Page 1
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide Cisco IOS Release 12.2(44)SE January 2008 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-8915-03...
Page 2
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.;...
C H A P T E R Understanding Command Modes Understanding the Help System Understanding Abbreviated Commands Understanding no and default Forms of Commands Understanding CLI Error Messages Using Configuration Logging Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 4
Modifying the Startup Configuration 3-17 Default Bootup Configuration 3-18 Automatically Downloading a Configuration File 3-18 Specifying the Filename to Read and Write the System Configuration 3-18 Booting Up Manually 3-19 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 5
Managing the System Time and Date Understanding the System Clock Understanding Network Time Protocol Configuring NTP Default NTP Configuration Configuring NTP Authentication Configuring NTP Associations Configuring NTP Broadcast Service Configuring NTP Access Restrictions Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 6
Understanding the SDM Templates Dual IPv4 and IPv6 SDM Templates Configuring the Switch SDM Template Default SDM Template SDM Template Configuration Guidelines Setting the SDM Template Displaying the SDM Templates Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 7
Configuring Settings for All RADIUS Servers 7-29 Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29 Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31 Displaying the RADIUS Configuration 7-31 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 8
C H A P T E R Understanding IEEE 802.1x Port-Based Authentication Device Roles Authentication Process Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States IEEE 802.1x Host Mode IEEE 802.1x Accounting Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide viii OL-8915-03...
Page 9
Configuring a Restricted VLAN 8-35 Configuring the Inaccessible Authentication Bypass Feature 8-36 Configuring IEEE 802.1x Authentication with WoL 8-39 Configuring MAC Authentication Bypass 8-39 Configuring NAC Layer 2 IEEE 802.1x Validation 8-40 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 10
Configuring the System MTU 9-21 Monitoring and Maintaining the Interfaces 9-22 Monitoring Interface Status 9-23 Clearing and Resetting Interfaces and Counters 9-23 Shutting Down and Restarting the Interface 9-24 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 11
Creating an Extended-Range VLAN with an Internal VLAN ID 11-15 Displaying VLANs 11-16 Configuring VLAN Trunks 11-16 Trunking Overview 11-16 Encapsulation Types 11-18 IEEE 802.1Q Configuration Considerations 11-19 Default Layer 2 Ethernet Interface VLAN Configuration 11-19 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 12
VTP Pruning 12-4 Configuring VTP 12-6 Default VTP Configuration 12-6 VTP Configuration Options 12-7 VTP Configuration in Global Configuration Mode 12-7 VTP Configuration in VLAN Database Configuration Mode 12-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 13
Configuring Voice VLAN 13-3 Default Voice VLAN Configuration 13-3 Voice VLAN Configuration Guidelines 13-3 Configuring a Port Connected to a Cisco 7960 IP Phone 13-4 Configuring Cisco IP Phone Voice Traffic 13-5 Configuring the Priority of Incoming Data Frames 13-6...
Page 14
Forwarding State 16-6 Disabled State 16-7 How a Switch or Port Becomes the Root Switch or Root Port 16-7 Spanning Tree and Redundant Connectivity 16-8 Spanning-Tree Address Management 16-8 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 15
Boundary Ports 17-6 IEEE 802.1s Implementation 17-6 Port Role Naming Change 17-7 Interoperation Between Legacy and Standard Switches 17-7 Detecting Unidirectional Link Failure 17-8 Interoperability with IEEE 802.1D STP 17-8 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 17
Configuring the DHCP Server 20-10 Configuring the DHCP Relay Agent 20-10 Specifying the Packet Forwarding Address 20-10 Enabling DHCP Snooping and Option 82 20-11 Enabling DHCP Snooping on Private VLANs 20-13 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xvii OL-8915-03...
Page 18
Understanding IGMP Snooping 22-2 IGMP Versions 22-3 Joining a Multicast Group 22-3 Leaving a Multicast Group 22-5 Immediate Leave 22-6 IGMP Configurable-Leave Timer 22-6 IGMP Report Suppression 22-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xviii OL-8915-03...
Page 19
C H A P T E R Configuring Storm Control 23-1 Understanding Storm Control 23-1 Default Storm Control Configuration 23-3 Configuring Storm Control and Threshold Levels 23-3 Configuring Small-Frame Arrival Rate 23-5 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 20
Configuring LLDP Characteristics 25-4 Disabling and Enabling LLDP Globally 25-5 Disabling and Enabling LLDP on an Interface 25-5 Configuring LLDP-MED TLVs 25-6 Monitoring and Maintaining LLDP and LLDP-MED 25-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 21
Creating an RSPAN Source Session 27-17 Creating an RSPAN Destination Session 27-19 Creating an RSPAN Destination Session and Configuring Incoming Traffic 27-20 Specifying VLANs to Filter 27-22 Displaying SPAN and RSPAN Status 27-23 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 22
SNMP Manager Functions 30-3 SNMP Agent Functions 30-4 SNMP Community Strings 30-4 Using SNMP to Access MIB Variables 30-4 SNMP Notifications 30-5 SNMP ifIndex MIB Object Values 30-5 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxii OL-8915-03...
Page 23
IPv4 ACL Configuration Examples 31-21 Numbered ACLs 31-23 Extended ACLs 31-23 Named ACLs 31-23 Time Range Applied to an IP ACL 31-24 Commented IP ACL Entries 31-24 ACL Logging 31-25 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxiii OL-8915-03...
Page 24
32-19 Configuring Auto-QoS 32-20 Generated Auto-QoS Configuration 32-21 Effects of Auto-QoS on the Configuration 32-25 Auto-QoS Configuration Guidelines 32-25 Enabling Auto-QoS for VoIP 32-26 Auto-QoS Configuration Example 32-28 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxiv OL-8915-03...
Page 25
Mapping DSCP or CoS Values to an Ingress Queue and Setting WTD Thresholds 32-67 Allocating Buffer Space Between the Ingress Queues 32-68 Allocating Bandwidth Between the Ingress Queues 32-68 Configuring the Ingress Priority Queue 32-69 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 26
Configuring the PAgP Learn Method and Priority 33-16 Configuring LACP Hot-Standby Ports 33-17 Configuring the LACP System Priority 33-18 Configuring the LACP Port Priority 33-19 Displaying EtherChannel, PAgP, and LACP Status 33-20 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxvi OL-8915-03...
Page 29
38-1 C H A P T E R Understanding HSRP 38-1 Multiple HSRP 38-3 Configuring HSRP 38-4 Default HSRP Configuration 38-5 HSRP Configuration Guidelines 38-5 Enabling HSRP 38-5 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxix OL-8915-03...
Page 30
Procedure with Password Recovery Disabled 40-6 Preventing Autonegotiation Mismatches 40-7 SFP Module Security and Identification 40-8 Monitoring SFP Module Status 40-8 Monitoring Temperature 40-9 Using Ping 40-9 Understanding Ping 40-9 Executing Ping 40-9 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 31
A P P E N D I X MIB List Using FTP to Access the MIB Files Working with the Cisco IOS File System, Configuration Files, and Software Images A P P E N D I X Working with the Flash File System...
Page 32
Working with Software Images B-23 Image Location on the Switch B-24 tar File Format of Images on a Server or Cisco.com B-24 Copying Image Files By Using TFTP B-25 Preparing to Download or Upload an Image File By Using TFTP...
Page 33
Unsupported Global Configuration Command Unsupported Interface Configuration Command IP Unicast Routing Unsupported Privileged EXEC or User EXEC Commands Unsupported Global Configuration Commands Unsupported Interface Configuration Commands Unsupported Route Map Commands Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxxiii OL-8915-03...
Page 34
Unsupported Global Configuration Commands Spanning Tree Unsupported Global Configuration Command Unsupported Interface Configuration Command VLAN Unsupported Global Configuration Command Unsupported User EXEC Commands Unsupported Privileged EXEC Command N D E X Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxxiv OL-8915-03...
Page 35
This guide is for the networking professional managing the Cisco Catalyst Blade Switch 3020 for HP, referred to as the switch. Before using this guide, you should have experience working with the Cisco IOS software and be familiar with the concepts and terminology of Ethernet and local area networking.
Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Related Publications For more information about the switch, see the Cisco Catalyst Blade Switch 3020 for HP documentation on Cisco.com: http://www.cisco.com/en/US/products/ps6748/tsd_products_support_series_home.html Note Before installing, configuring, or upgrading the switch, see these documents: •...
Preface Obtaining Documentation and Submitting a Service Request Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(37)SE (not • orderable but available on Cisco.com) Cisco Catalyst Blade Switch 3020 for HP System Message Guide (not orderable, but available on •...
Page 38
Preface Obtaining Documentation and Submitting a Service Request Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide xxxviii OL-8915-03...
(IPv6). Features Beginning with Cisco IOS Release 12.2(44)SE, the switch ships with the IP base image installed, which provides Layer 2+ features (enterprise-class intelligent services). These features include access control lists (ACLs), quality of service (QoS), static routing, EIGRP and PIM stub routing, the Hot Standby Router Protocol (HSRP), the Routing Information Protocol (RIP), IPv6 host management, and IPv6 MLD snooping.
Port blocking on forwarding unknown Layer 2 unknown unicast, multicast, and bridged broadcast • traffic Cisco Group Management Protocol (CGMP) server support and Internet Group Management • Protocol (IGMP) snooping for IGMP Versions 1, 2, and 3: (For CGMP devices) CGMP for limiting multicast traffic to specified end stations and reducing –...
Switch Database Management (SDM) templates for allocating system resources to maximize • support for user-selected features Cisco IOS IP Service Level Agreements (SLAs), a part of Cisco IOS software that uses active traffic • monitoring for measuring network performance Configurable small-frame arrival threshold to prevent storm control when small frames (64 bytes or •...
Network Time Protocol (NTP) for providing a consistent time stamp to all switches from an external • source Cisco IOS File System (IFS) for providing a single interface to all file systems that the switch uses • Configuration logging to log and to view changes to the switch configuration •...
• switch configuration or switch image files (requires the cryptographic version of the software) The HTTP client in Cisco IOS supports can send requests to both IPv4 and IPv6 HTTP servers, and • the HTTP server in Cisco IOS can service HTTP requests from both IPv4 and IPv6 HTTP clients.
Link state tracking (Layer 2 trunk failover) to mirror the state of the external Ethernet links and to • allow the failover of the processor blade traffic to an operational external link on a separate Cisco Ethernet switch VLAN Features...
Page 45
VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN Port security for controlling access to IEEE 802.1x ports – Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized – or unauthorized state of the port Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users...
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port – bordering another QoS domain Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value – received, and ensuring port security...
DHCP relay for forwarding UDP broadcasts, including IP address requests, from DHCP clients • IPv6 unicast host management • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Chapter 20, “Configuring DHCP Features and IP Source Guard.” Default domain name is not configured. For more information, see Chapter 3, “Assigning the Switch • IP Address and Default Gateway.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-10 OL-8915-03...
Page 49
No private VLANs are configured. For more information, see Chapter 14, “Configuring Private – VLANs.” Voice VLAN is disabled. For more information, see Chapter 13, “Configuring Voice VLAN.” – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-11 OL-8915-03...
Page 50
SNMP is enabled (Version 1). For more information, see Chapter 30, “Configuring SNMP.” • No ACLs are configured. For more information, see Chapter 31, “Configuring Network Security • with ACLs.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-12 OL-8915-03...
Table 1-2 describes some network demands and how you can meet them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-13 OL-8915-03...
Page 52
1-1)—For • high-speed access to network resources, you can use the Cisco Catalyst Blade Switch 3020 for HP in the access layer to provide Gigabit Ethernet to the blade servers. To prevent congestion, use QoS DSCP marking priorities on these switches. For high-speed IP forwarding at the distribution layer, connect the switches in the access layer to a Gigabit multilayer switch with routing capability, such as a Catalyst 3750 switch, or to a router.
Page 53
Using SFP modules provides flexibility in media and distance options through fiber-optic connections. Figure 1-2 Server Aggregation Campus core Catalyst 6500 switches Catalyst 3750 StackWise switch stacks Blade Switches Blade Servers Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-15 OL-8915-03...
Before configuring the switch, review these sections for startup information: Chapter 2, “Using the Command-Line Interface” • Chapter 3, “Assigning the Switch IP Address and Default Gateway” • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 1-16 OL-8915-03...
C H A P T E R Using the Command-Line Interface This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch. It contains these sections: Understanding Command Modes, page 2-1 • Understanding the Help System, page 2-3 •...
To exit to privileged Use this mode to configure Switch(vlan)# EXEC mode, enter EXEC mode, enter VLAN parameters for VLANs the vlan database exit. 1 to 1005 in the VLAN command. database. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Obtain a list of commands that begin with a particular character string. For example: Switch# di? dir disable disconnect abbreviated-command-entry<Tab> Complete a partial command name. For example: Switch# sh conf<tab> Switch# show configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
However, some commands are enabled by default and have variables set to certain default values. In these cases, the default command enables the command and sets variables to their default values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
For more information, see the Configuration Change Notification and Logging feature module at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e81. html Note Only CLI or HTTP changes are logged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
The number of commands that appear is controlled by the setting of the terminal history global configuration command and the history line configuration command. 1. The arrow keys function only on ANSI-compatible terminals such as VT100s. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Editing Commands through Keystrokes Capability Keystroke Purpose Move around the command line to Press Ctrl-B, or press the Move the cursor back one character. make changes or corrections. left arrow key. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 62
Press Esc U. Capitalize letters from the cursor to the end of the word. Designate a particular keystroke as Press Ctrl-V or Esc Q. an executable command, perhaps as a shortcut. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Use line wrapping with the command history feature to recall and modify previous complex command entries. For information about recalling previous command entries, see the “Editing Commands through Keystrokes” section on page 2-7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
7-37. The switch supports up to five simultaneous secure SSH sessions. After you connect through the console port, through a Telnet session or through an SSH session, the user EXEC prompt appears on the management station. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 2-10 OL-8915-03...
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
IP address and reads the configuration file. If you are an experienced user familiar with the switch configuration steps, manually configure the switch. Otherwise, use the setup program described previously. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
IP address, and you can manage the switch through the fa0 interface. See the HP BladeSystem documentation at http://www.hp.com/go/bladesystem/documentation for more information about the Onboard Administrator. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
This helps ensure that each new switch added to a network receives the same image and configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
NVRAM unless you enter the write memory or copy running-configuration startup-configuration privileged EXEC command. Note that if the downloaded configuration is saved to the startup configuration, the feature is not triggered during subsequent system restarts. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
• Example Configuration, page 3-9 If your DHCP server is a Cisco device, for additional information about configuring DHCP, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
If the relay device is a Cisco router, enable IP routing (ip routing global configuration command), and configure helper addresses by using the ip helper-address interface configuration command.
The switch sends a broadcast message to a TFTP server to retrieve the named configuration file from the base directory of the server, and upon receipt, it completes its bootup process. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
00e0.9f1e.2002 00e0.9f1e.2003 00e0.9f1e.2004 Cisco router 10.0.0.10 10.0.0.1 10.0.0.2 10.0.0.3 DHCP server DNS server TFTP server (tftpserver) Table 3-2 shows the configuration of the reserved leases on the DHCP server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 74
It reads the configuration file that corresponds to its hostname; for example, it reads switch1-confg • from the TFTP server. Switches B through D retrieve their configuration files and IP addresses in the same way. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-10 OL-8915-03...
Upload the tarfile for the new image to the switch. Step 10 exit Return to global configuration mode. Step 11 tftp-server flash:config.text Specify the Cisco IOS configuration file on the TFTP server. Step 12 tftp-server flash:imagename.tar Specify the imagename on the TFTP server. Step 13 tftp-server flash:filename.txt...
For information on setting the switch system name, protecting access to privileged EXEC commands, and setting time and calendar services, see Chapter 5, “Administering the Switch.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-14 OL-8915-03...
EXEC command. For more information about alternative locations from which to copy the configuration file, see Appendix B, “Working with the Cisco IOS File System, Configuration Files, and Software Images.” Modifying the Startup Configuration...
Specifying the Filename to Read and Write the System Configuration By default, the Cisco IOS software uses the file config.text to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next bootup cycle.
However, you can specify a specific image with which to boot up the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-19 OL-8915-03...
Environment variables store two kinds of data: • Data that controls code, which does not read the Cisco IOS configuration file. For example, the name of a bootloader helper file, which extends or patches the functionality of the bootloader can be stored as an environment variable.
(for example, to perform a software upgrade on all switches in the network). Note A scheduled reload must take place within approximately 24 days. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-21 OL-8915-03...
Reload scheduled for 02:00:00 UTC Thu Jun 20 1996 (in 344 hours and 53 minutes) Proceed with reload? [confirm] To cancel a previously scheduled reload, use the reload cancel privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-22 OL-8915-03...
It displays reload information including the time the reload is scheduled to occur and the reason for the reload (if it was specified when the reload was scheduled). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-23 OL-8915-03...
Page 88
Chapter 3 Assigning the Switch IP Address and Default Gateway Scheduling a Reload of the Software Image Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 3-24 OL-8915-03...
For complete configuration information for the Cisco Configuration Engine, see this URL on Cisco.com Note http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/tsd_products_support_series_home.html For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Network Management Command Reference, Release 12.4 at this URL on Cisco.com: http://www.cisco.com/en/US/products/ps6350/products_command_reference_book09186a008042df72.
(LDAP) URLs that reference the device-specific configuration information stored in a directory. The Cisco IOS agent can perform a syntax check on received configuration files and publish events to show the success or failure of the syntax check. The configuration agent can either apply configurations immediately or delay the application until receipt of a synchronization event from the configuration server.
Understanding Cisco Configuration Engine Software Event Service The Cisco Configuration Engine uses the Event Service for receipt and generation of configuration events. The event agent is on the switch and facilitates the communication between the switch and the event gateway on the Configuration Engine.
Therefore, the DeviceID, as originated on the switch, must match the DeviceID of the corresponding switch definition in the Configuration Engine. The origin of the DeviceID is defined by the Cisco IOS hostname of the switch. However, the DeviceID variable and its usage reside within the event gateway adjacent to the switch.
Understanding Cisco IOS Agents The CNS event agent feature allows the switch to publish and subscribe to events on the event bus and works with the Cisco IOS agent. The Cisco IOS agent feature supports the switch by providing these features: Initial Configuration, page 4-5 •...
NVRAM for use at the next reboot. Configuring Cisco IOS Agents The Cisco IOS agents embedded in the switch Cisco IOS software allow the switch to be connected and automatically configured as described in the “Enabling Automated CNS Configuration” section on page 4-6.
Page 95
Note For more information about running the setup program and creating templates on the Configuration Engine, see the Cisco Configuration Engine Installation and Setup Guide, 1.5 for Linux at this URL: http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/products_installation_and_configuration_ guide_book09186a00803b59db.html...
This example shows how to enable the CNS event agent, set the IP address gateway to 10.180.1.27, set 120 seconds as the keepalive interval, and set 10 as the retry count. Switch(config)# cns event 10.180.1.27 keepalive 120 10 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Configuring Cisco IOS Agents Enabling the Cisco IOS CNS Agent After enabling the CNS event agent, start the Cisco IOS CNS agent on the switch. You can enable the Cisco IOS agent with these commands: The cns config initial global configuration command enables the Cisco IOS agent and initiates an •...
Page 98
Step 11 hostname name Enter the hostname for the switch. Step 12 ip route network-number (Optional) Establish a static route to the Configuration Engine whose IP address is network-number. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 4-10 OL-8915-03...
Page 99
ID, enter an arbitrary text string for string string as the unique ID, or enter udi to set the unique device identifier (UDI) as the unique ID. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 4-11 OL-8915-03...
Page 100
Verify your entries. To disable the CNS Cisco IOS agent, use the no cns config initial {ip-address | hostname} global configuration command. This example shows how to configure an initial configuration on a remote switch when the switch configuration is unknown (the CNS Zero Touch feature).
RemoteSwitch(config)# cns id ethernet 0 ipaddress RemoteSwitch(config)# cns config initial 172.28.129.22 no-persist Enabling a Partial Configuration Beginning in privileged EXEC mode, follow these steps to enable the Cisco IOS agent and to initiate a partial configuration on the switch: Command...
Displaying CNS Configuration Command Purpose show cns config connections Displays the status of the CNS Cisco IOS agent connections. show cns config outstanding Displays information about incremental (partial) CNS configurations that have started but are not yet completed. show cns config stats Displays statistics about the Cisco IOS agent.
Page 103
You can manage the system time and date on your switch using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Configuration Fundamentals Command Reference from the Cisco.com page under Documentation >...
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Switch F Workstations If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
NTP that provide for accurate timekeeping) with other devices for security purposes: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 ntp authenticate Enable the NTP authentication feature, which is disabled by default. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
(meaning that only this switch synchronizes to the other device, and not the other way around). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
However, in a LAN environment, NTP can be configured to use IP broadcast messages instead. This alternative reduces configuration complexity because each device can simply be configured to send or receive broadcast messages. However, the information flow is one-way only. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 109
Step 3 ntp broadcast client Enable the interface to receive NTP broadcast packets. By default, no interfaces receive NTP broadcast packets. Step 4 exit Return to global configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
NTP control queries and allows the switch to synchronize to the remote device. For access-list-number, enter a standard IP access list number from 1 to 99. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 111
99. However, the switch restricts access to allow only time requests from access list 42: Switch# configure terminal Switch(config)# ntp access-group peer 99 Switch(config)# ntp access-group serve-only 42 Switch(config)# access-list 99 permit 172.20.130.5 Switch(config)# access list 42 permit 172.20.130.6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
[detail] show ntp status • For detailed information about the fields in these displays, see the Cisco IOS Configuration Note Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Atlantic Canada (AST) is UTC-3.5, where the 3 means 3 hours and .5 means 50 percent. In this case, the necessary command is clock timezone AST -3 30. To set the time to UTC, use the no clock timezone global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-12 OL-8915-03...
This example shows how to specify that summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00: Switch(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-13 OL-8915-03...
A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, from the Cisco.com page, select Documentation > Cisco IOS Software > 12.2 Mainline > Command References and see the Cisco IOS Configuration Fundamentals Command Reference and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols.
Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Trying 172.2.5.4... Connected to 172.2.5.4. Escape character is '^]'. This is a secure site. Only authorized users are allowed. For access, contact technical support. User Access Verification Password: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-18 OL-8915-03...
(static or dynamic). Note For complete syntax and usage information for the commands used in this section, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-19 OL-8915-03...
Each VLAN maintains its own logical address table. A known address in one VLAN is unknown in another until it is learned or statically associated with a port in the other VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-20...
Step 3 Return to privileged EXEC mode. Step 4 show mac address-table aging-time Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-21 OL-8915-03...
For notification-type, use the mac-notification • keyword. Step 3 snmp-server enable traps mac-notification Enable the switch to send MAC address traps to the NMS. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-22 OL-8915-03...
Page 125
Switch(config-if)# snmp trap mac-notification added You can verify the previous commands by entering the show mac address-table notification interface and the show mac address-table notification privileged EXEC commands. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-23 OL-8915-03...
(Optional) Save your entries in the configuration file. To remove static entries from the address table, use the no mac address-table static mac-addr vlan vlan-id [interface interface-id] global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-24 OL-8915-03...
For vlan-id, specify the VLAN for which the packet with the • specified MAC address is received. Valid VLAN IDs are 1 to 4094. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-25 OL-8915-03...
Displays the MAC notification parameters and history table. show mac address-table static Displays only static MAC address table entries. show mac address-table vlan Displays the MAC address table information for the specified VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-26 OL-8915-03...
ARP entries added manually to the table do not age and must be manually removed. Note For CLI procedures, see the Cisco IOS Release 12.2 documentation from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide...
Page 130
Chapter 5 Administering the Switch Managing the ARP Table Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 5-28 OL-8915-03...
6-2. You must enable a dual-stack template to configure IPv6 host or IPv6 MLD snooping. Table 6-1 lists the approximate numbers of each resource supported in each IPv4 template. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Layer 2 and ACLs for IPv6 on the switch. Table 6-2 defines the approximate feature resources allocated by each new template. Template estimations are based on a switch with 8 routed interfaces and approximately 1000 VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
VLAN configuration on the switch with no • routing supported in hardware. The default template balances the use of system resources. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Use the show sdm prefer [access | default | dual-ipv4-and-ipv6 {default | vlan} |routing | vlan] privileged EXEC command to display the resource numbers supported by the specified template. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 136
IPv4/MAC qos aces: 0.75K number of IPv4/MAC security aces: number of IPv6 policy based routing aces: number of IPv6 qos aces: 0.5K number of IPv6 security aces: 0.5K Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. For more information, see the “Configuring Username and Password Pairs” section on page 7-6. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Password protection restricts access to a network or network device. Privilege levels define what commands users can enter after they have logged into a network device. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2 from the Cisco.com page under Documentation >...
We recommend that you use the enable secret command because it uses an improved encryption algorithm. If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 140
To remove a password and level, use the no enable password [level level] or no enable secret [level level] global configuration command. To disable password encryption, use the no service password-encryption global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Disable password recovery. This setting is saved in an area of the flash memory that is accessible by the bootloader and the Cisco IOS image, but it is not part of the file system and is not accessible by any user.
If you have defined privilege levels, you can also assign a specific privilege level (with associated rights and privileges) to each username and password pair. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC and privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands: Switch(config)# privilege exec level 14 configure Switch(config)# enable password level 14 SecretPswd14 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Log in to a specified privilege level. For level, the range is 0 to 15. Step 2 disable level Exit to a specified privilege level. For level, the range is 0 to 15. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
TACACS+ is facilitated through authentication, authorization, accounting (AAA) and can be enabled only through AAA commands. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Note Security Command Reference, Release 12.2.
Page 147
TACACS+ daemon are encrypted. You need a system running the TACACS+ daemon software to use TACACS+ on your switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-11 OL-8915-03...
This process continues until there is successful communication with a listed method or the method list is exhausted. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-12 OL-8915-03...
TACACS+ daemon. You must configure the same key on the TACACS+ daemon for encryption to be successful. Step 3 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-13 OL-8915-03...
Beginning in privileged EXEC mode, follow these steps to configure login authentication: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-14 OL-8915-03...
Page 151
{default | list-name} method1 [method2...] global configuration command. To either disable TACACS+ authentication for logins or to return to the default value, use the no login authentication {default | list-name} line configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-15 OL-8915-03...
HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
RADIUS is facilitated through AAA and can be enabled only through AAA commands. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Security Command Reference, Release 12.2. These sections contain this configuration information: •...
X.25 PAD connections. Switch-to-switch or router-to-router situations. RADIUS does not provide two-way authentication. • RADIUS can be used to authenticate from one device to a non-Cisco device if the non-Cisco device requires authentication. • Networks using a variety of services. RADIUS generally binds a user to one service model.
REJECT packets includes these items: Telnet, SSH, rlogin, or privileged EXEC services • Connection parameters, including the host or client IP address, access list, and user timeouts • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-19 OL-8915-03...
Identifying the RADIUS Server Host Switch-to-RADIUS-server communication involves several components: Hostname or IP address • Authentication destination port • • Accounting destination port • Key string • Timeout period Retransmission value • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-20 OL-8915-03...
Page 157
You can configure the switch to use AAA server groups to group existing server hosts for authentication. For more information, see the “Defining AAA Server Groups” section on page 7-25. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-21 OL-8915-03...
Page 158
(Optional) Save your entries in the configuration file. To remove the specified RADIUS server, use the no radius-server host hostname | ip-address global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-22 OL-8915-03...
Beginning in privileged EXEC mode, follow these steps to configure login authentication. This procedure is required. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa new-model Enable AAA. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-23 OL-8915-03...
Page 160
Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-24 OL-8915-03...
HTTP access by using AAA methods. For more information about the ip http authentication command, see the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
Page 162
Repeat this step for each RADIUS server in the AAA server group. Each server in the group must be previously defined in Step 2. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-26 OL-8915-03...
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 aaa authorization network radius Configure the switch for user RADIUS authorization for all network-related service requests. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-27 OL-8915-03...
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client billing, or auditing. Beginning in privileged EXEC mode, follow these steps to enable RADIUS accounting for each Cisco IOS privilege level and for network services:...
1, which is named cisco-avpair. The value is a string with this format: protocol : attribute sep value * Protocol is a value of the Cisco protocol attribute for a particular type of authorization. Attribute and value are an appropriate attribute-value (AV) pair defined in the Cisco TACACS+ specification, and sep is = for mandatory attributes and is * for optional attributes.
Page 166
For a complete list of RADIUS attributes or more information about vendor-specific attribute 26, see the “RADIUS Attributes” appendix in the Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Although an IETF draft standard for RADIUS specifies a method for communicating vendor-proprietary information between the switch and the RADIUS server, some vendors have extended the RADIUS attribute set in a unique way. Cisco IOS software supports a subset of vendor-proprietary RADIUS attributes.
• Configuring Kerberos, page 7-35 • For Kerberos configuration examples, see the “Kerberos Configuration Examples” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_book09186a 0080087df1.html For complete syntax and usage information for the commands used in this section, see the “Kerberos Commands”...
Page 169
Also known as a Kerberos identity, this is who you are or what a service is according to the Kerberos server. The Kerberos principal name must be in all lowercase characters. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-33 OL-8915-03...
The user must authenticate to the KDC because the TGT that the KDC issues is stored on the switch and cannot be used for additional authentication until the user logs on to the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-34...
KDC and obtain a TGT from the KDC to access network services. For instructions about how to authenticate to a KDC, see the “Obtaining a TGT from a KDC” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.2, at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_book09186a...
To secure the switch for HTTP access by using AAA methods, you must configure the switch with the Note ip http authentication aaa global configuration command. Configuring AAA authentication does not secure the switch for HTTP access by using AAA methods. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-36 OL-8915-03...
You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with non-Cisco SSH clients. The SSH client also works with the SSH server supported in this release and with non-Cisco SSH servers.
When generating the RSA key pair, the message might appear. If it does, No host name specified you must configure a hostname by using the hostname global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-38 OL-8915-03...
Setting Up the Switch to Run SSH Follow these steps to set up your switch to run SSH: Download the cryptographic software image from Cisco.com. This step is required. For more information, see the release notes for this release. Configure a hostname and IP domain name for the switch. Follow this procedure only if you are configuring the switch as an SSH server.
(Optional) Save your entries in the configuration file. To return to the default SSH control parameters, use the no ip ssh {timeout | authentication-retries} global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-40 OL-8915-03...
Displaying Secure HTTP Server and Client Status, page 7-47 • For configuration examples and complete syntax and usage information for the commands used in this section, see the “HTTPS - HTTP Server and Client with SSL 3.0” feature description for Cisco IOS Release 12.2(15)T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008015a4c6.
(pages) back to the HTTP secure server, which, in turn, responds to the original request. The primary role of the HTTP secure client (the web browser) is to respond to Cisco IOS application requests for HTTPS User Agent services, perform HTTPS User Agent services for the application, and pass the response back to the application.
For additional information on Certificate Authorities, see the “Configuring Certification Authority Interoperability” chapter in the Cisco IOS Security Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Specify the URL to which the switch should send certificate requests. Step 7 enrollment http-proxy host-name (Optional) Configure the switch to obtain certificates from the CA port-number through an HTTP proxy server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-44 OL-8915-03...
HTTPS connection. If you do not have a reason to [rc4-128-sha] [des-cbc-sha]} specify a particularly CipherSuite, you should allow the server and client to negotiate a CipherSuite that they both support. This is the default. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-45 OL-8915-03...
Page 182
IP address or hostname of the server switch. If you configure a port other than the default port, you must also specify the port number after the URL. For example: https://209.165.129:1026 https://host.domain.com:1026 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-46 OL-8915-03...
Shows the HTTP secure client configuration. show ip http server secure status Shows the HTTP secure server configuration. show running-config Shows the generated self-signed certificate for secure HTTP connections. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 7-47 OL-8915-03...
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System (IFS) to and from a switch by using the copy command. An authorized administrator can also do this from a workstation.
For complete syntax and usage information for the commands used in this chapter, see the command reference for this release and the “RADIUS Commands” section in the Cisco IOS Security Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline >...
LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client. In this release, the RADIUS security system with Extensible Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Authentication Protocol (EAP) extensions is the only supported authentication server. It is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client/server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
Page 188
After IEEE 802.1x authentication using a RADIUS server is configured, the switch uses timers based on the Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute (Attribute [29]). The Session-Timeout RADIUS attribute (Attribute[27]) specifies the time after which re-authentication occurs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
The specific exchange of EAP frames depends on the authentication method being used. Figure 8-3 shows a message exchange initiated by the client when the client uses the One-Time-Password (OTP) authentication method with a RADIUS server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 190
MAC authentication bypass. Figure 8-4 Message Exchange During MAC Authentication Bypass Authentication server Client (RADIUS) Switch EAPOL Request/Identity EAPOL Request/Identity EAPOL Request/Identity Ethernet packet RADIUS Access/Request RADIUS Access/Accept Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
The switch detects the client by sending an EAPOL frame when the port link state changes to the up state. If a client leaves or is replaced with another client, the switch changes the port link state to down, and the port returns to the unauthorized state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
RADIUS accounting packets are sent by a switch: START–sent when a new user session starts • INTERIM–sent during an existing session for updates • STOP–sent when a session terminates • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
You can view the AV pairs that are being sent by the switch by entering the debug radius accounting privileged EXEC command. For more information about this command, see the Cisco IOS Debug Command Reference, Release 12.2 at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_reference_book09186a008...
(type 6). Attribute [81] specifies the VLAN name or VLAN ID assigned to the IEEE 802.1x-authenticated user. For examples of tunnel attributes, see the “Configuring the Switch to Use Vendor-Specific RADIUS Attributes” section on page 7-29. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-10 OL-8915-03...
If the RADIUS server does not allow the .in or .out syntax, the access list is applied to the outbound ACL by default. Because of limited support of Cisco IOS access lists on the switch, the Filter-Id attribute is supported only for IP ACLs numbered 1 to 199 and 1300 to 2699 (IP standard and IP extended ACLs).
The switch supports MAC authentication bypass in Cisco IOS Release 12.2(25)SEE and later. When MAC authentication bypass is enabled on an IEEE 802.1x port, the switch can authorize clients based on the client MAC address when IEEE 802.1x authentication times out while waiting for an EAPOL...
Other port security features such as dynamic ARP Inspection, DHCP snooping, and IP source guard can be configured independently on a restricted VLAN. For more information, see the “Configuring a Restricted VLAN” section on page 8-34. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-13 OL-8915-03...
IEEE 802.1x accounting—Accounting is not affected if the RADIUS servers are unavailable. • Private VLAN—You can configure inaccessible authentication bypass on a private VLAN host port. • The access VLAN must be a secondary private VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-14 OL-8915-03...
If you enable IEEE 802.1x authentication on an access port on which a voice VLAN is configured and Note to which a Cisco IP Phone is connected, the Cisco IP phone loses connectivity to the switch for up to 30 seconds.
EAPOL packets. The host can receive packets but cannot send packets to other devices in the network. If PortFast is not enabled on the port, the port is forced to the bidirectional state. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-16 OL-8915-03...
Guest VLAN—If a client has an invalid MAC address identity, the switch assigns the client to a • guest VLAN if one is configured. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-17 OL-8915-03...
Network Admission Control Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.2(44)SE and later, the switch supports the Network Admission Control (NAC) Layer 2 IEEE 802.1x validation, which checks the antivirus condition or posture of endpoint systems or clients before granting the devices network access.
Quiet period 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-20 OL-8915-03...
If the VLAN to which an IEEE 802.1x port is assigned to shut down, disabled, or removed, the port becomes unauthorized. For example, the port is unauthorized after the access VLAN to which a port is assigned shuts down or is removed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-21 OL-8915-03...
IEEE 802.1x authentication process (dot1x timeout quiet-period and dot1x timeout tx-period interface configuration commands). The amount to decrease the settings depends on the connected IEEE 802.1x client type. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-22 OL-8915-03...
The readiness check is typically used before IEEE 802.1x is enabled on the switch. • If you use the dot1x test eapol-capable privileged EXEC command without specifying an interface, • all the ports on the switch stack are tested. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-23 OL-8915-03...
Page 208
1 to 65535 seconds. The default is 10 seconds. Step 3 (Optional) Return to privileged EXEC mode. Step 4 show running-config (Optional) Verify your modified timeout values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-24 OL-8915-03...
The switch sends an interim accounting update to the accounting server that is based on the result of Step 6 re-authentication. The user disconnects from the port. Step 7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-25 OL-8915-03...
IP address and specific UDP port numbers. The combination of the IP address and UDP port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-26...
Page 211
You also need to configure some settings on the RADIUS server. These settings include the IP address of the switch and the key string to be shared by both the server and the switch. For more information, see the RADIUS server documentation. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-27 OL-8915-03...
Specify the port to be configured, and enter interface configuration mode. Step 3 dot1x reauthentication Enable periodic re-authentication of the client, which is disabled by default. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-28 OL-8915-03...
Beginning in privileged EXEC mode, follow these steps to change the quiet period. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-29 OL-8915-03...
This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request: Switch(config-if)# dot1x timeout tx-period 60 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-30 OL-8915-03...
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-31 OL-8915-03...
(Optional) Enables system accounting (using the list of all RADIUS start-stop group radius servers) and generates system accounting reload event messages when the switch reloads. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-32 OL-8915-03...
(Optional) Save your entries in the configuration file. To disable and remove the guest VLAN, use the no dot1x guest-vlan interface configuration command. The port returns to the unauthorized state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-33 OL-8915-03...
The port returns to the unauthorized state. This example shows how to enable VLAN 2 as an IEEE 802.1x restricted VLAN: Switch(config)# interface gigabitethernet0/2 Switch(config-if)# dot1x auth-fail vlan 2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-34 OL-8915-03...
Beginning in privileged EXEC mode, follow these steps to configure the port as a critical port and enable the inaccessible authentication bypass feature. This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-35 OL-8915-03...
Page 220
{0 string | 7 string | string} global configuration command. You can also configure the authentication and encryption key by Note using the radius-server key {0 string | 7 string | string} global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-36 OL-8915-03...
For the supported port types, see the “IEEE 802.1x Authentication Configuration Guidelines” section on page 8-21. Step 3 dot1x port-control auto Enable IEEE 802.1x authentication on the port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-38 OL-8915-03...
Switch(config-if)# dot1x mac-auth-bypass Configuring NAC Layer 2 IEEE 802.1x Validation In Cisco IOS Release 12.244)SE or later, you can configure NAC Layer 2 IEEE 802.1x validation, which is also referred to as IEEE 802.1x authentication with a RADIUS server. Beginning in privileged EXEC mode, follow these steps to configure NAC Layer 2 IEEE 802.1x validation.
Switch(config)# aaa authentication login line-console none Switch(config)# line console 0 Switch(config-line)# login authentication line-console Switch(config-line)# end Step 4 aaa authorization auth-proxy default Use RADIUS for authentication-proxy (auth-proxy) authorization. group radius Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-40 OL-8915-03...
Page 225
Step 7 Return to privileged EXEC mode. Step 8 show running-config interface Verify your configuration. interface-id Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-41 OL-8915-03...
Page 226
Switch(config-fallback-profile)# ip access-group default-policy in Switch(config-fallback-profile)# ip admission rule1 Switch(config-fallback-profile)# exit Switch(config)# interface gigabit0/1 Switch(config-if)# switchport mode access Switch(config-if)# dot1x port-control auto Switch(config-if)# dot1x fallback fallback1 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-42 OL-8915-03...
Step 4 Return to privileged EXEC mode. Step 5 show dot1x interface interface-id Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-43 OL-8915-03...
EXEC command. For detailed information about the fields in these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 8-44 OL-8915-03...
Monitoring and Maintaining the Interfaces, page 9-22 For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the online Cisco IOS Interface Command Reference, Release 12.2. Understanding Interface Types This section describes the different types of interfaces supported by the switch with references to chapters that contain more detailed information about configuring these interface types.
For detailed information about configuring access port and trunk port characteristics, see Chapter 11, “Configuring VLANs.” For more information about tunnel ports, see Chapter 15, “Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Catalyst 6500 series switch; the Cisco Catalyst Blade Switch 3020 for HP cannot be a VMPS server. You can also configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. For more information about voice VLAN ports, see Chapter 13, “Configuring Voice VLAN.”...
9-19 for information about what happens when hardware resource limitations are reached. For more information about IP unicast routing and routing protocols, see Chapter 34, “Configuring IP Unicast Routing.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Most protocols operate over either single ports or aggregated switch ports and do not recognize the physical ports within the port group. Exceptions are the DTP, the Cisco Discovery Protocol (CDP), and the Port Aggregation Protocol (PAgP), which operate only on physical ports.
Dual-Purpose Uplink Ports The Cisco Catalyst Blade Switch 3020 for HP supports dual-purpose uplink ports on six of the eight uplink ports. Four of the uplink ports, 17 to 20, are considered as a single interface with dual front ends (an RJ-45 connector and an SFP module connector).
To configure a physical interface (port), specify the interface type, module number, and switch port number, and enter interface configuration mode. Type—Gigabit Ethernet (gigabitethernet or gi) for 10/100/1000 Mb/s Ethernet port or small • form-factor pluggable (SFP) module Gigabit Ethernet interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Chapter 9 Configuring Interface Characteristics Using Interface Configuration Mode Module number—The module or slot number on the switch (always 0 on the Cisco Catalyst Blade • Switch 3020for HP). Port number— the interface number on the switch. The port numbers always begin at 1, starting with •...
You must add a space between the first interface number and the hyphen when using the • interface range command. For example, the command interface range gigabitethernet0/1 - 4 is a valid range; the command interface range gigabitethernet0/1-4 is not a valid range. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Show the defined interface range macro configuration. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no define interface-range macro_name global configuration command to delete a macro. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-10 OL-8915-03...
Page 239
This example shows how to delete the interface-range macro enet_list and to verify that it was deleted. Switch# configure terminal Switch(config)# no define interface-range enet_list Switch(config)# end Switch# show run | include define Switch# Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-11 OL-8915-03...
Flow control is set to receive: off. It is always off for sent packets. EtherChannel (PAgP) Disabled on all Ethernet ports. See Chapter 33, “Configuring EtherChannels and Layer 2 Trunk Failover.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-12 OL-8915-03...
Disabled on SFP module ports; enabled on all other ports. Setting the Type of a Dual-Purpose Uplink Port The Cisco Catalyst Blade Switch 3020 for HP supports dual-purpose uplink ports. For more information, see the “Dual-Purpose Uplink Ports” section on page 9-6.
Page 242
SFP module interface. In all other situations, the switch selects the active link based on which type first links up. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-14...
You cannot configure duplex mode on SFP module ports; they operate in full-duplex mode except • in these situations: You can configure Cisco 1000BASE-T SFP modules for auto, full, or half-duplex mode. – Cisco 1000BASE-SX SFP modules can operate only in full-duplex mode.
SFP module mode. For interfaces gi0/23 and gi0/24, speed and duplex do not apply when configured for media-type internal. For more information, see the “Internal Gigabit Ethernet Ports” section on page 9-3. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-16 OL-8915-03...
Note Cisco Catalyst Blade Switch 3020 for HP ports can receive, but not send, pause frames. You use the flowcontrol interface configuration command to set the interface’s ability to receive pause frames to on, off, or desired.
To disable auto-MDIX, use the no mdix auto interface configuration command. This example shows how to enable auto-MDIX on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# speed auto Switch(config-if)# duplex auto Switch(config-if)# mdix auto Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-18 OL-8915-03...
Routed ports: Routed ports are physical ports configured to be in Layer 3 mode by using the no • switchport interface configuration command. Layer 3 EtherChannel ports: EtherChannel interfaces made up of routed ports. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-19 OL-8915-03...
Page 248
Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove an IP address from an interface, use the no ip address interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-20 OL-8915-03...
If Layer 2 Gigabit Ethernet interfaces are configured to accept frames greater than the 10/100 interfaces, Note jumbo frames received on a Layer 2 Gigabit Ethernet interface and sent on a Layer 2 10/100 interface are dropped. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-21 OL-8915-03...
These sections contain interface monitoring and maintenance information: Monitoring Interface Status, page 9-23 • Clearing and Resetting Interfaces and Counters, page 9-23 • Shutting Down and Restarting the Interface, page 9-24 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-22 OL-8915-03...
(You can display the full list of show commands by using the show ? command at the privileged EXEC prompt.) These commands are fully described in the Cisco IOS Interface Command Reference, Release 12.2. Table 9-3...
Use the no shutdown interface configuration command to restart the interface. To verify that an interface is disabled, enter the show interfaces privileged EXEC command. A disabled interface is shown as administratively down in the display. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 9-24 OL-8915-03...
When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file. There are Cisco-default Smartports macros embedded in the switch software (see Table 10-1).
Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
• to the switch or interface. You can display the applied commands and macro names by using the show running-config user EXEC command. There are Cisco-default Smartports macros embedded in the switch software (see Table 10-1). You can display these macros and the commands they contain by using the show parser macro user EXEC command.
Cisco-default macro with the required values by using the parameter value keywords. The Cisco-default macros use the $ character to help identify required keywords. There is no restriction on using the $ character to define keywords when you create a macro.
You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 10-5 OL-8915-03...
Enter global configuration mode. Step 4 macro global {apply | trace} Append the Cisco-default macro with the required values by using the macro-name [parameter {value}] parameter value keywords and apply the macro to the switch. [parameter {value}] [parameter...
Page 259
You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. This example shows how to display the cisco-desktop macro, how to apply the macro, and to set the access VLAN ID to 25 on an interface:...
Displays a specific macro. show parser macro brief Displays the configured macro names. show parser macro description [interface Displays the macro description for all interfaces or for a specified interface-id] interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 10-8 OL-8915-03...
Before you create VLANs, you must decide whether to use VLAN Trunking Protocol (VTP) to maintain Note global VLAN configuration for your network. For more information on VTP, see Chapter 12, “Configuring VTP.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-1 OL-8915-03...
VTP only learns normal-range VLANs, with VLAN IDs 1 to 1005; VLAN IDs greater than 1005 are extended-range VLANs and are not stored in the VLAN database. The switch must be in VTP transparent mode when you create VLAN IDs from 1006 to 4094. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-2 OL-8915-03...
For configuration information, see the “Configuring Dynamic-Access Ports on VMPS Clients” section on page 11-30. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-3 OL-8915-03...
VLAN Membership Characteristics VTP Characteristics Voice VLAN A voice VLAN port is an access port attached to a Cisco VTP is not required; it has no affect on a IP Phone, configured to use one VLAN for voice traffic voice VLAN.
Page 265
Default Ethernet VLAN Configuration, page 11-8 • Creating or Modifying an Ethernet VLAN, page 11-9 • Deleting a VLAN, page 11-10 • Assigning Static-Access Ports to a VLAN, page 11-11 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-5 OL-8915-03...
IEEE 802.1s Multiple STP (MSTP) on your switch to map multiple VLANs to a single spanning-tree instance. For more information about MSTP, see Chapter 17, “Configuring MSTP.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-6 OL-8915-03...
VTP mode is transparent, they are also saved in the switch running configuration file. You can enter the copy running-config startup-config privileged EXEC command to save the configuration in the startup configuration file. To display the VLAN configuration, enter the show vlan privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-7 OL-8915-03...
This example shows how to use config-vlan mode to create Ethernet VLAN 20, name it test20, and add it to the VLAN database: Switch# configure terminal Switch(config)# vlan 20 Switch(config-vlan)# name test20 Switch(config-vlan)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-9 OL-8915-03...
VTP transparent mode, the VLAN is deleted only on that specific switch. You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or Token Ring VLANs 1002 to 1005. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-10 OL-8915-03...
Verify your entries in the Administrative Mode and the Access Mode VLAN fields of the display. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-11 OL-8915-03...
Ethernet VLANs. You can change only the MTU size, private VLAN, and the remote SPAN configuration state on extended-range VLANs; all other characteristics must remain at the default state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-12 OL-8915-03...
MTU size, private VLAN, and RSPAN configuration are the only parameters you can change. See the description of the vlan global configuration command in the command reference for the default Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-13...
Page 274
This example shows how to create a new extended-range VLAN with all default characteristics, enter config-vlan mode, and save the new VLAN in the switch startup configuration file: Switch(config)# vtp mode transparent Switch(config)# vlan 2000 Switch(config-vlan)# end Switch# copy running-config startup config Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-14 OL-8915-03...
Otherwise, if the switch resets, it will default to VTP server mode, and the extended-range VLAN IDs will not be saved. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-15 OL-8915-03...
Two trunking encapsulations are available on all Ethernet interfaces: Inter-Switch Link (ISL)—Cisco-proprietary trunking encapsulation. • IEEE 802.1Q— industry-standard trunking encapsulation. • Figure 11-2 shows a network of blade switches that are connected by ISL trunks. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-16 OL-8915-03...
You can also specify on DTP interfaces whether the trunk uses ISL or IEEE 802.1Q encapsulation or if the encapsulation type is autonegotiated. The DTP supports autonegotiation of both ISL and IEEE 802.1Q trunks. DTP is not supported on private-VLAN ports or tunnel ports. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-17 OL-8915-03...
The trunking mode, the trunk encapsulation type, and the hardware capabilities of the two connected interfaces decide whether a link becomes an ISL or IEEE 802.1Q trunk. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-18 OL-8915-03...
VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch.
IEEE 802.1x on a dynamic port, an error message appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to dynamic, the port mode is not changed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-20...
VLANs from the allowed list. VLAN 1 is the default VLAN on all trunk ports in all Cisco switches, and it has previously been a Note requirement that VLAN 1 always be enabled on every trunk link. You can use the VLAN 1 minimization feature to disable VLAN 1 on any individual VLAN trunk link so that no user traffic (including spanning-tree advertisements) is sent or received on VLAN 1.
VLAN configured for the port. The native VLAN is VLAN 1 by default. The native VLAN can be assigned any VLAN ID. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-23 OL-8915-03...
VLAN is forwarding traffic for that VLAN. The trunk port with the lower priority (higher values) for the same VLAN remains in a blocking state for that VLAN. One trunk port sends or receives all traffic for the VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-24 OL-8915-03...
Page 285
Step 10 switchport mode trunk Configure the port as a trunk port. Step 11 Return to privileged EXEC mode. Step 12 show interfaces gigabitethernet0/1 Verify the VLAN configuration. switchport Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-25 OL-8915-03...
VLAN number for the client. If there is no match, the VMPS either denies the request or shuts down the port (depending on the VMPS secure mode setting). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-28 OL-8915-03...
Private VLAN ports cannot be dynamic-access ports. • Dynamic-access ports cannot be members of an EtherChannel group. • Port channels cannot be configured as dynamic-access ports. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-29 OL-8915-03...
Specify the switch port that is connected to the end station, and enter interface configuration mode. Step 3 switchport mode access Set the port to access mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-30 OL-8915-03...
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no vmps reconfirm global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-31 OL-8915-03...
End stations are connected to the clients, Switch B and Switch I. • The database configuration file is stored on the TFTP server with the IP address 172.20.22.7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-33 OL-8915-03...
Page 294
Switch F 172.20.26.156 Switch G 172.20.26.157 Switch H Client switch I Dynamic-access port 172.20.26.158 station 2 Trunk port 172.20.26.159 Catalyst 6500 series Secondary VMPS Switch J Server 3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 11-34 OL-8915-03...
VTP only learns about normal-range VLANs (VLAN IDs 1 to 1005). Extended-range VLANs (VLAN IDs greater than 1005) are not supported by VTP or stored in the VTP VLAN database. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-1...
For domain name and password configuration guidelines, see the “VTP Configuration Guidelines” section on page 12-8. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-2 OL-8915-03...
VLANs 2 through 1001 are pruning eligible switch trunk ports. If the VLANs are configured as pruning-ineligible, the flooding continues. VTP pruning is supported with VTP Version 1 and Version 2. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-4...
Page 299
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-5 OL-8915-03...
If VTP mode is transparent, the domain name and the mode (transparent) are saved in the switch running configuration, and you can save this information in the switch startup configuration file by entering the copy running-config startup-config privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-7 OL-8915-03...
A VTP Version 2-capable switch can operate in the same VTP domain as a switch running VTP • Version 1 if Version 2 is disabled on the Version 2-capable switch (Version 2 is disabled by default). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-8 OL-8915-03...
Step 5 Return to privileged EXEC mode. Step 6 show vtp status Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-9 OL-8915-03...
Page 304
When you configure a domain name, it cannot be removed; you can only reassign a switch to a different domain. To return the switch to a no-password state, use the no vtp password VLAN database configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-10 OL-8915-03...
Step 5 Return to privileged EXEC mode. Step 6 show vtp status Verify your entries in the VTP Operating Mode and the VTP Domain Name fields of the display. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-11 OL-8915-03...
If extended-range VLANs are configured on the switch, you cannot change the VTP mode to server. You Note receive an error message, and the configuration is not allowed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-12 OL-8915-03...
VLAN database configuration mode and by entering the vtp v2-mode VLAN database configuration command. To disable VTP Version 2, use the no vtp v2-mode VLAN database configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-13 OL-8915-03...
If you add a switch that has a revision number higher than the revision number in the VTP domain, it can erase all VLAN information from the VTP server and VTP domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-14...
Page 309
You can use the vtp mode transparent global configuration command or the vtp transparent VLAN Note database configuration command to disable VTP on the switch, and then change its VLAN information without affecting the other switches in the VTP domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-15 OL-8915-03...
VTP Monitoring Commands Command Purpose show vtp status Display the VTP switch configuration information. show vtp counters Display counters about VTP messages that have been sent and received. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 12-16 OL-8915-03...
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. When the switch is connected to a Cisco 7960 IP Phone, the phone sends voice traffic with Layer 3 IP precedence and Layer 2 class of service (CoS) values, which are both set to 5 by default. Because the sound quality of an IP phone call can deteriorate if the data is unevenly sent, the switch supports quality of service (QoS) based on IEEE 802.1p CoS.
Cisco IP Phone Voice Traffic You can configure an access port with an attached Cisco IP Phone to use one VLAN for voice traffic and another VLAN for data traffic from a device attached to the phone. You can configure access ports on...
VLAN, the Port Fast feature is not automatically disabled. • If the Cisco IP Phone and a device attached to the phone are in the same VLAN, they must be in the same IP subnet. These conditions indicate that they are in the same VLAN:...
Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco IP Phone can carry mixed traffic. You can configure a port to decide how the Cisco IP Phone carries voice traffic and data traffic.
Page 315
Configuring Cisco IP Phone Voice Traffic You can configure a port connected to the Cisco IP Phone to send CDP packets to the phone to configure the way in which the phone sends voice traffic. The phone can carry voice traffic in IEEE 802.1Q frames for a specified voice VLAN with a Layer 2 CoS value.
Page 316
Configuring the Priority of Incoming Data Frames You can connect a PC or other data device to a Cisco IP Phone port. To process tagged data traffic (in IEEE 802.1Q or IEEE 802.1p frames), you can configure the switch to send CDP packets to instruct the phone how to send data packets from the device attached to the access port on the Cisco IP Phone.
(Optional) Save your entries in the configuration file. startup-config This example shows how to configure a port connected to a Cisco IP Phone to not change the priority of frames received from the PC or the attached device: Switch# configure terminal Enter configuration commands, one per line.
C H A P T E R Configuring Private VLANs This chapter describes how to configure private VLANs on the Cisco Blade Switch. For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release.
Page 320
These interfaces are isolated at Layer 2 from all other interfaces in other communities and from isolated ports within their private VLAN. Note Trunk ports carry traffic from regular VLANs and also from primary, isolated, and community VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-2 OL-8915-03...
VLANs, but in the same primary VLAN. When new devices are added, the DHCP server assigns them the next available address from a large pool of subnet addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-3 OL-8915-03...
• Private VLANs and SVIs, page 14-5 • You should also see the “Secondary and Primary VLAN Configuration” section on page 14-6 under the “Private-VLAN Configuration Guidelines” section. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-4 OL-8915-03...
You must use VLAN configuration (config-vlan) mode to configure private VLANs. You cannot configure private VLANs in VLAN database configuration mode. For more information about VLAN configuration, see “VLAN Configuration Mode Options” section on page 11-7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-6 OL-8915-03...
Page 325
VLAN is applied. For frames going downstream from a promiscuous port to a host port, the VLAN map – configured on the primary VLAN is applied. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-7 OL-8915-03...
Do not configure private-VLAN ports on interfaces configured for these other features: • dynamic-access port VLAN membership – Dynamic Trunking Protocol (DTP) – Port Aggregation Protocol (PAgP) – Link Aggregation Control Protocol (LACP) – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-8 OL-8915-03...
VLAN that will be a community VLAN. The VLAN ID range is 2 to 1001 and 1006 to 4094. Step 10 private-vlan community Designate the VLAN as a community VLAN. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-9 OL-8915-03...
Page 328
Switch(config-vlan)# private-vlan isolated Switch(config-vlan)# exit Switch(config)# vlan 502 Switch(config-vlan)# private-vlan community Switch(config-vlan)# exit Switch(config)# vlan 503 Switch(config-vlan)# private-vlan community Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# private-vlan association 501-503 Switch(config-vlan)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-10 OL-8915-03...
Switch(config-if)# switchport private-vlan mapping 20 add 501-503 Switch(config-if)# end Use the show vlan private-vlan or the show interface status privileged EXEC command to display primary and secondary VLANs and private-VLAN ports on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-12 OL-8915-03...
This is an example of the output from the show vlan private-vlan command: Switch(config)# show vlan private-vlan Primary Secondary Type Ports ------- --------- ----------------- ------------------------------------------ isolated Gi0/1, Gi0/2, Gi0/3 community Gi0/1, Gi0/2, Gi0/4 non-operational Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 14-14 OL-8915-03...
VLAN ID that is dedicated to tunneling. Each customer requires a separate service-provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-1...
Page 334
Remove the Layer 2 protocol configuration from a trunk port because incoming encapsulated packets Note change that trunk port to error disabled. The outgoing encapsulated VTP (CDP and STP) packets are dropped on that trunk. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-2 OL-8915-03...
Page 335
The priority field on the metro tag is set to the interface class of service (CoS) priority configured on the tunnel port. (The default is zero if none is configured.) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-3...
The packet carries only the VLAN 30 tag through the service-provider network to the trunk port of the egress-edge switch (Switch C) and is misdirected through the egress switch tunnel port to Customer Y. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-4 OL-8915-03...
MTU size to at least 1504 bytes. The maximum allowable system MTU for Gigabit Ethernet interfaces is 9000 bytes; the maximum system MTU for Fast Ethernet interfaces is 1546 bytes. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-5 OL-8915-03...
When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit • (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) and the Layer Link Discovery Protocol (LLDP) are automatically disabled on the interface.
VLAN should build a proper spanning tree that includes the local site and all remote sites across the service-provider network. Cisco Discovery Protocol (CDP) must discover neighboring Cisco devices from local and remote sites. VLAN Trunking Protocol (VTP) must provide consistent VLAN configuration throughout all sites in the customer network.
Page 340
Users on each of a customer’s sites can properly run STP, and every VLAN can build a correct • spanning tree based on parameters from all sites and not just from the local site. CDP discovers and shows information about the other Cisco devices connected through the • service-provider network.
Page 341
When you enable protocol tunneling (PAgP or LACP) on the SP switch, remote customer switches receive the PDUs and can negotiate the automatic creation of EtherChannels. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-9 OL-8915-03...
When the Layer 2 PDUs that entered the service-provider inbound edge switch through a Layer 2 protocol-enabled port exit through the trunk port into the service-provider network, the switch overwrites the customer PDU-destination MAC address with a well-known Cisco proprietary multicast address (01-00-0c-cd-cd-d0). If IEEE 802.1Q tunneling is enabled, packets are also double-tagged; the outer tag is the customer metro tag, and the inner tag is the customer’s VLAN tag.
If a CoS value is configured on the interface for data packets, that value is the default used for Layer 2 PDUs. If none is configured, the default is 5. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-11 OL-8915-03...
PDUs higher priority within the service-provider network than data packets received from the same tunnel port. By default, the PDUs use the same CoS value as data packets. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-12 OL-8915-03...
Display the Layer 2 tunnel ports on the switch, including the protocols configured, the thresholds, and the counters. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-13 OL-8915-03...
This should be the edge port in the SP network that connects to the customer switch. Valid interfaces are physical interfaces. Step 3 switchport mode dot1q-tunnel Configure the interface as an IEEE 802.1Q tunnel port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-14 OL-8915-03...
Page 347
[point-to-point [pagp | lacp | udld]] and the no l2protocol-tunnel drop-threshold [[point-to-point [pagp | lacp | udld]] commands to return the shutdown and drop thresholds to the default settings. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-15 OL-8915-03...
Display the status of native VLAN tagging on the switch. For detailed information about these displays, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 15-18 OL-8915-03...
This chapter describes how to configure the Spanning Tree Protocol (STP) on port-based VLANs on the switch. The switch can use either the per-VLAN spanning-tree plus (PVST+) protocol based on the IEEE 802.1D standard and Cisco proprietary extensions, or the rapid per-VLAN spanning-tree plus (rapid-PVST+) protocol based on the IEEE 802.1w standard.
The path cost value represents the media speed. The switch sends keepalive messages (to ensure the connection is up) only on interfaces that do not have Note small form-factor pluggable (SFP) modules. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-2 OL-8915-03...
LAN is called the designated port. All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-3 OL-8915-03...
• Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on • the port, or no spanning-tree instance running on the port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-4 OL-8915-03...
BPDU is sent to each switch interface. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange establishes which switch in the network is the root or root switch. If Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-5...
An interface in the forwarding state performs these functions: • Receives and forwards frames received on the interface Forwards frames switched from another interface • Learns addresses • Receives BPDUs • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-6 OL-8915-03...
Ethernet link. By changing the spanning-tree port priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port becomes the new root port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-7...
The accelerated aging is the same as the forward-delay parameter value (spanning-tree vlan vlan-id forward-time seconds global configuration command) when the spanning tree reconfigures. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-8 OL-8915-03...
Spanning-Tree Modes and Protocols The switch supports these spanning-tree modes and protocols: PVST+—This spanning-tree mode is based on the IEEE 802.1D standard and Cisco proprietary • extensions. It is the default spanning-tree mode used on all Ethernet port-based VLANs. The PVST+ runs on each VLAN on the switch up to the maximum supported, ensuring that each has a loop-free path through the network.
VLAN allowed on the trunks. When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch uses PVST+ to provide spanning-tree interoperability. If rapid PVST+ is enabled, the switch uses it instead of PVST+.
Configuration Guidelines” section on page 18-10. Loop guard works only on point-to-point links. We recommend that each end of the link has a directly Caution connected device that is running STP. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-12 OL-8915-03...
To return to the default setting, use the no spanning-tree mode global configuration command. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-13...
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-14 OL-8915-03...
Page 365
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id root global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-15 OL-8915-03...
(higher numerical values) that you want selected last. If all interfaces have the same priority value, spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-16 OL-8915-03...
Page 367
For information on how to configure load sharing on trunk ports by using spanning-tree port priorities, see the “Configuring Trunk Ports for Load Sharing” section on page 11-24. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-17 OL-8915-03...
The show spanning-tree interface interface-id privileged EXEC command displays information only Note for ports that are in a link-up operative state. Otherwise, you can use the show running-config privileged EXEC command to confirm the configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-18 OL-8915-03...
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id priority global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-19 OL-8915-03...
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id hello-time global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-20 OL-8915-03...
Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. To return to the default setting, use the no spanning-tree vlan vlan-id max-age global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-21 OL-8915-03...
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 16-22 OL-8915-03...
C H A P T E R Configuring MSTP This chapter describes how to configure the Cisco implementation of the IEEE 802.1s Multiple STP (MSTP) on the switch. The multiple spanning-tree (MST) implementation in Cisco IOS Release 12.2(37)SE is based on the Note IEEE 802.1s standard.
65 spanning-tree instances. Instances can be identified by any number in the range from 0 to 4094. You can assign a VLAN to only one spanning-tree instance at a time. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-2 OL-8915-03...
IST information, they leave their old subregions and join the new subregion that contains the true CIST regional root. Thus all subregions shrink, except for the one that contains the true CIST regional root. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-3 OL-8915-03...
Only the CST instance sends and receives BPDUs, and MST instances add their spanning-tree information into the BPDUs to interact with neighboring switches and compute the final spanning-tree topology. Because of this, the spanning-tree parameters related to BPDU transmission (for example, Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-4 OL-8915-03...
IEEE 802.1D switches. MSTP switches use MSTP BPDUs to communicate with MSTP switches. IEEE 802.1s Terminology Some MST naming conventions used in Cisco’s prestandard implementation have been changed to identify some internal or regional parameters. These parameters are significant only within an MST region, as opposed to external parameters that are relevant to the whole network.
The primary change from the Cisco prestandard implementation is that a designated port is not defined as boundary, unless it is running in an STP-compatible mode.
The boundary role is no longer in the final MST standard, but this boundary concept is maintained in Cisco’s implementation. However, an MST instance port at a boundary of the region might not follow the state of the corresponding CIST port. Two cases exist now: The boundary port is the root port of the CIST regional root—When the CIST instance port is...
Detecting Unidirectional Link Failure This feature is not yet present in the IEEE MST standard, but it is included in this Cisco IOS release. The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops.
Forwarding Disabled Disabled Discarding To be consistent with Cisco STP implementations, this guide defines the port state as blocking instead of discarding. Designated ports start in the listening state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-9...
You can override the default setting that is controlled by the duplex setting by using the spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-10 OL-8915-03...
RSTP forces it to synchronize with new root information. In general, when the RSTP forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-11 OL-8915-03...
IEEE 802.1D switch and a configuration BPDU with the TCA bit set is received, the TC-while timer is reset. This behavior is only required to support IEEE 802.1D switches. The RSTP BPDUs never have the TCA bit set. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-13 OL-8915-03...
MST cloud than a path through the PVST+ or rapid-PVST+ cloud. You might have to manually configure the switches in the clouds. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-15...
You cannot run both MSTP and PVST+ or both MSTP and rapid PVST+ at the same time. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-16 OL-8915-03...
ID support will become the root switch. The extended system ID increases the switch priority value every time the VLAN number is greater than the priority of the connected switches running older software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-17 OL-8915-03...
This is assuming that the other network switches use the default switch priority of 32768 and therefore are unlikely to become the root switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-18...
(higher numerical values) that you want selected last. If all interfaces have the same priority value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-19 OL-8915-03...
If all interfaces have the same cost value, the MSTP puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-20 OL-8915-03...
Exercise care when using this command. For most situations, we recommend that you use the Note spanning-tree mst instance-id root primary and the spanning-tree mst instance-id root secondary global configuration commands to modify the switch priority. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-21 OL-8915-03...
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst hello-time global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-22 OL-8915-03...
(Optional) Save your entries in the configuration file. To return the switch to its default setting, use the no spanning-tree mst max-age global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-23 OL-8915-03...
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To return the port to its default setting, use the no spanning-tree link-type interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-24 OL-8915-03...
EXEC command. To restart the protocol migration process on a specific interface, use the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-25 OL-8915-03...
Displays MST information for the specified interface. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 17-26 OL-8915-03...
To prevent the port from shutting down, you can use the errdisable detect cause bpduguard shutdown vlan global configuration command to shut down just the offending VLAN on the port where the violation occurred. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-2 OL-8915-03...
Figure 18-2 shows a complex network where distribution switches and access switches each have at least one redundant link that spanning tree blocks to prevent loops. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-3 OL-8915-03...
Page 402
Switch B over link L1 and to Switch C over link L2. The Layer 2 interface on Switch C that is connected directly to Switch B is in a blocking state. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-4...
Under spanning-tree rules, the switch ignores inferior BPDUs for the configured maximum aging time specified by the spanning-tree vlan vlan-id max-age global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-5 OL-8915-03...
Page 404
Delay time if the default Forward Delay time of 15 seconds is set. Figure 18-6 shows how BackboneFast reconfigures the topology to account for the failure of link L1. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-6 OL-8915-03...
If the switch detects a misconfiguration on the other device, EtherChannel guard places the switch interfaces in the error-disabled state, and displays an error message. You can enable this feature by using the spanning-tree etherchannel guard misconfig global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-7 OL-8915-03...
Enable the root-guard feature on these interfaces to prevent switches in the customer network from becoming the root switch or being in the path to the root. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-8 OL-8915-03...
Globally disabled (unless they are individually configured per interface). UplinkFast Globally disabled. BackboneFast Globally disabled. EtherChannel guard Globally enabled. Root guard Disabled on all interfaces. Loop guard Disabled on all interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-9 OL-8915-03...
Return to privileged EXEC mode. Step 5 show spanning-tree interface interface-id Verify your entries. portfast Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-10 OL-8915-03...
Enable the Port Fast feature. Step 5 Return to privileged EXEC mode. Step 6 show running-config Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-11 OL-8915-03...
To disable BPDU filtering, use the no spanning-tree portfast bpdufilter default global configuration command. You can override the setting of the no spanning-tree portfast bpdufilter default global configuration command by using the spanning-tree bpdufilter enable interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-12 OL-8915-03...
If you use BackboneFast, you must enable it on all switches in the network. BackboneFast is not Note supported on Token Ring VLANs. This feature is supported for use with third-party switches. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-13 OL-8915-03...
EXEC command to verify the EtherChannel configuration. After the configuration is corrected, enter the shutdown and no shutdown interface configuration commands on the port-channel interfaces that were misconfigured. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-14 OL-8915-03...
Beginning in privileged EXEC mode, follow these steps to enable loop guard. This procedure is optional. Command Purpose Step 1 show spanning-tree active Verify which interfaces are alternate or root ports. show spanning-tree mst Step 2 configure terminal Enter global configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-15 OL-8915-03...
You can clear spanning-tree counters by using the clear spanning-tree [interface interface-id] privileged EXEC command. For information about other keywords for the show spanning-tree privileged EXEC command, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 18-16 OL-8915-03...
STP on the switch. If the switch is running STP, Flex Links is not necessary because STP already provides link-level redundancy or backup. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-1 OL-8915-03...
This way, apart from providing the redundancy, this Flex Link pair can be used for load balancing. Also, Flex Link VLAN load-balancing does not impose any restrictions on uplink switches. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-2 OL-8915-03...
100 milliseconds (ms). The PC is directly connected to switch A, and the connection status does not change. Switch A does not need to update the PC entry in the MAC address table. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-3...
The Flex Links are not configured, and there are no backup interfaces defined. The preemption mode is off. The preemption delay is 35 seconds. The MAC address-table move update feature is not configured on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-5 OL-8915-03...
Configure a physical Layer 2 interface (or port channel) as part of a Flex Links pair with the interface. When one link is forwarding traffic, the other interface is in standby mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-6 OL-8915-03...
Specify the interface, and enter interface configuration mode. The interface can be a physical Layer 2 interface or a port channel (logical interface). The port-channel range is 1 to 48. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-7 OL-8915-03...
Switch Backup Interface Pairs: Active Interface Backup Interface State ------------------------------------------------------------------------ GigabitEthernet0/6 GigabitEthernet0/8 Active Up/Backup Standby Vlans Preferred on Active Interface: 1-50 Vlans Preferred on Backup Interface: 60, 100-120 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-8 OL-8915-03...
Return to privileged EXEC mode. Step 7 show mac address-table move update Verify the configuration. Step 8 copy running-config startup config (Optional) Save your entries in the switch startup configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-9 OL-8915-03...
Page 424
To disable the MAC address-table move update feature, use the no mac address-table move update receive configuration command. To display the MAC address-table move update information, use the show mac address-table move update privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-10 OL-8915-03...
Flex Links and the state of each active and backup interface (up or standby mode). show mac address-table move update Displays the MAC address-table move update information on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-11 OL-8915-03...
Page 426
Chapter 19 Configuring Flex Links and the MAC Address-Table Move Update Feature Monitoring Flex Links and the MAC Address-Table Move Update Information Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 19-12 OL-8915-03...
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release, and see the “DHCP Commands” section in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 from the Cisco.com page under Documentation >...
For information about the DHCP client, see the “Configuring DHCP” section of the “IP Addressing and Services” section of the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides.
DHCP server do not reside on the same IP network or subnet, a DHCP relay agent (the Catalyst switch) is configured with a helper address to enable broadcast forwarding and to transfer DHCP messages between the clients and the server. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-3 OL-8915-03...
Page 430
– Length of the circuit-ID type Remote-ID suboption fields • Suboption type – Length of the suboption type – Remote-ID type – Length of the remote-ID type – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-4 OL-8915-03...
Page 431
Understanding DHCP Features In the port field of the circuit ID suboption, the port numbers start at 1. For example, on a Cisco Catalyst Blade Switch 3020 for HP, which as 24 ports, port 1 is the Gigabit Ethernet 0/1 port, port 2 is the Gigabit Ethernet 0/2 port, port 3 is the Gigabit Ethernet 0/3 port, and so on.
An address binding is a mapping between an IP address and a MAC address of a host in the Cisco IOS DHCP server database. You can manually assign the client IP address, or the DHCP server can allocate an IP address from a DHCP address pool.
These are the configuration guidelines for DHCP snooping. • You must globally enable DHCP snooping on the switch. DHCP snooping is not active until DHCP snooping is enabled on a VLAN. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-8 OL-8915-03...
Page 435
• DHCP server and the DHCP relay agent are configured and enabled. When you globally enable DHCP snooping on the switch, these Cisco IOS commands are not • available until snooping is disabled. If you enter these commands, the switch returns an error message, and the configuration is not applied.
Configuring DHCP Features Configuring the DHCP Server The switch can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your switch but are not configured. These features are not operational.
Enable the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages to the DHCP server. This is the default setting. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-11 OL-8915-03...
Page 438
MAC address matches the client hardware address in the packet. Step 13 Return to privileged EXEC mode. Step 14 show running-config Verify your entries. Step 15 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-12 OL-8915-03...
VLANs, on which DHCP snooping is enabled. Enabling the Cisco IOS DHCP Server Database For procedures to enable and configure the Cisco IOS DHCP server database, see the “DHCP Configuration Task List” section in the “Configuring DHCP” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
To delete binding entries from the DHCP snooping binding database, use the no ip dhcp snooping binding mac-address vlan vlan-id ip-address interface interface-id privileged EXEC command. Enter this command for each entry that you want to delete. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-14 OL-8915-03...
IP source guard with source IP address filtering or with source IP and MAC address filtering. These sections contain this information: • Source IP Address Filtering, page 20-16 Source IP and MAC Address Filtering, page 20-16 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-15 OL-8915-03...
Static IP source binding can only be configured on switch port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-16 OL-8915-03...
Add a static IP source binding. vlan-id ip-address inteface interface-id Enter this command for each static binding. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-17 OL-8915-03...
Commands for Displaying IP Source Guard Information Command Purpose show ip source binding Display the IP source bindings on a switch. show ip verify source Display the IP source guard configuration on the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 20-18 OL-8915-03...
Figure 21-1 shows an example of ARP cache poisoning. Figure 21-1 ARP Cache Poisoning Host A Host B (IA, MA) (IB, MB) Host C (man-in-the-middle) (IC, MC) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-1 OL-8915-03...
Page 446
Ethernet header. Use the ip arp inspection validate {[src-mac] [dst-mac] [ip]} global configuration command. For more information, see the “Performing Validation Checks” section on page 21-12. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-2 OL-8915-03...
However, to validate the bindings of packets from nondynamic ARP inspection switches, configure the switch running dynamic ARP inspection with ARP ACLs. When you cannot determine such bindings, at Layer 3, isolate switches Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-3 OL-8915-03...
You specify the type of packets that are logged by using the ip arp inspection vlan logging global configuration command. For configuration information, see the “Configuring the Log Buffer” section on page 21-13. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-4 OL-8915-03...
The number of entries in the log is 32. The number of system messages is limited to 5 per second. The logging-rate interval is 1 second. Per-VLAN logging All denied or dropped ARP packets are logged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-5 OL-8915-03...
When you enable dynamic ARP inspection on the switch, policers that were configured to police ARP traffic are no longer effective. The result is that all ARP traffic is sent to the CPU. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-6...
For more information, see the “Configuring the Log Buffer” section on page 21-13. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-7 OL-8915-03...
By default, no ARP access lists are defined. At the end of the ARP access list, there is an Note implicit deny ip any mac any command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-8 OL-8915-03...
Page 453
Step 6 interface interface-id Specify the Switch A interface that is connected to Switch B, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-9 OL-8915-03...
If you enter the no ip arp inspection limit interface configuration command, the interface reverts to its default rate limit. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-10...
Page 455
To return to the default rate-limit configuration, use the no ip arp inspection limit interface configuration command. To disable error recovery for dynamic ARP inspection, use the no errdisable recovery cause arp-inspection global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-11 OL-8915-03...
To disable checking, use the no ip arp inspection validate [src-mac] [dst-mac] [ip] global configuration command. To display statistics for forwarded, dropped, and MAC and IP validation failure packets, use the show ip arp inspection statistics privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-12 OL-8915-03...
The logs and interval settings interact. If the logs number X is greater than interval seconds Y, X divided by Y (X/Y) system messages are sent every second. Otherwise, one system message is sent every Y divided by X (Y/X) seconds. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-13 OL-8915-03...
Displays the configuration and the operating state of dynamic ARP inspection for the specified VLAN. If no VLANs are specified or if a range is specified, displays information only for VLANs with dynamic ARP inspection enabled (active). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-14 OL-8915-03...
Page 459
Displays the configuration and contents of the dynamic ARP inspection log buffer. For more information about these commands, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-15 OL-8915-03...
Page 460
Chapter 21 Configuring Dynamic ARP Inspection Displaying Dynamic ARP Inspection Information Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 21-16 OL-8915-03...
Page 461
For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the “IP Multicast Routing Commands” section in the Cisco IOS IP Command Reference, Volume 3 of 3:Multicast, Release 12.2 from the Cisco.com page under Documentation >...
The CPU also adds the interface where the join message was received to the forwarding-table entry. The blade server associated with that interface receives multicast traffic for that multicast group. See Figure 22-1. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-3 OL-8915-03...
Page 464
CPU, the message is not flooded to other ports on the switch. Any known multicast traffic is forwarded to the group and not to the CPU. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-4...
If the router receives no reports from a VLAN, it removes the group for the VLAN from its IGMP cache. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-5...
If you disable IGMP report suppression, all IGMP reports are forwarded to the multicast routers. For configuration steps, see the “Disabling IGMP Report Suppression” section on page 22-16. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-6 OL-8915-03...
Snooping on IGMP queries, Protocol Independent Multicast (PIM) packets, and Distance Vector • Multicast Routing Protocol (DVMRP) packets Listening to Cisco Group Management Protocol (CGMP) packets from other routers • Statically connecting to a multicast router port with the ip igmp snooping mrouter global •...
To add a multicast router port (add a static connection to a multicast router), use the ip igmp snooping vlan mrouter global configuration command on the switch. Static connections to multicast routers are supported only on switch ports. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-9 OL-8915-03...
Step 4 show ip igmp snooping groups Verify the member port and the IP address. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-10 OL-8915-03...
The actual leave latency in the network is usually the configured leave time. However, the leave time • might vary around the configured time, depending on real-time CPU load conditions, network delays and the amount of traffic sent through the interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-11 OL-8915-03...
1 general query. If you set the count to 7, the flooding until 7 general queries are received. Groups are relearned based on the general queries received during the TCN event. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-12 OL-8915-03...
(Optional) Save your entries in the configuration file. To return to the default query solicitation, use the no ip igmp snooping tcn query solicit global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-13 OL-8915-03...
When it is administratively enabled, the IGMP snooping querier moves to the operationally disabled • state under these conditions: IGMP snooping is disabled in the VLAN. – PIM is enabled on the SVI of the corresponding VLAN. – Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-14 OL-8915-03...
Page 475
Switch(config)# end This example shows how to set the IGMP snooping querier feature to version 2: Switch# configure terminal Switch(config)# no ip igmp snooping querier version 2 Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-15 OL-8915-03...
• command options instead of the actual entries. dynamic—Display entries learned through IGMP snooping. • user—Display only the user-configured multicast entries. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-16 OL-8915-03...
IGMP snooping, the two features operate independently of each other. One can be enabled or disabled without affecting the behavior of the other feature. However, if IGMP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-17...
VLAN as a forwarding destination of the specified multicast stream when it is received from the multicast VLAN. Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-18 OL-8915-03...
Page 479
Multicast traffic for all channels is only sent around the VLAN trunk once—only on the multicast VLAN. The IGMP leave and join messages are in the VLAN to which the subscriber port is assigned. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-19...
(that is, the maximum number of television channels that can be received) is 256. MVR multicast data received in the source VLAN and leaving from receiver ports has its • time-to-live (TTL) decremented by 1 in the switch. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-20 OL-8915-03...
Catalyst 3500 XL and Catalyst 2900 XL • switches and does not support IGMP dynamic joins on source ports. The default is compatible mode. Step 7 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-21 OL-8915-03...
IGMP leave and join messages. Receiver ports cannot belong to the multicast VLAN. The default configuration is as a non-MVR port. If you attempt to configure a non-MVR port with MVR characteristics, the operation fails. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-22 OL-8915-03...
Page 483
Switch(config-if)# mvr vlan 22 group 228.1.23.4 Switch(config-if)# mvr immediate Switch(config)# end Switch# show mvr interface Port Type Status Immediate Leave ---- ---- ------- --------------- Gi0/2 RECEIVER ACTIVE/DOWN ENABLED Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-23 OL-8915-03...
It does not control general IGMP queries. IGMP filtering has no relationship with the function that directs the forwarding of IP multicast traffic. The filtering feature operates in the same manner whether CGMP or MVR is used to forward the multicast traffic. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-24 OL-8915-03...
Specifies that matching addresses are denied; this is the default. • exit: Exits from igmp-profile configuration mode. • • no: Negates a command or returns to its defaults. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-25 OL-8915-03...
Page 486
Switch(config)# ip igmp profile 4 Switch(config-igmp-profile)# permit Switch(config-igmp-profile)# range 229.9.9.0 Switch(config-igmp-profile)# end Switch# show ip igmp profile 4 IGMP Profile 4 permit range 229.9.9.0 229.9.9.0 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-26 OL-8915-03...
Specify the interface to be configured, and enter interface configuration mode. The interface can be a Layer 2 port that does not belong to an EtherChannel group or a EtherChannel interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-27 OL-8915-03...
IGMP report. To prevent the switch from removing the forwarding-table entries, you can configure the IGMP throttling action before an interface adds entries to the forwarding table. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-28 OL-8915-03...
Displays the configuration of the specified interface or the configuration of all interfaces interface-id] on the switch, including (if configured) the maximum number of IGMP groups to which an interface can belong and the IGMP profile applied to the interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-29 OL-8915-03...
Page 490
Chapter 22 Configuring IGMP Snooping and MVR Displaying IGMP Filtering and Throttling Configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 22-30 OL-8915-03...
The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-1 OL-8915-03...
Page 492
Traffic rate in packets per second and for small frames. This feature is enabled globally. The • threshold for small frames is configured for each interface. (Cisco IOS Release 12.2(44)SE or later) With each method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding.
Beginning in privileged EXEC mode, follow these steps to storm control and threshold levels: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-3 OL-8915-03...
Page 494
Select the shutdown keyword to error-disable the port during • a storm. Select the trap keyword to generate an SNMP trap when a • storm is detected. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-4 OL-8915-03...
Incoming VLAN-tagged packets smaller than 67 bytes are considered small frames. They are forwarded by the switch, but they do not cause the switch storm-control counters to increment. In Cisco IOS Release 12.2(44)SE and later, you can configure a port to be error disabled if small frames arrive at a specified rate (threshold).
To disable protected port, use the no switchport protected interface configuration command. This example shows how to configure a port as a protected port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport protected Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-7 OL-8915-03...
This example shows how to block unicast and multicast flooding on a port: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# switchport block multicast Switch(config-if)# switchport block unicast Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-8 OL-8915-03...
If these addresses are saved in the configuration file, when the switch restarts, the interface does not need to dynamically reconfigure them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-9 OL-8915-03...
Port security can only be configured on static access ports or trunk ports. A secure port cannot be a • dynamic access port. A secure port cannot be a destination port for Switched Port Analyzer (SPAN). • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-11 OL-8915-03...
Page 502
IP phone requires one MAC address. The Cisco IP phone address is learned on the voice VLAN, but is not learned on the access VLAN. If you connect a single PC to the Cisco IP phone, no additional MAC addresses are required. If you connect more than one PC to the Cisco IP phone, you must configure enough secure addresses to allow one for each PC and one for the phone.
Note a port and if that port is not the access VLAN. If an interface is configured for voice VLAN, configure a maximum of two secure MAC addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-13 OL-8915-03...
Page 504
You can manually re-enable it by entering the shutdown and no shutdown interface configuration commands or by using the clear errdisable interface vlan privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-14 OL-8915-03...
Page 505
VLAN. Step 11 Return to privileged EXEC mode. Step 12 show port-security Verify your entries. Step 13 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-15 OL-8915-03...
Page 506
This example shows how to configure a static secure MAC address on VLAN 3 on a port: Switch(config)# interface gigabitethernet0/11 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address 0000.02000.0004 vlan 3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-16 OL-8915-03...
Beginning in privileged EXEC mode, follow these steps to configure port security aging: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface to be configured, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-17 OL-8915-03...
Page 508
Switch(config-if)# switchport port-security aging time 2 Switch(config-if)# switchport port-security aging type inactivity Switch(config-if)# switchport port-security aging static You can verify the previous commands by entering the show port-security interface interface-id privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-18 OL-8915-03...
VLANs, and similarly, secure addresses learned on promiscuous ports automatically get replicated on all associated secondary VLANs. Static addresses (using mac-address-table static command) cannot be user configured on a secure port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-19 OL-8915-03...
Displays the number of secure MAC addresses configured per VLAN on the specified interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 23-20 OL-8915-03...
• Understanding CDP CDP is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches) and allows network management applications to discover Cisco devices that are neighbors of already known devices. With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices running lower-layer, transparent protocols.
The range is 10 to 255 seconds; the default is 180 seconds. Step 4 cdp advertise-v2 (Optional) Configure CDP to send Version-2 advertisements. This is the default state. Step 5 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-2 OL-8915-03...
Enable CDP after disabling it. Step 3 Return to privileged EXEC mode. This example shows how to enable CDP if it has been disabled. Switch# configure terminal Switch(config)# cdp run Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-3 OL-8915-03...
(Optional) Save your entries in the configuration file. This example shows how to enable CDP on a port when it has been disabled. Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# cdp enable Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-4 OL-8915-03...
You can limit the display to neighbors of a specific interface or expand the display to provide more detailed information. show cdp traffic Display CDP counters, including the number of packets sent and received and checksum errors. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-5 OL-8915-03...
Page 516
Chapter 24 Configuring CDP Monitoring and Maintaining CDP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 24-6 OL-8915-03...
• Understanding LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over Layer 2 (the data link layer) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows network management applications to automatically discover and learn about other Cisco devices connected to the network.
Allows an endpoint to transmit detailed inventory information about itself to the switch, including information hardware revision, firmware version, software version, serial number, manufacturer name, model name, and asset ID TLV. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-2 OL-8915-03...
Switch(config)# lldp holdtime 120 Switch(config)# lldp reinit 2 Switch(config)# lldp timer 30 Switch(config)# end For additional LLDP show commands, see the “Monitoring and Maintaining LLDP and LLDP-MED” section on page 25-7. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-4 OL-8915-03...
No LLDP packets are received on the interface. Step 5 Return to privileged EXEC mode. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-5 OL-8915-03...
Specify the TLV to disable. Step 4 Return to privileged EXEC mode. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-6 OL-8915-03...
Display LLDP counters, including the number of packets sent and received, number of packets discarded, and number of unrecognized TLVs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-7 OL-8915-03...
Page 524
Chapter 25 Configuring LLDP and LLDP-MED Monitoring and Maintaining LLDP and LLDP-MED Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 25-8 OL-8915-03...
A unidirectional link occurs whenever traffic sent by a local device is received by its neighbor but traffic from the neighbor is not received by the local device. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-1 OL-8915-03...
UDLD sends at least one message to inform the neighbors to flush the part of their caches affected by the status change. The message is intended to keep the caches synchronized. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-2...
Loop guard works only on point-to-point links. We recommend that each end of the link has a directly Caution connected device that is running STP. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-4 OL-8915-03...
UDLD on a port: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be enabled for UDLD, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-5 OL-8915-03...
To display the UDLD status for the specified port or for all ports, use the show udld [interface-id] privileged EXEC command. For detailed information about the fields in the command output, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 26-6 OL-8915-03...
You can use the SPAN or RSPAN destination port to inject traffic from a network security device. For example, if you connect a Cisco Intrusion Detection System (IDS) sensor appliance to a destination port, the IDS device can send TCP reset packets to close down the TCP session of a suspected attacker.
VLAN to a destination session monitoring the RSPAN VLAN. Each RSPAN source switch must have either ports or VLANs as RSPAN sources. The destination is always a physical port, as shown on Switch C in the figure. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-2 OL-8915-03...
RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. The destination session collects all RSPAN VLAN traffic and sends it out the RSPAN destination port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-3 OL-8915-03...
SPAN; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), ingress QoS policing, VLAN ACLs, and egress QoS policing. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-4 OL-8915-03...
The default configuration for local SPAN session ports is to send all packets untagged. SPAN also does not normally monitor bridge protocol data unit (BPDU) packets and Layer 2 protocols, such as Cisco Discovery Protocol (CDP), VLAN Trunk Protocol (VTP), Dynamic Trunking Protocol (DTP), Spanning Tree Protocol (STP), and Port Aggregation Protocol (PAgP).
SPAN traffic coming from other port types is not affected by VLAN filtering; that is, all VLANs are • allowed on other ports. VLAN filtering affects only traffic forwarded to the destination SPAN port and does not affect the • switching of normal traffic. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-6 OL-8915-03...
For RSPAN, the original VLAN ID is lost because it is overwritten by the RSPAN VLAN • identification. Therefore, all packets appear on the destination port as untagged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-7 OL-8915-03...
If a physical port is added to a monitored EtherChannel group, the new port is added to the SPAN source port list. If a port is removed from a monitored EtherChannel group, it is automatically removed from the source port list. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-8 OL-8915-03...
SPAN state (SPAN and RSPAN) Disabled. Source port traffic to monitor Both received and sent traffic (both). Encapsulation type (destination port) Native form (untagged packets). Ingress forwarding (destination port) Disabled Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-9 OL-8915-03...
VLAN 1. This problem does not appear with local SPAN when the encapsulation replicate option is used. This limitation does not apply to bridged packets. The workaround is to use the encapsulate replicate keywords in the monitor session global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-10 OL-8915-03...
This is the default. rx—Monitor received traffic. • tx—Monitor sent traffic. • You can use the monitor session session_number source Note command multiple times to configure multiple source ports. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-11 OL-8915-03...
Page 542
Switch(config)# no monitor session 1 source interface gigabitethernet0/1 rx The monitoring of traffic received on port 1 is disabled, but traffic sent from this port continues to be monitored. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-12 OL-8915-03...
VLANs and the destination ports, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating a Local SPAN Session”...
(Optional) Use a comma (,) to specify a series of VLANs, or use a hyphen (-) to specify a range of VLANs. Enter a space before and after the comma; enter a space before and after the hyphen. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-14 OL-8915-03...
As RSPAN VLANs have special properties, you should reserve a few VLANs across your network for use as RSPAN VLANs; do not assign access ports to these VLANs. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-15 OL-8915-03...
Use VTP pruning to get an efficient flow of RSPAN traffic, or manually delete the RSPAN VLAN from all trunks that do not need to carry the RSPAN traffic. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-16...
For session_number, the range is 1 to 66. Specify all to remove all RSPAN sessions, local to remove all local sessions, or remote to remove all remote SPAN sessions. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-17 OL-8915-03...
To remove a destination port from the SPAN session, use the no monitor session session_number destination interface interface-id global configuration command. To remove the RSPAN VLAN from the session, use the no monitor session session_number source remote vlan vlan-id. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-19 OL-8915-03...
RSPAN VLAN and the destination port, and to enable incoming traffic on the destination port for a network security device (such as a Cisco IDS Sensor Appliance). For details about the keywords not related to incoming traffic, see the “Creating an RSPAN Destination...
Page 551
VLAN 6 as the default receiving VLAN. Switch(config)# monitor session 2 source remote vlan 901 Switch(config)# monitor session 2 destination interface gigabitethernet0/2 ingress vlan 6 Switch(config)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-21 OL-8915-03...
To display the current SPAN or RSPAN configuration, use the show monitor user EXEC command. You can also use the show running-config privileged EXEC command to display configured SPAN or RSPAN sessions. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-23 OL-8915-03...
Page 554
Chapter 27 Configuring SPAN and RSPAN Displaying SPAN and RSPAN Status Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 27-24 OL-8915-03...
For complete syntax and usage information for the commands used in this chapter, see the “System Note Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This chapter consists of these sections: Understanding RMON, page 28-1 •...
Configuring RMON Alarms and Events, page 28-3 (required) Collecting Group History Statistics on an Interface, page 28-5 (optional) • Collecting Group Ethernet Statistics on an Interface, page 28-5 (optional) • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-2 OL-8915-03...
(Optional) For event-number, specify the event • number to trigger when the rising or falling threshold exceeds its limit. • (Optional) For owner string, specify the owner of the alarm. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-3 OL-8915-03...
Page 558
This example also generates an SNMP trap when the event is triggered. Switch(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner jjones Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-4 OL-8915-03...
This procedure is optional. Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the interface on which to collect statistics, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 28-5 OL-8915-03...
For information about the fields in these displays, see the “System Management Commands” section in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Configuring System Message Logging This chapter describes how to configure system message logging on the switch. For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation >...
The part of the message preceding the percent sign depends on the setting of the service sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime] [msec] [show-timezone], or service timestamps log uptime global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-2 OL-8915-03...
When this command is enabled, messages appear only after you press Return. For more information, see the “Synchronizing Log Messages” section on page 29-6. To re-enable message logging after it has been disabled, use the logging on global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-4 OL-8915-03...
You must perform this step for each session to see the debugging messages. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-5 OL-8915-03...
For example, to change the setting for vty line 2, enter: line vty 2 When you enter this command, the mode changes to line configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-6 OL-8915-03...
This example shows part of a logging display with the service timestamps log datetime global configuration command enabled: *Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-7 OL-8915-03...
Step 3 logging monitor level Limit messages logged to the terminal lines. By default, the terminal receives debugging messages and numerically lower levels (see Table 29-3 on page 29-9). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-8 OL-8915-03...
Page 569
Technical Assistance Center. Interface up or down transitions and system restart messages, displayed at the notifications level. • This message is only for information; switch functionality is not affected. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-9 OL-8915-03...
100). You can clear the log at any time by entering the no logging enable command followed by the logging enable command to disable and reenable logging. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-10...
Page 571
[end-number] | statistics} [provisioning] privileged EXEC command to display the complete configuration log or the log for specified parameters. The default is that configuration logging is disabled. For information about the commands, see the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3 T at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter0918 6a00801a8086.html#wp1114989...
Log messages to a UNIX syslog server host by entering its IP address. To build a list of syslog servers that receive logging messages, enter this command more than once. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-12 OL-8915-03...
To display the logging configuration and the contents of the log buffer, use the show logging privileged EXEC command. For information about the fields in this display, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation >...
Page 574
Chapter 29 Configuring System Message Logging Displaying the Logging Configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 29-14 OL-8915-03...
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release and the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References. This chapter consists of these sections: Understanding SNMP, page 30-1 •...
A combination of the security level and the security model determine which security mechanism is used when handling an SNMP packet. Available security models are SNMPv1, SNMPv2C, and SNMPv3. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-2 OL-8915-03...
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from within a table. 2. The get-bulk command only works with SNMPv2 or later. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-3 OL-8915-03...
SNMP Network Get-request, Get-next-request, Network device Get-bulk, Set-request Get-response, traps SNMP Agent SNMP Manager For information on supported MIBs and how to access them, see Appendix A, “Supported MIBs.” Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-4 OL-8915-03...
-module interfaces) 10000–14500 Null 14501 1. SVI = switch virtual interface 2. SFP = small form-factor pluggable Note The switch might not use sequential values within a range. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-5 OL-8915-03...
An SNMP group is a table that maps SNMP users to SNMP views. An SNMP user is a member of an SNMP group. An SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP engine. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-6 OL-8915-03...
The no snmp-server global configuration command disables all running versions (Version 1, Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The first snmp-server global configuration command that you enter enables all versions of SNMP.
Recall that the access list is always terminated by an implicit deny statement for everything. Step 4 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-8 OL-8915-03...
If you select remote, specify the ip-address of the device that • contains the remote copy of SNMP and the optional User Datagram Protocol (UDP) port on the remote device. The default is 162. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-9 OL-8915-03...
Page 584
64 characters) that is the name of the view in which you specify a notify, inform, or trap. (Optional) Enter access access-list with a string (not to exceed • 64 characters) that is the name of the access list. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-10 OL-8915-03...
By default, no trap manager is defined, and no traps are sent. Switches running this Cisco IOS release can have an unlimited number of trap managers. Many commands use the word traps in the command syntax. Unless there is an option in the command Note to select either traps or informs, the keyword traps refers to either traps, informs, or both.
Page 586
Generates a trap for Open Shortest Path First (OSPF) changes. You can enable any or all of these traps: Cisco specific, errors, link-state advertisement, rate limit, retransmit, and state changes. Generates a trap for Protocol-Independent Multicast (PIM) changes. You can enable any or all of these traps: invalid PIM messages, neighbor changes, and rendezvous point (RP)-mapping changes.
Page 587
When version 3 is specified, enter the SNMPv3 username. • (Optional) For notification-type, use the keywords listed in Table 30-5 on page 30-11. If no type is specified, all notifications are sent. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-13 OL-8915-03...
Step 1 configure terminal Enter global configuration mode. Step 2 snmp-server contact text Set the system contact string. For example: snmp-server contact Dial System Operator at beeper 21555. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-14 OL-8915-03...
Step 4 Return to privileged EXEC mode. Step 5 show running-config Verify your entries. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-15 OL-8915-03...
Switch(config)# snmp-server enable traps entity Switch(config)# snmp-server host cisco.com restricted entity This example shows how to enable the switch to send all traps to the host myhost.cisco.com using the community string public: Switch(config)# snmp-server enable traps Switch(config)# snmp-server host myhost.cisco.com public...
EXEC command. You also can use the other privileged EXEC commands in Table 30-6 to display SNMP information. For information about the fields in the displays, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. Table 30-6 Commands for Displaying SNMP Information...
Page 592
Chapter 30 Configuring SNMP Displaying SNMP Status Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 30-18 OL-8915-03...
“Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2, and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2. The Cisco IOS documentation is available from the Cisco.com page under Documentation >...
ACL is applied are filtered by the port ACL. Incoming routed IP packets received on other ports are filtered by the router ACL. Other packets are not filtered. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-2 OL-8915-03...
Blade Server A to access the Human Resources network, but prevent Blade Server B from accessing the same network. Port ACLs can only be applied to Layer 2 interfaces in the inbound direction. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-3 OL-8915-03...
Standard IP access lists use source addresses for matching operations. • Extended IP access lists use source and destination addresses and optional protocol type information • for matching operations. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-4 OL-8915-03...
Permit ACEs that check the Layer 3 information in the fragment (including protocol type, such as TCP, UDP, and so on) are considered to match the fragment regardless of what the missing Layer 4 information might have been. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-5 OL-8915-03...
ACEs were checking different hosts. Configuring IPv4 ACLs Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the “Configuring IP Services”...
Resequencing ACEs in an ACL, page 31-14 • Creating Named Standard and Extended ACLs, page 31-14 • • Using Time Ranges with ACLs, page 31-16 • Including Comments in ACLs, page 31-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-7 OL-8915-03...
ACE containing a log keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-8 OL-8915-03...
With standard access lists, if you omit the mask from an associated IP host address ACL specification, 0.0.0.0 is assumed to be the mask. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-9 OL-8915-03...
Note For more details on the specific keywords for each protocol, see these command references: Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 • Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 •...
Page 603
DSCP value specified by a number • from 0 to 63, or use the question mark (?) to see a list of available values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-11 OL-8915-03...
Page 604
TCP port. To see TCP port names, use the ? or see the “Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2. Use only TCP port numbers or names when filtering TCP.
Page 605
ICMP message type and code name. To see a list of ICMP message type names and code names, use the ?, or see the “Configuring IP Services” section of the Cisco IOS IP Configuration Guide, Release 12.2. Step 2e access-list access-list-number (Optional) Define an extended IGMP access list and the access conditions.
Define a standard IPv4 access list using a name, and enter access-list configuration mode. The name can be a number from 1 to 99. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-14 OL-8915-03...
Page 607
For standard ACLs, if you omit the mask from an associated IP host address access list specification, 0.0.0.0 is assumed to be the mask. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-15 OL-8915-03...
Assign a meaningful name (for example, workhours) to the time range to be created, and enter time-range configuration mode. The name cannot contain a space or quotation mark and must begin with a letter. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-16 OL-8915-03...
Page 609
Switch(config)# access-list 188 permit tcp any any time-range workhours Switch(config)# end Switch# show access-lists Extended IP access list 188 10 deny tcp any any time-range new_year_day_2006 (inactive) 20 permit tcp any any time-range workhours (inactive) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-17 OL-8915-03...
For procedures for applying ACLs to interfaces, see the “Applying an IPv4 ACL to an Interface” section on page 31-19. For applying ACLs to VLANs, see the “Configuring VLAN Maps” section on page 31-28. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-18 OL-8915-03...
These access-group denied packets are not dropped in hardware but are bridged to the switch CPU so that it can generate the ICMP-unreachable message. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-19...
Page 612
When you apply an undefined ACL to an interface, the switch acts as if the ACL has not been applied to the interface and permits all packets. Remember this behavior if you use undefined ACLs for network security. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-20 OL-8915-03...
This section provides examples of configuring and applying IPv4 ACLs. For detailed information about compiling ACLs, see the Cisco IOS Security Configuration Guide, Release 12.2 and to the Configuring IP Services” section in the “IP Addressing and Services” chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Page 614
Switch(config)# access-list 106 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# end Switch# show access-lists Extended IP access list 106 10 permit ip any 172.20.128.64 0.0.0.31 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# ip access-group 106 in Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-22 OL-8915-03...
This example creates a standard ACL named internet_filter and an extended ACL named marketing_group. The internet_filter ACL allows all traffic from the source address 1.2.3.4. Switch(config)# ip access-list standard Internet_filter Switch(config-ext-nacl)# permit 1.2.3.4 Switch(config-ext-nacl)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-23 OL-8915-03...
Switch(config)# access-list 100 deny host 171.69.3.85 any eq www Switch(config)# access-list 100 remark Do not allow Smith to browse the web Switch(config)# access-list 100 deny host 171.69.3.13 any eq www Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-24 OL-8915-03...
This is a an example of a log for an extended ACL: 01:24:23:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 1 packet 01:25:14:%SEC-6-IPACCESSLOGDP:list ext1 permitted icmp 10.1.1.15 -> 10.1.1.61 (0/0), 7 packets Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-25 OL-8915-03...
Beginning in privileged EXEC mode, follow these steps to create a named MAC extended ACL: Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 mac access-list extended name Define an extended MAC access list using a name. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-26 OL-8915-03...
Layer 3 ACL applied to the VLAN interface or a VLAN map applied to the VLAN. Incoming packets received on the Layer 2 port are always filtered by the port ACL. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-27...
If there is no match clause for that type of packet, the default is to forward the packet. For complete syntax and usage information for the commands used in this section, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-28 OL-8915-03...
VLAN map to a VLAN that the port belongs to, the port ACL takes precedence over the VLAN map. If VLAN map configuration cannot be applied in hardware, all packets in that VLAN must be routed • by software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-29 OL-8915-03...
Use the no action access-map configuration command to enforce the default action, which is to forward. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-30 OL-8915-03...
Host X to Host Y is eventually being routed by Switch B, a Layer 3 switch with routing enabled. Traffic from Host X to Host Y can be access-controlled at the traffic entry point, Switch A. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-33...
Page 626
Switch(config)# vlan access-map map2 20 Switch(config-access-map)# match ip address match_all Switch(config-access-map)# action forward Then, apply VLAN access map map2 to VLAN 1. Switch(config)# vlan filter map2 vlan 1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-34 OL-8915-03...
To define multiple actions in an ACL (permit, deny), group each action type together to reduce the • number of entries. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-36 OL-8915-03...
(numbered or named). show ip access-lists [number | name] Display the contents of all current IP access lists or a specific IP access list (numbered or named). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-38 OL-8915-03...
Page 631
Show information about all VLAN access maps or the specified access map. show vlan filter [access-map name | vlan vlan-id] Show information about all VLAN filters or about a specified VLAN or VLAN access map. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-39 OL-8915-03...
Page 632
Chapter 31 Configuring Network Security with ACLs Displaying IPv4 ACL Configuration Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 31-40 OL-8915-03...
The switch supports some of the modular QoS CLI (MQC) commands. For more information about the MQC commands, see the “Modular Quality of Service Command-Line Interface Overview” at this site: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918 6a00800bd908.html Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-1 OL-8915-03...
IP precedence values. IP precedence values range from 0 to 7. DSCP values range from 0 to 63. Note IPv6 QoS is not supported in this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-2 OL-8915-03...
(police and mark), and provide different treatment (queue and schedule) in all situations where resource contention exists. The switch also needs to ensure that traffic sent from it meets a specific traffic profile (shape). Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-3 OL-8915-03...
Page 636
• One of the queues (queue 1) can be the expedited queue, which is serviced until empty before the other queues are serviced. Figure 32-2 Basic QoS Model Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-4 OL-8915-03...
For information on the maps described in this section, see the “Mapping Tables” section on page 32-12. For configuration information on port trust states, see the “Configuring Classification Using Port Trust States” section on page 32-36. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-5 OL-8915-03...
Page 638
Assign the DSCP or CoS as specified Assign the default Generate the DSCP by using by ACL action to generate the QoS label. DSCP (0). the CoS-to-DSCP map. Done Done Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-6 OL-8915-03...
In this mode, you specify the actions to take on a specific traffic class by using the class, trust, or set policy-map configuration and policy-map class configuration commands. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-7 OL-8915-03...
“Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps” section on page 32-52, and the “Classifying, Policing, and Marking Traffic by Using Aggregate Policers” section on page 32-58. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-8 OL-8915-03...
A nonhierarchical policy map on a physical port. • The interface level of a hierarchical policy map attached to an SVI. The physical ports are specified in this secondary policy map. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-9 OL-8915-03...
SVI. The second level, the interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the SVI and are specified in the interface-level policy map. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-10 OL-8915-03...
Page 643
Pass through Drop Verify the out-of-profile action Drop packet. configured for this policer. Mark Modify DSCP according to the policed-DSCP map. Generate a new QoS label. Done Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-11 OL-8915-03...
Scheduling on Ingress Queues” section on page 32-15. For information about the DSCP and CoS output queue threshold maps, see the “Queueing and Scheduling on Egress Queues” section on page 32-17. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-12 OL-8915-03...
Suppose the queue is already filled with 600 frames, and a new frame arrives. It contains CoS values 4 and 5 and is subjected to the 60-percent threshold. If this frame is added to the queue, the threshold will be exceeded, so the switch drops it. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-13 OL-8915-03...
“Allocating Bandwidth Between the Ingress Queues” section on page 32-68, the “Configuring SRR Shaped Weights on Egress Queues” section on page 32-75, and the “Configuring SRR Shared Weights on Egress Queues” section on page 32-76. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-14 OL-8915-03...
The expedite queue has guaranteed bandwidth. 1. The switch uses two nonconfigurable queues for traffic that is essential for proper network operation. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-15 OL-8915-03...
Page 648
For configuration information, see the “Configuring Ingress Queue Characteristics” section on page 32-66. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-16 OL-8915-03...
All traffic exiting the switch flows through one of these four queues and is subjected to a threshold based on the QoS label assigned to the packet. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-17...
Page 650
The switch can allocate the needed buffers from the common pool if the common pool is not empty. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-18...
The switch uses the resulting classification to choose the appropriate egress queue. You use auto-QoS commands to identify ports connected to Cisco IP Phones and to devices running the Cisco SoftPhone application. You also use the commands to identify ports that receive trusted traffic through an uplink.
The switch uses the Cisco Discovery Protocol (CDP) to detect the presence or absence of a Cisco IP Phone. When a Cisco IP Phone is detected, the ingress classification on the port is set to Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide...
Page 654
Configuring QoS Configuring Auto-QoS trust the QoS label received in the packet. When a Cisco IP Phone is absent, the ingress classification is set to not trust the QoS label in the packet. The switch configures ingress and egress queues on...
Page 656
DSCP value received in the packet on a routed port by using the mls qos trust dscp command. If you entered the auto qos voip cisco-phone command, the Switch(config-if)# mls qos trust device cisco-phone switch automatically enables the trusted boundary feature, which uses the CDP to detect the presence or absence of a Cisco IP Phone.
Before configuring auto-QoS, you should be aware of this information: • Auto-QoS configures the switch for VoIP with Cisco IP Phones on nonrouted and routed ports. Auto-QoS also configures the switch for VoIP with devices running the Cisco SoftPhone application.
By default, the CDP is enabled on all ports. For auto-QoS to function properly, do not disable the • CDP. When enabling auto-QoS with a Cisco IP Phone on a routed port, you must assign a static IP address • to the IP phone.
Page 659
This example shows how to enable auto-QoS and to trust the QoS labels received in incoming packets when the switch or router connected to a port is a trusted device: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# auto qos voip trust Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-27 OL-8915-03...
VoIP traffic is prioritized over all other traffic. Auto-QoS is enabled on the switches in the wiring closets at the edge of the QoS domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-28...
Page 661
Step 6 exit Return to global configuration mode. Step 7 Repeat Steps 4 to 6 for as many ports as are connected to the Cisco IP Phone. Step 8 interface interface-id Specify the switch port identified as connected to a trusted switch or router, and enter interface configuration mode.
(optional, unless you need to use the • DSCP-to-DSCP-mutation map or the policed-DSCP map) Configuring Ingress Queue Characteristics, page 32-66 (optional) • Configuring Egress Queue Characteristics, page 32-70 (optional) • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-30 OL-8915-03...
• traffic is bridged, routed, or sent to the CPU. It is possible for bridged frames to be dropped or to have their DSCP and CoS values modified. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-33 OL-8915-03...
QoS processing. You are likely to lose data when you change queue settings; therefore, try to make changes when • traffic is at a minimum. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-34 OL-8915-03...
(Optional) Save your entries in the configuration file. Use the no mls qos vlan-based interface configuration command to disable VLAN-based QoS on the physical port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-35 OL-8915-03...
QoS domain. Figure 32-12 shows a sample network topology. Figure 32-12 Port Trusted States within the QoS Domain Trusted interface Trunk Traffic classification performed here Trusted boundary Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-36 OL-8915-03...
Page 669
“Configuring the CoS Value for an Interface” section on page 32-38. For information on how to configure the CoS-to-DSCP map, see the “Configuring the CoS-to-DSCP Map” section on page 32-60. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-37 OL-8915-03...
To return to the default setting, use the no mls qos cos {default-cos | override} interface configuration command. Configuring a Trusted Boundary to Ensure Port Security In a typical network, you connect a Cisco IP Phone to a switch port, as shown in Figure 32-12 on page 32-36, and cascade devices that generate data packets from the back of the telephone.
Page 671
CoS setting). By contrast, trusted boundary uses CDP to detect the presence of a Cisco IP Phone (such as the Cisco IP Phone 7910, 7935, 7940, and 7960) on a switch port. If the telephone is not detected, the trusted boundary feature disables the trusted setting on the switch port and prevents misuse of a high-priority queue.
QoS. If the two domains use different DSCP values, you can configure the DSCP-to-DSCP-mutation map to translate a set of DSCP values to match the definition in the other domain. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-40 OL-8915-03...
Page 673
Return to privileged EXEC mode. Step 7 show mls qos maps dscp-mutation Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-41 OL-8915-03...
Classifying, Policing, and Marking Traffic on Physical Ports by Using Policy Maps, page 32-48 Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 32-52 • Classifying, Policing, and Marking Traffic by Using Aggregate Policers, page 32-58 • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-42 OL-8915-03...
Switch(config)# access-list 1 permit 192.5.255.0 0.0.0.255 Switch(config)# access-list 1 permit 128.88.0.0 0.0.255.255 Switch(config)# access-list 1 permit 36.0.0.0 0.0.0.255 ! (Note: all other access implicitly denied) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-43 OL-8915-03...
Page 676
This example shows how to create an ACL that permits PIM traffic from any source to a destination group address of 224.0.0.2 with a DSCP set to 32: Switch(config)# access-list 102 permit pim any 224.0.0.2 dscp 32 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-44 OL-8915-03...
Page 677
MAC address 0001.0000.0002 to the host with MAC address 0002.0000.0002. Switch(config)# mac access-list extended maclist1 Switch(config-ext-macl)# permit 0001.0000.0001 0.0.0 0002.0000.0001 0.0.0 Switch(config-ext-macl)# permit 0001.0000.0002 0.0.0 0002.0000.0002 0.0.0 xns-idp ! (Note: all other access implicitly denied) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-45 OL-8915-03...
If neither the match-all or match-any keyword is specified, the default is match-all. Because only one match command per class map is supported, Note the match-all and match-any keywords function the same. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-46 OL-8915-03...
Page 679
This example shows how to create a class map called class3, which matches incoming traffic with IP-precedence values of 5, 6, and 7: Switch(config)# class-map class3 Switch(config-cmap)# match ip precedence 5 6 7 Switch(config-cmap)# end Switch# Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-47 OL-8915-03...
Classifying, Policing, and Marking Traffic on SVIs by Using Hierarchical Policy Maps, page 32-52. Beginning with Cisco IOS Release 12.2(44)SE, a policy-map and a port trust state can both run on a • physical interface. The policy-map is applied before the port trust state.
Page 681
By default, no policy map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-49 OL-8915-03...
Page 682
DSCP value (by using the policed-DSCP map) and to send the packet. For more information, see the “Configuring the Policed-DSCP Map” section on page 32-62. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-50 OL-8915-03...
• • Beginning with Cisco IOS Release 12.2(44)SE, a policy-map and a port trust state can both run on a physical interface. The policy-map is applied before the port trust state. A policy-map trust state and a port trust state are mutually exclusive, and whichever is configured •...
Page 685
For ip precedence ip-precedence-list, enter a list of up to eight IP-precedence values to match against incoming packets. Separate each value with a space. The range is 0 to 7. Step 4 exit Return to class-map configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-53 OL-8915-03...
Page 686
By default, no policy-map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-54 OL-8915-03...
Page 687
By default, no policy-map class-maps are defined. If a traffic class has already been defined by using the class-map global configuration command, specify its name for class-map-name in this command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-55 OL-8915-03...
Page 688
Step 21 exit Return to global configuration mode. Step 22 interface interface-id Specify the SVI to which to attach the hierarchical policy map, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-56 OL-8915-03...
[match-all | match-any] Create a class map to classify traffic as necessary. For more class-map-name information, see the “Classifying Traffic by Using Class Maps” section on page 32-46. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-58 OL-8915-03...
Page 691
Switch(config)# mls qos aggregate-police transmit1 48000 8000 exceed-action policed-dscp-transmit Switch(config)# class-map ipclass1 Switch(config-cmap)# match access-group 1 Switch(config-cmap)# exit Switch(config)# class-map ipclass2 Switch(config-cmap)# match access-group 2 Switch(config-cmap)# exit Switch(config)# policy-map aggflow1 Switch(config-pmap)# class ipclass1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-59 OL-8915-03...
If these values are not appropriate for your network, you need to modify them. Beginning in privileged EXEC mode, follow these steps to modify the CoS-to-DSCP map. This procedure is optional. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-60 OL-8915-03...
IP-precedence-to-DSCP map: Table 32-13 Default IP-Precedence-to-DSCP Map IP Precedence Value DSCP Value If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-61 OL-8915-03...
Return to privileged EXEC mode. Step 4 show mls qos maps policed-dscp Verify your entries. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-62 OL-8915-03...
Default DSCP-to-CoS Map DSCP Value CoS Value 0–7 8–15 16–23 24–31 32–39 40–47 48–55 56–63 If these values are not appropriate for your network, you need to modify them. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-63 OL-8915-03...
You can configure multiple DSCP-to-DSCP-mutation maps on an ingress port. The default DSCP-to-DSCP-mutation map is a null map, which maps an incoming DSCP value to the same DSCP value. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-64 OL-8915-03...
Allocating Buffer Space Between the Ingress Queues, page 32-68 (optional) • Allocating Bandwidth Between the Ingress Queues, page 32-68 (optional) • Configuring the Ingress Priority Queue, page 32-69 (optional) • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-66 OL-8915-03...
Page 699
To return to the default WTD threshold percentages, use the no mls qos srr-queue input threshold queue-id global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-67 OL-8915-03...
SRR scheduler sends packets from each queue. The bandwidth and the buffer allocation control how much data can be buffered before packets are dropped. On ingress queues, SRR operates only in shared mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-68 OL-8915-03...
Then, SRR shares the remaining bandwidth with both ingress queues and services them as specified by the weights configured with the mls qos srr-queue input bandwidth weight1 weight2 global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-69 OL-8915-03...
Does the bandwidth of the port need to be rate limited? • How often should the egress queues be serviced and which technique (shaped, shared, or both) • should be used? Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-70 OL-8915-03...
The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-71 OL-8915-03...
Page 704
For qset-id, enter the ID of the queue-set specified in Step 2. The range is 1 to 2. The default is 1. Step 6 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-72 OL-8915-03...
The egress queue default settings are suitable for most situations. You should change them only when Note you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-73 OL-8915-03...
Page 706
This example shows how to map DSCP values 10 and 11 to egress queue 1 and to threshold 2: Switch(config)# mls qos srr-queue output dscp-map queue 1 threshold 2 10 11 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-74...
2, 3, and 4 are set to 0, these queues operate in shared mode. The bandwidth weight for queue 1 is 1/8, which is 12.5 percent: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth shape 8 0 0 0 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-75 OL-8915-03...
1, 2, 3, and 4. This means that queue 4 has four times the bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3. Switch(config)# interface gigabitethernet0/1 Switch(config-if)# srr-queue bandwidth share 1 2 3 4 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-76 OL-8915-03...
Command Purpose Step 1 configure terminal Enter global configuration mode. Step 2 interface interface-id Specify the port to be rate limited, and enter interface configuration mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-77 OL-8915-03...
| dscp-output-q | ip-prec-dscp | policed-dscp] show mls qos queue-set [qset-id] Display QoS settings for the egress queues. show mls qos vlan vlan-id Display the policy maps attached to the specified SVI. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-78 OL-8915-03...
Page 711
The control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. show running-config | include rewrite Display the DSCP transparency setting. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-79 OL-8915-03...
Page 712
Chapter 32 Configuring QoS Displaying Standard QoS Information Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 32-80 OL-8915-03...
In previous releases, the incompatible ports were suspended. Beginning with Cisco IOS Release 12.2(35)SE, instead of a suspended state, the local port is put into an independent state and continues to carry data traffic as would any other single link.
To change the parameters of all ports in an EtherChannel, apply configuration commands to the port-channel interface, for example, spanning-tree commands or commands to configure a Layer 2 EtherChannel as a trunk. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-3 OL-8915-03...
Understanding EtherChannels Port Aggregation Protocol The Port Aggregation Protocol (PAgP) is a Cisco-proprietary protocol that can be run only on Cisco switches and on those switches licensed by vendors to support PAgP. PAgP facilitates the automatic creation of EtherChannels by exchanging PAgP packets between Ethernet ports.
Link Aggregation Control Protocol The LACP is defined in IEEE 802.3ad and enables Cisco switches to manage Ethernet channels between switches that conform to the IEEE 802.3ad protocol. LACP facilitates the automatic creation of EtherChannels by exchanging LACP packets between Ethernet ports.
MAC-address forwarding, packets sent from host A to host B, host A to host C, and host C to host B could all use different ports in the channel. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-6...
Page 719
MAC address, using the destination-MAC address always chooses the same link in the channel. Using source addresses or IP addresses might result in better load balancing. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-7...
Note to all the physical ports assigned to the port-channel interface, and configuration changes applied to the physical port affect only the port where you apply the configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-8 OL-8915-03...
Spanning-tree port priority for each VLAN – Spanning-tree Port Fast setting – Do not configure a port to be a member of more than one EtherChannel group. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-9 OL-8915-03...
For a LACP EtherChannel, you can configure up to 16 Ethernet ports of the same type. Up to eight ports can be active, and up to eight ports can be in standby mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-10 OL-8915-03...
Page 723
Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove a port from the EtherChannel group, use the no channel-group interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-11 OL-8915-03...
Switch(config-if)# end Configuring the Physical Interfaces Beginning in privileged EXEC mode, follow these steps to assign an Ethernet port to a Layer 3 EtherChannel. This procedure is required. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-12 OL-8915-03...
Page 725
Step 3 no ip address Ensure that there is no IP address assigned to the physical port. Step 4 no switchport Put the port into Layer 3 mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-13 OL-8915-03...
Page 726
33-5. Step 6 Return to privileged EXEC mode. Step 7 show running-config Verify your entries. Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-14 OL-8915-03...
IP address. • src-mac—Load distribution is based on the source-MAC address of the incoming packet. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-15 OL-8915-03...
When the link partner of the Cisco Catalyst Blade Switch 3020 for HP is a physical learner (such as a Catalyst 1900 series switch), we recommend that you configure the Cisco Catalyst Blade Switch 3020 for HP as a physical-port learner by using the pagp learn-method physical-port interface configuration command.
16 ports. Only eight LACP links can be active at one time. The software places any additional links in a hot-standby mode. If one of the active links becomes inactive, a link that is in the hot-standby mode becomes active in its place. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-17 OL-8915-03...
(Optional) Save your entries in the configuration file. To return the LACP system priority to the default value, use the no lacp system-priority global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-18 OL-8915-03...
(Optional) Save your entries in the configuration file. To return the LACP port priority to the default value, use the no lacp port-priority interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-19 OL-8915-03...
Upstream interfaces can be bundled together, and each downstream interface can be associated with a single group consisting of multiple upstream interfaces. These groups are referred to as link-state groups. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-20 OL-8915-03...
Configuring Layer 2 Trunk Failover, page 33-22 • Default Layer 2 Trunk Failover Configuration There are no link-state groups defined, and trunk failover is not enabled for any group. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-21 OL-8915-03...
Switch(config-if)# interface gigabitethernet0/1 Switch(config-if)# link state group 1 downstream Switch(config-if)# interface gigabitethernet0/3 Switch(config-if)# link state group 1 downstream Switch(config-if)# interface gigabitethernet0/5 Switch(config-if)# link state group 1 downstream Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-22 OL-8915-03...
Status: Disabled, Down Upstream Interfaces Downstream Interfaces : (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled For detailed information about the fields in the display, see the command reference for this release. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-23 OL-8915-03...
Page 736
Chapter 33 Configuring EtherChannels and Layer 2 Trunk Failover Understanding Layer 2 Trunk Failover Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 33-24 OL-8915-03...
For more detailed IP unicast configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides. For complete syntax and usage information for the commands used in this chapter, see these command references from the Cisco.com page under Documentation >...
The switch supports only the Routing Information Protocol (RIP), which uses a single distance metric (cost) to determine the best path. It also supports default routing and static routing. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-2...
By default, IP routing is disabled on the switch, and you must enable it before routing can take place. For detailed IP routing configuration information, see the Cisco IOS IP Configuration Guide, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides.
Maximum interval between advertisements: 600 seconds. • Minimum interval between advertisements: 0.75 times max interval Preference: 0. • IP proxy ARP Enabled. IP routing Disabled. IP subnet-zero Disabled. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-4 OL-8915-03...
(Optional) Save your entry in the configuration file. Use the no ip subnet-zero global configuration command to restore the default and disable the use of subnet zero. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-5 OL-8915-03...
128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no network default route, the router discards the packet. Figure 34-3 No IP Classless Routing 128.0.0.0/8 128.20.4.1 128.20.0.0 Bit bucket 128.20.1.0 128.20.3.0 128.20.2.0 128.20.4.1 Host Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-6 OL-8915-03...
For more information on RARP, see the Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 under Documentation > Cisco IOS Software > 12.2 Mainline > Configuration Guides from the Cisco.com page.
To remove an entry from the ARP cache, use the no arp ip-address hardware-address type global configuration command. To remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-8 OL-8915-03...
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. To disable proxy ARP on the interface, use the no ip proxy-arp interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-9 OL-8915-03...
Display the address of the default gateway router to verify the setting. Step 5 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no ip default-gateway global configuration command to disable this function. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-10 OL-8915-03...
Return to privileged EXEC mode. Step 11 show ip irdp Verify settings by displaying IRDP values. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-11 OL-8915-03...
For more information on access lists, see Chapter 31, “Configuring Network Security with ACLs.” Beginning in privileged EXEC mode, follow these steps to enable forwarding of IP-directed broadcasts on an interface: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-12 OL-8915-03...
You can specify a UDP destination port to control which UDP services are forwarded. You can specify multiple UDP protocols. You can also specify the Network Disk (ND) protocol, which is used by older diskless Sun workstations and the network security protocol SDNS. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-13 OL-8915-03...
By default, both UDP and ND forwarding are enabled if a helper address has been defined for an interface. The description for the ip forward-protocol interface configuration command in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 lists the ports that are forwarded by default if you do not specify any UDP ports.
CPU. For those packets that do go to the CPU, you can speed up spanning tree-based UDP flooding by a factor of about four to five times by using turbo-flooding. This feature is supported over Ethernet interfaces configured for ARP encapsulation. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-15 OL-8915-03...
[address [mask]] | [protocol] Display the current state of the routing table. show ip route summary Display the current state of the routing table in summary form. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-16 OL-8915-03...
Protocol (UDP) data packets to exchange routing information. The protocol is documented in RFC 1058. You can find detailed information about RIP in IP Routing Fundamentals, published by Cisco Press. RIP is the only routing protocol supported by the switch.
(Optional) Disable automatic summarization. By default, the switch summarizes subprefixes when crossing classful network boundaries. Disable summarization (RIP Version 2 only) to advertise subnet and host routing information to classful network boundaries. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-19 OL-8915-03...
Step 5 Return to privileged EXEC mode. Step 6 show running-config interface [interface-id] Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-20 OL-8915-03...
In the example, if the interface is still in Layer 2 mode (the default), you must enter a no switchport interface configuration command before entering the ip address interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-21 OL-8915-03...
Verify your entries. Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file. To enable the split horizon mechanism, use the ip split-horizon interface configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-22 OL-8915-03...
VLAN 100 interfaces and on Host 3. This configuration allows the directly connected hosts to receive traffic from multicast source 200.1.1.3. See the “Configuring PIM Stub Routing” section on page 34-24 for more information. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-23 OL-8915-03...
Specify the interface on which you want to enable PIM stub routing, and enter interface configuration mode. Step 3 ip pim passive Configure the PIM stub feature on the interface. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-24 OL-8915-03...
Page 761
• group. • show ip igmp mroute verifies that the multicast stream forwards from the source to the interested clients. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-25 OL-8915-03...
By default, the ip classless command is enabled in all Cisco IOS images that support the EIGRP stub routing feature. Without the stub feature, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur.
• Configuring Cisco Express Forwarding Cisco Express Forwarding (CEF) is a Layer 3 IP switching technology used to optimize network performance. CEF implements an advanced IP look-up and forwarding algorithm to deliver maximum Layer 3 switching performance. CEF is less CPU-intensive than fast switching route caching, allowing more CPU processing power to be dedicated to packet forwarding.
Verify the setting in the Maximum path field. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Use the no maximum-paths router configuration command to restore the default value. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-29 OL-8915-03...
When the software can no longer find a valid next hop for the address specified as the forwarding router's address in a static route, the static route is also removed from the IP routing table. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-30...
When default information is passed through a dynamic routing protocol, no further configuration is required. The system periodically scans its routing table to choose the optimal default network as its default route. Cisco routers use administrative distance and metric information to set the default route or the gateway of last resort.
Page 768
Each can be an integer from 0 to 4294967295. Step 7 match interface type number [...type number] Match the specified next hop route out one of the specified interfaces. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-32 OL-8915-03...
Page 769
RIP can automatically redistribute static routes. It assigns static routes a metric of 1 (directly • connected). Any protocol can redistribute other routing protocols if a default mode is in effect. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-33 OL-8915-03...
You can also use a distribute-list router configuration command to avoid processing certain routes listed in incoming updates. Beginning in privileged EXEC mode, follow these steps to control the advertising or processing of routing updates: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-34 OL-8915-03...
Step 5 show ip protocols Display the default administrative distance for a specified routing process. Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-35 OL-8915-03...
Display authentication key information. Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file. To remove the key chain, use the no key chain name-of-chain global configuration command. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-36 OL-8915-03...
Display supernets. show ip cache Display the routing table used to switch IP traffic. show route-map [map-name] Display all route maps configured or only the one specified. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-37 OL-8915-03...
Page 774
Chapter 34 Configuring IP Unicast Routing Monitoring and Maintaining the IP Network Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 34-38 OL-8915-03...
35-12. For more information about SDM templates, see Chapter 6, “Configuring SDM Templates.” For complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Note documentation referenced in the procedures This chapter consists of these sections: “Understanding IPv6”...
Routing optimized for mobile devices Duplicate Address Detection (DAD) feature • For information about how Cisco Systems implements IPv6, go to this URL: http://www.cisco.com//warp/public/732/Tech/ipv6/ This section describes IPv6 implementation on the switch. These sections are included: IPv6 Addresses, page 35-2 •...
IPv6 routers do not forward packets with link-local source or destination addresses to other links. See the section on IPv6 Unicast Addresses in the “Implementing Addressing and Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b. html Each IPv6 host interface can support up to three addresses in hardware (one aggregatable global unicast address, one link-local unicast address, and zero or more privacy addresses).
Stateful autoconfiguration using Dynamic Host Configuration Protocol (DHCP) IPv6. • The switch supports stateless autoconfiguration to manage link, subnet, and site addressing changes, such as management of host and mobile IP addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-4 OL-8915-03...
Page 779
Router advertisements contain zero or more prefix information options that contain information that the stateless address autoconfiguration uses to generate site-local and global addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-5 OL-8915-03...
Page 780
Building configuration... Current configuration : 104 bytes interface FastEthernet1/0/16 no switchport no ip address ipv6 address autoconfig Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-6 OL-8915-03...
Page 781
FF02::1:FF2E:9047 switch2# show running-config internet gigabitethernet1/0/16 Building configuration... Current configuration : 137 bytes interface GigabitEthernet1/0/16 no switchport no ip address no keepalive ipv6 address 1016:1::1/64 ipv6 address 1016:2::1/72 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-7 OL-8915-03...
Page 782
ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-8 OL-8915-03...
Cisco Discovery Protocol (CDP) support for IPv6 addresses • For more information about managing these applications with Cisco IOS, see the “Managing Cisco IOS Applications over IPv6” section in the Cisco IOS IPv6 Configuration Library at this URL: Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide...
New and upgraded applications can use both IPv4 and IPv6 protocol stacks. The Cisco IOS software supports the dual IPv4 and IPv6 protocol stack technique. When both IPv4 and IPv6 routing are enabled and an interface is configured with both an IPv4 and IPv6 address, the interface forwards both IPv4 and IPv6 traffic.
Page 785
Syslog configures the connection to the logging host by using a Cisco IOS socket interface and starts a socket connection on the UDP or TCP transport by using Cisco IOS sockets. Syslog supports common address data types that support both IPv4 and IPv6 transports. The syslog supports socket structures and APIs based on the user’s CLI configurations.
Understanding IPv6 HTTP(S) Over IPv6 The HTTP client in Cisco IOS supports sending requests to both IPv4 and IPv6 HTTP servers. The HTTP server in Cisco IOS can service HTTP requests from both IPv4 and IPv6 HTTP clients. URLs with literal IPv6 addresses must be formatted by using the rules listed in RFC 2732.
Before configuring IPv6 on the switch, be sure to select a dual IPv4 and IPv6 SDM template. For more information about configuring IPv6 routing, see the “Implementing Addressing and Basic Connectivity for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b.
ICMP rate limiting is enabled by default with a default interval between error messages of 100 milliseconds and a bucket size (maximum number of tokens to be stored in a bucket) of 10. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-15...
Fully specified static routes—Both the output interface and the next hop are specified. The next hop • is assumed to be directly attached to the specified output interface. A fully specified route is valid when the specified IPv6 interface is IPv6-enabled and up. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-16 OL-8915-03...
Page 791
To configure a floating static route, use an administrative distance greater than that of the dynamic routing protocol. Step 3 Return to privileged EXEC mode. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-17 OL-8915-03...
This example shows how to configure a floating static route to an interface with an administrative distance of 130: Switch(config)# ipv6 route 2001:0DB8::/32 gigabitethernet0/1 130 For more information about configuring static IPv6 routing, see the “Implementing Static Routes for IPv6” chapter in the Cisco IOS IPv6 Configuration Library at this URL: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00807fcf4b. html Displaying IPv6 Table 35-3 shows the privileged EXEC commands for monitoring IPv6 on the switch.
Page 793
0 fragmented into 0 fragments, 0 failed 0 encapsulation failed, 0 no route, 0 too big 0 RPF drops, 0 RPF suppressed drops Mcast: 1 received, 36861 sent Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 35-19 OL-8915-03...
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter includes these sections: “Understanding MLD Snooping” section on page 36-1 •...
Message timers and state transitions resulting from messages being sent or received are the same as those of IGMPv2 messages. MLD messages that do not have valid link-local IPv6 source addresses are ignored by MLD routers and switches. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-2 OL-8915-03...
5 minutes. IPv6 multicast router discovery only takes place when MLD snooping is enabled on the switch. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-3 OL-8915-03...
If the deleted port is the last member of the multicast address, the multicast address is also deleted, and the switch sends the address leave information to all detected multicast routers. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-4 OL-8915-03...
Last listener query count Global: 2; Per VLAN: 0. The VLAN value overrides the global setting. When the Note VLAN value is 0, the VLAN uses the global count. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-5 OL-8915-03...
You can enable and disable MLD snooping on a per-VLAN basis or for a range of VLANs, but if you globally disable MLD snooping, it is disabled in all VLANs. If global snooping is enabled, you can enable or disable VLAN snooping. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-6 OL-8915-03...
Page 801
(Optional) Save your entries in the configuration file. To disable MLD snooping on a VLAN interface, use the no ipv6 mld snooping vlan vlan-id global configuration command for the specified VLAN number. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-7 OL-8915-03...
(add a static connection to a multicast router), use the ipv6 mld snooping vlan mrouter global configuration command on the switch. Static connections to multicast routers are supported only on switch ports. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-8 OL-8915-03...
(Optional) Verify that the MLD snooping querier information for the vlan-id] switch or for the VLAN. Step 12 copy running-config startup-config (Optional) Save your entries in the configuration file. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-10 OL-8915-03...
VLAN interfaces. You can also display MAC address multicast entries for a VLAN configured for MLD snooping. To display MLD snooping information, use one or more of the privileged EXEC commands in Table 36-2. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-11 OL-8915-03...
Page 806
• information for the switch or for a VLAN. show ipv6 mld snooping multicast-address vlan Display MLD snooping for the specified VLAN and IPv6 multicast vlan-id [ipv6-multicast-address] address. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 36-12 OL-8915-03...
For complete syntax and usage information for the commands used in this chapter, see the command Note reference for this release or the Cisco IOS documentation referenced in the procedures. This chapter contains these sections: Understanding IPv6 ACLs, page 37-1 •...
With IPv4, you can configure standard and extended numbered IP ACLs, named IP ACLs, and MAC ACLs. IPv6 supports only named ACLs. The switch supports most Cisco IOS-supported IPv6 ACLs with some exceptions: IPv6 source and destination addresses—ACL matching is supported only on prefixes from /0 to /64 •...
You cannot use MAC ACLs to filter IPv6 frames. MAC ACLs can only filter non-IP frames. • If the TCAM is full, for any additional configured ACLs, packets are forwarded to the CPU, and the • ACLs are applied in software. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 37-3 OL-8915-03...
(Optional) Enter sequence value to specify the sequence number for the • access list statement. The acceptable range is from 1 to 4294967295. (Optional) Enter time-range name to specify a time range for the statement. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 37-4 OL-8915-03...
Page 811
Return to privileged EXEC mode. Step 5 show ipv6 access-list Verify the access list configuration. Step 6 copy running-config (Optional) Save your entries in the configuration file. startup-config Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 37-5 OL-8915-03...
This example configures the IPv6 access list named CISCO. The first deny entry in the list denies all packets that have a destination TCP port number greater than 5000. The second deny entry denies packets that have a source UDP port number less than 5000.
Chapter 37 Configuring IPv6 ACLs Displaying IPv6 ACLs This example shows how to apply the access list Cisco to inbound traffic on a Layer 3 interface: Switch(config)# interface gigabitethernet 0/3 Switch(config-if)# no switchport Switch(config-if)# ipv6 address 2001::/64 eui-64 Switch(config-if)# ipv6 traffic-filter CISCO in...
For complete syntax and usage information for the commands used in this chapter, see the switch Note command reference for this release and the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software >...
Page 816
Host C’s segment that need to communicate with users on Host B’s segment and also continues to perform its normal function of handling packets between the Host A segment and Host B. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-2 OL-8915-03...
For MHSRP, you need to enter the standby preempt interface configuration command on the HSRP interfaces so that if a router fails and then comes back up, preemption occurs and restores load sharing Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-3...
Hot Standby state is active, proxy ARP requests are answered using the Hot Standby group MAC address. If the interface is in a different state, proxy ARP responses are suppressed. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-5...
The standby priority, standby preempt, and standby track interface configuration commands are all used to set characteristics for finding active and standby routers and behavior regarding when a new active router takes over. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-6 OL-8915-03...
Page 821
The range is 0 to 3600(1 hour); the default is 0 (no delay before taking over). Use the no form of the command to restore the default values. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-7 OL-8915-03...
Page 822
300 seconds (5 minutes) before attempting to become the active router: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no switchport Switch(config-if)# standby ip 172.20.128.3 Switch(config-if)# standby priority 120 preempt delay 300 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-8 OL-8915-03...
All routers in a Hot Standby group should use the same timer values. Normally, the holdtime is • greater than or equal to 3 times the hellotime. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-9 OL-8915-03...
Page 824
15 seconds: Switch# configure terminal Switch(config)# interface gigabitethernet0/1 Switch(config-if)# no switchport Switch(config-if)# standby 1 ip Switch(config-if)# standby 1 timers 5 15 Switch(config-if)# end Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-10 OL-8915-03...
ICMP redirect messages are automatically enabled on interfaces configured with HSRP. This feature filters outgoing ICMP redirect messages through HSRP, in which the next hop IP address might be changed to an HSRP virtual IP address. For more information, see the Cisco IOS IP Configuration Guide, Release 12.2.
You can configure a tracked list of objects with a Boolean expression, a weight threshold, or a percentage threshold. A tracked list contains one or more objects. An object must exist before it can be added to the tracked list. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-13 OL-8915-03...
Page 828
If the list is up, the list detects that object 2 is down: Switch(config)# track 4 list boolean and Switch(config-track)# object 1 Switch(config-track)# object 2 not Switch(config-track)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-14 OL-8915-03...
Page 829
10, which in this example means that all connections are down. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-15...
Page 830
This example configures tracked list 4 with three objects and a specified percentages to measure the state of the list: Switch(config)# track 4 list threshold percentage Switch(config-track)# object 1 Switch(config-track)# object 2 Switch(config-track)# object 3 Switch(config-track)# threshold percentage up 51 down 10 Switch(config-track)# exit Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-16 OL-8915-03...
(Optional) secondary—The IP address is a secondary hot standby router • interface. If this keyword is omitted, the configured address is the primary IP address. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-17 OL-8915-03...
Commands for Displaying Tracking Information Command Purpose show track [object-number] Display information about the all tracking lists or the specified list. show track brief Display a single line of tracking information output. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-18 OL-8915-03...
Page 833
[object-number] [brief] route Display information about tracked IP-route objects. show track resolution Display the resolution of tracked parameters. show track timers Display tracked polling interval timers. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-19 OL-8915-03...
Page 834
Chapter 38 Configuring HSRP and Enhanced Object Tracking Configuring Enhanced Object Tracking Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 38-20 OL-8915-03...
This chapter describes how to use Cisco IOS IP Service Level Agreements (SLAs) on the switch. Cisco IP SLAs is a part of Cisco IOS software that allows Cisco customers to analyze IP service levels for IP applications and services by using active traffic monitoring—the generation of traffic in a continuous, reliable, and predictable manner—for measuring network performance.
Page 836
Depending on the specific Cisco IOS IP SLAs operation, various network performance statistics are monitored within the Cisco device and stored in both command-line interface (CLI) and Simple Network Management Protocol (SNMP) MIBs. IP SLAs packets have configurable IP and application layer...
Schedule the operation to run, then let the operation run for a period of time to gather statistics. Display and interpret the results of the operation using the Cisco IOS CLI or a network management system (NMS) system with SNMP.
Understanding Cisco IOS IP SLAs IP SLAs Responder and IP SLAs Control Protocol The IP SLAs responder is a component embedded in the destination Cisco device that allows the system to anticipate and respond to IP SLAs request packets. The responder provides accurate measurements without the need for dedicated probes.
This section does not include configuration information for all available operations as the configuration information details are included in the Cisco IOS IP SLAs Configuration Guide. It includes only the procedure for configuring the responder, because the switch includes only responder support. For details about configuring other operations, see he Cisco IOS IP SLAs Configuration Guide at this URL: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_book09186a0080707055...
Monitoring IP SLAs Operations Configuring the IP SLAs Responder The IP SLAs responder is available only on Cisco IOS software-based devices, including some switches that do not support full IP SLAs functionality. Beginning in privileged EXEC mode, follow these steps...
C H A P T E R Troubleshooting This chapter describes how to identify and resolve software problems related to the Cisco IOS software on the switch. Depending on the nature of the problem, you can use the command-line interface (CLI) or the device manager to identify and solve problems.
From your PC, download the software image tar file (image_filename.tar) from Cisco.com. The Cisco IOS image is stored as a bin file in a directory in the tar file. For information about locating the software image files on Cisco.com, see the release notes.
Follow the steps in this procedure if you have forgotten or lost the switch password. Connect a terminal or PC with terminal-emulation software to the switch console port. Step 1 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-3 OL-8915-03...
If you had set the console port speed to anything other than 9600, it has been reset to that particular Step 2 speed. Change the emulation software line speed to match that of the switch console port. Load any helper files: Step 3 switch: load_helper Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-4 OL-8915-03...
Page 845
Switch (config)# exit Switch# Write the running configuration to the startup configuration file: Step 13 Switch# copy running-config startup-config The new password is now in the startup configuration. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-5 OL-8915-03...
Display the contents of flash memory: switch: dir flash: The switch file system appears: Directory of flash: drwx Mar 01 1993 22:30:48 cbs30x0-lanbase-mz.122-25.SEE 16128000 bytes total (10003456 bytes free) Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-6 OL-8915-03...
A manually set speed or duplex parameter is different from the manually set speed or duplex • parameter on the connected port. A port is set to autonegotiate, and the connected port is set to full duplex with no autonegotiation. • Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-7 OL-8915-03...
If you are using a non-Cisco SFP module, remove the SFP module from the switch, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Beginning in privileged EXEC mode, use this command to ping another device on the network from the switch: Command Purpose ping ip host | address Ping a remote host through IP or by supplying the hostname or network address. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-9 OL-8915-03...
The switch can only identify the path from the source device to the destination device. It cannot identify the path that a packet takes from source host to the source device or from the destination device to the destination host. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-10 OL-8915-03...
Using Layer 2 Traceroute Usage Guidelines These are the Layer 2 traceroute usage guidelines: Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For Layer 2 • traceroute to function properly, do not disable CDP.
Because all errors except port-unreachable errors come from intermediate hops, the receipt of a port-unreachable error means that this message was sent by the destination port. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-12 OL-8915-03...
To end a trace in progress, enter the escape sequence (Ctrl-^ X by default). Simultaneously press and release the Ctrl, Shift, and 6 keys and then press the X key. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-13...
These sections explains how you use debug commands to diagnose and resolve internetworking problems: Enabling Debugging on a Specific Feature, page 40-15 • Enabling All-System Diagnostics, page 40-15 • • Redirecting Debug and Error Message Output, page 40-16 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-14 OL-8915-03...
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. It is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Extended crashinfo file—The switch automatically creates this file when the system is failing. Basic crashinfo Files The information in the basic file includes the Cisco IOS image name and version that failed, a list of the processor registers, and a stack trace. You can provide this information to the Cisco technical support representative by using the show tech-support privileged EXEC command.
EXEC command. Extended crashinfo Files In Cisco IOS Release 12.2(25)SEC or later, the switch creates the extended crashinfo file when the system is failing. The information in the extended file includes additional information that can help determine the cause of the switch failure. You provide this information to the Cisco technical support representative by manually accessing the file and using the more or the copy privileged EXEC command.
Page 860
Chapter 40 Troubleshooting Using the crashinfo Files Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 40-20 OL-8915-03...
On-demand diagnostics run from the CLI; scheduled diagnostics run at user-designated intervals or at specified times when the switch is connected to a live network; and health-monitoring runs in the background. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-1 OL-8915-03...
Switch(config)# diagnostic monitor interval test 1 00:02:00 0 1 This example shows how to set the failure threshold for test monitoring on a switch: Switch(config)# diagnostic monitor threshold test 1 failure count 50 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-2 OL-8915-03...
Table 41-1 show diagnostic Commands Command Purpose show diagnostic content Display the online diagnostics configured for a switch. show diagnostic status Display whether a switch is running a test. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-3 OL-8915-03...
Page 864
This example shows how to display the online diagnostic test schedule for a switch: Switch# show diagnostic schedule Current Time = 14:39:49 PST Tue Jul 5 2005 Schedule #1: To be run daily 12:00 Test ID(s) to be executed: 1. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide 41-4 OL-8915-03...
• • TCP-MIB • UDP-MIB You can access other information about MIBs and Cisco products on the Cisco web site: Note http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Using FTP to Access the MIB Files You can get each MIB file by using this procedure: Step 1 Make sure that your FTP client is in passive mode.
For complete syntax and usage information for the commands used in this chapter, see the switch command reference for this release and the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 from the Cisco.com page under Documentation > Cisco IOS Software > 12.2 Mainline > Command References.
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Displaying Available File Systems To display the available file systems on your switch, use the show file systems privileged EXEC command as shown in this example.
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Setting the Default File System You can specify the file system or directory that the system uses as the default file system by using the cd filesystem: privileged EXEC command.
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Creating and Removing Directories Beginning in privileged EXEC mode, follow these steps to create and remove a directory: Command Purpose...
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Local writable file systems include flash:. Some invalid combinations of source and destination exist. Specifically, you cannot copy these combinations: From a running configuration to a running configuration •...
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Creating a tar File To create a tar file and write files into it, use this privileged EXEC command: archive tar /create destination-url flash:/file-url For destination-url, specify the destination URL alias for the local or network file system and the name of the tar file to create.
Page 875
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System This example shows how to display the contents of a switch tar file that is in flash memory: Switch# archive tar /table flash:cbs30x0-ipbase-tar.122-44.SE.tar info (219 bytes) cbs30x0-ipbase-tar.122-44.SE/ (directory)
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with the Flash File System Extracting a tar File To extract a tar file into a directory on the flash file system, use this privileged EXEC command: archive tar /xtract source-url flash:/file-url [dir/file...]...
This section describes how to create, load, and maintain configuration files. Configuration files contain commands entered to customize the function of the Cisco IOS software. A way to create a basic configuration file is to use the setup program or to enter the setup privileged EXEC command.
Page 878
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Guidelines for Creating and Using Configuration Files Creating configuration files can aid in your switch configuration. Configuration files can contain some or all of the commands needed to configure one or more switches. For example, you might want to download the same configuration file to several switches that have the same hardware configuration.
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Open the configuration file in a text editor, such as vi or emacs on UNIX or Notepad on a PC. Step 2 Extract the portion of the configuration file with the desired commands, and save it in a new file.
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Downloading the Configuration File By Using TFTP To configure the switch by using a configuration file downloaded from a TFTP server, follow these steps: Copy the configuration file to the appropriate TFTP directory on the workstation.
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy a configuration file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
Page 882
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files NVRAM. If you are accessing the switch through a Telnet session and you have a valid username, this username is used, and you do not need to set the FTP username. Include the username in the copy command if you want to specify a username for only that copy operation.
Page 883
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files This example shows how to specify a remote username of netadmin1. The software copies the configuration file host2-confg from the netadmin1 directory on the remote server with an IP address of 172.16.101.101 to the switch startup configuration.
The RCP requires a client to send a remote username with each RCP request to a server. When you copy a configuration file from the switch to a server, the Cisco IOS software sends the first valid username in this list: The username specified in the copy command if a username is specified.
Page 885
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Preparing to Download or Upload a Configuration File By Using RCP Before you begin downloading or uploading a configuration file by using RCP, do these tasks: •...
Page 886
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files Command Purpose Step 5 Return to privileged EXEC mode. Step 6 copy Using RCP, copy the configuration file from a network rcp:[[[//[username@]location]/directory]/filename]...
Depending on the setting of the file prompt global configuration command, you might be prompted for confirmation before you delete a file. By default, the switch prompts for confirmation on destructive file operations. For more information about the file prompt command, see the Cisco IOS Command Reference for Release 12.2.
Replacing and Rolling Back Configurations The configuration replacement and rollback feature replaces the running configuration with any saved Cisco IOS configuration file. You can use the rollback function to roll back to a previous configuration. These sections contain this information: •...
When using the configure replace command, you must specify a saved configuration as the replacement configuration file for the running configuration. The replacement file must be a complete configuration generated by a Cisco IOS device (for example, a configuration generated by the copy running-config destination-url command).
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Configuration Files If you generate the replacement configuration file externally, it must comply with the format of files Note generated by Cisco IOS devices.
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 4 exit Return to privileged EXEC mode. Step 5 configure replace target-url [list] Replace the running configuration file with a saved configuration file.
Image Location on the Switch The Cisco IOS image is stored as a .bin file in a directory that shows the version number. A subdirectory contains the files needed for web management. The image is stored on the system board flash memory (flash:).
Cisco IOS image total_image_file_size Specifies the size of all the images (the Cisco IOS image and the web management files) in the tar file, which is an approximate measure of how much flash memory is required to hold them...
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Preparing to Download or Upload an Image File By Using TFTP Before you begin downloading or uploading an image file by using TFTP, do these tasks: •...
Page 895
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 3 archive download-sw /overwrite /reload Download the image file from the TFTP server to the switch, and tftp:[[//location]/directory]/image-name.tar overwrite the current image.
The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format.
The FTP protocol requires a client to send a remote username and password on each FTP request to a server. When you copy an image file from the switch to a server by using FTP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
Page 898
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images When you upload an image file to the FTP server, it must be properly configured to accept the write • request from the user on the switch.
Page 899
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 8 archive download-sw /leave-old-sw /reload Download the image file from the FTP server to the switch, ftp:[[//username[:password]@location]/directory] and keep the current image.
Page 900
The archive upload-sw command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format.
RCP requires a client to send a remote username on each RCP request to a server. When you copy an image from the switch to a server by using RCP, the Cisco IOS software sends the first valid username in this list: The username specified in the archive download-sw or archive upload-sw privileged EXEC •...
Page 902
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Before you begin downloading or uploading an image file by using RCP, do these tasks: Ensure that the workstation acting as the RCP server supports the remote shell (rsh).
Page 903
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Command Purpose Step 6 archive download-sw /overwrite /reload Download the image file from the RCP server to the switch, rcp:[[[//[username@]location]/directory]/image-na and overwrite the current image.
Page 904
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images The algorithm installs the downloaded image onto the system board flash device (flash:). The image is placed into a new directory named with the software version string, and the BOOT environment variable is updated to point to the newly installed image.
Page 905
The archive upload-sw privileged EXEC command builds an image file on the server by uploading these files in order: info, the Cisco IOS image, and the web management files. After these files are uploaded, the upload algorithm creates the tar file format.
Page 906
Appendix B Working with the Cisco IOS File System, Configuration Files, and Software Images Working with Software Images Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide B-38 OL-8915-03...
[per-prefix] [non-recursive] ip cef traffic-statistics [load-interval seconds] [update-rate seconds]] ip flow-aggregation ip flow-cache ip flow-export ip gratuitous-arps ip local Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
[ip-address..] set ip destination ip-address mask set ip next-hop verify-availability set ip precedence value set ip qos-group set metric-type internal set origin set metric-type internal set tag tag-value Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Unsupported Global Configuration Command priority-list Unsupported Interface Configuration Commands priority-group rate-limit Unsupported Policy-Map Configuration Command class class-default where class-default is the class-map-name. Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Unsupported Privileged EXEC Command vtp {password password | pruning | version number} This command has been replaced by the vtp global configuration command. Note Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide OL-8915-03...
Page 916
Appendix C Unsupported Commands in Cisco IOS Release 12.2(44)SE Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide C-10 OL-8915-03...
7-11, 7-17 fragments and QoS guidelines 32-33 ACEs implicit deny 31-9, 31-13, 31-15 and QoS 32-7 implicit masks 31-9 defined 31-2 matching criteria 31-7 Ethernet 31-2 undefined 31-20 31-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-1 OL-8915-03...
Page 918
ACLs and VLAN map configuration defined 34-35 guidelines 31-36 routing protocol defaults 34-30 standard IP, configuring for QoS classification 32-43 standard IPv4 creating 31-9 matching criteria 31-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-2 OL-8915-03...
Page 919
9-15 asymmetrical links, and IEEE 802.1Q tunneling mismatches 15-4 40-7 attributes, RADIUS autosensing, port speed vendor-proprietary auxiliary VLAN 7-31 vendor-specific See voice VLAN 7-29 audience xxxv availability, features Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-3 OL-8915-03...
Page 920
38-14 booting boot loader, function of cables, monitoring for unidirectional links 26-1 boot process CA trustpoint manually 3-19 configuring 7-44 specific image 3-19 defined 7-42 caution, described xxxvi Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-4 OL-8915-03...
Page 921
See DHCP, Cisco IOS DHCP server See system clock Cisco IOS File System clusters, switch See IFS benefits Cisco IOS IP SLAs 39-1 CiscoWorks 2000 1-3, 30-4 CIST regional root See MSTP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-5 OL-8915-03...
Page 925
20-8 domain names deleting 5-15 binding file 20-14 12-8 bindings 20-14 Domain Name System database agent 20-14 See DNS described 20-6 dot1q-tunnel switchport mode 11-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-9 OL-8915-03...
Page 926
21-13 defined displaying 21-15 setting the type 9-13 logging of dropped packets, described 21-4 man-in-the middle attack, described 21-2 network security issues and interface trust states 21-3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-10 OL-8915-03...
Page 927
33-17 encryption, CipherSuite 7-43 interaction with other features 33-6 encryption for passwords modes 33-5 Enhanced IGRP port priority 33-19 See EIGRP system priority 33-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-11 OL-8915-03...
Page 928
32-77 extended crashinfo Express Setup description 40-19 See also getting started guide location 40-19 extended crashinfo file 40-18 creating displaying the contents of extracting image file format B-24 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-12 OL-8915-03...
Page 929
Layer 3 interfaces 9-20 flowcontrol hello time configuring 9-17 MSTP 17-22 described 9-17 16-20 forward-delay time help, for the command line MSTP 17-23 16-21 Forwarding Information Base See FIB Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-13 OL-8915-03...
Page 930
38-9 compatibility with other features 15-6 tracking 38-7 defaults 15-4 HTTP(S) Over IPv6 35-12 described 15-1 HTTP over SSL tunnel ports with other features 15-6 see HTTPS Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-14 OL-8915-03...
Page 931
IGMP filtering described 22-25 configuring displaying action 22-25 22-29 default configuration 22-25 Immediate Leave, IGMP 22-6 described enabling 22-24 36-9 monitoring inaccessible authentication bypass 22-29 8-14 support for Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-15 OL-8915-03...
Page 932
Internet Control Message Protocol configuring 13-4 See ICMP ensuring port security with QoS 32-38 Internet Protocol version 6 trusted boundary for QoS 32-38 See IPv6 IP precedence 32-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-16 OL-8915-03...
Page 933
20-17 34-15 and routed ports 20-16 packets 34-12 and TCAM entries storms 20-17 34-12 and trunk interfaces classless routing 20-17 34-6 and VRF configuring static routes 20-17 34-30 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-17 OL-8915-03...
Page 934
6-2, 35-12, 36-1, 36-6, 37-1 See also RIP Stateless Autoconfiguration 35-4 IPv4 ACLs supported features 35-3 applying to interfaces IPv6 traffic, filtering 31-19 37-3 extended, creating 31-10 named 31-14 standard, creating 31-9 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-18 OL-8915-03...
Page 935
IP addresses to 34-5 switch as trusted third party 7-32 assigning IPv6 addresses to 35-14 terms 7-33 changing from Layer 2 mode 34-5 types of 34-3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-19 OL-8915-03...
Page 936
LLDP Media Endpoint Discovery characteristics of 5-24 See LLDP-MED dropping 5-25 load balancing 38-3 removing 5-24 local SPAN 27-2 MAC address notification, support for 1-10 location TLV 25-2, 25-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-20 OL-8915-03...
Page 938
VLANs 11-16 default configuration 17-14 VMPS default optional feature configuration 11-32 18-9 displaying status 12-16 17-26 more 8-44 enabling the mode 17-16 EtherChannel guard described 18-7 enabling 18-14 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-22 OL-8915-03...
Page 939
22-22 Port Fast default configuration 22-20 described 18-2 described 22-17 enabling 18-10 example application 22-18 preventing root switch selection 18-8 modes 22-21 monitoring 22-24 multicast television application 22-18 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-23 OL-8915-03...
Page 940
Linux server cluster 1-15 creating an access group network design disabling NTP services per interface 5-10 performance 1-13 source IP address, configuring 5-10 services 1-13 stratum support for Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-24 OL-8915-03...
Page 941
32-48 encrypting for more than one traffic class 32-58 for security described 32-4 overview displaying 32-78 recovery of 40-3 number of 32-34 types of 32-9 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-25 OL-8915-03...
Page 942
8-36 authorized and unauthorized manual re-authentication of a client 8-30 critical 8-14 periodic re-authentication 8-29 voice VLAN 8-15 quiet period 8-30 RADIUS server 8-28 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-26 OL-8915-03...
Page 943
19-2 support for primary VLANs 14-1, 14-3 port membership modes, VLAN priority 11-3 port priority HSRP 38-7 MSTP 17-19 overriding CoS 13-6 trusting CoS 16-16 13-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-27 OL-8915-03...
Page 944
32-30 exiting configuration guidelines 32-25 logging into described 32-20 overview 7-2, 7-7 disabling 32-27 setting a command with displaying generated commands 32-27 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-28 OL-8915-03...
Page 945
32-60 32-68 DSCP transparency allocating buffer space 32-40 32-68 DSCP trust states bordering another buffer and bandwidth allocation, described 32-16 domain 32-40 configuring shared weights for SRR 32-68 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-29 OL-8915-03...
Page 946
32-9 vendor-specific 7-29 policies, attaching to an interface 32-8 configuring policing accounting 7-28 described 32-4, 32-8 authentication 7-23 token bucket algorithm 32-9 authorization 7-27 communication, global 7-21, 7-29 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-30 OL-8915-03...
Page 947
B-17 uploading B-18 described 39-4 image files enabling 39-6 deleting old image response time, measuring with IP SLAs B-36 39-4 downloading B-34 preparing the server B-33 uploading B-36 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-31 OL-8915-03...
Page 948
34-17 split horizon routing protocol administrative distances 34-21 34-30 summary addresses 34-21 RSPAN support for characteristics 27-8 configuration guidelines 27-15 default configuration 27-9 defined 27-2 destination ports 27-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-32 OL-8915-03...
Page 949
Port Fast 17-10 secure ports, configuring 23-9 point-to-point links 17-10, 17-24 secure remote connections 7-37 root ports 17-10 Secure Shell root port, defined 17-9 See SSH See also MSTP Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-33 OL-8915-03...
Page 950
30-14 See SNMP enabling 30-14 small-frame arrival rate, configuring limiting access by TFTP servers 23-5 30-15 limiting system log messages to NMS 29-10 manager functions 1-3, 30-3 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-34 OL-8915-03...
Page 951
32-14 source-and-destination-IP address based forwarding, shaped mode 32-14 EtherChannel 33-7 shared mode 32-14 source-and-destination MAC address forwarding, support for EtherChannel 33-6 source-IP address based forwarding, EtherChannel 33-7 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-35 OL-8915-03...
Page 953
IEEE 802.1D and multicast addresses 16-8 described 18-8 IEEE 802.1t and VLAN identifier 16-4 enabling 18-15 inferior BPDU 16-3 root port, defined 16-3 instances supported 16-9 interface state, blocking to forwarding 18-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-37 OL-8915-03...
Page 954
Switched Port Analyzer synchronizing log messages 29-6 See SPAN syslog facility 1-10 switched ports time stamps, enabling and disabling 29-7 switchport block multicast command 23-8 switchport block unicast command 23-8 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-38 OL-8915-03...
Page 955
See TDR tagged packets time-range command 31-16 IEEE 802.1Q 15-3 time ranges in ACLs 31-16 Layer 2 protocol 15-8 time stamps in log messages 29-7 time zones 5-12 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-39 OL-8915-03...
Page 956
31-5 11-24, 11-25 fragmented IPv6 native VLAN for untagged traffic 37-2 11-23 unfragmented parallel 31-5 11-26 traffic policing pruning-eligible list 11-23 traffic suppression to non-DTP device 23-1 11-17 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-40 OL-8915-03...
Page 957
Layer 2 protocol tunneling 15-10 reasons for link-detection mechanism 26-1 using FTP B-15 neighbor database 26-2 using RCP B-18 overview 26-1 using TFTP B-12 resetting an interface 26-6 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-41 OL-8915-03...
Page 958
VLAN ID, discovering 5-27 creating in VLAN configuration mode 11-10 VLAN load balancing on flex links 19-2 customer numbering in service-provider configuration guidelines 19-5 networks 15-3 VLAN management domain 12-2 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-42 OL-8915-03...
Page 960
11-23 server mode, configuring 12-9 statistics 12-16 support for Token Ring support 12-4 transparent mode, configuring 12-12 using 12-1 version, guidelines 12-8 Version 1 12-4 Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide IN-44 OL-8915-03...