 Exterior Gateway Protocol RFC 888 Any private interior gateway IANA (used by Cisco for IGRP) BBN-RCC-MON BBN RCC Monitoring NVP-II Network Voice Protocol RFC 741 ARGUS ARGUS EMCON...
Page 295 274 Cisco LAN Switching Configuration Handbook Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number Host Monitoring RFC 869 Packet Radio Measurement XNS-IDP XEROX NS IDP TRUNK-1 Trunk-1 TRUNK-2 Trunk-2 LEAF-1 Leaf-1 LEAF-2 Leaf-2...
Page 296 Appendix B: Well-known Protocol, Port, and Other Numbers 275 Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number IDPR Inter-Domain Policy Routing Protocol RFC 1479 Datagram Delivery Protocol IDPR-CMTP IDPR Control Message Transport Protocol TP++ TP++ Transport Protocol IL Transport Protocol...
Page 297 276 Cisco LAN Switching Configuration Handbook Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number Encap Security Payload RFC 2406 Authentication Header RFC 2402 I-NLSP Integrated Net Layer Security TUBA SWIPE IP with Encryption...
Page 298 Appendix B: Well-known Protocol, Port, and Other Numbers 277 Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number SAT-EXPAK SATNET and Backroom EXPAK KRYPTOLAN Kryptolan MIT Remote Virtual Disk Protocol IPPC Internet Pluribus Packet Core Any distributed file system IANA SAT-MON...
Page 299 278 Cisco LAN Switching Configuration Handbook Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number VMTP VMTP RFC 1045 SECURE-VMTP SECURE-VMTP VINES VINES NSFNET-IGP NSFNET-IGP Dissimilar Gateway Protocol EIGRP EIGRP CISCO OSPFIGP OSPFIGP RFC 2328...
Page 300 Appendix B: Well-known Protocol, Port, and Other Numbers 279 Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number SCC-SP Semaphore Communications Sec. Pro. ETHERIP Ethernet-within-IP Encapsulation ENCAP Encapsulation Header RFC 1241 Any private encryption scheme IANA GMTP GMTP...
Page 301 280 Cisco LAN Switching Configuration Handbook Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number IPX-in-IP IPX in IP RFC 1234 VRRP Virtual Router Redundancy Protocol RFC 2328 PGM Reliable Transport Protocol Any 0-hop protocol...
Page 302 Appendix B: Well-known Protocol, Port, and Other Numbers 281 Table B-1 Registered IP Protocol Numbers, Keywords, Names, and Associated RFCs Keyword Protocol References Number CRUDP Combat Radio User Datagram SSCOPMCE IPLT Secure Packet Shield PIPE Private IP Encapsulation within IP SCTP Stream Control Transmission Protocol Fibre Channel...
Page 303 282 Cisco LAN Switching Configuration Handbook Table B-2 shows the assigned ICMP type numbers, ICMP codes (where applicable), a brief description, and a reference to an RFC. Table B-2 Assigned ICMP Type Numbers, Codes, Descriptions, and Associated RFCs Type Code...
Page 304 Appendix B: Well-known Protocol, Port, and Other Numbers 283 Table B-2 Assigned ICMP Type Numbers, Codes, Descriptions, and Associated RFCs Type Code Name Reference Alternate Address for Host Unassigned Echo RFC 792 Router Advertisement RFC 1256 Router Solicitation RFC 1256 Time Exceeded RFC 792 Time to Live Exceeded in Transit...
Page 305 284 Cisco LAN Switching Configuration Handbook Table B-2 Assigned ICMP Type Numbers, Codes, Descriptions, and Associated RFCs Type Code Name Reference SKIP Photuris Reserved Unknown Security Parameters Index Valid Security Parameters, but Authentication Failed Valid Security Parameters, but Decryption Failed...
Page 306 Appendix B: Well-known Protocol, Port, and Other Numbers 285 Both UDP and TCP port numbers are divided into the following ranges: ■ Well-known port numbers (0 through 1023) ■ Registered port numbers (1024 through 49151) ■ Dynamic or private port numbers (49152 through 65535) Usually, a port assignment uses a common port number for both UDP and TCP.
Page 307 286 Cisco LAN Switching Configuration Handbook Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port time Time name Host Name Server nameserver Host Name Server nicname Who Is tacacs Login Host Protocol (TACACS) re-mail-ck Remote Mail Checking Protocol...
Page 308 Simple File Transfer Protocol uucp-path UUCP Path Service sqlserv SQL Services nntp Network News Transfer Protocol Network Time Protocol pwdgen Password Generator Protocol cisco-fna Cisco FNATIVE cisco-tna Cisco TNATIVE cisco-sys Cisco SYSMAINT ingres-net INGRES-NET Service profile PROFILE Naming System netbios-ns NetBIOS Name Service...
Page 309 288 Cisco LAN Switching Configuration Handbook Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port sqlsrv SQL Service pcmail-srv PCMail Server sgmp-traps SGMP-TRAPS snmp SNMP snmptrap SNMPTRAP cmip-man CMIP/TCP Manager send SEND print-srv Network PostScript xyplex-mux...
Page 310 Appendix B: Well-known Protocol, Port, and Other Numbers 289 Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port at-8 AppleTalk Unused qmtp The Quick Mail Transfer Protocol vmpwscs VM PWSCS softpc Insignia Solutions dbase dBASE UNIX imap3 Interactive Mail Access Protocol (version 3)
Page 311 290 Cisco LAN Switching Configuration Handbook Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port Ph service isakmp isakmp exec Remote process execution login remote login by Telnet shell printer spooler ntalk ntalk utime unixtime timed...
Page 312 LDAP protocol over T LS/SSL (was sldap) dhcp-failover DHCP Failover mac-srvr-admin MacOS Server Admin doom doom Id Software corba-iiop CORBA IIOP corba-iiop-ssl CORBA IIOP SSL nmap NMAP msexch-routing MS Exchange Routing ieee-mms-ssl IEEE-MMS-SSL cisco-tdp Cisco TDP flexlm Flexible License Manager kerberos-adm Kerberos administration...
Page 313 292 Cisco LAN Switching Configuration Handbook Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port phonebook Phone dhcp-failover2 dhcp-failover2 ftps-data FTP protocol, data, over TLS/SSL ftps FTP protocol, control, over TLS/SSL Netnews Administration System telnets Telnet protocol over TLS/SSL...
Page 314 1809 radius RADIUS 1812 radius-acct RADIUS Accounting 1813 hsrp Hot Standby Router Protocol 1985 licensedaemon Cisco license management 1986 tr-rsrb-p1 Cisco RSRP Priority 1 port 1987 tr-rsrb-p2 Cisco RSRP Priority 2 port 1988 tr-rsrb-p3 Cisco RSRP Priority 3 port 1989...
Page 315 294 Cisco LAN Switching Configuration Handbook Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port stun-p1 Cisco STUN Priority 1 port 1990 stun-p2 Cisco STUN Priority 2 port 1991 stun-p3 Cisco STUN Priority 3 port 1992...
Page 316 Appendix B: Well-known Protocol, Port, and Other Numbers 295 Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port windb WinDb 2522 novell-zen Novell ZEN 2544 Cisco Line Protocol 2567 2575 citrixmaclient Citrix MA Client 2598 sybaseanywhere Sybase Anywhere 2638 novell-ipx-cmd Novell IPX CMD 2645...
Page 317 296 Cisco LAN Switching Configuration Handbook Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port ms-cluster-net MS Cluster Net 3343 ssql SSQL 3352 ms-wbt-server MS WBT Server 3389 mira Apple Remote Access Protocol 3454 prsvp RSVP Port...
Page 318 Appendix B: Well-known Protocol, Port, and Other Numbers 297 Table B-3 Commonly Used Protocols and Associated Port Numbers Keyword Description UDP/TCP Port wap-vcal WAP vCal 9205 wap-vcard-s WAP vCard Secure 9206 wap-vcal-s WAP vCal Secure 9207 bmc-perf-sd BMC-PERFORM- 10128 SERVICE DAEMON h323callsigalt h323 Call Signal Alternate 11720...
Page 319 298 Cisco LAN Switching Configuration Handbook Multicast group address Layer 3 239.208.46.95 1 1010000.00101110.01011111 Bit is set to 0 00000001-00000000-010111110 1010000-00101110-010111111 First 24 bits of MAC address Lower 23 bits of MAC address are the same as the lower 23 bits of the...
Page 320 Appendix B: Well-known Protocol, Port, and Other Numbers 299 Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address All systems on this subnet 224.0.0.1 RFC 1112 All routers on this subnet 224.0.0.2 Unassigned 224.0.0.3 DVMRP 224.0.0.4...
Page 321 300 Cisco LAN Switching Configuration Handbook Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address VRRP 224.0.0.18 IPAllL1Iss 224.0.0.19 IPAllL2Iss 224.0.0.20 IPAllIntermediate Systems 224.0.0.21 IGMP 224.0.0.22 GLOBECAST-ID 224.0.0.23 Unassigned 224.0.0.24 router-to-switch 224.0.0.25 Unassigned 224.0.0.26...
Page 322 Appendix B: Well-known Protocol, Port, and Other Numbers 301 Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address VMTP Managers Group 224.0.1.0 RFC 1045 NTP (Network Time Protocol) 224.0.1.1 RFC 1119 SGI-Dogfight 224.0.1.2 Rwhod 224.0.1.3 224.0.1.4...
Page 323 302 Cisco LAN Switching Configuration Handbook Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address lmsc-calren-1 224.0.1.27 lmsc-calren-2 224.0.1.28 lmsc-calren-3 224.0.1.29 lmsc-calren-4 224.0.1.30 ampr-info 224.0.1.31 Mtrace 224.0.1.32 RSVP-encap-1 224.0.1.33 RSVP-encap-2 224.0.1.34 SVRLOC-DA 224.0.1.35 rln-server 224.0.1.36...
Page 324 Appendix B: Well-known Protocol, Port, and Other Numbers 303 Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address sun-mc-grp 224.0.1.54 extended-sys 224.0.1.55 pdrncs 224.0.1.56 tns-adv-multi 224.0.1.57 vcals-dmu 224.0.1.58 Zuba 224.0.1.59 hp-device-disc 224.0.1.60 tms-production 224.0.1.61 Sunscalar 224.0.1.62...
Page 325 304 Cisco LAN Switching Configuration Handbook Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address OTT (One-way Trip Time) 224.0.1.81 TRACKTICKER 224.0.1.82 dtn-mc 224.0.1.83 jini-announcement 224.0.1.84 jini-request 224.0.1.85 sde-discovery 224.0.1.86 DirecPC-SI 224.0.1.87 B1Rmonitor 224.0.1.88...
Page 326 Appendix B: Well-known Protocol, Port, and Other Numbers 305 Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address NODSCR 224.0.1.109 NODSDR 224.0.1.110 224.0.1.111 TVE-FILE 224.0.1.112 TVE-ANNOUNCE 224.0.1.113 Mac Srv Loc 224.0.1.114 Simple Multicast 224.0.1.115 SpectraLinkGW 224.0.1.116...
Page 327 306 Cisco LAN Switching Configuration Handbook Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address Make Source 224.0.1.137 Teleborsa 224.0.1.138 SUMAConfig 224.0.1.139 Unassigned 224.0.1.140 DHCP-SERVERS 224.0.1.141 CN Router-LL 224.0.1.142 EMWIN 224.0.1.143 Alchemy Cluster 224.0.1.144...
Page 328 Appendix B: Well-known Protocol, Port, and Other Numbers 307 Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address Intline-15 224.0.1.165 marratech-cc 224.0.1.166 EMS-InterDev 224.0.1.167 itb301 224.0.1.168 rtv-audio 224.0.1.169 rtv-video 224.0.1.170 HAVI-Sim 224.0.1.171 Nokia Cluster 224.0.1.172 host-request 224.0.1.173...
Page 329 308 Cisco LAN Switching Configuration Handbook Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address Where-Are-You 224.0.7.0 to 224.0.7.255 INTV 224.0.8.0 to 224.0.8.255 Invisible Worlds 224.0.9.0 to 224.0.9.255 DLSw Groups 224.0.10.0 to 224.0.10.255 NCC.NET Audio...
Page 330 Appendix B: Well-known Protocol, Port, and Other Numbers 309 Table B-4 Registered Multicast Addresses and Associated Applications, RFCs, and References Group, Application, and References Address Report Group 224.0.253.0 to 224.0.253.255 Query Group 224.0.254.0 to 224.0.254.255 Border Routers 224.0.255.0 to 224.0.255.255 ST Multicast Groups 224.1.0.0 to 224.1.255.255 RFC 1190...
Page 331 310 Cisco LAN Switching Configuration Handbook B-5: Ethernet Type Codes A listing of commonly used Ethernet type codes is maintained by the IANA. The infor- mation presented here is reproduced with permission from the IANA. For the most cur- rent Ethernet type code number assignment information, refer to www.iana.org/num- bers.htm under the “Ethernet Numbers”...
Page 332 Appendix B: Well-known Protocol, Port, and Other Numbers 311 Table B-5 Ethernet Type Codes Hex Value Description 0BAF VINES Echo (RFC 1701) 1000 Berkeley Trailer negotiation 1001 to 100F Berkeley Trailer encapsulation/IP 1600 Valid Systems 4242 PCS Basic Block Protocol 5208 BBN Simnet 6000...
Page 333 312 Cisco LAN Switching Configuration Handbook Table B-5 Ethernet Type Codes Hex Value Description 8013 SGI diagnostics 8014 SGI network games 8015 SGI reserved 8016 SGI bounce server 8019 Apollo Domain 802E Tymshare 802F Tigan, Inc. 8035 Reverse ARP 8036...
Page 334 Appendix B: Well-known Protocol, Port, and Other Numbers 313 Table B-5 Ethernet Type Codes Hex Value Description 806A Autophon 806C ComDesign 806D Computgraphic Corp. 806E to 8077 Landmark Graphics Corp. 807A Matra 807B Dansk Data Elektronik 807C Merit Internodal 807D to 807F Vitalink Communications 8080 Vitalink TransLAN III...
Page 335 314 Cisco LAN Switching Configuration Handbook Table B-5 Ethernet Type Codes Hex Value Description 80F2 Retix 80F3 AppleTalk AARP (Kinetics) 80F4 to 80F5 Kinetics 80F7 Apollo Computer 80FF to 8103 Wellfleet Communications 8107 to 8109 Symbolics Private 8130 Hayes Microcomputers...
Page 336 Appendix B: Well-known Protocol, Port, and Other Numbers 315 Table B-5 Ethernet Type Codes Hex Value Description 818D Motorola Computer 819A to 81A3 Qualcomm 81A4 ARAI Bunkichi 81A5 to 81AE RAD Network Devices 81B7 to 81B9 Xyplex 81CC to 81D5 Apricot Computers 81D6 to 81DD Artisoft...
Page 337 316 Cisco LAN Switching Configuration Handbook Table B-5 Ethernet Type Codes Hex Value Description 876C IP Autonomous Systems (RFC 1701) 876D Secure Data (RFC 1701) 880B 8847 MPLS Unicast 8848 MPLS Multicast 8A96 to 8A97 Invisible Software 9000 Loopback 9001...
Page 338: Index
Index active commands, disabling, 3 Symbols adding entries to switching table, 53-54 (*, G) common shared tree structure, AF (Assured Forwarding) service levels, 223 (S, G) shortest path tree structure, aggressive mode (UDLD), 115 aging time, configuring on switching 6000 series Catalyst switches, pass- table, 54 word recovery process, 33-34 assigning IP management address, 28...
Page 339 26 from ROM Monitor, 11 CIR (committed information rate), 234 images from Flash, 40-41 Cisco Blade Switch 3100 series, 14 BPDU filtering, 126 Cisco Field Manual: Router BPDU skewing, 124-126 Configuration (Cisco Press), 48, 73...
Page 340 28 ACLs, 183-184 more, 4 broadcast suppression, 168-169 ping, verifying packet reachability, CDP, 46-47 215-216 Cisco IOS Software, Web browser recalling, 4 interface, 8-9 redundancy force-switchover, 44 DARP, 191 regular expressions, 5 default gateway, 28 reload, 44...
Page 341 configuring NSF, 133-134 Supervisor Engine packet tracing, 215-216 banners, 26 passwords, 30 prompts, 25 port authentication, 185-186 switch authentication, 180 port security, 173-175 RADIUS, 181-182 power supply redundancy, 213 TACACS, 181 protocol filtering, 171 syslog, 194-198 system time, 48-50 access layer, configuring, 256-259 terminal sessions, timeout values, 7 class maps, 239-244 trunking, 93-94...
Page 342 Ethernet, 267 designated port election (STP), 112 T1/E1 CSU/DSU, 269 deterministic frame distribution, 62 connector pinouts, 266 DFP (Dynamic Feedback Protocol) context-sensitive help, Cisco IOS manager, enabling, 154-155 Software, 3-4 DHCP (Dynamic Host Configuration controlling traffic. protocol filtering Protocol), 173, 224...
Page 343 distribution layer RPR information, 132 enabling trunking, 94 SLB information, 157 encapsulation method, specifying on trunks, 95-96 SLB probe information, 166 ending terminal sessions, 7 SNMP information, 206 Enhanced FlexWAN module, config- SPAN information, 211-213 uring, 78-79 SSO information, 135 environment monitoring, 214 STP information, 120 EtherChannel, 62...
Page 344 218 system files, moving, 39-40 of port security, 175, 188 filtering of port selection, 57 Cisco IOS command output, 4-5 of private VLANs, 107-109 traffic, VACLs, 176-178 of SLB, 155-157 firewall load balancing of SNMP configuration, 205-206...
Page 345 183-184 displaying information, 132 ingress port queues (QoS), configur- SSO, 132 ing, 231-233 configuring, 133-134 initialization process, Cisco IP Phone, displaying information about, inline power, voice ports, 249 HSRP (Hot Standby Router installed modules, viewing, 34 Protocol), 135 internal DSCP value...
Page 346 loop prevention, STP load balancing J-K-L example of, 122-123 firewall load balancing join requests, 142-143 configuring, 159-163 jumbo frame support on Ethernet interfaces, 59 displaying information, 164 LACP, 62, 67 example, 162-164 load balancing, firewall load balanc- SLB, 147-148 ing, 159 configuring, 149-155 Layer 2 classification, 222-223 displaying information, 157...
Page 347 manual system time configuration manual system time configuration, name parameter, configuring Ethernet 48-49 VLANs, 89 mapping internal DSCP values to native VLAN (802.1Q), switching, 96 egress CoS values, 244 navigating marking IFS, 36-38 Layer 2 frames, 222-223 STP topology, 127-130 Layer 3 frames, 223-226 nested Telnet sessions, 6 MaxAge timer, adjusting, 125...
Page 348 packets, tracing, 215-218 POS interfaces, configuring, 80 passwords power supply redundancy privileged, configuring, 30 configuring, 213 recovering on 6000 series Catalyst displaying information, 214 switches, 33-34 powered devices, inline power, 249 recovering on switches, 31-32 powering modules on/off, 35 setting for VTP, 99-100 primary Supervisor, changing backup user-level, configuring, 30 Supervisor configuration, 44...
Page 349 44 mapping to egress CoS values, redundant power supplies configuring, 213 Layer 2 classification and marking, displaying information, 214 222-223 regular expressions, Cisco IOS Layer 3 classification and marking, command line, 5 223-226 reload command, 44 microflow policers, configuring, removing...
Page 350 SLB (Server Load Balancing) routing tables selecting Layer 2 ports, 56-57 configuring, 85-86 server blocks, 20 verifying configuration, 86 server farms, SLB, 147-148 RPR (Route Processor Redundancy) configuring, 149-155 configuring, 131-132 displaying information, 157 information, displaying, 132 example, 155-157 RPR mode, 42 probes, configuring, 164-166 RPR+ mode, 42 server mode (VTP), 99...
Page 351 SNMP (Simple Network Management Protocol) configuring, 164-166 displaying information, 120 information, displaying, 166 election processes, 112 SNMP (Simple Network Management example, 115-116 Protocol) load balancing, example, 122-123 access, configuring, 200-201 path costs, 113-114 configuration files, saving, 203 poor root placement, example, configuring, 199-200, 202 120-122 displaying information, 206...
Page 352 trunks switch ports, discarding STP port TCN BPDUs, 114 states, 114 Telnet switched networks, design principles, SSH, configuring, 184-185 17-22 vty access, restricting, 183-184 switches temperature monitoring, 214 booting in rommon mode, 11 terminal sessions, 6 EtherChannel displaying, 6 configuring, 63-67 ending, 7 example configuration, 67 resuming, 6...
Page 353 34 uplink failure of switched networks, 18 logging information, 198 user Exec mode, 2 power management information, 214 user interface features (Cisco IOS), 3 QoS information, 245 user modes, Cisco IOS Software, 2 SLB information, 157 user-level passwords, configuring, 30...
Page 354 XOR (exclusive-OR) operation Ethernet, configurable parameters, 88 VSS (Virtual Switching System), 16 extended range, creating, 89-90 VTP (VLAN Trunking Protocol), 21 interfaces, configuring, 82 configuring, 88, 98-99 port assignment, verifying, 93 domain name, specifying, 88 ports domain names, 99 dynamic assignment, 91-93 example configuration, 103-104 static assignment, 91 modes, 100-101...
Page 355 This page intentionally left blank...
Page 356 Find trusted answers, fast Only Safari lets you search across thousands of best-selling books from the top technology publishers, including Addison-Wesley Professional, Cisco Press, O’Reilly, Prentice Hall, Que, and Sams. Master the latest tools and techniques In addition to gaining access to an incredible inventory of technical books, Safari’s extensive collection of video tutorials lets you learn from the leading...
Page 358 • OnSecurity View them at ciscopress.com/podcasts. –Read the latest author articles and sample chapters at ciscopress.com/articles. –Bookmark the Certification Reference Guide available through our partner site at informit.com/certguide. Connect with Cisco Press authors and editors via Facebook and Twitter, visit informit.com/socialconnect.
Page 359 FREE Online Edition Your purchase of Cisco LAN Switching Conﬁ guration Handbook includes access to a free online edition for 45 days through the Safari Books Online subscription service. Nearly every Cisco Press book is available online through Safari Books Online, along with more than 5,000 other technical books and videos from publishers such as Addison-Wesley Professional, Exam Cram, IBM Press, O’Reilly, Prentice Hall, Que,...

Cisco Catalyst 2000 Configuration Handbook

Chapter 1 CLI Usage

Chapter 2 Switch Functionality

Chapter 3 Supervisor Engine Configuration

Chapter 4 Layer 2 Interface Configuration

Chapter 5 Layer 3 Interface Configuration

Chapter 6 Vlans and Trunking

Chapter 7 Spanning Tree Protocol (STP)

Chapter 8 Configuring High Availability Features

Chapter 10 Server Load Balancing (SLB)

Chapter 9 Multicast 141

Chapter 11 Controlling Traffic and Switch Access

Chapter 12 Switch Management

Chapter 13 Quality of Service

Chapter 14 Voice 249

Appendix A Cabling Quick Reference 263

Quick Links

Related Manuals for Cisco Catalyst 2000

Summary of Contents for Cisco Catalyst 2000