Cisco 6500 Series Software Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. 6500 - Catalyst Series 10 Gigabit EN Interface Module...
  6. Software configuration manual

Cisco 6500 Series Software Configuration Manual

Hide thumbs Also See for 6500 Series:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
Table of Contents

Advertisement

Quick Links

Download this manual See also: Troubleshooting Manual, Reference Manual
Catalyst 6500 Series Switch Cisco IOS
Software Configuration Guide—Release
12.1 E
Cisco IOS Release 12.1 E
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Customer Order Number: DOC-7814099=
Text Part Number: 78-14099-04

Advertisement

Table of Contents
loading

Related Manuals for Cisco 6500 Series

Summary of Contents for Cisco 6500 Series

  • Page 1 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E Cisco IOS Release 12.1 E Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Customer Order Number: DOC-7814099=...
  • Page 2 OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

  • Page 3: Table Of Contents

    Using the Setup Facility or the setup Command Using Configuration Mode Checking the Running Configuration Before Saving Saving the Running Configuration Settings Reviewing the Configuration Configuring a Default Gateway Configuring a Static Route Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 4 Supervisor Engine Redundancy Guidelines and Restrictions RPR+ Guidelines and Restrictions Hardware Configuration Guidelines and Restrictions Restrictions Configuration Mode Restrictions Configuring Supervisor Engine Redundancy Configuring RPR and RPR+ Synchronizing the Supervisor Engine Configurations Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 5 Configuring a LAN Port for Layer 2 Switching Configuring a Layer 2 Switching Port as a Trunk Configuring a LAN Interface as a Layer 2 Access Port Configuring a Custom IEEE 802.1Q EtherType Field Value Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 6 Configuring Private VLANs Configuring a VLAN as a Private VLAN Associating Secondary VLANs with a Primary VLAN Mapping Secondary VLANs to the Layer 3 VLAN Interface of a Primary VLAN Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 7 Configuring EtherChannel Load Balancing Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling C H A P T E R Understanding How 802.1Q Tunneling Works 802.1Q Tunneling Configuration Guidelines and Restrictions Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 8 Message Age and Hop Count Default STP Configuration STP and MST Configuration Guidelines Configuring STP Enabling STP Enabling the Extended System ID Configuring the Root Bridge Configuring a Secondary Root Bridge Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 9 C H A P T E R Understanding How Layer 3 Switching Works Understanding Hardware Layer 3 Switching on PFC2 and DFCs Understanding Layer 3-Switched Packet Rewrite Default Hardware Layer 3 Switching Configuration Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 10 Clearing IP Multicast Layer 3 Switching Statistics Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1 C H A P T E R Understanding How IP MLS Works IP MLS Overview Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 11 Enabling IPX MLS Globally Enabling IPX MLS on a Layer 3 Interface Configuring the MLS Aging Time Configuring the Minimum IPX MLS Flow Mask Displaying IPX MLS Information Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 12 C H A P T E R ACL Configuration Guidelines Hardware and Software ACL Support Guidelines and Restrictions for Using Layer 4 Operators in ACLs Determining Layer 4 Operation Usage Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 13 Authentication Initiation and Message Exchange Ports in Authorized and Unauthorized States Supported Topologies Default 802.1X Port-Based Authentication Configuration 802.1X Port-Based Authentication Guidelines and Restrictions Configuring 802.1X Port-Based Authentication Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 14 Default Traffic Storm Control Configuration Enabling Traffic Storm Control Displaying Traffic Storm Control Settings Configuring Broadcast Suppression C H A P T E R Understanding How Broadcast Suppression Works Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 15 Configuring the Trust State of Ethernet LAN and OSM Ingress Ports Configuring the Ingress LAN Port CoS Value Configuring Standard-Queue Drop Threshold Percentages Mapping CoS Values to Drop Thresholds Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 16 C H A P T E R Understanding How Local SPAN and RSPAN Work Local SPAN and RSPAN Overview Local SPAN and RSPAN Sessions Monitored Traffic SPAN Sources Destination Ports Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 17 Running a Reverse Proxy Service Example Registering a Router to a Multicast Address Example Using Access Lists Example Setting a Password for a Router and Cache Engines Example Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 18 Using the CLI to Power Cycle Modules Determining System Power Requirements Understanding How Environmental Monitoring Works Using CLI Commands to Monitor System Environmental Status Understanding LED Environmental Indications Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 19 Contents Acronyms A P P E N D I X I N D E X Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 20 Contents Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 21 Preface This preface describes who should read the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, how it is organized, and its document conventions. Audience This guide is for experienced network administrators who are responsible for configuring and maintaining Catalyst 6500 series switches.
  • Page 22 (CDP). Chapter 32 Configuring UDLD Describes how to configure the UniDirectional Link Detection (UDLD) protocol. Chapter 31 Configuring PFC QoS Describes how to configure quality of service (QoS). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 23: Related Documentation

    • Catalyst 6500 Series Switch Cisco IOS System Message Guide • Release Notes for Cisco IOS Release 12.1 E on the Catalyst 6500 and Cisco 7600 • Supervisor Engine and MSFC Cisco IOS Configuration Guides and Command References—Use these publications to help you •...
  • Page 24 Internetwork Design Guide – Internetwork Troubleshooting Guide – Configuration Builder Getting Started Guide – The Cisco IOS Configuration Guides and Command References are located at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm For information about MIBs, go to this URL: • http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml Conventions This document uses the following conventions:...

  • Page 25: Obtaining Documentation And Submitting A Service Request

    Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
  • Page 26 Preface Obtaining Documentation and Submitting a Service Request Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 27: Product Overview

    Except for VLANs, Layer 2 and Layer 3 configuration is stored in a standard IOS configuration file • Refer to the Release Notes for Cisco IOS Release 12.1 E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC publication for complete information about the chassis, modules, and software features supported by the Catalyst 6500 series switches: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/ol_2310.htm...

  • Page 28: Configuring Embedded Ciscoview Support

    Configures the SNMP password for read/write operation. Router(config)# snmp-server community string rw Note The default password for accessing the switch web page is the enable-level password of the switch. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 29: Displaying Embedded Ciscoview Information

    Chapter 1 Product Overview Configuring Embedded CiscoView Support For more information about web access to the switch, refer to “Using the Cisco Web Browser” in the IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/fcprt1/fcd105.htm Displaying Embedded CiscoView Information To display the Embedded CiscoView information, enter the following EXEC commands:...
  • Page 30 Chapter 1 Product Overview Configuring Embedded CiscoView Support Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 31: Accessing The Cli

    C H A P T E R Command-Line Interfaces This chapter describes the command-line interfaces (CLIs) you use to configure the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the Release 12.1...

  • Page 32: Accessing The Cli Through Telnet

    Router# Return. Step 3 Initiates enable mode enable. Router> enable Step 4 Completes enable mode enable. Password: password Router# Step 5 Exits the session when finished. Router# quit Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 33: Performing History Substitution

    The history buffer stores the last 20 commands you entered. History substitution allows you to access these commands without retyping them, by using special abbreviated commands. Table 2-2 lists the history substitution commands. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 34: Cisco Ios Command Modes

    Reference publication at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. To get a list of the commands in a given mode, type a question mark (?) at the system prompt.

  • Page 35: Displaying A List Of Cisco Ios Commands And Syntax

    The Cisco IOS command interpreter, called the EXEC, interprets and executes the commands you enter. You can abbreviate commands and keywords by entering just enough characters to make the command unique from other commands. For example, you can abbreviate the show command to sh and the configure terminal command to config t.

  • Page 36: Rom-Monitor Command-Line Interface

    Once you are in ROM-monitor mode, the prompt changes to rommon 1>. Enter a question mark (?) to see the available ROM-monitor commands. For more information about the ROM-monitor commands, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.

  • Page 37: Configuring The Switch For The First Time

    C H A P T E R Configuring the Switch for the First Time This chapter contains information about how to initially configure the Catalyst 6500 series switch, which supplements the administration information and procedures in these publications: Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.1, at this URL: •...

  • Page 38: Configuring The Switch

    You can run the setup facility by entering the setup command at the enable prompt (#). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 39: Configuring The Global Parameters

    Step 1 to the user EXEC prompt ( Router> The following display appears after you boot the Catalyst 6500 series switch (depending on your configuration, your display might not exactly match the example): System Bootstrap, Version 6.1(2) Copyright (c) 1994-2000 by cisco Systems, Inc.
  • Page 40 The first two sections of the configuration script (the banner and the installed hardware) appear only at initial system startup. On subsequent uses of the setup command facility, the setup script begins with the following System Configuration Dialog. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 41 This example of a yes response (displayed during the setup command facility) shows a switch with some interfaces already configured: Current interface summary Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES TFTP administratively down down Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 42 The enable and enable secret passwords need to be different for effective security. You can enter the same password for both enable and enable secret during the setup script, but you receive a warning message indicating that you should enter a different password. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 43 5 $1$S3Lx$uiTYg2UrFK1U0dgWdjvxw. enable password lab line vty 0 4 password lab no snmp-server ip routing eigrp 301 interface Vlan1 shutdown no ip address interface GigabitEthernet1/1 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 44 Class B network is 172.20.0.0, 29 subnet bits; mask is /29 Repeat this step for each interface you need to configure. Proceed to Step 3 to check and verify your configuration parameters. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 45 48 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 381K bytes of non-volatile configuration memory. 16384K bytes of Flash internal SIMM (Sector size 512K). Configuration register is 0x2102 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 46: Using Configuration Mode

    Chapter 3 Configuring the Switch for the First Time Configuring the Switch For detailed interface configuration information, refer to the Cisco IOS Interface Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/inter_c/index.htm Using Configuration Mode If you prefer not to use the setup facility, you can configure the switch from configuration mode as follows: Connect a console terminal to the console interface of your supervisor engine.

  • Page 47: Saving The Running Configuration Settings

    Reviewing the Configuration To display information stored in NVRAM, enter the show startup-config EXEC command. The display should be similar to the display from the show running-config EXEC command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-11 78-14099-04...

  • Page 48: Configuring A Default Gateway

    171.10.5.10 on the switch with a subnet mask and IP address 172.20.3.35 of the forwarding router: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip route 171.10.5.10 255.255.255.255 172.20.3.35 Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-12 78-14099-04...
  • Page 49 0 transport input none line vty 0 4 exec-timeout 0 0 password lab login transport input lat pad dsipcon mop telnet rlogin udptn nasi Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-13 78-14099-04...

  • Page 50: Configuring A Bootp Server

    -- time offset (seconds) ts -- time servers <information deleted> ######################################################################### # Start of individual host entries ######################################################################### Router: tc=netcisco0: ha=0000.0ca7.ce00: ip=172.31.7.97: dross: tc=netcisco0: ha=00000c000139: ip=172.31.7.26: <information deleted> Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-14 78-14099-04...

  • Page 51: Protecting Access To Privileged Exec Commands

    Router(config)# enable secret [level level] {password | encryption-type encrypted-password} encryption method. (If enable password and enable secret commands are both set, users must enter the enable secret password.) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-15 78-14099-04...

  • Page 52: Setting Or Changing A Line Password

    To set the TACACS+ protocol to determine whether or not a user can access privileged EXEC mode, perform this task: Command Purpose Sets the TACACS-style user ID and password-checking Router(config)# enable use-tacacs mechanism for the privileged EXEC mode. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-16 78-14099-04...

  • Page 53: Encrypting Passwords

    3-19. Configuring Multiple Privilege Levels By default, the Cisco IOS software has two modes of password security: user EXEC mode and privileged EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring multiple passwords, you can allow different sets of users to have access to specified commands.
  • Page 54 Logging In to a Privilege Level To log in at a specified privilege level, perform this task: Command Purpose Logs into a specified privilege level. Router# enable level Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-18 78-14099-04...

  • Page 55: Recovering A Lost Enable Password

    For example, in ProComm, the Alt-B keys generate the Break signal. In a Windows terminal session, you press the Break or Ctrl and Break keys simultaneously. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-19...

  • Page 56: Modifying The Supervisor Engine Startup Configuration

    ROM-monitor mode. Note The Break key is always enabled for 60 seconds after rebooting, regardless of whether the configuration-register setting has the Break key disabled. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-20 78-14099-04...

  • Page 57: Configuring The Software Configuration Register

    3-3) 0x0040 Causes system software to ignore NVRAM contents 0x0080 bit enabled 0x0100 Break disabled 0x0200 Use secondary bootstrap 0x0400 Internet Protocol (IP) broadcast with all zeros Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-21 78-14099-04...
  • Page 58 0 or slot 1 on the supervisor engine. If you set the boot field to any bit pattern other than 0 or 1, the system uses the resulting number to form a filename for booting over the network. You must set the boot field for the boot functions you require. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-22 78-14099-04...
  • Page 59 Step 5 Reboots to make your changes take effect. Router# reload To modify the configuration register while the switch is running Cisco IOS, follow these steps: Step 1 Enter the enable command and your password to enter privileged level as follows: Router>...

  • Page 60: Specifying The Startup System Image

    Security Features, page 3-25 • Flash Memory Configuration Process, page 3-25 The descriptions in the following sections applies to both the bootflash device and to removable Flash Note memory cards. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-24 78-14099-04...

  • Page 61: Bootldr Environment Variable

    Flash Memory Configuration Process To configure your switch to boot from Flash memory, follow these steps: Copy a system image to Flash memory using TFTP or rcp (refer to the Cisco IOS Configuration Step 1 Fundamentals Configuration Guide, Release 12.1, “Cisco IOS File Management,” “Loading and Maintaining System Images,”...

  • Page 62: Config_File Environment Variable

    For Class A Flash file systems, the CONFIG_FILE environment variable specifies the file system and filename of the configuration file to use for initialization (startup). Valid file systems can include nvram:, slot0:, and sup-bootflash:. For detailed file management configuration information, refer to the Cisco IOS Configuration Fundamentals Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/fun_c/index.htm...
  • Page 63 Router (config)# end Router# copy system:running-config nvram:startup-config [ok] Router# show bootvar BOOT variable = sup-bootflash:c6sup-js-mz.120-7.XE.bin,1; CONFIG_FILE variable does not exist BOOTLDR variable = bootflash:c6msfc-boot-mz.120-7.XE.bin Configuration register is 0x0 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-27 78-14099-04...
  • Page 64 Chapter 3 Configuring the Switch for the First Time Modifying the Supervisor Engine Startup Configuration Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 3-28 78-14099-04...

  • Page 65: Chapter 4 Configuring Ehsa Supervisor Engine Redundancy

    C H A P T E R Configuring EHSA Supervisor Engine Redundancy With 12.1 E releases earlier than Release 12.1(13)E, the Catalyst 6500 series switch supports dual supervisor engines with EHSA. EHSA is not supported in Release 12.1(13)E and later releases (see Chapter 5, “Configuring RPR and...

  • Page 66: Supervisor Engine Redundancy Requirements

    Make a separate console connection to each supervisor engine. Do not connect a “Y” cable to the console ports. Both supervisor engines must have the same system image (see the “Copying Files to the Redundant • Supervisor Engine” section on page 4-4). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 67: Synchronizing The Supervisor Engine Configurations

    Router(config)# redundancy Router(config-r)# main-cpu Router(config-r-mc)# auto-sync standard Router(config-r-mc)# auto-sync bootvar Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 68: Displaying The Supervisor Engine Redundancy

    Copying Files to the Redundant Supervisor Engine Use the following command to copy a file to the slot0: device on a redundant supervisor engine: Router# copy source_device:source_filename slaveslot0:target_filename Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 69 Use the following command to copy a file to the bootflash: device on a redundant supervisor engine: Router# copy source_device:source_filename slavesup-bootflash:target_filename Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 70 Chapter 4 Configuring EHSA Supervisor Engine Redundancy Supervisor Engine Redundant Operation Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 71: Configuring Rpr And Rpr

    • Supervisor Engine Redundancy Overview Catalyst 6500 series switches support fault resistance by allowing a redundant supervisor engine to take over if the primary supervisor engine fails. RPR supports a switchover time of 2 to 4 minutes and RPR+ supports a switchover time of 30 to 60 seconds.

  • Page 72: Rpr Operation

    Card (MSFC or MSFC2) and Policy Feature Card (PFC or PFC2) become fully operational. The MSFC and PFC on the redundant supervisor engine come out of reset but are not operational. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 73: Supervisor Engine Synchronization

    You cannot enter CLI commands on the redundant supervisor engine. Synchronization of the startup configuration file is enabled by default in RPR+ mode. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 74: Supervisor Engine Redundancy Guidelines And Restrictions

    • With RPR+, both supervisor engines must run the same version of Cisco IOS software. If the supervisor engines are not running the same version of Cisco IOS software, the redundant supervisor engine comes online in RPR mode.

  • Page 75: Hardware Configuration Guidelines And Restrictions

    • not enter the vtp file file_name command on a switch that has a redundant supervisor engine. Cisco IOS running on the supervisor engine and the MSFC supports redundant configurations where • the supervisor engines and MSFC routers are identical. If they are not identical, one will boot first and become active and hold the other supervisor engine and MSFC in a reset condition.

  • Page 76: Configuration Mode Restrictions

    Redundancy Mode (Operational) = Route Processor Redundancy Plus Redundancy Mode (Configured) = Route Processor Redundancy Plus Split Mode = Disabled Manual Swact = Disabled Reason: Simplex mode Communications = Down Reason: Simplex mode Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 77: Synchronizing The Supervisor Engine Configurations

    This example shows how to disable default automatic synchronization and only allow automatic synchronization of the config-registers of the active supervisor engine to the redundant supervisor engine while disallowing synchronization of the startup configuration: Router(config)# redundancy Router(config-red)# main-cpu Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 78: Displaying The Redundancy States

    Reason: Simplex mode client count = 11 client_notification_TMR = 30000 milliseconds keep_alive TMR = 9000 milliseconds keep_alive count = 0 keep_alive threshold = 18 RF debug mask = 0x0 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 79: Performing A Fast Software Upgrade

    Performing a Fast Software Upgrade Performing a Fast Software Upgrade The fast software upgrade (FSU) procedure supported by RPR allows you to upgrade the Cisco IOS image on the supervisor engines without reloading the system. If you are performing a first-time upgrade to RPR from EHSA, you must reload both supervisor engines.

  • Page 80: Copying Files To An Msfc

    Use the following command to copy a file to the bootflash: device on an active MSFC: Router# copy source_device:source_filename bootflash:target_filename Use the following command to copy a file to the bootflash: device on a redundant MSFC: Router# copy source_device:source_filename slavebootflash:target_filename Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 5-10 78-14099-04...

  • Page 81: Understanding Interface Configuration

    – For WAN interfaces, refer to the configuration note for the WAN module. Note Slot number—The slot in which the module is installed. On the Catalyst 6500 series switch, slots • are numbered starting with 1, from top to bottom.

  • Page 82: Using The Interface Command

    Configuring Interfaces Using the Interface Command Port number—The physical port number on the module. On the Catalyst 6500 series switch, the port • numbers always begin with 1. When facing the rear of the switch, ports are numbered from the left to the right.
  • Page 83 Ctrl-Z to get out of interface configuration mode and return to privileged EXEC mode. Step 7 After you configure an interface, check its status by using the EXEC show commands listed in “Monitoring and Maintaining Interfaces” section on page 6-17. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 84: Configuring A Range Of Interfaces

    With releases earlier than Release 12.1(14)E, you cannot use the no keyword with the range keyword to delete VLAN interfaces. With Release 12.1(14)E and later releases, you can use the interface range command to create • VLAN interfaces. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 85 6 08:29:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 3, changed state to up *Oct 6 08:29:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet5/ 4, changed state to up Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 86: Defining And Using Interface-Range Macros

    This example shows how to change to the interface-range configuration mode using the interface-range macro enet_list: Router(config)# interface range macro enet_list Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 87: Configuring Optional Interface Features

    You usually configure Ethernet port speed and duplex mode parameters to auto and allow the Catalyst 6500 series switch to negotiate the speed and duplex mode between ports. If you decide to configure the port speed and duplex modes manually, consider the following information: If you set the Ethernet port speed to auto, the switch automatically sets the duplex mode to auto.
  • Page 88 Link negotiation does not negotiate port speed. Note On Gigabit Ethernet ports, link negotiation exchanges flow-control parameters, remote fault information, and duplex information. Link negotiation is enabled by default. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 89 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:33, output never, output hang never Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 90: Configuring Jumbo Frame Support

    Understanding Jumbo Frame Support These sections describe jumbo frame support: Jumbo Frame Support Overview, page 6-11 • Ethernet Ports, page 6-12 • VLAN Interfaces, page 6-13 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-10 78-14099-04...
  • Page 91 64 bytes. With a nondefault MTU size configured, 10, 10/100, and 100 Mbps Ethernet LAN ports do not check for oversize egress frames. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-11...
  • Page 92 On a Layer 2 port, you can only configure an MTU size that matches the global LAN port MTU size (see “Configuring the Global LAN Port MTU Size” section on page 6-14). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-12 78-14099-04...
  • Page 93 “Configuring the Global LAN Port MTU Size” section on page 6-14). For Layer 2 Ethernet ports with earlier releases, the only supported MTU size is 9216 bytes. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-13 78-14099-04...

  • Page 94: Configuring Ieee 802.3Z Flow Control

    Configuring IEEE 802.3Z Flow Control Gigabit Ethernet and 10-Gigabit Ethernet ports on the Catalyst 6500 series switches use flow control to stop the transmission of frames to the port for a specified time; other Ethernet ports use flow control to respond to flow-control requests.

  • Page 95: Configuring The Port Debounce Timer

    300 milliseconds 3100 milliseconds 10/100BASE-TX ports 300 milliseconds 3100 milliseconds 100BASE-FX ports 300 milliseconds 3100 milliseconds 10/100/1000BASE-TX ports 300 milliseconds 3100 milliseconds 1000BASE-TX ports 300 milliseconds 3100 milliseconds Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-15 78-14099-04...

  • Page 96: Adding A Description For An Interface

    To add a description for an interface, perform this task: Command Purpose Adds a description for an interface. Router(config-if)# description string Deletes a description from an interface. Router(config-if)# no description Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-16 78-14099-04...

  • Page 97: Understanding Online Insertion And Removal

    LEDs before continuing. For module LED descriptions, refer to the Catalyst 6500 Series Switch Installation Guide. When a module has been removed or installed, the Catalyst 6500 series switch stops processing traffic for the module and scans the system for a configuration change. Each interface type is verified against the system configuration, and then the system runs diagnostics on the new module.

  • Page 98: Clearing Counters On An Interface

    The clear counters command clears all the current counters from the interface unless the optional arguments specify a specific interface. The clear counters command clears counters displayed with the EXEC show interfaces command, not Note counters retrieved using SNMP. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-18 78-14099-04...

  • Page 99: Resetting An Interface

    To check if an interface is disabled, enter the EXEC show interfaces command. An interface that has been shut down is shown as administratively down in the show interfaces command display. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-19...
  • Page 100 Chapter 6 Configuring Interfaces Monitoring and Maintaining Interfaces Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 6-20 78-14099-04...

  • Page 101: Understanding How Layer 2 Switching Works

    This chapter describes how to use the command-line interface (CLI) to configure Ethernet, Fast Ethernet, Gigabit Ethernet, and 10-Gigabit Ethernet LAN ports for Layer 2 switching on the Catalyst 6500 series switches. The configuration tasks in this chapter apply to LAN ports on LAN switching modules and to the LAN ports on the supervisor engine.

  • Page 102: Understanding Vlan Trunks

    2-Gbps effective bandwidth. Switching Frames Between Segments Each LAN port on a Catalyst 6500 series switch can connect to a single workstation or server, or to a hub through which workstations or servers connect to the network.

  • Page 103: Trunking Overview

    To autonegotiate trunking, the LAN ports must be in the same VTP domain. Use the trunk or nonegotiate keywords to force LAN ports in different domains to trunk. For more information on VTP domains, see Chapter 8, “Configuring VTP.” Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 104: Layer 2 Lan Port Modes

    Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 105: Default Layer 2 Lan Interface Configuration

    19 for 10/100-Mbps Fast Ethernet LAN ports • 19 for 100-Mbps Fast Ethernet LAN ports • 4 for 1,000-Mbps Gigabit Ethernet LAN ports • 2 for 10,000-Mbps 10-Gigabit Ethernet LAN • ports Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 106: Layer 2 Lan Interface Configuration Guidelines And Restrictions

    BPDUs on each VLAN allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1d spanning tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).

  • Page 107: Configuring Lan Interfaces For Layer 2 Switching

    Configuring LAN Interfaces for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching These sections describe how to configure Layer 2 switching on the Catalyst 6500 series switches: Configuring a LAN Port for Layer 2 Switching, page 7-7 •...

  • Page 108: Configuring A Layer 2 Switching Port As A Trunk

    (required only if the LAN port is not already configured for Layer 2 switching; see the “Configuring a LAN Port for Layer 2 Switching” section on page 7-7). type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 109 Table 7-2 on page 7-4 for information about trunking modes. • Note Complete the steps in the “Completing Trunk Configuration” section on page 7-13 after performing the tasks in this section. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 110 Complete the steps in the “Preparing a Layer 2 Switching Port for Configuration as a Trunk” section on Note page 7-8 before performing the tasks in this section. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-10 78-14099-04...
  • Page 111 Complete the steps in the “Preparing a Layer 2 Switching Port for Configuration as a Trunk” section on page 7-8 before performing the tasks in this section. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-11 78-14099-04...
  • Page 112 With Release 12.1(11b)E or later, you can remove VLAN 1. If you remove VLAN 1 from a trunk, • the trunk interface continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), and DTP in VLAN 1.
  • Page 113 The default list of VLANs allowed to be pruned contains all VLANs. • Network devices in VTP transparent mode do not send VTP Join messages. On Catalyst 6500 series • switches with trunk connections to network devices in VTP transparent mode, configure the VLANs used by the transparent-mode network devices or that need to be carried across the transparent-mode network devices as pruning ineligible.

  • Page 114: Configuring A Lan Interface As A Layer 2 Access Port

    Selects the LAN port to configure. Router(config)# interface type slot/port Step 2 (Optional) Shuts down the interface to prevent traffic flow Router(config-if)# shutdown until configuration is complete. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-14 78-14099-04...
  • Page 115 This example shows how to verify the configuration: Router# show running-config interface fastethernet 5/6 Building configuration... Current configuration: interface FastEthernet5/6 no ip address switchport access vlan 200 switchport mode access Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-15 78-14099-04...

  • Page 116: Configuring A Custom Ieee 802.1Q Ethertype Field Value

    VLAN. If you misconfigure a custom EtherType field value, frames might be placed into the wrong VLAN. You can configure a custom EtherType field value on these modules: • Supervisor engines – WS-X6516A-GBIC – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-16 78-14099-04...
  • Page 117 You cannot form an EtherChannel from ports that are configured with custom EtherType field • values. This example shows how to configure the EtherType field value to 0x1234: Router (config-if)# switchport dot1q ethertype 1234 Router (config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-17 78-14099-04...
  • Page 118 Chapter 7 Configuring LAN Ports for Layer 2 Switching Configuring LAN Interfaces for Layer 2 Switching Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 7-18 78-14099-04...

  • Page 119: Configuring Vtp

    C H A P T E R Configuring VTP This chapter describes how to configure the VLAN Trunking Protocol (VTP) on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.

  • Page 120: Understanding The Vtp Domain

    (CLI) or Simple Network Management Protocol (SNMP). By default, the Catalyst 6500 series switch is in VTP server mode and is in the no-management domain state until the switch receives an advertisement for a domain over a trunk link or you configure a management domain.

  • Page 121: Understanding Vtp Version 2

    For VTP pruning to be effective, all devices in the management domain must support VTP pruning. On devices that do not support VTP pruning, you must manually configure the VLANs allowed on trunks. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 122 Switch 1. Switch 1 floods the broadcast, and every network device in the network receives it, even though Switches 3, 5, and 6 have no ports in the Red VLAN. You enable pruning globally on the Catalyst 6500 series switch (see the “Enabling VTP Pruning” section on page 8-7).

  • Page 123: Vtp Default Configuration

    2-capable network devices in the domain enable VTP version 2. In a Token Ring environment, you must enable VTP version 2 for Token Ring VLAN switching to • function properly. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 124: Configuring Vtp Global Parameters

    If there is insufficient DRAM available for use by VTP, the VTP mode changes to transparent. • Network devices in VTP transparent mode do not send VTP Join messages. On Catalyst 6500 series • switches with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible.

  • Page 125: Enabling Vtp Pruning

    Every network device in the VTP domain must use the same VTP version. Do not enable VTP version 2 unless every network device in the VTP domain supports version 2. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 126: Configuring The Vtp Mode

    VTP server in the domain. You cannot clear the domain name. Note Step 3 Exits VLAN configuration mode. Router(config)# end Step 4 Verifies the configuration. Router# show vtp status Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 127 Configuration last modified by 127.0.0.12 at 8-7-02 11:21:43 Router# This example shows how to disable VTP on the switch: Router# configure terminal Router(config)# vtp mode transparent Setting device to VTP TRANSPARENT mode. Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 128: Displaying Vtp Statistics

    Number of config digest errors Number of V1 summary errors VTP pruning statistics: Trunk Join Transmitted Join Received Summary advts received from non-pruning-capable device ---------------- ---------------- ---------------- --------------------------- Fa5/8 43071 42766 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 8-10 78-14099-04...

  • Page 129: Configuring Vlans

    C H A P T E R Configuring VLANs This chapter describes how to configure VLANs on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.

  • Page 130: Vlan Ranges

    15-3). With Release 12.1(13)E and later releases, Catalyst 6500 series switches support 4096 VLANs in accordance with the IEEE 802.1Q standard. These VLANs are organized into several ranges; you use each range slightly differently. Some of these VLANs are propagated to other switches in the network when you use the VLAN Trunking Protocol (VTP).

  • Page 131: Configurable Vlan Parameters

    • Catalyst 6500 series switches do not support Inter-Switch Link (ISL)-encapsulated Token Ring frames. Note When a Catalyst 6500 series switch is configured as a VTP server, you can configure Token Ring VLANs from the switch. Token Ring TrBRF VLANs...
  • Page 132 Ring Ring For source routing, the Catalyst 6500 series switch appears as a single bridge between the logical rings. The TrBRF can function as a source-route bridge (SRB) or a source-route transparent (SRT) bridge running either the IBM or IEEE STP. If an SRB is used, you can define duplicate MAC addresses on different logical rings.
  • Page 133 TrCRFs through the backup TrCRF. When the ISL connection is reestablished, all but one port in the backup TrCRF is disabled. Figure 9-4 illustrates the backup TrCRF. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 134: Vlan Default Configuration

    Default Range VLAN ID 1002 1–1005 VLAN name “fddi-default” — 802.10 SAID 101002 1–4294967294 MTU size 1500 1500–18190 Ring number 1–4095 Parent VLAN 0–1005 Translational bridge 1 0–1005 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 135 VLAN state active active, suspend Table 9-6 Token Ring (TrBRF) VLAN Defaults and Ranges Parameter Default Range VLAN ID 1005 1–1005 VLAN name “trnet-default” — 802.10 SAID 101005 1–4294967294 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...

  • Page 136: Vlan Configuration Guidelines And Restrictions

    Before installing a redundant supervisor engine, enter the no vtp file command to return to the • default configuration. Before you can create a VLAN, the Catalyst 6500 series switch must be in VTP server mode or VTP • transparent mode. For information on configuring VTP, see Chapter 8, “Configuring VTP.”...

  • Page 137: Vlan Configuration Options

    Chapter 9 Configuring VLANs Configuring VLANs When a Catalyst 6500 series switch is configured as a VTP server, you can configure FDDI and • Token Ring VLANs from the switch. • You must configure a TrBRF before you configure the TrCRF (the parent TrBRF VLAN you specify must exist).

  • Page 138: Creating Or Modifying An Ethernet Vlan

    Router(config-vlan)# end Updates the VLAN database and returns to privileged EXEC mode. Router(vlan)# exit Step 4 Router# show vlan [id | name] vlan Verifies the VLAN configuration. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-10 78-14099-04...
  • Page 139 ---- -------------------------------- --------- --------------------- VLAN0003 active VLAN Type SAID Parent RingNo BridgeNo Stp Trans1 Trans2 ---- ----- ---------- ----- ------ ------ -------- ---- ------ ------ enet 100003 1500 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-11 78-14099-04...

  • Page 140: Assigning A Layer 2 Lan Interface To A Vlan

    The valid range of user-configurable ISL VLANs is 1 through 1001 and 1006 through 4094. The valid range of VLANs specified in the IEEE 802.1Q standard is 1 to 4094. You can map 802.1Q VLAN numbers to ISL VLAN numbers. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-12 78-14099-04...
  • Page 141 ISL VLAN is blocked. For example, if you map 802.1Q VLAN 1007 to ISL VLAN 200, traffic on 802.1Q VLAN 200 is blocked. VLAN mappings are local to each Catalyst 6500 series switch. Make sure you configure the same •...
  • Page 142 Chapter 9 Configuring VLANs Configuring VLANs Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 9-14 78-14099-04...

  • Page 143: Chapter 10 Configuring Private Vlans

    C H A P T E R Configuring Private VLANs This chapter describes how to configure private VLANs on the Catalyst 6500 series switches. Release 12.1 E supports private VLANs with Release 12.1(11b)E and later. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.

  • Page 144: Private Vlan Configuration Restrictions And Guidelines

    Configure Layer 3 VLAN interfaces only for primary VLANs. Layer 3 VLAN interfaces for isolated • and community VLANs are inactive while the VLAN is configured as an isolated or community VLAN. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-2 78-14099-04...
  • Page 145 Private VLAN ports can be on different network devices as long as the devices are trunk connected • and the primary and secondary VLANs have not been removed from the trunk. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-3 78-14099-04...
  • Page 146 You cannot apply VACLs to secondary VLANs (see the “Configuring VLAN ACLs” section on • page 23-8). To apply Cisco IOS output ACLs to all outgoing private VLAN traffic, configure them on the Layer • 3 VLAN interface of the primary VLAN (see Chapter 23, “Configuring Network Security”).

  • Page 147: Configuring A Vlan As A Private Vlan

    This example shows how to configure VLAN 202 as a primary VLAN and verify the configuration: Router# configure terminal Router(config)# vlan 202 Router(config-vlan)# private-vlan primary Router(config-vlan)# end Router# show vlan private-vlan Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-5 78-14099-04...

  • Page 148: Associating Secondary Vlans With A Primary Vlan

    The secondary_vlan_list parameter can contain only one isolated VLAN ID. • Enter a secondary_vlan_list or use the add keyword with a secondary_vlan_list to associate • secondary VLANs with a primary VLAN. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-6 78-14099-04...

  • Page 149: Mapping Secondary Vlans To The Layer 3 Vlan Interface Of A Primary Vlan

    The secondary_vlan_list parameter cannot contain spaces. It can contain multiple comma-separated • items. Each item can be a single private VLAN ID or a hyphenated range of private VLAN IDs. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-7 78-14099-04...

  • Page 150: Configuring A Layer 2 Interface As A Private Vlan Host Port

    Router(config-if)# no switchport private-vlan host-association Step 5 Exits configuration mode. Router(config-if)# end Step 6 Verifies the configuration. Router# show interfaces [type slot/port] switchport type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-8 78-14099-04...

  • Page 151: Configuring A Layer 2 Interface As A Private Vlan Promiscuous Port

    VLANs. Step 5 Exits configuration mode. Router(config-if)# end Step 6 Verifies the configuration. Router# show interfaces [type slot/port] switchport type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-9 78-14099-04...
  • Page 152 Administrative private-vlan host-association: none ((Inactive)) Administrative private-vlan mapping: 202 (VLAN0202) 303 (VLAN0303) 440 (VLAN0440) Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 10-10 78-14099-04...

  • Page 153: Configuring Cisco Ip Phone Support

    C H A P T E R Configuring Cisco IP Phone Support This chapter describes how to configure support for Cisco IP Phones on the Catalyst 6500 series switches. Release 12.1(13)E and later releases support Cisco IP Phones. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication for this release.

  • Page 154: Cisco Ip Phone Voice Traffic

    The Cisco IP Phone transmits voice traffic with Layer 3 IP precedence and Layer 2 CoS values, which are both set to 5 by default. The sound quality of a Cisco IP Phone call can deteriorate if the voice traffic is transmitted unevenly.

  • Page 155: Cisco Ip Phone Data Traffic

    Untrusted mode—All traffic in 802.1Q or 802.1p frames received through the access port on the • Cisco IP Phone is marked with a configured Layer 2 CoS value. The default Layer 2 CoS value is 0. Untrusted mode is the default.

  • Page 156: Default Cisco Ip Phone Support Configuration

    Cisco IP Phones may have different power requirements. The supervisor engine initially allocates the configured default of 7 W (167 mA at 42V) to the Cisco IP Phone. When the correct amount of power is determined from the CDPv2 messaging with the Cisco IP Phone, the supervisor engine reduces or increases the allocated power.

  • Page 157: Configuring Cisco Ip Phone Support

    – – If the Cisco IP Phone uses 802.1Q frames and the voice VLAN is the same as the access VLAN • The Cisco IP Phone and a device attached to the Cisco IP Phone cannot communicate if they are in the same VLAN and subnet but use different frame types, because traffic between devices in the same subnet is not routed (routing would eliminate the frame type difference).
  • Page 158 When configuring the way in which the Cisco IP Phone transmits voice traffic, note the following syntax information: Enter a voice VLAN ID to send CDPv2 packets that configure the Cisco IP Phone to transmit voice • traffic in 802.1Q frames, tagged with the voice VLAN ID and a Layer 2 CoS value (the default is 5).

  • Page 159: Configuring Data Traffic Support

    To send CDPv2 packets that configure the Cisco IP Phone to trust tagged traffic received from a • device connected to the access port on the Cisco IP Phone, do not enter the cos keyword and CoS value. To send CDPv2 packets that configure the Cisco IP Phone to mark tagged ingress traffic received •...

  • Page 160: Configuring Inline Power Support

    [fastethernet slot/port] When configuring inline power support, note the following syntax information: • To configure auto-detection of a Cisco IP Phone, enter the auto keyword. To disable auto-detection of a Cisco IP Phone, enter the never keyword. • This example shows how to disable inline power on Fast Ethernet port 5/1:...

  • Page 161: Chapter 12 Configuring Layer 3 Interfaces

    C H A P T E R Configuring Layer 3 Interfaces This chapter contains information about how to configure Layer 3 interfaces on the Catalyst 6500 series switches, which supplements the information and procedures in the Release 12.1 publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm...

  • Page 162: Configuring Ip Routing And Addresses

    Chapter 9, “Configuring VLANs” Chapter 8, “Configuring VTP.” Catalyst 6500 series switches support Layer 3 trunks only on the 4-port Gigabit Ethernet WAN • modulea (OSM-4GE-WAN and OSM-2+4GE-WAN+). You cannot configure subinterfaces or use the encapsulation keyword on LAN ports. Catalyst 6500 series switches support Layer 2 trunks and Layer 3 VLAN interfaces, which provide equivalent capabilities for LAN ports.
  • Page 163 The Multilayer Switch Feature Card 2 (MSFC2) provides processing in software for route-map sequences that use the match length and set interface keywords. To configure PBR, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1, “Classification,” “Configuring Policy-Based Routing,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcprt1/qcdpbr.htm...
  • Page 164 TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 12-4 78-14099-04...
  • Page 165 Fast Ethernet port 5/4: Router# show running-config interfaces fastethernet 5/4 Building configuration... Current configuration: interface FastEthernet5/4 description "Router port" ip address 172.20.52.106 255.255.255.248 no ip directed-broadcast Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 12-5 78-14099-04...

  • Page 166: Configuring Ipx Routing And Network Numbers

    Configuring IPX Routing and Network Numbers Configuring IPX Routing and Network Numbers For complete information and procedures, refer to these publications: Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: • http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: •...

  • Page 167: Configuring Appletalk Routing, Cable Ranges, And Zones

    Configuring AppleTalk Routing, Cable Ranges, and Zones Configuring AppleTalk Routing, Cable Ranges, and Zones For complete information and procedures, refer to these publications: Cisco IOS AppleTalk and Novell IPX Configuration Guide, Release 12.1, at this URL: • http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/atipx_c/index.htm Cisco IOS AppleTalk and Novell IPX Command Reference, Release 12.1, at this URL: •...

  • Page 168: Configuring Other Protocols On Layer 3 Interfaces

    Configuring Other Protocols on Layer 3 Interfaces Configuring Other Protocols on Layer 3 Interfaces Refer to these publications for information about configuring other protocols on Layer 3 interfaces: Cisco IOS Apollo Domain, VINES, DECnet, ISO CLNS, and XNS Configuration Guide, • Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/apollo_c/index.htm...

  • Page 169: Configuring Etherchannels

    • Catalyst 6500 Series Switch Cisco IOS Command Reference publication. The commands in the following sections can be used on all LAN ports in Catalyst 6500 series • switches, including the ports on the supervisor engine and a redundant supervisor engine.

  • Page 170: Etherchannel Feature Overview

    You can form an EtherChannel with up to eight compatibly configured LAN ports on any module in a Catalyst 6500 series switch. All LAN ports in each EtherChannel must be the same speed and must all be configured as either Layer 2 or Layer 3 LAN ports.
  • Page 171 Release 12.1(13)E and later releases support IEEE 802.3ad LACP EtherChannels. LACP supports the automatic creation of EtherChannels by exchanging LACP packets between LAN ports. LACP packets are exchanged only between ports in passive and active modes. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-3 78-14099-04...
  • Page 172 You can configure an additional 8 standby ports (total of 16 ports associated with the EtherChannel). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-4 78-14099-04...

  • Page 173: Understanding Port Channel Interfaces

    Configure all LAN ports in an EtherChannel to operate at the same speed and in the same duplex mode. LACP does not support half-duplex. Half-duplex ports in an LACP EtherChannel are put in the • suspended state. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-5 78-14099-04...

  • Page 174: Configuring Etherchannels

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode • commands by entering the do keyword before the EXEC mode command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-6 78-14099-04...

  • Page 175: Configuring Port Channel Logical Interfaces For Layer 3 Etherchannels

    This example shows how to verify the configuration of port channel interface 1: Router# show running-config interface port-channel 1 Building configuration... Current configuration: interface Port-channel1 ip address 172.32.52.10 255.255.255.0 no ip directed-broadcast Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-7 78-14099-04...

  • Page 176: Configuring Channel Groups

    You cannot put Layer 2 LAN ports into a manually created port channel interface. For Cisco IOS to create port channel interfaces for Layer 2 EtherChannels, the Layer 2 LAN ports •...
  • Page 177 Local information: Hello Partner PAgP Learning Group Port Flags State Timers Interval Count Priority Method Ifindex Fa5/2 U1/S1 Age of the port in the current state: 04d:18h:57m:19s Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-9 78-14099-04...

  • Page 178: Configuring The Lacp System Priority And System Id

    This example shows how to verify the configuration: Router# show lacp sys-id 23456,0050.3e8d.6400 Router# The system priority is displayed first, followed by the MAC address of the switch. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-10 78-14099-04...

  • Page 179: Configuring Etherchannel Load Balancing

    Router# configure terminal Router(config)# port-channel load-balance src-dst-ip Router(config)# end Router(config)# This example shows how to verify the configuration: Router# show etherchannel load-balance Source XOR Destination IP address Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-11 78-14099-04...
  • Page 180 Chapter 13 Configuring EtherChannels Configuring EtherChannels Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 13-12 78-14099-04...

  • Page 181: Understanding How 802.1Q Tunneling Works

    Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling With Release 12.1(13)E and later, the Catalyst 6500 series switches support IEEE 802.1Q tunneling and Layer 2 protocol tunneling. This chapter describes how to configure IEEE 802.1Q tunneling and Layer 2 protocol tunneling on the Catalyst 6500 series switches.
  • Page 182 Trunk Trunk ports ports Tunnel port Tunnel port VLAN 40 VLAN 40 Customer B Customer B Trunk VLANs 1 to 200 VLANs 1 to 200 Asymmetric link Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-2 78-14099-04...
  • Page 183 Tunnel traffic carries a second 802.1Q tag only when it is on a trunk link between service-provider network devices, with the outer tag containing the service-provider-assigned VLAN ID and the inner tag containing the customer-assigned VLAN IDs. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-3 78-14099-04...

  • Page 184: 802.1Q Tunneling Configuration Guidelines And Restrictions

    Tunnel ports learn customer MAC addresses. • On an asymmetrical link, the Cisco Discovery Protocol (CDP) reports a native VLAN mismatch if • the VLAN of the tunnel port does not match the native VLAN of the 802.1Q trunk. The 802.1Q tunnel feature does not require that the VLANs match.

  • Page 185: Configuring 802.1Q Tunneling

    Ensure that only the appropriate tunnel ports are in any VLAN used for tunneling and that one VLAN is Caution used for each tunnel. Incorrect assignment of tunnel ports to VLANs can forward traffic inappropriately. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-5 78-14099-04...

  • Page 186: Preconfiguration Tasks

    Step 3 Configures the Layer 2 port as a tunnel port. Router(config-if)# switchport mode dot1qtunnel Clears the tunnel port configuration. Router(config-if)# no switchport mode dot1qtunnel Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-6 78-14099-04...

  • Page 187: Configuring The Switch To Tag Native Vlan Traffic

    PDUs creates different spanning tree domains (different spanning tree roots) for the customer switches. For example, STP for a VLAN on switch 1 (see Figure 14-3) builds a spanning tree Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-7 78-14099-04...

  • Page 188: Configuring Support For Layer 2 Protocol Tunneling

    An ingress edge switch rewrites the destination MAC address of the PDUs received on a Layer 2 tunnel port with the Cisco proprietary multicast address (01-00-0c-cd-cd-d0). The PDU is then flooded to the native VLAN of the Layer 2 tunnel port. If you enable Layer 2 protocol tunneling on a port, PDUs of an enabled protocol are not sent out.
  • Page 189 A new keyword, l2ptguard, has been added to the following commands: Note • errdisable detect cause • errdisable recovery cause Refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication for more information. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-9...
  • Page 190 Router# show l2protocol-tunnel summary Port Protocol Threshold (cos/cdp/stp/vtp) ---------------------------------------- Router# This example shows how to clear Layer 2 protocol tunneling port counters: Router# clear l2protocol-tunnel counters Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 14-10 78-14099-04...

  • Page 191: Configuring Stp And Ieee 802.1S Mst

    For information on configuring the PortFast, UplinkFast, and BackboneFast STP enhancements, see Note • Chapter 16, “Configuring Optional STP Features.” Release 12.1(13)E and later releases support IEEE 802.1s MST and IEEE 802.1w, rapid • reconfiguration of spanning tree. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-1 78-14099-04...

  • Page 192: Understanding How Stp Works

    LAN segment or a switched LAN of multiple segments. Catalyst 6500 series switches use STP (the IEEE 802.1D bridge protocol) on all VLANs. By default, a single instance of STP runs on each configured VLAN (provided you do not manually disable STP). You can enable and disable STP on a per-VLAN basis.

  • Page 193: Understanding The Bridge Id

    1024 STP MAC Address Allocation Catalyst 6500 series switch chassis have either 64 or 1024 MAC addresses available to support software features such as STP. To view the MAC address range on your chassis, enter the show catalyst6000 chassis-mac-address command.

  • Page 194: Understanding Bridge Protocol Data Units

    When you change the bridge priority value, you change the probability that the switch will be elected as the root bridge. Configuring a higher value increases the probability; a lower value decreases the probability. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-4 78-14099-04...

  • Page 195: Stp Protocol Timers

    The goal is to make the fastest link the root port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-5...

  • Page 196: Stp Port States

    LAN before starting to forward frames. They must allow the frame lifetime to expire for frames that have been forwarded using the old topology. Each Layer 2 LAN port on a Catalyst 6500 series switch using STP exists in one of the following five states: •...
  • Page 197 Forwarding state When you enable STP, every port in the Catalyst 6500 series switch, VLAN, and network goes through the blocking state and the transitory states of listening and learning at power up. If properly configured, each Layer 2 LAN port stabilizes to the forwarding or blocking state.

  • Page 198: Blocking State

    Receives BPDUs and directs them to the system module. • Does not transmit BPDUs received from the system module. • • Receives and responds to network management messages. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-8 78-14099-04...

  • Page 199: Listening State

    Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-9 78-14099-04...

  • Page 200: Learning State

    Receives BPDUs and directs them to the system module. • Receives, processes, and transmits BPDUs received from the system module. • Receives and responds to network management messages. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-10 78-14099-04...

  • Page 201: Forwarding State

    • Receives BPDUs and directs them to the system module. • Processes BPDUs received from the system module. • Receives and responds to network management messages. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-11 78-14099-04...

  • Page 202: Disabled State

    • STP and IEEE 802.1Q Trunks 802.1Q trunks impose some limitations on the STP strategy for a network. In a network of Cisco network devices connected through 802.1Q trunks, the network devices maintain one instance of STP for each VLAN allowed on the trunks. However, non-Cisco 802.1Q network devices maintain only one instance of STP for all VLANs allowed on the trunks.

  • Page 203: Understanding How Ieee 802.1W Rstp Works

    In Cisco IOS release 12.1(11)EX and later releases, RSTP is implemented as part of Multiple Spanning Note Tree Protocol (MSTP). In Cisco IOS release 12.1(13)E and later releases, RSTP is also available as a standalone protocol in Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) mode. In this mode, the switch runs an RSTP instance on each VLAN, which follows the usual PVST+ approach.

  • Page 204: Rstp Port States

    In Cisco IOS release 12.1(11)EX and later releases, RSTP is implemented as part of Multiple Spanning Tree Protocol (MSTP). In Cisco IOS release 12.1(13)E and later releases, RSTP is also available as a standalone protocol in Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) mode. In this mode, the switch runs an RSTP instance on each VLAN, which follows the usual PVST+ approach.

  • Page 205: Ieee 802.1S Mst Overview

    (RST) algorithm to multiple spanning trees. This extension provides both rapid convergence and load balancing in a VLAN environment. MST converges faster than PVST+. MST is backward compatible with 802.1D STP, 802.1w (rapid spanning tree protocol [RSTP]), and the Cisco PVST+ architecture.

  • Page 206: Mst-To-Pvst Interoperability

    Figure 15-8 Network with Interconnected SST and MST Regions Region Region Region F/f = Forwarding B/b = Blocking R = Root Bridge Region = Root port Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-16 78-14099-04...
  • Page 207 VLANs on its designated ports, root guard sets the port to the blocking state. Do not designate switches with a slower CPU running PVST+ as a switch running MST. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-17...

  • Page 208: Common Spanning Tree

    CST (802.1Q) is a single spanning tree for all the VLANs. In a Catalyst 6000 family switch running PVST+, the VLAN 1 spanning tree corresponds to CST. In a Catalyst 6500 series switch running MST, IST (instance 0) corresponds to CST.

  • Page 209: Mst Regions

    If the CST root is outside the MST region, then one of the MST bridges at the boundary is selected as the IST master. Other bridges on the boundary that belong to the same region eventually block the boundary ports that lead to the root. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-19 78-14099-04...

  • Page 210: Message Age And Hop Count

    The message age and maximum age timer settings in the RST portion of the BPDU remain the same throughout the region, and the same values are propagated by the region’s designated ports at the boundary. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-20 78-14099-04...

  • Page 211: Default Stp Configuration

    Do not use PVST bridges as the root of CST. • Ensure that all PVST spanning tree root bridges have lower (numerically higher) priority than the • CST root bridge. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-21 78-14099-04...

  • Page 212: Configuring Stp

    Do not disable spanning tree in a VLAN without ensuring that there are no physical loops present in the VLAN. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-22...

  • Page 213: Enabling Stp

    STP is enabled by default on VLAN 1 and on all newly created VLANs. Note You can enable STP on a per-VLAN basis. The Catalyst 6500 series switch maintains a separate instance of STP for each VLAN (except on VLANs on which you disable STP).

  • Page 214: Enabling The Extended System Id

    Note When you enable or disable the extended system ID, the bridge IDs of all active STP instances are updated, which might change the spanning tree topology. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-24 78-14099-04...

  • Page 215: Configuring The Root Bridge

    Extended system ID is enabled. Configuring the Root Bridge Catalyst 6500 series switches maintain a separate instance of STP for each active VLAN. A bridge ID, consisting of the bridge priority and the bridge MAC address, is associated with each instance. For each VLAN, the network device with the lowest bridge ID becomes the root bridge for that VLAN.

  • Page 216: Configuring A Secondary Root Bridge

    Step 2 Exits configuration mode. Router(config)# end This example shows how to configure the Catalyst 6500 series switch as the root bridge for VLAN 10, with a network diameter of 4: Router# configure terminal Router(config)# spanning-tree vlan 10 root primary diameter 4...

  • Page 217: Configuring Stp Port Priority

    The possible priority range is 0 through 240 (default 128), configurable in increments of 16. Cisco IOS uses the port priority value when the LAN port is configured as an access port and uses VLAN port priority values when the LAN port is configured as a trunk port.
  • Page 218 ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 200000 160.196 VLAN0006 Back BLK 200000 160.196 VLAN0199 Back BLK 200000 160.196 VLAN0200 Desg FWD 200000 64.196 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-28 78-14099-04...

  • Page 219: Configuring Stp Port Cost

    This example shows how to verify the configuration: Router# show spanning-tree interface fastEthernet 4/4 Vlan Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- VLAN0001 Back BLK 1000 160.196 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-29 78-14099-04...

  • Page 220: Configuring The Bridge Priority Of A Vlan

    Be careful when using this command. For most situations, we recommend that you enter the Note spanning-tree vlan vlan_ID root primary and the spanning-tree vlan vlan_ID root secondary commands to modify the bridge priority. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-30 78-14099-04...
  • Page 221 This example shows how to verify the configuration: Router# show spanning-tree vlan 200 bridge Hello Max Vlan Bridge ID Time Age Delay Protocol ---------------- -------------------- ---- ---- ----- -------- VLAN200 33792 0050.3e8d.64c8 ieee Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-31 78-14099-04...

  • Page 222: Configuring The Hello Time

    Reverts to the default forward time. Router(config)# no spanning-tree vlan vlan_ID forward-time Step 2 Exits configuration mode. Router(config)# end Step 3 Verifies the configuration. Router# show spanning-tree vlan vlan_ID bridge [detail] Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-32 78-14099-04...

  • Page 223: Configuring The Maximum Aging Time For A Vlan

    To enable Rapid-PVST mode on the switch, enter the spanning-tree mode rapid-pvst command in privileged mode. To configure the switch in Rapid-PVST mode, see the “Configuring STP” section on page 15-22. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-33 78-14099-04...

  • Page 224: Configuring Ieee 802.1S Mst

    Configures MST mode. Step 3 Configures the MST region by entering the MST Router(config)# spanning-tree mst configuration configuration submode. Clears the MST configuration. Router(config)# no spanning-tree mst configuration Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-34 78-14099-04...

  • Page 225: Configuration Mode

    Vlans mapped -------- --------------------------------------------------------------------- 1001-4094 1-1000 ------------------------------------------------------------------------------- Router(config-mst)# no instance 2 Router(config-mst)# show pending Pending MST configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 1-4094 ------------------------------------------------------------------------------- Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-35 78-14099-04...

  • Page 226: Displaying Mst Configurations

    Router(config-mst)# instance 1 vlan 1-10 Router(config-mst)# name cisco Router(config-mst)# revision 1 Router(config-mst)# ^Z Router# show spanning-tree mst configuration Name [cisco] Revision Instance Vlans mapped -------- --------------------------------------------------------------------- 11-4094 1-10 ------------------------------------------------------------------------------- Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-36 78-14099-04...
  • Page 227 :disable (default) Bpdus (MRecords) sent 2, received 364 Instance Role Sts Cost Prio.Nbr Vlans mapped -------- ---- --- --------- -------- ------------------------------- Back BLK 1000 160.196 1-10 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-37 78-14099-04...
  • Page 228 Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- MST00 MST01 ---------------------- -------- --------- -------- ---------- ---------- 2 msts Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-38 78-14099-04...

  • Page 229: Configuring Mst Instance Parameters

    Role Sts Cost Prio.Nbr Status ---------------- ---- --- --------- -------- -------------------------------- Fa4/4 Back BLK 1000 160.196 Fa4/5 Desg FWD 200000 128.197 Fa4/48 Boun FWD 200000 128.240 P2p Bound(STP) Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-39 78-14099-04...

  • Page 230: Configuring Mst Instance Port Parameters

    A switch also might continue to assign a boundary role to a port when the switch to which it is connected has joined the region. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-40...
  • Page 231 EXEC command to restart the protocol migration process on a specific interface. This example shows how to restart protocol migration: Router# clear spanning-tree detected-protocols interface fastEthernet 4/4 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-41 78-14099-04...
  • Page 232 Chapter 15 Configuring STP and IEEE 802.1s MST Configuring IEEE 802.1s MST Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 15-42 78-14099-04...

  • Page 233: Configuring Optional Stp Features

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC • mode-level commands by entering the do keyword before the EXEC mode-level command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-1 78-14099-04...

  • Page 234: Understanding How Portfast Works

    Explicate configuring PortFast BPDU filtering on a port that is not connected to a host can result in Caution bridging loops as the port will ignore any BPDU it receives and go to forwarding. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-2 78-14099-04...

  • Page 235: Understanding How Uplinkfast Works

    Switch B is in the blocking state. Figure 16-1 UplinkFast Example Before Direct Link Failure Switch A Switch B (Root) Blocked port Switch C Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-3 78-14099-04...

  • Page 236: Understanding How Backbonefast Works

    Switch B over link L1 and to Switch C over link L2. The Layer 2 LAN interface on Switch C that connects directly to Switch B is in the blocking state. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-4...
  • Page 237 However, the other network devices ignore these inferior BPDUs and the new network device learns that Switch B is the designated bridge to Switch A, the root bridge. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-5...

  • Page 238: Understanding How Etherchannel Guard Works

    Added switch Understanding How EtherChannel Guard Works EtherChannel guard detects a misconfigured EtherChannel where interfaces on the Catalyst 6500 series switch are configured as an EtherChannel while interfaces on the other device are not or not all the interfaces on the other device are in the same EtherChannel.
  • Page 239 If a set of ports that are already blocked by loop guard are grouped together to form a channel, – spanning tree loses all the state information for those ports and the new channel port may obtain the forwarding state with a designated role. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-7 78-14099-04...

  • Page 240: Enabling Portfast

    This example shows how to verify the configuration: Router# show running-config interface fastethernet 5/8 Building configuration... Current configuration: interface FastEthernet5/8 no ip address switchport switchport access vlan 200 switchport mode access spanning-tree portfast Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-8 78-14099-04...
  • Page 241 %Warning:portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION Router(config-if)# ^Z Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-9 78-14099-04...

  • Page 242: Enabling Portfast Bpdu Filtering

    UplinkFast is disabled BackboneFast is disabled Pathcost method used is long Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- 2 vlans Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-10 78-14099-04...

  • Page 243: Enabling Bpdu Guard

    Step 3 Verifies the configuration. Router# show spanning-tree summary totals This example shows how to enable BPDU Guard: Router# configure terminal Router(config)# spanning-tree portfast bpduguard Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-11 78-14099-04...

  • Page 244: Enabling Uplinkfast

    UplinkFast increases the bridge priority to 49152 and adds 3000 to the STP port cost of all Layer 2 LAN interfaces on the Catalyst 6500 series switch, decreasing the probability that the switch will become the root bridge. The max_update_rate value represents the number of multicast packets transmitted per second (the default is 150 packets per second).

  • Page 245: Enabling Backbonefast

    Number of RLQ request PDUs received (all VLANs) Number of RLQ response PDUs received (all VLANs) Number of RLQ request PDUs sent (all VLANs) Number of RLQ response PDUs sent (all VLANs) Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-13 78-14099-04...

  • Page 246: Enabling Etherchannel Guard

    Router# show running interface {type slot/port} | {port-channel port_channel_number} type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Enter the show spanning-tree inconsistentports command to display ports that are in the root-inconsistent state. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-14 78-14099-04...

  • Page 247: Enabling Loop Guard

    This example shows how to enable loop guard: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastEthernet 4/4 Router(config-if)# spanning-tree guard loop Router(config-if)# ^Z Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-15 78-14099-04...
  • Page 248 The port is in the portfast mode by portfast trunk configuration Link type is point-to-point by default Bpdu filter is enabled Loop guard is enabled on the port BPDU:sent 0, received 0 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 16-16 78-14099-04...
  • Page 249 Distributed Forwarding Cards (DFCs), and Multilayer Switch Feature Card 2 (MSFC2). For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the publications at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/index.htm This chapter consists of these sections: •...

  • Page 250: Configuring Ip Unicast Layer 3 Switching On Supervisor Engine 2

    When a packet is Layer 3 switched from a source in one subnet to a destination in another subnet, the Catalyst 6500 series switch performs a packet rewrite at the egress port based on information learned from the MSFC2 so that the packets appear to have been routed by the MSFC2.
  • Page 251 MAC = Dd MSFC Host B MAC = Aa 171.59.3.1 Subnet 1/Sales Host A MAC = Cc 171.59.1.2 Data 171.59.1.2:171.59.2.2 Aa:Dd Host C 171.59.2.2 Data 171.59.1.2:171.59.2.2 Dd:Cc Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 17-3 78-14099-04...

  • Page 252: Default Hardware Layer 3 Switching Configuration

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 17-4 78-14099-04...

  • Page 253: Configuring Hardware Layer 3 Switching

    The Layer 3 switching packet count is updated approximately every five seconds. Note Cisco IOS CEF and dCEF are permanently enabled on the MSFC2. No configuration is required to support hardware Layer 3 switching. The Cisco IOS CEF ip load-sharing per-packet, ip cef accounting per-prefix, and ip cef accounting non-recursive commands on the MSFC2 apply only to traffic that is CEF-switched in software on the MSFC2.

  • Page 254: Displaying Hardware Layer 3 Switching Statistics

    Router# show adjacency gigabitethernet 9/5 detail Protocol Interface Address GigabitEthernet9/5 172.20.53.206(11) 504 packets, 6110 bytes 00605C865B82 000164F83FA50800 03:49:31 Adjacency statistics are updated approximately every 60 seconds. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 17-6 78-14099-04...

  • Page 255: Configuring Ip Multicast Layer 3 Switching

    C H A P T E R Configuring IP Multicast Layer 3 Switching This chapter describes how to configure IP multicast Layer 3 switching on the Catalyst 6500 series switches. For more information on the syntax and usage for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.

  • Page 256: Ip Multicast Layer 3 Switching Overview

    Policy Feature Card 2 (PFC2) provides Layer 3 switching for IP multicast flows using the hardware replication table and hardware Cisco Express Forwarding (CEF), which uses the forwarding information base (FIB) and the adjacency table on the PFC2. In systems with Distributed Forwarding Cards (DFCs), IP multicast flows are Layer 3 switched locally using Multicast Distributed Hardware Switching (MDHS).

  • Page 257: Ip Multicast Layer 3 Switching Flow Mask

    Source Checksum Group G1 MAC Source A MAC Group G1 IP Source A IP calculation1 1. In this example, Destination B is a member of Group G1. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-3 78-14099-04...

  • Page 258: Partially And Completely Switched Flows

    The maximum transmission unit (MTU) of the RPF interface is greater than the MTU of any outgoing • interface. • If Network Address Translation (NAT) is configured on an interface, and source address translation is required for the outgoing interface. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-4 78-14099-04...

  • Page 259: Non-Rpf Traffic Processing

    (non-PIM DR) must drop this traffic because it has arrived on the wrong interface and fails the RPF check. Traffic that fails the RPF check is called non-RPF traffic. The Catalyst 6500 series switch processes non-RPF traffic in hardware on the PFC by filtering (dropping) or rate limiting the non-RPF traffic.
  • Page 260 PFC2 and the DFCs support both rate-limiting modes. CEF-based rate limiting of RPF failures is the Note default on systems with PFC2 and for DFCs. NetFlow-based rate limiting of RPF failures is the only rate limiting mode supported with PFC1. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-6 78-14099-04...

  • Page 261: Default Ip Multicast Layer 3 Switching Configuration

    Bridging of the flow on an interface with IGMP snooping disabled causes flooding to all forwarding interfaces of the VLAN. For details on configuring IGMP snooping, see Chapter 21, “Configuring IGMP Snooping.” Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-7 78-14099-04...

  • Page 262: Ip Multicast Layer 3 Switching Configuration Guidelines And Restrictions

    For PIM auto-RP multicast groups (IP multicast group addresses 224.0.1.39 and 224.0.1.40). • For flows that are forwarded on the multicast-shared tree (that is, {*,G,*} forwarding) when the • interface or group is running PIM sparse mode. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-8 78-14099-04...

  • Page 263: Pfc1 And Pfc2 General Restrictions

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level Note commands by entering the do keyword before the EXEC mode-level command. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-9 78-14099-04...

  • Page 264: Source Specific Multicast With Igmpv3, Igmp V3Lite, And Urd

    Layer 3 interfaces. For complete information and procedures, refer to these publications: • Cisco IOS IP and IP Routing Configuration Guide, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/index.htm • Cisco IOS IP and IP Routing Command Reference, Release 12.1, at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_r/index.htm...

  • Page 265: Enabling Ip Multicast Layer 3 Switching On Layer 3 Interfaces

    To configure the Layer 3 switching threshold, perform this task: Command Purpose Configures the IP MMLS threshold. Router(config)# mls ip multicast threshold ppsec Router(config)# no mls ip multicast threshold Reverts to the default IP MMLS threshold. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-11 78-14099-04...

  • Page 266: Enabling Installation Of Directly Connected Subnets

    Router(config)# no mls ip multicast non-rpf netflow globally. Step 2 Selects the Layer 3 interface to be configured. Router(config)# interface {{vlan vlan_ID} | {type slot/port} | {port-channel channel_ID}} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-12 78-14099-04...

  • Page 267: Enabling Cef-Based Rate Limiting Of Rpf Failures

    4 mintues. To enable shortcut-consistency checking, perform this task: Command Purpose Enables shortcut-consistency checking. Router(config)# mls ip multicast consistency-check Restores the default. Router(config)# no mls ip multicast consistency-check Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-13 78-14099-04...

  • Page 268: Configuring Acl-Based Filtering Of Rpf Failures

    The show ip pim interface count command displays the IP multicast Layer 3 switching enable state on IP PIM interfaces and the number of packets received and sent on the interface. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-14...
  • Page 269 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are never sent ICMP mask replies are never sent Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-15 78-14099-04...

  • Page 270: Displaying The Ip Multicast Routing Table

    (*, 230.13.13.2), 00:16:41/00:00:00, RP 10.15.1.20, flags:SJC Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD Outgoing interface list: GigabitEthernet4/9, Forward/Sparse-Dense, 00:16:41/00:00:00, H (10.20.1.15, 230.13.13.1), 00:14:31/00:01:40, flags:CJT Incoming interface:GigabitEthernet4/8, RPF nbr 10.15.1.20, RPF-MFD Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-16 78-14099-04...

  • Page 271: Displaying Ip Multicast Layer 3 Switching Statistics

    Router# show mls ip multicast interface vlan 10 Multicast hardware switched flows: (10.1.0.15, 224.2.2.15) Incoming interface: Vlan10, Packets switched: 0 Hardware switched outgoing interfaces: MFD installed: Vlan10 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-17 78-14099-04...

  • Page 272: Using Debug Commands

    Displays IP multicast Layer 3 switching events. [no] debug mls ip multicast events Turns on debug messages for multicast MLS-related errors. [no] debug mls ip multicast errors Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-18 78-14099-04...

  • Page 273: Clearing Ip Multicast Layer 3 Switching Statistics

    VLAN, the multicast group address, or the multicast traffic source. For an example of the show mls ip multicast statistics command, see the “Displaying IP Multicast Layer 3 Switching Statistics” section on page 18-17. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-19 78-14099-04...
  • Page 274 Chapter 18 Configuring IP Multicast Layer 3 Switching Configuring IP Multicast Layer 3 Switching Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 18-20 78-14099-04...

  • Page 275: Configuring Ip Unicast Layer 3 Switching On Supervisor Engine

    To configure the MSFC to support MLS on a Catalyst 5000 series switch, refer to the Layer 3 Switching Note Software Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/index.htm. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-1 78-14099-04...

  • Page 276: Understanding How Ip Mls Works

    IP MLS Operation, page 19-5 • IP MLS Overview IP MLS provides high-performance hardware-based Layer 3 switching for Catalyst 6500 series switches. IP MLS switches unicast IP data packet flows between IP subnets using advanced application-specific integrated circuit (ASIC) switching hardware, which offloads the processor-intensive packet routing from network routers.

  • Page 277: Layer 3 Mls Cache

    Interaction Between Software Features and Flow Mask Behavior This section describes the flow mask used when different software features are configured in a system with a Supervisor Engine 1. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-3 78-14099-04...

  • Page 278: Layer 3-Switched Packet Rewrite

    Layer 3 packets so that they appear to have been routed by a router. The PFC forwards the rewritten packet to Host B’s VLAN (the destination VLAN is stored in the MLS cache entry) and Host B receives the packet. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-4 78-14099-04...

  • Page 279: Ip Mls Operation

    MAC = Dd MSFC Host B MAC = Aa 171.59.3.1 Subnet 1/Sales Host A MAC = Cc 171.59.1.2 Data 171.59.1.2: 2000 Aa:Dd Host C 171.59.2.2 Data 171.59.1.2: 2000 Dd:Cc Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-5 78-14099-04...

  • Page 280: Default Ip Mls Configuration

    With Release 12.1(11b)E and later, when you are in configuration mode you can enter EXEC mode-level Note commands by entering the do keyword before the EXEC mode-level command. Enabling IP MLS Globally IP MLS is enabled globally and cannot be disabled. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-6 78-14099-04...

  • Page 281: Disabling And Enabling Ip Mls On A Layer 3 Interface

    ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-7 78-14099-04...

  • Page 282: Configuring The Mls Aging-Time

    Reverts to the default IP MLS flow mask. Router(config)# no mls flow ip This example shows how to set the minimum IP MLS flow mask: Router(config)# mls flow ip destination Router(config)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-8 78-14099-04...

  • Page 283: Displaying Ip Mls Cache Entries

    | flow [tcp | udp] | interface {{vlan vlan_ID} | {type slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address | multicast | source ip_address] 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-9 78-14099-04...

  • Page 284: Displaying Ip Mls Cache Entries For A Specific Destination Address

    {{vlan vlan_ID} | {type slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address | multicast] 1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-10 78-14099-04...

  • Page 285: Displaying Entries For A Specific Ip Flow

    • remain in the table. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-11 78-14099-04...

  • Page 286: Displaying Ip Mls Contention Table And Statistics

    3, accelerated aging starts, and begins to age out entries at a rate suitable to reduce the current contention rate. The detailed option displays the breakdown of contention between different flows. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-12...
  • Page 287 Vlan 1 Statistics Information: ------------------------------- 65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 2 ======= Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-13 78-14099-04...

  • Page 288: Troubleshooting Ip Mls

    This example shows how to configure all IP debugging: Router# debugging mls ip all mls ip all debugging is on Router# Enter the show tech-support command to display system information. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 19-14 78-14099-04...
  • Page 289 The MSFC can be specified as the MLS route processor (MLS-RP) for Catalyst 5000 family switches using MLS. Refer to the Layer 3 Switching Configuration Guide—Catalyst 5000 Family, 4000 Family, 2926G Series, 2926 Series, and 2948G for MLS configuration procedures. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-1 78-14099-04...

  • Page 290: Configuring Ipx Unicast Layer 3 Switching On Supervisor Engine 1

    IPX MLS Operation, page 20-4 • IPX MLS Overview IPX MLS provides high-performance hardware-based Layer 3 switching for Catalyst 6500 series switches. IPX MLS switches unicast IPX data packet flows between networks using advanced application-specific integrated circuit (ASIC) switching hardware, offloading processor-intensive packet routing from network routers.

  • Page 291: Flow Masks

    Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks the MLS cache and finds the entry matching the flow in question. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-3...

  • Page 292: Ipx Mls Operation

    Host B to Host A. The destination VLAN is stored as part of each IPX MLS entry so that the correct VLAN identifier is used when encapsulating traffic on trunk links. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-4...

  • Page 293: Default Ipx Mls Configuration

    IPX EIGRP—MLS is supported for EIGRP interfaces if the Transport Control (TC) maximum is set to a value greater than the default (16). The clear ipx route command clears all IPX MLS cache entries. – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-5 78-14099-04...

  • Page 294: Configuring Ipx Mls

    = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to enable IPX MLS for Fast Ethernet interface 5/5: Router(config)# interface fastethernet 5/5 Router(config-if)# mls ipx Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-6 78-14099-04...

  • Page 295: Configuring The Mls Aging Time

    The MLS aging time applies to all MLS cache entries. See the “Configuring the MLS Aging Time” section on page 33-10. IPX MLS does not use fast aging. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-7 78-14099-04...

  • Page 296: Configuring The Minimum Ipx Mls Flow Mask

    Displaying IPX MLS Cache Entries, page 20-9 • Displaying the IPX MLS Contention Table, page 20-11 • • Displaying IPX MLS VLAN Statistics, page 20-12 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-8 78-14099-04...

  • Page 297: Displaying Ipx Mls Cache Entries

    This example shows how to display all IPX MLS entries on the switch: Router# show mls ipx DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes ----------------------------------------------------------------------- SrcDstPorts SrcDstEncap Age LastSeen ---------------------------------------- Number of Entries Found = 0 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-9 78-14099-04...
  • Page 298 This example shows how to display IPX MLS entries for a specific source IPX address: Router# show mls ipx source 1.2.2.2 DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes ----------------------------------------------------------------------- SrcDstPorts SrcDstEncap Age LastSeen ---------------------------------------- Number of Entries Found = 0 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-10 78-14099-04...

  • Page 299: Displaying The Ipx Mls Contention Table

    1 through 3, accelerated aging starts, which begins to age out entries at a rate suitable to reduce the current contention rate. The detailed option displays the breakdown of contention between different flows. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-11 78-14099-04...

  • Page 300: Displaying Ipx Mls Vlan Statistics

    Vlan 1 Statistics Information: ------------------------------- 65280 Layer 2 Packets Bridged, 0 Bytes 65280 Layer 3 Packets Input, 0 Bytes 65280 Layer 3 Packets Output, 0 Bytes Slot 2 ======= Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-12 78-14099-04...

  • Page 301: Clearing Ipx Mls Cache Entries

    Router# clear mls ipx interface fastethernet 5/5 Router# To display the MLS entries and confirm they have been cleared, see the “Displaying IPX MLS Information” section on page 20-8. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-13 78-14099-04...

  • Page 302: Troubleshooting Ipx Mls

    Displays packet data in and out of the SCP system. [no] debug scp packets Reports timeouts. [no] debug scp timeouts Turns on all SCP debugging messages. [no] debug scp all Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 20-14 78-14099-04...

  • Page 303: Configuring Igmp Snooping

    To support Cisco Group Management Protocol (CGMP) client devices, configure the Multilayer Note • Switch Feature Card (MSFC) as a CGMP server. Refer to the Cisco IOS IP and IP Routing Configuration Guide, Release 12.1, “IP Multicast,” “Configuring IP Multicast Routing,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt3/1cdmulti.htm...

  • Page 304: Igmp Snooping Overview

    IGMP snooping learning. Multicast group membership lists can consist of both static and IGMP snooping-learned settings. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-2 78-14099-04...
  • Page 305 21-2. Because the forwarding table directs IGMP messages only to the CPU, the message is not flooded to other ports. Any known multicast traffic is forwarded to the group and not to the CPU. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-3 78-14099-04...

  • Page 306: Leaving A Multicast Group

    If the leave message was from the only remaining interface with hosts interested in the group and IGMP snooping does not receive an IGMP Join in Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-4...

  • Page 307: Understanding Igmp Snooping Querier

    You can use Cisco IOS commands to configure the Catalyst 6500 series switches to generate such IGMP queries on a VLAN regardless of whether or not IP multicast routing is enabled. To enable IP multicast routing on the Catalyst 6500 series switches on a specific VLAN, enter the ip pim Note sparse-mode command, the ip pim sparse-dense-mode command, or the ip pim dense-mode command on that interface.

  • Page 308: Understanding Igmp Version 3 Support

    When enabled, the IGMP snooping querier disables itself if it detects IGMP traffic from a multicast • router. You can enable the IGMP snooping querier on all the Catalyst 6500 series switches in the VLAN. • On each VLAN that is connected to switches that use IGMP to report interest in IP multicast traffic, you must set one switch as the IGMP querier.

  • Page 309: Restrictions

    IP-multicast router on a VLAN, you must configure another switch as the IGMP querier so that it can send queries. You can use Cisco IOS commands to configure the Catalyst 6500 series switches to generate such IGMP queries on a VLAN regardless of whether or not IP multicast routing is enabled.

  • Page 310: Configuring Igmp Snooping

    Switching”) or enable the IGMP snooping querier in the subnet (see “Enabling the IGMP Snooping Querier” section on page 21-7). IGMP snooping allows Catalyst 6500 series switches to examine IGMP packets and make forwarding decisions based on their content. These sections describe how to configure IGMP snooping: Enabling IGMP Snooping, page 21-9 •...

  • Page 311: Enabling Igmp Snooping

    IGMP snooping is globally enabled IGMP snooping is enabled on this interface IGMP snooping fast-leave is enabled on this interface IGMP snooping querier is disabled on this interface Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-9 78-14099-04...

  • Page 312: Configuring Igmp Snooping Learning

    All releases support the mac-address-table static command. The ip igmp snooping mrouter interface command, which was available in earlier releases and which provided the same functionality as the mac-address-table static command, is deprecated in Release 12.1(13)E and later releases. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-10 78-14099-04...

  • Page 313: Configuring The Igmp Query Interval

    Configuring fast leave on vlan 200 Router(config-if)# end Router# show ip igmp interface vlan 200 | include fast-leave IGMP snooping fast-leave is enabled on this interface Router(config-if)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-11 78-14099-04...

  • Page 314: Configuring A Host Statically

    When you enable IGMP snooping, the switch automatically learns to which interface multicast routers are connected. To display multicast router interfaces, perform this task: Command Purpose Displays multicast router interfaces. Router# show ip igmp snooping mrouter interface vlan_ID Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-12 78-14099-04...

  • Page 315: Displaying Mac Address Multicast Entries

    Last member query response interval is 1000 ms Inbound IGMP access group is not set IGMP activity: 0 joins, 0 leaves Multicast routing is enabled on interface Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-13 78-14099-04...
  • Page 316 IGMP snooping is globally enabled IGMP snooping is enabled on this interface IGMP snooping fast-leave is enabled on this interface IGMP snooping querier is disabled on this interface Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 21-14 78-14099-04...

  • Page 317: Chapter 22 Configuring Rgmp

    The RGMP hello message tells the Catalyst 6500 series switch not to send multicast data to the router unless an RGMP join message has also been sent to the Catalyst 6500 series switch from that router. When an RGMP join message is sent, the router is able to receive multicast data.

  • Page 318: Default Rgmp Configuration

    When RGMP is enabled on the router, no multicast data traffic is sent to the router by the Catalyst 6500 series switch unless an RGMP join is specifically sent for a group. When RGMP is disabled on the router, all multicast data traffic is sent to the router by the Catalyst 6500 series switch.

  • Page 319: Enabling Rgmp On Layer 3 Interfaces

    Because multiple IP multicast addresses can map to one MAC address (see RFC 1112), RGMP cannot differentiate between the IP multicast groups that might map to a MAC address. The capability of the Catalyst 6500 series switch to constrain traffic is limited by its –...
  • Page 320 Chapter 22 Configuring RGMP Enabling RGMP on Layer 3 Interfaces Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 22-4 78-14099-04...

  • Page 321: Chapter 23 Configuring Network Security

    C H A P T E R Configuring Network Security This chapter contains network security information unique to the Catalyst 6500 series switches, which supplements the network security information and procedures in these publications: Cisco IOS Security Configuration Guide, Release 12.1, at this URL: •...

  • Page 322: Hardware And Software Acl Support

    Extended MAC address access list – Protocol type-code access list – IP packets with a header length of less than five will not be access controlled. Note Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-2 78-14099-04...

  • Page 323: Guidelines And Restrictions For Using Layer 4 Operators In Acls

    For example, in this ACL there are two different Layer 4 operations because one ACE applies to the source port and one applies to the destination port..Src gt 10 ..Dst gt 10 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-3 78-14099-04...

  • Page 324: Determining Logical Operation Unit Usage

    LOU 2 stores “gt 11” and “neq 6” • LOU 3 stores “gt 20” (with space for one more) • LOU 4 stores “range 11 13” (range needs the entire LOU) • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-4 78-14099-04...

  • Page 325: Configuring The Cisco Ios Firewall Feature Set

    Configuring the Cisco IOS Firewall Feature Set Release 12.1(11b)E and later releases include firewall feature set images. Note These sections describe configuring the Cisco IOS firewall feature set on the Catalyst 6500 series switches: Cisco IOS Firewall Feature Set Support Overview, page 23-5 •...

  • Page 326: Firewall Configuration Guidelines And Restrictions

    On other platforms, if you enter the ip inspect command on a port, CBAC modifies ACLs on other ports to permit the inspected traffic to flow through the network device. On Catalyst 6500 series switches, you must enter the mls ip inspect commands to permit traffic through any ACLs that would deny the traffic through other ports.

  • Page 327: Configuring Cbac On Catalyst 6500 Series Switches

    VLAN 100 and needs to leave on VLAN 300, CBAC permits the FTP traffic through ACLs deny_ftp_a, deny_ftp_b, deny_ftp_e, and deny_ftp_f. On a Catalyst 6500 series switch, when ports are configured to deny traffic, CBAC permits traffic to flow bidirectionally only through the port configured with the ip inspect command. You must configure other ports with the mls ip inspect command.

  • Page 328: Configuring Mac Address-Based Traffic Blocking

    VLAN or, with releases 12.1(13)E or later, a WAN interface for VACL capture. Unlike regular Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface. VACLS are processed in hardware.

  • Page 329: Bridged Packets

    VACL applied on bridged packets. Figure 23-1 Applying VACLs on Bridged Packets VACL Bridged VACL Host A Catalyst 6500 Series Switch Host B with PFC (VLAN 10) (VLAN 10) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-9 78-14099-04...

  • Page 330: Routed Packets

    Figure 23-2 Applying VACLs on Routed Packets Routed Output IOS ACL Input IOS ACL MSFC VACL Bridged Bridged VACL Catalyst 6500 series switches with MSFC Host B Host A (VLAN 20) (VLAN 10) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-10 78-14099-04...

  • Page 331: Multicast Packets

    Configuring an Action Clause in a VLAN Access Map Sequence, page 23-14 Applying a VLAN Access Map, page 23-14 • Verifying VLAN Access Map Configuration, page 23-15 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-11 78-14099-04...

  • Page 332: Vacl Configuration Overview

    Configuring a Capture Port, page 23-16 • VACL Configuration Overview VACLs use standard and extended Cisco IOS IP and IPX ACLs, and MAC-Layer named ACLs (see the “Configuring MAC-Layer Named Access Lists (Optional)” section on page 31-39) and VLAN access maps.
  • Page 333 • You can select one or more ACLs. • VACLs attached to WAN interfaces support only standard and extended Cisco IOS IP ACLs. • Use the no keyword to remove a match clause or specified ACLs in the clause. For information about named MAC-Layer ACLs, refer to the “Configuring MAC-Layer Named...

  • Page 334: Applying A Vlan Access Map

    • interfaces do not support the drop, forward, or redirect actions. Forwarded packets are still subject to any configured Cisco IOS security ACLs. • The capture action sets the capture bit for the forwarded packets so that ports with the capture •...

  • Page 335: Verifying Vlan Access Map Configuration

    Router# show ip access-lists net_10 Extended IP access list net_10 permit ip 10.0.0.0 0.255.255.255 any Router# show ip access-lists any_host Standard IP access list any_host permit any Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-15 78-14099-04...

  • Page 336: Configuring A Capture Port

    Configures the port to capture VACL-filtered traffic. Router(config-if)# switchport capture Disables the capture function on the interface. Router(config-if)# no switchport capture type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-16 78-14099-04...

  • Page 337: Configuring Vacl Logging

    Log messages are generated on a per-flow basis. A flow is defined as packets with the same IP addresses and Layer 4 (UDP or TCP) port numbers. When a log message is generated, the timer and packet count is reset. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-17...

  • Page 338: Configuring Tcp Intercept

    With Supervisor Engine 2 and PFC2, TCP intercept flows are processed in hardware. With Supervisor Engine 1 and PFC, TCP intercept flows are processed in software. For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Traffic Filtering and Firewalls,” “Configuring TCP Intercept,” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scddenl.htm...

  • Page 339: Configuring Unicast Reverse Path Forwarding

    With Supervisor Engine 1 and PFC, the MSFC or MSFC 2 supports Unicast RPF in software. Configuring Unicast RPF For configuration procedures, refer to the Cisco IOS Security Configuration Guide, Release 12.1, “Other Security Features,” “Configuring Unicast Reverse Path Forwarding” at this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt5/scdrpf.htm...

  • Page 340: Configuring The Unicast Rpf Checking Mode

    If the access list includes the logging action, information about the spoofed packets is sent to the log server. Note When you enter the ip verify unicast source reachable-via command, the Unicast RPF checking mode changes on all ports in the switch. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-20 78-14099-04...

  • Page 341: Configuring Unicast Flood Protection

    The unicast flood protection feature protects the system from disruptions caused by unicast flooding. The Catalyst 6500 series switches use forwarding tables to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When there is no entry corresponding to the frame’s destination MAC address in the incoming VLAN, the frame is sent to all forwarding ports...

  • Page 342: Configuring Mac Move Notification

    To configure MAC move notification, perform this task: Command Purpose Step 1 Router(config)# [no] mac-address-table Enables MAC move notification globally. notification mac-move Step 2 Displays MAC move notification information. Router# show mac-address-table notification mac-move Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-22 78-14099-04...
  • Page 343 Configuring MAC Move Notification This example shows how to enable the MAC move notification feature: Router(config)# mac-address-table notification mac-move Router# show mac-address-table notification mac-move MAC Move Notification: enabled Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-23 78-14099-04...
  • Page 344 Chapter 23 Configuring Network Security Configuring MAC Move Notification Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 23-24 78-14099-04...

  • Page 345: Chapter 24 Configuring Denial Of Service Protection

    This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches, and it supplements the network security information and procedures in the “Configuring Network Security”...

  • Page 346: Configuring Dos Protection

    ICMP unreachable messages. Security ACLs The Catalyst 6500 series switch can deny packets in hardware using security ACLs and can drop DoS packets before they reach the CPU inband datapath. Because security ACLs are applied in hardware using the TCAM, long security ACLs can be used without impacting the throughput of other traffic.
  • Page 347 Router# show access-list 199 Extended IP access list 199 deny ip host 199.1.1.1 any (103 matches rate limiting at 0.5 pps permit ip any any Router # Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-3 78-14099-04...

  • Page 348: Qos Acls

    Router# show ip eigrp neighbors IP-EIGRP neighbors for process 200 Address Interface Hold Uptime SRTT Seq Type (sec) (ms) Cnt Num 4.4.4.122 Vl44 13 00:00:48 6565 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-4 78-14099-04...

  • Page 349: Forwarding Information Base Rate-Limiting

    ARP throttling limits the rate at which packets destined to a connected network are forwarded to the route processor. Most of these packets are dropped, but a small number are sent to the router (rate limited). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-5 78-14099-04...

  • Page 350: Monitoring Packet Drop Statistics

    SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr -------------------------------------------------------------------- 9.9.9.177 9.9.9.2 Pkts Bytes LastSeen Attributes --------------------------------------------------- 01:56:59 L3 - Dynamic Router# show mls ip mod 4 | include 9.9.9 9.9.9.177 9.9.9.2 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-6 78-14099-04...
  • Page 351 Session 1 --------- Source Ports: RX Only: None TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: Destination Ports: Gi9/1 Filter VLANs: None Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-7 78-14099-04...
  • Page 352 Chapter 24 Configuring Denial of Service Protection Configuring DoS Protection Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 24-8 78-14099-04...

  • Page 353: Chapter 25 Configuring Ieee 802.1X Port-Based Authentication

    Device Roles, page 25-2 • Authentication Initiation and Message Exchange, page 25-3 • Ports in Authorized and Unauthorized States, page 25-4 • Supported Topologies, page 25-4 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-1 78-14099-04...

  • Page 354: Device Roles

    The Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server, version 3.0. RADIUS uses a client-server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.

  • Page 355: Authentication Initiation And Message Exchange

    Authentication Catalyst switch server Client (RADIUS) Cisco Router EAPOL-Start EAP-Request/Identity EAP-Response/Identity RADIUS Access-Request EAP-Request/OTP RADIUS Access-Challenge EAP-Response/OTP RADIUS Access-Request EAP-Success RADIUS Access-Accept Port Authorized EAPOL-Logoff Port Unauthorized Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-3 78-14099-04...

  • Page 356: Ports In Authorized And Unauthorized States

    If the link state of a port transitions from up to down, or if an EAPOL-logoff frame is received, the port returns to the unauthorized state. Supported Topologies The 802.1X port-based authentication is supported in two topologies: Point-to-point • Wireless LAN • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-4 78-14099-04...

  • Page 357: Default 802.1X Port-Based Authentication Configuration

    3600 seconds reauthentication attempts Quiet period 60 seconds (number of seconds that the switch remains in the quiet state following a failed authentication exchange with the client) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-5 78-14099-04...

  • Page 358: 802.1X Port-Based Authentication Guidelines And Restrictions

    Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination port. You can enable 802.1X on a SPAN source port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-6 78-14099-04...

  • Page 359: Configuring 802.1X Port-Based Authentication

    802.1X port-based authentication. Step 5 Enables 802.1X port-based authentication on the Router(config-if)# dot1x port-control auto interface. Disables 802.1X port-based authentication on the Router(config-if)# no dot1x port-control auto interface. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-7 78-14099-04...

  • Page 360: Configuring Switch-To-Radius-Server Communication

    = 30 Seconds TxPeriod = 30 Seconds Configuring Switch-to-RADIUS-Server Communication RADIUS security servers are identified by any of the following: Host name • Host IP address • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-8 78-14099-04...
  • Page 361 If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. For more information, refer to the Cisco IOS Security Configuration Guide, Release 12.1, publication and the Cisco IOS Security Command Reference, Release 12.1, publication at this URL:...

  • Page 362: Enabling Periodic Reauthentication

    This example shows how to enable periodic reauthentication and set the number of seconds between reauthentication attempts to 4000: Router(config-if)# dot1x reauthentication Router(config-if)# dot1x timeout re-authperiod 4000 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-10 78-14099-04...

  • Page 363: Manually Reauthenticating The Client Connected To A Port

    You can provide a faster response time to the user by entering a smaller number than the default. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-11 78-14099-04...

  • Page 364: Changing The Switch-To-Client Retransmission Time

    This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request: Router(config)# dot1x timeout tx-period 60 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-12 78-14099-04...

  • Page 365: Setting The Switch-To-Client Retransmission Time For Eap-Request Frames

    Router(config-if)# no dot1x timeout server-timeout Step 3 Returns to privileged EXEC mode. Router(config-if)# end Step 4 Verifies your entries. Router# show dot1x all type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-13 78-14099-04...

  • Page 366: Setting The Switch-To-Client Frame Retransmission Number

    If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message is received), all attached clients are denied access to the network. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-14 78-14099-04...

  • Page 367: Resetting The 802.1X Configuration To The Default Values

    EXEC command. To display the 802.1X administrative and operational status for a specific interface, use the show dot1x interface interface-id privileged EXEC command. For detailed information about the fields in these displays, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.
  • Page 368 Chapter 25 Configuring IEEE 802.1X Port-Based Authentication Displaying 802.1X Status Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 25-16 78-14099-04...

  • Page 369: Chapter 26 Configuring Port Security

    You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of • connected devices. You can configure a number of addresses and allow the rest to be dynamically configured. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-1 78-14099-04...

  • Page 370: Default Port Security Configuration

    Take care when you enable port security on the ports connected to the adjacent switches when there • are redundant links running between the switches because port security might error-disable the ports due to port security violations. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-2 78-14099-04...

  • Page 371: Configuring Port Security

    MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap • notification. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-3 78-14099-04...

  • Page 372: Configuring Port Security Aging

    Use this feature to remove and add PCs on a secure port without manually deleting the existing secure MAC addresses while still limiting the number of secure addresses on a port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-4...

  • Page 373: Displaying Port Security Settings

    The show interfaces counters privileged EXEC commands display the count of discarded packets. The show storm control and show port-security privileged EXEC commands display those features. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-5 78-14099-04...
  • Page 374 SecureConfigured Fa5/5 0005.0005.0003 SecureConfigured Fa5/5 0011.0011.0001 SecureConfigured Fa5/11 25 (I) 0011.0011.0002 SecureConfigured Fa5/11 25 (I) ------------------------------------------------------------------- Total Addresses in System: 10 Max Addresses limit in System: 128 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 26-6 78-14099-04...

  • Page 375: Configuring Layer 3 Protocol Filtering On Supervisor Engine

    Protocol filtering cannot be configured on Layer 3 interfaces—only nontrunk Layer 2 LAN ports support Layer 3 protocol filtering. Layer 3 protocol filtering does not support the features available with standard and extended Cisco IOS ACLs. Layer 2 protocols, such as Spanning Tree Protocol (STP) and Cisco Discovery Protocol (CDP), are not affected by Layer 3 protocol filtering.

  • Page 376: Configuring Layer 3 Protocol Filtering

    To enable Layer 3 protocol filtering globally, perform this task: Command Purpose Enables Layer 3 protocol filtering globally. Router(config)# protocol-filter Disables Layer 3 protocol filtering globally. Router(config)# no protocol-filter Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 27-2 78-14099-04...

  • Page 377: Configuring Layer 3 Protocol Filtering On A Layer 2 Lan Interface

    Group Mode Other Mode -------------------------------------------------------------------------- Fa5/8 Router# The show protocol filtering command shows only ports that have at least one protocol set to the Note nondefault configuration. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 27-3 78-14099-04...
  • Page 378 Chapter 27 Configuring Layer 3 Protocol Filtering on Supervisor Engine 1 Configuring Layer 3 Protocol Filtering Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 27-4 78-14099-04...

  • Page 379: Chapter 28 Configuring Traffic Storm Control

    C H A P T E R Configuring Traffic Storm Control This chapter describes how to configure the traffic storm control feature on the Catalyst 6500 series switches. Release 12.1(12c)E1 and later releases support traffic storm control. For earlier releases, refer Chapter 29, “Configuring Broadcast Suppression.”...

  • Page 380: Default Traffic Storm Control Configuration

    The storm-control multicast command is modes enabled on the interface. supported only on Gigabit Ethernet interfaces. Disables multicast traffic storm control on the interface. Router(config-if)# no storm-control multicast level Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 28-2 78-14099-04...
  • Page 381 Gigabit Ethernet interface 3/16: Router# configure terminal Router(config)# interface gigabitethernet 3/16 Router(config-if)# storm-control multicast level 70.5 Router(config-if)# end Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 28-3 78-14099-04...

  • Page 382: Displaying Traffic Storm Control Settings

    The show interfaces [{interface_type slot/port} | {port-channel number}] counters command does not Note display the discard count. You must use one of the traffic-type keywords: broadcast, multicast, or unicast, which all display the same discard count. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 28-4 78-14099-04...

  • Page 383: Chapter 29 Configuring Broadcast Suppression

    C H A P T E R Configuring Broadcast Suppression This chapter describes how to configure broadcast suppression on the Catalyst 6500 series switches. Releases earlier than Release 12.1(12c)E1 support broadcast suppression. Use traffic storm control with Release 12.1(12c)E1 and later releases (see Chapter 28, “Configuring Traffic Storm...

  • Page 384: Broadcast Suppression Configuration Guidelines And Restrictions

    A higher threshold allows more broadcast packets to pass through. Broadcast suppression on the Catalyst 6500 series switches is implemented in hardware. The suppression circuitry monitors packets passing from a LAN interface to the switching bus. Using the...

  • Page 385: Enabling Broadcast Suppression

    FastEthernet 3/1 and verify the configuration: Router# configure terminal Router(config)# interface fastethernet 3/1 Router(config-if)# broadcast suppression 0.25 Router(config-if)# end Router# show running-config interface fastethernet 3/1 | include suppression broadcast suppression 0.25 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 29-3 78-14099-04...
  • Page 386 Chapter 29 Configuring Broadcast Suppression Enabling Broadcast Suppression Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 29-4 78-14099-04...

  • Page 387: Configuring Cdp

    Configuring CDP, page 30-1 Understanding How CDP Works CDP is a protocol that runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers, and switches. CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols.

  • Page 388: Enabling Cdp Globally

    Enabling CDP on a Port To enable CDP on a port, perform this task: Command Purpose Step 1 Selects the port to configure. Router(config)# interface {{type slot/port} | {port-channel number}} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 30-2 78-14099-04...

  • Page 389: Displaying The Cdp Interface Configuration

    Displays information about neighbors. The display can be Router# show cdp neighbors [type slot/port] [detail] limited to neighbors on a specific interface and expanded to provide more detailed information. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 30-3 78-14099-04...
  • Page 390 WS-C2948 2/45 JAB023807H1 Fas 5/1 WS-C2948 2/44 JAB023807H1 Gig 1/2 WS-C2948 2/50 JAB023807H1 Gig 1/1 WS-C2948 2/49 JAB03130104 Fas 5/8 WS-C4003 2/47 JAB03130104 Fas 5/9 WS-C4003 2/48 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 30-4 78-14099-04...

  • Page 391: Chapter 31 Configuring Pfc Qos

    Typically, networks operate on a best-effort delivery basis, which means that all traffic has equal priority and an equal chance of being delivered in a timely manner. When congestion occurs, all traffic has an equal chance of being dropped. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-1 78-14099-04...

  • Page 392: Hardware Supported By Pfc Qos

    QoS makes network performance more predictable and bandwidth utilization more effective. On the Catalyst 6500 series switches, queue architecture and QoS queueing features such as Note Weighted-Round Robin (WRR) and Weighted Random Early Detection (WRED) are implemented with a fixed configuration in Application Specific Integrated Circuits (ASICs).

  • Page 393: Qos Terminology

    Layer 2 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most significant bits, which are called the User Priority bits. Other frame types cannot carry Layer 2 CoS values. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-3 78-14099-04...
  • Page 394 Policing is limiting bandwidth used by a flow of traffic. Policing is done on the Policy Feature Card • (PFC) or on the Policy Feature Card 2 (PFC2) and distributed forwarding cards (DFCs). Policing can mark or drop traffic. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-4 78-14099-04...
  • Page 395 6 MSb of ToS 6-bit Precedence DSCP Precedence DSCP 8 7 6 5 4 3 8 7 6 5 4 3 1. MSb = most significant bit Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-5 78-14099-04...

  • Page 396: Pfc Qos Feature Flowcharts

    Traffic that is Layer 3-switched does not go through the MSFC and retains the Layer 2 CoS value • assigned by the PFC. Figure 31-3 through Figure 31-8 show how the PFC QoS features are implemented on the switch components. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-6 78-14099-04...
  • Page 397 Port set to port untrusted? Apply ISL or port 802.1Q? Port set to trust-ipprec? Port set to trust-dscp? Port is set to Drop thresholds trust-cos switching engine Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-7 78-14099-04...
  • Page 398 Ingress OSM Port Received CoS* Layer 3 ToS byte Untrusted (Only From Untrusted Port) No received Layer 2 QoS labels Policer DSCP Marker CoS* *LAN ports only Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-8 78-14099-04...
  • Page 399 Multilayer Switch Feature Card (MSFC) marking Write ToS IP traffic byte into from PFC? packet Route traffic CoS = 0 for all traffic (not configurable) To egress port Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-9 78-14099-04...
  • Page 400 Ethernet egress port scheduling, congestion avoidance, and marking PFC3 only DSCP Write ToS IP traffic Drop thresholds rewrite byte into from PFC? enabled? packet Write CoS ISL or into 802.1Q? frame Transmit frame Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-10 78-14099-04...

  • Page 401: Pfc Qos Feature Summary

    You can disable marking and policing on a per-interface basis with the no mls qos interface • command (see the “Enabling or Disabling PFC Features on an Interface” section on page 31-51. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-11 78-14099-04...

  • Page 402: Ingress Lan Port Features

    Ingress LAN port marking, scheduling, and congestion avoidance use Layer 2 CoS values and does not Note use or set Layer 3 IP precedence or DSCP values. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-12 78-14099-04...
  • Page 403 Marking at Trusted Ingress LAN Ports When an ISL frame enters the Catalyst 6500 series switch through a trusted ingress LAN port, PFC QoS accepts the three least significant bits in the User field as a CoS value. When an 802.1Q frame enters the switch through a trusted ingress LAN port, PFC QoS accepts the User Priority bits as a CoS value.
  • Page 404 Using standard receive-queue tail-drop threshold 2, the switch drops incoming frames with – CoS 2 or 3 when the receive-queue buffer is 60 percent or more full. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-14 78-14099-04...
  • Page 405 WRED-drop thresholds for traffic carrying CoS values mapped to the queue and a threshold. See the “Configuring Standard-Queue Drop Threshold Percentages” section on page 31-54. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-15 78-14099-04...

  • Page 406: Pfc Marking And Policing

    To mark untrusted traffic without policing in earlier releases, create a policer that only marks and • does not police. These sections describe PFC marking and policing: Internal DSCP Values, page 31-17 • Policy Maps, page 31-18 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-16 78-14099-04...
  • Page 407 IP packets. For trust-dscp and untrusted IP traffic, the ToS byte includes the original 2 least-significant bits from the received ToS byte. Note The internal DSCP value can mimic an IP precedence value (see Table 31-1 on page 31-5). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-17 78-14099-04...
  • Page 408 Policy-map classes specify filtering with the following: • Cisco IOS access control lists (optional for IP, required for IPX and MAC-Layer filtering) • Class-map match commands for Layer 3 IP precedence and DSCP values Policy-map classes specify actions with the following: (Optional) Policy-map class trust commands.
  • Page 409 You create named aggregate policers with the mls qos aggregate-policer command. If you – attach a named aggregate policer to multiple ingress ports, it polices the matched traffic from all the ingress ports to which it is attached. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-19 78-14099-04...
  • Page 410 PFC QoS applies a marked-down DSCP value. To avoid inconsistent results, ensure that all traffic policed by the same aggregate policer has the same Note trust state. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-20 78-14099-04...

  • Page 411: Lan Egress Port Features

    2q2t indicates two standard queues, each with two configurable tail-drop thresholds • 1p2q2t indicates one strict-priority queue and two standard queues, each with two configurable • WRED-drop thresholds. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-21 78-14099-04...
  • Page 412 The explanations in these sections use default values. You can configure many of the parameters (for more information, see the “Configuring PFC QoS” section on page 31-33). All ports of the same type use the same drop-threshold configuration. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-22 78-14099-04...
  • Page 413 You can configure each standard transmit queue to use both a non-configurable 100 percent Note tail-drop threshold and a configurable WRED-drop threshold (see the “Configuring Standard-Queue Drop Threshold Percentages” section on page 31-54). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-23 78-14099-04...

  • Page 414: Pfc Qos Statistics Data Export

    Catalyst 6500 series switch. The PFC QoS statistics data export feature is completely separate from NetFlow Data Export and does Note not interact with it. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-24 78-14099-04...

  • Page 415: Pfc Qos Default Configuration

    DSCP 48–55 = CoS 6 DSCP 56–63 = CoS 7 Marked-down DSCP from DSCP map Marked-down DSCP value equals original DSCP value (no markdown) Policers None Policy maps None Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-25 78-14099-04...
  • Page 416 – CoS 0, 1, 2, 3, and 4 Tail-drop threshold: 80% – Threshold 2: • CoS 5, 6, and 7 – Tail-drop threshold: 100% (not configurable) – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-26 78-14099-04...
  • Page 417 CoS 0, 1, 2, 3, 4, 6, and 7 • percentages Tail-drop: 100% (nonconfigurable) • Strict-priority receive queue: • CoS 5 • Tail-drop: 100% (nonconfigurable) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-27 78-14099-04...
  • Page 418 – Threshold 6: • CoS 7 – Tail-drop: 100% – WRED-drop (enabled): 70% low, 100% high – Strict-priority receive queue: CoS 5 • Tail-drop: 100% (nonconfigurable) • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-28 78-14099-04...
  • Page 419 CoS 6 and 7 – WRED-drop: 70% low, 100% high – Strict-priority receive queue: CoS 5 • Tail-drop: 100% (nonconfigurable) • 1p7q8t transmit-queue CoS value and • drop-threshold mapping Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-29 78-14099-04...
  • Page 420 Ingress LAN port trust state trust-dscp Receive-queue drop-threshold percentages All thresholds set to 100% Transmit-queue drop-threshold All thresholds set to 100% percentages Transmit-queue bandwidth allocation ratio 255:1 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-30 78-14099-04...

  • Page 421: Pfc Qos Configuration Guidelines And Restrictions

    (512 Mbps) 8388608 (8 Mb) 536870913 to 1073741824 (1 Gps) 16777216 (16 Mb) 1073741825 to 2147483648 (2 Gps) 33554432 (32 Mb) 2147483649 to 4294967296 (4 Gps) 67108864 (64 Mb) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-31 78-14099-04...

  • Page 422: Restrictions

    – match mpls, match qos-group, or match source-address class map commands class maps that contain multiple match commands – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-32 78-14099-04...

  • Page 423: Configuring Pfc Qos

    – bandwidth, priority, queue-limit, or random-detect policy map class commands Configuring PFC QoS These sections describe how to configure PFC QoS on the Catalyst 6500 series switches: Enabling PFC QoS Globally, page 31-33 • Enabling Queueing-Only Mode, page 31-34 •...

  • Page 424: Enabling Queueing-Only Mode

    CoS. This example shows how to enable queueing-only mode: Router# configure terminal Router(config)# mls qos queueing-only Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-34 78-14099-04...

  • Page 425: Creating Named Aggregate Policers

    For TCP traffic, configure the token bucket size as a multiple of the TCP window size, with a minimum value at least twice as large as the maximum Layer 3 packet size of the traffic being policed. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-35 78-14099-04...
  • Page 426 To mark traffic without policing, enter the transmit keyword to transmit all matched – out-of-profile traffic. The default violate action is equal to the exceed action. – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-36 78-14099-04...

  • Page 427: Configuring A Pfc Qos Policy

    PFC QoS Policy Configuration Overview To mark traffic without limiting bandwidth utilization, create a policer that uses the transmit keywords Note for both conforming and nonconforming traffic. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-37 78-14099-04...
  • Page 428 “Configuring MAC-Layer Named Access Lists (Optional)” section on page 31-39. In Release 12.1(19)E and later releases, PFC QoS supports time-based Cisco IOS ACLs. – In Release 12.1(1)E and later releases, PFC QoS supports IPX access lists that contain a –...
  • Page 429 0x6000—etype-6000—DEC unassigned, experimental • 0x6001—mop-dump—DEC Maintenance Operation Protocol (MOP) Dump/Load Assistance • 0x6002—mop-console—DEC MOP Remote Console • • 0x6003—decnet-iv—DEC DECnet Phase IV Route • 0x6004—lat—DEC Local Area Transport (LAT) Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-39 78-14099-04...
  • Page 430 31-39), access lists are not documented in this publication. See the reference under access-list in the “Configuring a PFC QoS Policy” section on page 31-37. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-40 78-14099-04...
  • Page 431 • destination-address, match input-interface, match mpls, match qos-group, and match source-address class map commands. Catalyst 6500 series switches do not detect the use of unsupported commands until you attach a • policy map to an interface (see the “Attaching a Policy Map to an Interface” section on page 31-49).

  • Page 432: Configuring A Policy Map

    Creating a Policy Map To create a policy map, perform this task: Command Purpose Creates a policy map. Router(config)# policy-map policy_name Deletes the policy map. Router(config)# no policy-map policy_name Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-42 78-14099-04...
  • Page 433 Put all trust-state and policing commands for each type of traffic in the same policy map class. Note • PFC QoS does not attempt to apply commands from more than one policy map class to traffic. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-43 78-14099-04...
  • Page 434 Router(config-pmap-c)# set ip {dscp dscp_value | precedence ip_precedence_value} traffic with the configured DSCP or IP precedence value. Clears the marking configuration. Router(config-pmap-c)# no set ip {dscp dscp_value | precedence ip_precedence_value} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-44 78-14099-04...
  • Page 435 Configures the policy map class to use a previously defined Router(config-pmap-c)# police aggregate aggregate_name named aggregate policer. Clears use of the named aggregate policer. Router(config-pmap-c)# no police aggregate aggregate_name Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-45 78-14099-04...
  • Page 436 To sustain a specific rate, set the token bucket size to be at least the rate value divided by 4000, because tokens are removed from the bucket every 1/4000th of a second (0.25 ms). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-46...
  • Page 437 (which is the case if you do not enter the maximum_burst_bytes parameter), the exceed-action policed-dscp-transmit keywords cause PFC QoS to mark traffic down as defined by the policed-dscp max-burst markdown map. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-47 78-14099-04...
  • Page 438 Exits policy map class configuration mode. Router(config-pmap-c)# end Enter additional class commands to create Note additional classes in the policy map. Step 2 Verifies the configuration. Router# show policy-map policy_name Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-48 78-14099-04...
  • Page 439 This example shows how to attach the policy map named pmap1 to Fast Ethernet port 5/36: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface fastethernet 5/36 Router(config-if)# service-policy input pmap1 Router(config-if)# end Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-49 78-14099-04...

  • Page 440: Enabling Or Disabling Microflow Policing

    Enabling Microflow Policing of Bridged Traffic To apply microflow policing to multicast traffic, you must enter the mls qos bridged command on the Note Layer 3 multicast ingress interfaces. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-50 78-14099-04...

  • Page 441: Enabling Or Disabling Pfc Features On An Interface

    Router(config-if)# no mls qos Step 3 Exits configuration interface. Router(config-if)# end Step 4 Verifies the configuration. Router# show mls qos type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, ge-wan, pos, or atm Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-51 78-14099-04...

  • Page 442: Enabling Vlan-Based Pfc Qos On Layer 2 Lan Ports

    This example shows how to verify the configuration: Router# show mls qos | begin QoS is vlan-based QoS is vlan-based on the following interfaces: Fa5/42 <...Output Truncated...> Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-52 78-14099-04...

  • Page 443: Configuring The Trust State Of Ethernet Lan And Osm Ingress Ports

    Router(config-if)# mls qos trust cos Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 | include trust Trust state: trust COS Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-53 78-14099-04...

  • Page 444: Configuring The Ingress Lan Port Cos Value

    • • Configuring a WRED-Drop Transmit Queue, page 31-56 • Configuring a WRED-Drop and Tail-Drop Transmit Queue, page 31-57 • Configuring 1q4t/2q2t Tail-Drop Threshold Percentages, page 31-58 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-54 78-14099-04...
  • Page 445 Traffic in the queue between the low- and high-WRED values has an increasing chance of being dropped as the queue fills. Configuring a Tail-Drop Receive Queue These port types have only tail-drop thresholds in their receive-queues: 1p1q4t • • 1q2t Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-55 78-14099-04...
  • Page 446 Step 2 Configures the low WRED-drop thresholds. Router(config-if)# wrr-queue random-detect min-threshold queue_id thr1% [thr2%] Reverts to the default low WRED-drop thresholds. Router(config-if)# no wrr-queue random-detect min-threshold [queue_id] Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-56 78-14099-04...
  • Page 447 Gigabit Ethernet port 1/1: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface gigabitethernet 1/1 Router(config-if)# wrr-queue random-detect max-threshold 1 70 70 Router(config-if)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-57 78-14099-04...
  • Page 448 The percentages range from 1 to 100. A value of 10 indicates a threshold when the buffer is 10-percent full. Always set threshold 2 to 100 percent. • Ethernet and Fast Ethernet 1q4t ports do not support receive-queue tail-drop thresholds. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-58 78-14099-04...

  • Page 449: Mapping Cos Values To Drop Thresholds

    Queue number 1 is the lowest-priority standard queue. Higher-numbered queues are higher priority standard queues. • You can map up to 8 CoS values to a threshold. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-59 78-14099-04...
  • Page 450 Router(config-if)# rcv-queue cos-map 1 1 0 1 Router(config-if)# end Router# This example shows how to verify the configuration: Router# show queueing interface gigabitethernet 1/1 <...Output Truncated...> queue thresh cos-map --------------------------------------- <...Output Truncated...> Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-60 78-14099-04...
  • Page 451 Router(config-if)# no priority-queue cos-map Step 3 Exits configuration mode. Router(config-if)# end Step 4 Verifies the configuration. Router# show queueing interface type slot/port type = fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-61 78-14099-04...
  • Page 452 Receive queue 1 (standard) threshold 3 = transmit queue 2 (standard high priority) threshold 1 • Receive queue 1 (standard) threshold 4 = transmit queue 2 (standard high priority) threshold 2 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-62 78-14099-04...
  • Page 453 Router# This example shows how to verify the configuration: Router# show queueing interface fastethernet 5/36 | begin queue thresh cos-map queue thresh cos-map --------------------------------------- <...Output Truncated...> Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-63 78-14099-04...

  • Page 454: Allocating Bandwidth Between Lan-Port Transmit Queues

    Reverts to the default the size ratio. Router(config-if)# no rcv-queue queue-limit Step 3 Exits configuration mode. Router(config-if)# end Step 4 Verifies the configuration. Router# show queueing interface {fastethernet | tengigabitethernet} slot/port Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-64 78-14099-04...

  • Page 455: Setting The Lan-Port Transmit-Queue Size Ratio

    Valid values are from 1 to 100 percent, except on 1p2q1t egress LAN ports, where valid values for • the high priority queue are from 5 to 100 percent. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-65 78-14099-04...

  • Page 456: Configuring Dscp Value Maps

    Router(config)# end Router# This example shows how to verify the configuration: Router# show mls qos maps | begin Cos-dscp map Cos-dscp map: cos: ---------------------------------- dscp: <...Output Truncated...> Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-66 78-14099-04...
  • Page 457 • You can enter multiple commands to map additional DSCP values to a CoS value. • You can enter a separate command for each CoS value. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-67 78-14099-04...
  • Page 458 You can enter the normal-burst keyword to configure the markdown map used by the • exceed-action policed-dscp-transmit keywords. • You can enter the max-burst keyword to configure the markdown map used by the violate-action policed-dscp-transmit keywords. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-68 78-14099-04...
  • Page 459 DSCP value is in the column labeled d1 and the second digit is in the top row. In the example shown, DSCP 41 maps to DSCP 41. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-69...

  • Page 460: Configuring Pfc Qos Statistics Data Export

    Export Destination : Not configured Router# Note You must enable PFC QoS statistics data export globally for other PFC QoS statistics data export configuration to take effect. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-70 78-14099-04...
  • Page 461 Export type (“1” for a port) • Slot/port • Number of ingress packets • Number of ingress bytes • Number of egress packets • Number of egress bytes • Time stamp • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-71 78-14099-04...
  • Page 462 PFC or DFC slot number • Number of in-profile packets • Number of packets that exceed the CIR • Number of packets that exceed the PIR • Time stamp • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-72 78-14099-04...
  • Page 463 Direction (“in”) – Slot/port – Number of in-profile packets Number of packets that exceed the CIR – Number of packets that exceed the PIR – Time stamp – Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-73 78-14099-04...
  • Page 464 Router(config)# no mls qos statistics-export interval interval_in_seconds statistics data export. Step 2 Exits configuration mode. Router(config)# end Step 3 Verifies the configuration. Router# show mls qos statistics-export info Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-74 78-14099-04...
  • Page 465 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-75 78-14099-04...
  • Page 466 QoS Statistics Data Export is enabled on following ports: --------------------------------------------------------- FastEthernet5/24 QoS Statistics Data export is enabled on following shared aggregate policers: ----------------------------------------------------------------------------- aggr1M QoS Statistics Data Export is enabled on following class-maps: --------------------------------------------------------------- class3 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-76 78-14099-04...
  • Page 467 QoS Statistics Data Export is enabled on following ports: --------------------------------------------------------- FastEthernet5/24 QoS Statistics Data export is enabled on following shared aggregate policers: ----------------------------------------------------------------------------- aggr1M QoS Statistics Data Export is enabled on following class-maps: --------------------------------------------------------------- class3 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-77 78-14099-04...
  • Page 468 Chapter 31 Configuring PFC QoS Configuring PFC QoS Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 31-78 78-14099-04...

  • Page 469: Chapter 32 Configuring Udld

    This chapter describes how to configure the UniDirectional Link Detection (UDLD) protocol in Release 12.1(2)E and later releases on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.

  • Page 470: Udld Aggressive Mode

    Layer 1. The Catalyst 6500 series switch periodically transmits UDLD packets to neighbor devices on LAN ports with UDLD enabled. If the packets are echoed back within a specific time frame and they are lacking a specific acknowledgment (echo), the link is flagged as unidirectional and the LAN port is shut down.

  • Page 471: Default Udld Configuration

    This command only configures fiber-optic LAN ports. Note Individual LAN port configuration overrides the setting of this command. Disables UDLD globally on fiber-optic LAN ports. Router(config)# no udld {enable | aggressive} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 32-3 78-14099-04...

  • Page 472: Enabling Udld On Individual Lan Interfaces

    LAN port configuration to the udld enable global configuration command setting. Step 3 Verifies the configuration. Router# show udld type slot/number type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 32-4 78-14099-04...

  • Page 473: Disabling Udld On Fiber-Optic Lan Interfaces

    7 to 90 seconds. Returns to the default value (60 seconds). Router(config)# no udld message Step 2 Verifies the configuration. Router# show udld type slot/number Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 32-5 78-14099-04...

  • Page 474: Resetting Disabled Lan Interfaces

    To reset all LAN ports that have been shut down by UDLD, perform this task: Command Purpose Resets all LAN ports that have been shut down by UDLD. Router# udld reset Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 32-6 78-14099-04...

  • Page 475: Chapter 33 Configuring Nde

    C H A P T E R Configuring NDE This chapter describes how to configure NetFlow Data Export (NDE) on the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication and the Release 12.1...

  • Page 476: Nde Overview

    The NetFlow cache on the MSFC captures statistics for routed flows. NDE on the Catalyst 6500 series switches can use NDE version 1, 5, or 6 to export the statistics captured on the MSFC for routed traffic. For more information, refer to this URL: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt3/xcdnfov.htm...
  • Page 477 Residual nanoseconds since 0000 UTC 1970 16–19 flow_sequence Sequence counter of total flows seen 20–21 engine_type Type of flow switching engine 21–23 engine_id Slot number of the flow switching engine Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-3 78-14099-04...
  • Page 478 2. With the destination flowmask, the “Next hop router’s IP address” field and the “Output interface’s SNMP ifIndex” field might not contain information that is accurate for all flows. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-4...
  • Page 479 Cumulative OR of TCP flags prot Layer 4 protocol (for example, 6=TCP, 17=UDP) IP type-of-service byte 40–41 src_as Autonomous system number of the source, either origin or peer Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-5 78-14099-04...
  • Page 480 With the full-interface or destination-source-interface flow masks, you can enable or disable sampled NetFlow on each LAN port. With all other flow masks, sampled Netflow is enabled or disabled globally. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-6...

  • Page 481: Default Nde Configuration

    Feature Default Value Disabled NDE source addresses None NDE data collector address and UDP port None NDE filters None Sampled NetFlow Disabled Populating additional NDE fields Disabled Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-7 78-14099-04...

  • Page 482: Configuring Nde

    With Supervisor Engine 1 and PFC, if NDE is enabled and you disable Multilayer Switching (MLS), you Note lose the statistics for existing cache entries. They are not exported when MLS shuts down. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-8 78-14099-04...
  • Page 483 This example shows how to display the MLS flow mask configuration: Router# show mls netflow flowmask current ip flowmask for unicast: destination address current ipx flowmask for unicast: destination address Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-9 78-14099-04...
  • Page 484 Layer 3 entry is in use. Long aging is used to prevent counter wraparound, which can cause inaccurate statistics. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-10 78-14099-04...
  • Page 485 With the full-interface or destination-source-interface flow masks, you can enable or disable • sampled NetFlow on individual Layer 3 interfaces. With all other flow masks, sampled NetFlow is enabled or disabled globally. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-11 78-14099-04...
  • Page 486 This example shows how to enable sampled NetFlow on Fast Ethernet port 5/12: Router# configure terminal Router(config)# interface fastethernet 5/12 Router(config-if)# mls netflow sampling Router(config)# end Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-12 78-14099-04...

  • Page 487: Configuring Nde On The Msfc

    1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet This example shows how to configure a loopback interface as the NDE flow source: Router(config)# ip flow-export source loopback 0 Router(config)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-13 78-14099-04...

  • Page 488: Displaying The Nde Address And Port Configuration

    This example shows how to display the NDE export flow IP address, UDP port, and the NDE source interface configuration: Router# show ip flow export Flow export is enabled Exporting flows to 172.20.52.37 (200) Exporting using source interface FastEthernet5/8 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-14 78-14099-04...

  • Page 489: Configuring Nde Flow Filters

    This example shows how to configure a port flow filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to ip-flow): Router(config)# mls nde flow include dest-port 35 Router(config)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-15 78-14099-04...
  • Page 490 This example shows how to configure a TCP protocol flow filter so that only expired flows from destination port 35 are exported: Router(config)# mls nde flow include protocol tcp dest-port 35 Router(config)# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-16 78-14099-04...

  • Page 491: Displaying The Nde Configuration

    2.2.2.2, mask 255.255.255.0, port 23 source: ip address 0.0.0.0, mask 0.0.0.0, port 0 Total Netflow Data Export Packets are: 0 packets, 0 no packets, 0 records Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-17 78-14099-04...
  • Page 492 Chapter 33 Configuring NDE Configuring NDE Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 33-18 78-14099-04...

  • Page 493: Configuring Local Span And Rspan

    Configuring Local SPAN and RSPAN This chapter describes how to configure local Switched Port Analyzer (SPAN) and remote SPAN (RSPAN) on the Catalyst 6500 series switches. The Catalyst 6500 series switches support RSPAN with Release 12.1(13)E and later releases. This chapter consists of these sections: •...
  • Page 494 Figure 34-1 Example SPAN Configuration Port 5 traffic mirrored 1 2 3 4 5 6 7 8 9 10 11 12 on port 10 E6 E7 Network analyzer Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-2 78-14099-04...

  • Page 495: Local Span And Rspan Sessions

    To configure an RSPAN source session on one network device, you associate a set of source ports and VLANs with an RSPAN VLAN. To configure an RSPAN destination session on another device, you associate the destination port with the RSPAN VLAN. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-3 78-14099-04...

  • Page 496: Monitored Traffic

    You can configure source ports in any VLAN. Trunk ports can be configured as source ports and mixed with nontrunk source ports, but SPAN does not copy the encapsulation from a source trunk port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-4...

  • Page 497: Destination Ports

    Local SPAN Sessions RSPAN Source Sessions RSPAN Destination Sessions 2 (ingress or egress or both) 1 ingress 1 (ingress or egress or both) 1 or 2 egress Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-5 78-14099-04...

  • Page 498: Local Span And Rspan Source And Destination Limits

    You cannot mix source VLANs and filter VLANs within a session. You can have source VLANs or • filter VLANs, but not both at the same time. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-6 78-14099-04...

  • Page 499: Vspan Guidelines And Restrictions

    Do not assign access ports to RSPAN VLANs. RSPAN puts access ports in an RSPAN VLAN into • the suspended state. Do not configure any ports in an RSPAN VLAN except those selected to carry RSPAN traffic. • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-7 78-14099-04...

  • Page 500: Configuring Local Span And Rspan

    To configure an RSPAN source session, use the same session number for a source and a destination RSPAN VLAN. To configure an RSPAN destination session, use the same session number for a source RSPAN VLAN and a destination port. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-8 78-14099-04...

  • Page 501: Configuring Rspan Vlans

    , interface_range , ... single_vlan is a the ID number of a single VLAN. • vlan_list is single_vlan , single_vlan , single_vlan ... • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-9 78-14099-04...

  • Page 502: Monitoring Specific Source Vlans On A Source Trunk Port

    These sections describe how to configure local SPAN and RSPAN destinations: Configuring a Destination Port as an Unconditional Trunk, page 34-11 • Configuring a Local or RSPAN Destination, page 34-11 • Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-10 78-14099-04...

  • Page 503: Configuring A Destination Port As An Unconditional Trunk

    To tag the monitored traffic, you must configure the port to trunk unconditionally before you configure Note it as a destination (see the “Configuring a Destination Port as an Unconditional Trunk” section on page 34-11). Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-11 78-14099-04...

  • Page 504: Verifying The Configuration

    This example shows how to verify the configuration of session 2: Router# show monitor session 2 Session 2 ------------ Type : Remote Source Session Source Ports: RX Only: Fa3/1 Dest RSPAN VLAN: Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-12 78-14099-04...

  • Page 505: Configuration Examples

    This example shows how to configure an RSPAN destination session: Router(config)# monitor session 8 source remote vlan 901 Router(config)# monitor session 8 destination interface fastethernet 1/2 , 2/3 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-13 78-14099-04...
  • Page 506 Chapter 34 Configuring Local SPAN and RSPAN Configuring Local SPAN and RSPAN Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 34-14 78-14099-04...

  • Page 507: Chapter 35 Configuring Web Cache Services Using Wccp

    C H A P T E R Configuring Web Cache Services Using WCCP This chapter describes how to configure the Catalyst 6500 series switches to redirect traffic to cache engines (web caches) using the Web Cache Communication Protocol (WCCP), and describes how to manage cache engine clusters (cache farms).

  • Page 508: Understanding Wccp

    Products are the Content Engine 507, 560, 590, and 7320. The Cisco IOS WCCP feature allows use of Cisco Cache Engines (or other caches running WCCP) to localize web traffic patterns in the network, enabling content requests to be fulfilled locally. Traffic localization reduces transmission costs and download time.

  • Page 509: Understanding Wccpv1 Configuration

    The following guidelines apply to WCCP Layer 2 PFC redirection: The WCCP Layer 2 PFC redirection feature sets the IP flow mask to full-flow mode. • You can configure the Cisco Cache Engine software release 2.2 or later releases to use the WCCP • Layer 2 PFC redirection feature.

  • Page 510: Understanding Wccpv2 Configuration

    The subset of cache engines within a cluster and routers connected to the cluster that are running the same service is known as a service group. Available services include TCP and User Datagram Protocol (UDP) redirection. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-4 78-14099-04...

  • Page 511: Wccpv2 Features

    (such as “98”) or a predefined service keywords (such as “web-cache”). This information is used to validate that service group members are all using or providing the same service. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-5 78-14099-04...

  • Page 512: Md5 Security

    Load Shedding—Enables the router to selectively redirect the load to avoid exceeding the capacity • of a cache engine. By using these hashing parameters, you can prevent one cache from being overloaded and reduce the potential for congestion. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-6 78-14099-04...

  • Page 513: Restrictions For Wccpv2

    IP must be configured on the router interface connected to the cache engines and on the router interface connected to the Internet. Cisco Cache Engines require use of a Fast Ethernet interface for a direct connection. Examples of router configuration tasks follow this section. For complete descriptions of the command syntax, refer to the Release 12.2 Cisco IOS Configuration Fundamentals Command...

  • Page 514: Configuring A Service Group Using Wccpv2

    Configuring Web Cache Services Using WCCP Configuring WCCP WCCPv1 does not use the WCCP commands from earlier Cisco IOS versions. Instead, use the WCCP commands documented in this chapter. If a function is not allowed in WCCPv1, an error prompt will be printed to the screen.

  • Page 515: Excluding Traffic On A Specific Interface From Redirection

    As indicated by the out and in keyword options in the ip wccp service redirect command, redirection can be specified for outbound interfaces or inbound interfaces. Inbound traffic can be configured to use Cisco Express Forwarding (CEF), distributed Cisco Express Forwarding (dCEF), Fast Forwarding, or Process Forwarding.

  • Page 516: Registering A Router To A Multicast Address

    Enable the interfaces to which the cache engines will connect to receive multicast transmissions • using the ip wccp group-listen interface configuration command (note that earlier Cisco IOS versions required the use of the ip pim interface configuration command). Using Access Lists for a WCCP Service Group...

  • Page 517: Setting A Password For A Router And Cache Engines

    WCCP packet immediately after validating the WCCP message header. Packets failing authentication will be discarded. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-11 78-14099-04...

  • Page 518: Verifying And Monitoring Wccp Configuration Settings

    • Running a Reverse Proxy Service Example, page 35-14 • Registering a Router to a Multicast Address Example, page 35-14 • Using Access Lists Example, page 35-14 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-12 78-14099-04...

  • Page 519: Changing The Version Of Wccp On A Router Example

    Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface ethernet 0/1 Router(config-if)# ip wccp web-cache redirect in Router(config-if)# ^Z Router# show ip interface ethernet 0/1 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-13 78-14099-04...

  • Page 520: Running A Reverse Proxy Service Example

    WCCP Redirect inbound is enabled WCCP Redirect exclude is disabled Running a Reverse Proxy Service Example The following example assumes you a configuring a service group using Cisco Cache Engines, which use dynamic service 99 to run a reverse proxy service: router# configure terminal...

  • Page 521: Setting A Password For A Router And Cache Engines Example

    10.1.1.3 interface Ethernet0 ip address 10.3.1.2 255.255.255.0 no ip directed-broadcast ip wccp web-cache redirect out ip wccp 99 redirect out no ip route-cache no ip mroute-cache Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-15 78-14099-04...
  • Page 522 0.0.0.0 0.0.0.0 10.3.1.1 no ip http server line con 0 transport input none line aux 0 transport input all line vty 0 4 password alaska1 login Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 35-16 78-14099-04...

  • Page 523: Chapter 36 Configuring Snmp Ifindex Persistence

    C H A P T E R Configuring SNMP IfIndex Persistence This chapter describes how to configure the SNMP ifIndex persistence feature on Catalyst 6500 series switches. Release 12.1(13)E and later releases support SNMP ifIndex persistence. This chapter consists of these sections: Understanding SNMP IfIndex Persistence, page 36-1 •...

  • Page 524: Enabling And Disabling Snmp Ifindex Persistence Globally

    The no snmp ifindex persistence interface command cannot be used on subinterfaces. A command applied to an interface is automatically applied to all the subinterfaces associated with that interface. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 36-2...

  • Page 525: Configuration Examples

    Disabling SNMP IfIndex Persistence on a Specific Interface Example In the following example, SNMP ifIndex persistence is disabled for Ethernet interface 3/1 only: router(config)# interface ethernet 3/1 router(config-if)# no snmp ifindex persist router(config-if)# exit Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 36-3 78-14099-04...
  • Page 526 Ethernet interface 3/1. If SNMP ifIndex persistence is globally disabled, SNMP ifIndex persistence will be disabled for Ethernet interface 3/1. router(config)# interface ethernet 3/1 router(config-if)# snmp ifindex clear router(config-if)# exit Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 36-4 78-14099-04...

  • Page 527: Chapter 37 Configuring The Switch Fabric Module

    C H A P T E R Configuring the Switch Fabric Module This chapter describes how to configure the Switch Fabric Module (SFM) for the Catalyst 6500 series switches. For complete syntax and usage information for the commands used in this chapter, refer to the Note Catalyst 6500 Series Switch Cisco IOS Command Reference publication.

  • Page 528: Switch Fabric Module Slots

    Compact mode—The switch uses this mode for all traffic when only fabric-enabled modules are installed. In this mode, a compact version of the DBus header is forwarded over the switch fabric channel, which provides the best possible performance. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 37-2 78-14099-04...

  • Page 529: Configuring The Switch Fabric Module

    The commands in this section are supported only with Release 12.1(11b)E and later releases. Note To configure the switching mode, perform this task: Command Purpose Configures the switching mode. Router(config)# [no] fabric switching-mode allow {bus-mode | {truncated [{threshold [number]}]} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 37-3 78-14099-04...

  • Page 530: Configuring Fabric-Required Mode

    Fabric Modules installed, if you remove both switch fabric modules or if both fail, the switch removes power from all switching modules; only the supervisor engine remains active. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 37-4...

  • Page 531: Configuring An Lcd Message

    Displaying the Module Information To display the module information, perform this task: Command Purpose Displays module information. Router# show module {5 | 6 | 7 | 8} Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 37-5 78-14099-04...

  • Page 532: Displaying The Switch Fabric Module Redundancy Status

    This example shows how to display the fabric channel switching mode of all modules: Router# show fabric switching-mode all bus-only mode is allowed Module Slot Switching Mode DCEF DCEF No Interfaces DCEF Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 37-6 78-14099-04...

  • Page 533: Displaying The Fabric Status

    Displaying Fabric Errors To display fabric errors of one or all modules, perform this task: Command Purpose Displays fabric errors. Router# show fabric errors [slot_number | all] Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 37-7 78-14099-04...
  • Page 534 Monitoring the Switch Fabric Module This example shows how to display fabric errors on all modules: Router# show fabric errors slot channel module module module fabric hbeat sync sync Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 37-8 78-14099-04...

  • Page 535: Chapter 38 Power Management And Environmental Monitoring

    In systems with redundant power supplies, both power supplies must be of the same wattage. The Note Catalyst 6500 series switches allow you to mix AC-input and DC-input power supplies in the same chassis. For detailed information on supported power supply configurations, refer to the Catalyst 6500 Series Switch Installation Guide.

  • Page 536: Enabling Or Disabling Power Redundancy

    System power is increased to the combined power capability of both supplies. • disabled Modules marked power-deny in the show power oper state field are brought up if • there is sufficient power. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 38-2 78-14099-04...

  • Page 537: Using The Cli To Power Modules Off And On

    A @42V Watts A @42V State State ---- ------------------ ------- ------ ------- ------ ----- ----- WS-X6K-SUP2-2GE 142.38 3.39 142.38 3.39 142.38 3.39 WS-X6248-RJ-45 112.98 2.69 112.98 2.69 Router# Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 38-3 78-14099-04...

  • Page 538: Using The Cli To Power Cycle Modules

    1000 W and 1300 W power supplies depending on the size of chassis and type of modules installed. For information about power consumption, refer to the Release Notes for the Catalyst 6000 Family Switches and Cisco 7600 Internet Router for Cisco IOS publication at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/relnotes/index.htm...
  • Page 539 3. The STATUS LED is red on the failed supervisor engine. If there is no redundant supervisor, the SYSTEM LED is red also. 4. See the “Understanding How Power Management Works” section on page 38-1 for instructions. Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 38-5 78-14099-04...
  • Page 540 Chapter 38 Power Management and Environmental Monitoring Understanding How Environmental Monitoring Works Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 38-6 78-14099-04...
  • Page 541 Bisync BSTUN Block Serial Tunnel broadcast and unknown server bridge-group virtual interface content-addressable memory committed access rate circuit card assembly Cisco Discovery Protocol Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 542 802.1Q DRAM dynamic RAM DRiP Dual Ring Protocol DSAP destination service access point DSCP differentiated services code point DSPU downstream SNA Physical Units Dynamic Trunking Protocol Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 543 Internet Group Management Protocol IGRP Interior Gateway Routing Protocol ILMI Integrated Local Management Interface Internet Protocol interprocessor communication Internetwork Packet Exchange IS-IS Intermediate System-to-Intermediate System Intradomain Routing Protocol Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 544 Multilayer Switching Feature Card Multilayer Switch Module maximum transmission unit MVAP multiple VLAN access port Network Analysis Module Name Binding Protocol NCIA Native Client Interface Architecture NetFlow Data Export Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 545 QoS device manager QoS manager quality of service RACL router interface access control list RADIUS Remote Access Dial-In User Service random-access memory Remote Copy Protocol RGMP Router-Ports Group Management Protocol Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 546 SSTP Cisco Shared Spanning Tree Spanning Tree Protocol switched virtual circuit switched virtual interface TACACS+ Terminal Access Controller Access Control System Plus TARP Target Identifier Address Resolution Protocol Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 547 VLAN Trunking Protocol VVID voice VLAN ID wide area network WCCP Web Cache Communications Protocol weighted fair queueing WRED weighted random early detection weighted round-robin Xerox Network System Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 548 Appendix A Acronyms Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E 78-14099-04...
  • Page 549 802.1X 802.3Z Flow Control auto-sync command 3, 6, 7 auxiliary VLAN See voice VLAN abbreviating commands access control entries and lists BackboneFast access lists See STP BackboneFast Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-1 78-14099-04...
  • Page 550 See cache engine clusters clear cdp counters command cautions for passwords clear cdp table command encrypting clear counters command TACACS+ Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-2 78-14099-04...
  • Page 551 4, 5 configuration file, viewing debug commands description IP MMLS config-register command debugging mls comand config terminal command default configuration configuration 802.1X file, saving IP MLS Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-3 78-14099-04...
  • Page 552 8, 9 configuration guidelines duplex mode configuring configuring interface Layer 2 configuring (tasks) DFC restriction, see CSCdt27074 in the Release Notes interface port-channel command example EHSA Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-4 78-14099-04...
  • Page 553 See switch fabric module IP MMLS fastethernet completely and partially switched fiber-optic, detecting unidirectional links IPX MLS filters forward-delay time, STP protocol forwarding information base See protocol filtering Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-5 78-14099-04...
  • Page 554 IEEE 802.3Z Flow Control counters, clearing 18, 19 IGMP descriptive name, adding configuration guidelines displaying information about enabling maintaining Internet Group Management Protocol monitoring join messages naming Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-6 78-14099-04...
  • Page 555 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-7 78-14099-04...
  • Page 556 ISL encapsulation aging-time ISL trunks cache isolated port overview isolated VLANs cache, displaying ISTP all entries by destination address by source address Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-8 78-14099-04...
  • Page 557 See IP MLS, IP MMLS, or IPX MLS threshold mls aging command Layer 3 switched packet rewrite configuring IP MLS Layer 3 switching mls flow command configuring IP MLS 8, 9, 10 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-9 78-14099-04...
  • Page 558 MTU size (default) destination TCP/UDP port, specifying multicast overview broadcast suppression protocol, specifying IGMP snooping and source host and destination TCP/UDP port, specifying NetFlow statistics multicast non-RPF Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-10 78-14099-04...
  • Page 559 Port Aggregation Protocol see PAgP port-based authentication packet rewrite authentication server defined IP MLS and RADIUS server IP MMLS and client, defined IPX MLS and configuration guidelines packets configuring Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-11 78-14099-04...
  • Page 560 EtherChannel routing secondary VLAN ingress traffic port-channel load-balance secondary VLANs with primary VLANs command 10, 11 VLANs as private command example 10, 11 Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-12 78-14099-04...
  • Page 561 8, 16 feature summary QoS ACL QoS labels (definition) attaching QoS mapping QoS classification (definition) CoS values to DSCP values QoS congestion avoidance Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-13 78-14099-04...
  • Page 562 QoS statistics data export reduced MAC address configuring redundancy configuring destination host configuring supervisor engine configuring time interval 74, 77 displaying supervisor engine configuration QoS strict priority receive queue EHSA Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-14 78-14099-04...
  • Page 563 2, 3 failure show cdp entry command multicast show cdp interface command non-RPF multicast show cdp neighbors command unicast show cdp traffic command RPR+ show ciscoview package command Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-15 78-14099-04...
  • Page 564 IGMPv3, IGMP v3lite, and displaying IP MMLS source show mls ip multicast statistics command SPAN displaying IP MMLS statistics configuration guidelines Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-16 78-14099-04...
  • Page 565 STP BackboneFast Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-17 78-14099-04...
  • Page 566 MST switchport mode dynamic auto STP UplinkFast switchport mode dynamic desirable and MST default configuring example spanning-tree uplinkfast switchport mode trunk 4, 9 command switchport nonegotiate Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-18 78-14099-04...
  • Page 567 UniDirectional Link Detection Protocol translational bridge numbers (defaults) see UDLD transmit queues untrusted see QoS transmit queues see QoS trust-cos troubleshooting see QoS untrusted IP MLS UplinkFast Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-19 78-14099-04...
  • Page 568 VLANs configuration guidelines allowed on trunk default configuration configuration guidelines disabling configuration options domains global configuration mode VLANs VLAN database mode modes configuring Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-20 78-14099-04...
  • Page 569 Web Cache Communication Protocol See WCCP web caches See cache engines web cache services description web caching See web cache services See also WCCP web scaling Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-21 78-14099-04...
  • Page 570 Index Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E IN-22 78-14099-04...

Table of Contents